Article thumbnail

Deposit-case attack against secure roaming

By Guomin Yang, Duncan S Wong and Xiaotie Deng


A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user\u27s home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, user authentication is generally done in two steps. First, the user claims that a particular server is his home server. Second, that particular server is called in by the foreign server for providing a \u27credential\u27 which testifies the user\u27s claim. We present a new attacking technique which allows a malicious server to modify the user\u27s claim in the first step without being detected and provide a fake credential to the foreign server in the second step in such a way that the foreign server believes that the malicious server is the user\u27s home server. We give some examples to explain why it is undesirable in practice if a roaming protocol is vulnerable to this attack. We also show that there are three roaming protocols proposed previously which are vulnerable to this attack

Topics: deposit, secure, roaming, against, attack, case, Engineering, Science and Technology Studies
Publisher: 'Sociological Research Online'
Year: 2005
DOI identifier: 10.1007/11506157_35
OAI identifier:
Provided by: Research Online
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)

  • To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.

    Suggested articles