Security Weakness in a Provable Secure Authentication Protocol Given Forward Secure Session Key

  • Mijin Kim
  • Heasuk Jo
  • Seungjoo Kim
  • Dongho Won
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5593)


Shi, Jang and Yoo recently proposed a provable secure key distribution and authentication protocol between user, service provider and key distribution center(KDC). The protocol was based on symmetric cryptosystem, challenge-response, Diffie-Hellman component and hash function. Despite the claim of provable security, the protocol is in fact insecure in the presence of an active adversary. In this paper, we present the imperfection of Shi et al.’s protocol and suggest modifications to the protocol which would resolve the problem.


Cryptography Key distribution Authentication Known key attack Provable security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Smith, J., Weingarten, F.: Report from the Workshop on Research Directions for NGI. Research challenges for the next generation internet (2007)Google Scholar
  2. 2.
    Mitchell, C.: Security for Mobility. IEE press (2004)Google Scholar
  3. 3.
    Kohl, J., Neuman, C.: The Kerberos network authentication service(v5). Internet Request for Comments 1510 (1993)Google Scholar
  4. 4.
    Bellovin, S., Merritt, M.: Limitations of the Kerboros authentication system. ACM communications review 20, 119–132 (1990)CrossRefGoogle Scholar
  5. 5.
    Neuman, B.C., Ts’o, T.: An authentication service for computer networks. IEEE communications 32, 33–38 (1994)CrossRefGoogle Scholar
  6. 6.
    Kao, I., Chow, R.: An efficient and secure authentication protocol using uncertified keys. ACM Operating Systems Review 29, 14–21 (1995)CrossRefGoogle Scholar
  7. 7.
    Ganesan, R.: Yaksha: augmenting Kerberos with public key cryptography. In: Proceedings of symposium on Network and Distributed System Security(SNDSS 1995), pp. 132–143. IEEE Computer Society, Los Alamitos (1995)CrossRefGoogle Scholar
  8. 8.
    Fox, A., Gribble, S.: Security on the movie: indirect authentication using Kerberos. In: Proceedings of the second annual International Conference on Mobile Computing and Networking, pp. 154–164. ACM press, New York (1996)Google Scholar
  9. 9.
    Sirbu, M., Chuang, J.: Distrbuted authentication in Kerberos using public key cryptography. In: Proceedings of the Symposium on Network and Distributed System Security, pp. 134–141. IEEE Computer Society, Los Alamitos (1997)Google Scholar
  10. 10.
    Shieh, S., Ho, F., Huang, Y.: An efficient authentication protocol for mobile networks. Journal of Information Science and Engineering 15, 505–520 (1999)Google Scholar
  11. 11.
    SamaraKoon, M., Honary, B.: Novel authentication and key agreement protocol for low processing power and systems resource requirements in portable communications systems. IEE Colloquium on novel DSP Algorithms and Architectures for Radio Systems, pp. 9/1–9/5 (1999)Google Scholar
  12. 12.
    Chien, H., Jan, J.: A hybrid authentication protocol for large mobile networks. Journal of Systems and software 67, 123–137 (2003)CrossRefGoogle Scholar
  13. 13.
    Yacobi, Y.: A key distribution paradox. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 268–273. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Bellare, M., Rogaway, P.: Entity Authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  15. 15.
    Nyberg, K., Rueppel, R.: Weaknesses in some recent key agreement protocols. Electronics Letters 30, 26–27 (1994)CrossRefGoogle Scholar
  16. 16.
    Tang, Q., Mitchell, C.: Cryptanalysis of a hybrid authentication protocol for large mobile networks. The journal of systems and software 79, 496–501 (2006)CrossRefGoogle Scholar
  17. 17.
    Shi, W., Jang, I., Yoo, H.: A provable secure authentication protocol given forward secure session key. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds.) APWeb 2008. LNCS, vol. 4976, pp. 309–318. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Hwang, R., Su, F.: A new efficient authentication protocol for mobile networks. Computer Standards & Interfaces 28, 241–252 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mijin Kim
    • 1
  • Heasuk Jo
    • 1
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.Department of Electrical and Computer EngineeringSungkyunkwan UniversitySuwon-siKorea

Personalised recommendations