Cryptanalysis of some conference schemes for mobile communications

To allow many users to hold a secure teleconference in mobile networks, a secure conference scheme with dynamic participation is necessary. However, designing a secure and efficient conference scheme is a difficult task because wireless networks are susceptible to attacks and wireless devices have limited resources. Recently, a lightweight and secure conference scheme has been suggested. Later, it has been found that this solution has security weaknesses and a modified version to overcome them has been presented. Compared with other conference schemes, these two schemes have many advantages. In this short paper, security study of these conference schemes in mobile networks has been performed with the following findings: (1) both the original scheme and the modified version are still vulnerable to our proposed impersonation attack; (2) they lack a mechanism to confirm the delivery of relevant messages, leading to protocol disruption. Therefore, these two schemes cannot be deployed for the real world applications without further development. Then, some efficient countermeasures are given for enhancing the security of both schemes. Further, the security properties of the improved protocol are formally validated by a model checking tool called AVISPA. Finally, several basic principles are suggested for the design of a secure conference scheme