On the security of an novel protocol for downloadable CAS

In 2008, Jeong et al. proposed a novel protocol for a downloadable conditional access system (DCAS). They claimed that their protocol provided mutual authentication and secure downloading of conditional access (CA) software. However we show that their protocol has a fatal weakness such that it is insecure to the impersonation attack. So, we propose the improved protocol based on their protocol. Moreover, we hope that by showing this design flaw, similar mistakes can be avoided in future designs.

[1]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[2]  Sangjin Lee,et al.  Design and Implementation of Unified Hardware for 128-Bit Block Ciphers ARIA and AES , 2007 .

[3]  Dongho Won,et al.  Weaknesses and Improvement of Secure Hash-Based Strong-Password Authentication Protocol , 2010, J. Inf. Sci. Eng..

[4]  William Hugh Murray,et al.  Modern Cryptography , 1995, Information Security Journal.

[5]  Chris J. Mitchell,et al.  Parsing ambiguities in authentication and key establishment protocols , 2010, Int. J. Electron. Secur. Digit. Forensics.

[6]  Henry Haverinen,et al.  Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) , 2006, RFC.

[7]  Dongho Won,et al.  Cryptanalysis to a Remote User Authentication Scheme Using Smart Cards for Multi-server Environment , 2011, HCI.

[8]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[9]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[10]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Youngho Jeong,et al.  A novel protocol for downloadable CAS , 2008, IEEE Transactions on Consumer Electronics.

[13]  Colin Boyd,et al.  Protocols for Key Establishment and Authentication , 2003 .

[14]  Dongho Won,et al.  An Authenticated Key Exchange to Improve the Security of Shi et al. and Kim et al.'s Protocols , 2011, WISM.