Security Analysis of Yeh-Tsai Security Mechanism

Dae Hyun YUM  Jong Hoon SHIN  Pil Joong LEE  

IEICE TRANSACTIONS on Information and Systems   Vol.E91-D   No.5   pp.1477-1480
Publication Date: 2008/05/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e91-d.5.1477
Print ISSN: 0916-8532
Type of Manuscript: Special Section LETTER (Special Section on Information and Communication System Security)
Category: Secure Communication
security analysis,  security protocol,  mobile commerce,  WAP,  authentication,  

Full Text: PDF>>
Buy this Article

Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.