For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Security Analysis of Yeh-Tsai Security Mechanism
Dae Hyun YUM Jong Hoon SHIN Pil Joong LEE
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2008/05/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section LETTER (Special Section on Information and Communication System Security)
Category: Secure Communication
security analysis, security protocol, mobile commerce, WAP, authentication,
Full Text: PDF>>
Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.