In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Eun-Jun YOON, Kee-Young YOO, "A Robust Security Mechanism for Mobile Commerce Transactions" in IEICE TRANSACTIONS on Information,
vol. E93-D, no. 11, pp. 2898-2906, November 2010, doi: 10.1587/transinf.E93.D.2898.
Abstract: In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E93.D.2898/_p
Copy
@ARTICLE{e93-d_11_2898,
author={Eun-Jun YOON, Kee-Young YOO, },
journal={IEICE TRANSACTIONS on Information},
title={A Robust Security Mechanism for Mobile Commerce Transactions},
year={2010},
volume={E93-D},
number={11},
pages={2898-2906},
abstract={In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.},
keywords={},
doi={10.1587/transinf.E93.D.2898},
ISSN={1745-1361},
month={November},}
Copy
TY - JOUR
TI - A Robust Security Mechanism for Mobile Commerce Transactions
T2 - IEICE TRANSACTIONS on Information
SP - 2898
EP - 2906
AU - Eun-Jun YOON
AU - Kee-Young YOO
PY - 2010
DO - 10.1587/transinf.E93.D.2898
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E93-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2010
AB - In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.
ER -