Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Dae Hyun YUM, Jong Hoon SHIN, Pil Joong LEE, "Security Analysis of Yeh-Tsai Security Mechanism" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 5, pp. 1477-1480, May 2008, doi: 10.1093/ietisy/e91-d.5.1477.
Abstract: Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.5.1477/_p
Copy
@ARTICLE{e91-d_5_1477,
author={Dae Hyun YUM, Jong Hoon SHIN, Pil Joong LEE, },
journal={IEICE TRANSACTIONS on Information},
title={Security Analysis of Yeh-Tsai Security Mechanism},
year={2008},
volume={E91-D},
number={5},
pages={1477-1480},
abstract={Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.},
keywords={},
doi={10.1093/ietisy/e91-d.5.1477},
ISSN={1745-1361},
month={May},}
Copy
TY - JOUR
TI - Security Analysis of Yeh-Tsai Security Mechanism
T2 - IEICE TRANSACTIONS on Information
SP - 1477
EP - 1480
AU - Dae Hyun YUM
AU - Jong Hoon SHIN
AU - Pil Joong LEE
PY - 2008
DO - 10.1093/ietisy/e91-d.5.1477
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2008
AB - Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.
ER -