Deposit-Case Attack Against Secure Roaming

  • Guomin Yang
  • Duncan S. Wong
  • Xiaotie Deng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user’s home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, user authentication is generally done in two steps. First, the user claims that a particular server is his home server. Second, that particular server is called in by the foreign server for providing a ‘credential’ which testifies the user’s claim. We present a new attacking technique which allows a malicious server to modify the user’s claim in the first step without being detected and provide a fake credential to the foreign server in the second step in such a way that the foreign server believes that the malicious server is the user’s home server. We give some examples to explain why it is undesirable in practice if a roaming protocol is vulnerable to this attack. We also show that there are three roaming protocols proposed previously which are vulnerable to this attack.


Protocol Security Analysis Authenticated Key Exchange Roaming 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ateniese, G., Herzberg, A., Krawczyk, H., Tsudik, G.: On traveling incognito. In: Proc. of the IEEE Workshop on Mobile Systems and Applications (December 1994)Google Scholar
  2. 2.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes, and Cryptography 2(2), 107–125 (1992)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation. NIST Special Publication 800-38A 2001 Edition, US Department of Commerce / NIST (December 2001)Google Scholar
  5. 5.
    Go, J., Kim, K.: Wireless authentication protocol preserving user anonymity. In: Proc. of the 2001 Symposium on Cryptography and Information Security (SCIS 2001), January 2001, pp. 159–164 (2001)Google Scholar
  6. 6.
    Gollmann, D.: Insider fraud (position paper). In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 213–219. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Hwang, K.F., Chang, C.C.: A self-encryption mechanism for authentication of roaming and teleconference services. IEEE Trans. on Wireless Communications 2(2), 400–407 (2003)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Mouly, M., Pautet, M.-B.: The GSM System for Mobile Communications. Published by the authors (1992)Google Scholar
  9. 9.
    NIST FIPS PUB 197. Announcing the ADVANCED ENCRYPTION STANDARD (AES) (November 2001) Google Scholar
  10. 10.
    Samfat, D., Molva, R., Asokan, N.: Untraceability in mobile networks. In: Proc. of MobiCom 1995, pp. 26–36 (1995)Google Scholar
  11. 11.
    The Telecommunications Industry Association (TIA). Mobile Station-Base Station Compatibility Standard for Wideband Spread Spectrum Cellular Systems (TIA/EIA-95-B-99) (February 1999) Google Scholar
  12. 12.
    Varadharajan, V., Mu, Y.: Preserving privacy in mobile communications: A hybrid method. In: IEEE International Conference on Personal Wireless Communications, pp. 532–536 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Guomin Yang
    • 1
  • Duncan S. Wong
    • 1
  • Xiaotie Deng
    • 1
  1. 1.Department of Computer ScienceCity University of Hong KongHong KongChina

Personalised recommendations