Cryptanalysis of some conference schemes for mobile communications

To allow many users to hold a secure teleconference in mobile networks, a secure conference scheme with dynamic participation is necessary. However, designing a secure and efficient conference scheme is a difficult task because wireless networks are susceptible to attacks and wireless devices have limited resources. Recently, a lightweight and secure conference scheme has been suggested. Later, it has been found that this solution has security weaknesses and a modified version to overcome them has been presented. Compared with other conference schemes, these two schemes have many advantages. In this short paper, security study of these conference schemes in mobile networks has been performed with the following findings: (1) both the original scheme and the modified version are still vulnerable to our proposed impersonation attack; (2) they lack a mechanism to confirm the delivery of relevant messages, leading to protocol disruption. Therefore, these two schemes cannot be deployed for the real world applications without further development. Then, some efficient countermeasures are given for enhancing the security of both schemes. Further, the security properties of the improved protocol are formally validated by a model checking tool called AVISPA. Finally, several basic principles are suggested for the design of a secure conference scheme. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[2]  Xuemin Shen,et al.  Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks , 2006, IEEE Transactions on Wireless Communications.

[3]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[4]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[5]  Chun Chen,et al.  Design and Validation of an Efficient Authentication Scheme with Anonymity for Roaming Service in Global Mobility Networks , 2011, Wirel. Pers. Commun..

[6]  Robert H. Deng,et al.  Security analysis on a conference scheme for mobile communications , 2006, IEEE Transactions on Wireless Communications.

[7]  Chee Kheong Siew,et al.  A secure and efficient conference scheme for mobile communications , 2003, IEEE Trans. Veh. Technol..

[8]  Sushil Jajodia,et al.  LEAP+: Efficient security mechanisms for large-scale distributed sensor networks , 2006, TOSN.

[9]  Yiming Ye,et al.  A secure conference scheme for mobile communications , 2003, IEEE Trans. Wirel. Commun..

[10]  Daojing He,et al.  Design and Verification of Enhanced Secure Localization Scheme in Wireless Sensor Networks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[11]  Xuemin Shen,et al.  A DoS and fault-tolerant authentication protocol for group communications in ad hoc networks , 2007, Comput. Commun..

[12]  Liang Zhou,et al.  A Scalable Information Security Technique: Joint Authentication-Coding Mechanism for Multimedia over Heterogeneous Wireless Networks , 2009, Wirel. Pers. Commun..

[13]  Shiuh-Jeng Wang,et al.  Packet construction for secure conference call request in ad hoc network systems , 2007, Inf. Sci..