一种使用双线性对的切换认证机制安全性分析.docVIP

 Cryptanalysis of a Handover Authentication Protocol Based on Bilinear Pairing Functions# He Debiao* 5 10 15 20 25 30 35 (School of Mathematics and Statistics, Wuhan University, WuHan 430072) Abstract: Recently, He et al. proposed a novel handover authentication protocol based on bilinear pairing functions. They claimed that their protocol could withstand various attacks. However, in this letter, we will show that He et al.’s protocol is not secure at all, i.e. the adversary could get a user’s private key from transmitted messages. Keywords: Wireless networks; security; privacy; efficiency; handover authentication 0 Introduction Developing a secure and efficient handover authentication protocol is a very important topic in various wireless networks such as WLAN, WiMAX, and 3GPP. For a secure handover, when a Mobile Node (MN) moves from the current Attachment Point (AP) to a new AP, it needs to authenticate securely the MN to protect itself from illegitimate users or attackers who are not paying for using the wireless networks [1,2,3]. Moreover, a secure session key should also be established between the MN and the AP to protect user’s communication data against passive and active attacks. For an efficient handover, it needs to provide low-cost cryptography operations and to minimize the communication overheads for a fast handover authentication [4,5]. Very recently, He et al. [6] proposed a novel handover authentication protocol using pairing-based cryptography to secure handover process and to reduce the communication and computation overheads of the involved entities. In He et al.’s protocol, only two handshakes are required between an MN and an AP and no certificate is needed to transmit or verify as in traditional public key cryptosystems. Thus, He et al.’s protocol is very efficient. This paper examines the security of the He et al.’s protocol and shows that the protocol still fails to achieve secure communication unlike their claims. In particular, the a