A Robust Security Mechanism for Mobile Commerce Transactions

Eun-Jun YOON  Kee-Young YOO  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.11   pp.2898-2906
Publication Date: 2010/11/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.2898
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Architectures, Protocols, and Applications for the Future Internet)
Category: 
Keyword: 
cryptography,  security analysis,  security protocol,  mobile commerce,  WAP,  authentication,  

Full Text: PDF>>
Buy this Article




Summary: 
In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.