{"title":"基于ntrui的互认证方案的安全性分析","authors":"R. Tso, Yi-Shio Jheng","doi":"10.1109/APNOMS.2016.7737253","DOIUrl":null,"url":null,"abstract":"NFC-based mobile transaction has come into limelight in recent years thanks to the rapid development of NFC and mobile technologies. In these applications, the NFC-chip is in the card emulation mode to simulate a credit card. Because many sensitive information is exchanged during the communication of the mobile transaction, mutual authentication is required in order to verify the legality of each communicating party. Recently, Part and Lee introduced an anonymous authentication scheme based on NTRU. It is aimed to protect user information in NFC mobile payment systems without directly using private financial information of users. However, we found a security flaw in their new scheme. In this paper, we show that their scheme is insecure against an eavesdropping attack. An attacker, without any secret information, can impersonate the user against a service provider and pass the authentication procedure. This may result in a serious problem in which an attacker can enjoy a service such as an on-line shopping on behalf of the real user without the permission of the real user. An improved scheme will be left as our future work.","PeriodicalId":194123,"journal":{"name":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security analysis of a NTRU-based mutual authentication scheme\",\"authors\":\"R. Tso, Yi-Shio Jheng\",\"doi\":\"10.1109/APNOMS.2016.7737253\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"NFC-based mobile transaction has come into limelight in recent years thanks to the rapid development of NFC and mobile technologies. In these applications, the NFC-chip is in the card emulation mode to simulate a credit card. Because many sensitive information is exchanged during the communication of the mobile transaction, mutual authentication is required in order to verify the legality of each communicating party. Recently, Part and Lee introduced an anonymous authentication scheme based on NTRU. It is aimed to protect user information in NFC mobile payment systems without directly using private financial information of users. However, we found a security flaw in their new scheme. In this paper, we show that their scheme is insecure against an eavesdropping attack. An attacker, without any secret information, can impersonate the user against a service provider and pass the authentication procedure. This may result in a serious problem in which an attacker can enjoy a service such as an on-line shopping on behalf of the real user without the permission of the real user. An improved scheme will be left as our future work.\",\"PeriodicalId\":194123,\"journal\":{\"name\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2016.7737253\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2016.7737253","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security analysis of a NTRU-based mutual authentication scheme
NFC-based mobile transaction has come into limelight in recent years thanks to the rapid development of NFC and mobile technologies. In these applications, the NFC-chip is in the card emulation mode to simulate a credit card. Because many sensitive information is exchanged during the communication of the mobile transaction, mutual authentication is required in order to verify the legality of each communicating party. Recently, Part and Lee introduced an anonymous authentication scheme based on NTRU. It is aimed to protect user information in NFC mobile payment systems without directly using private financial information of users. However, we found a security flaw in their new scheme. In this paper, we show that their scheme is insecure against an eavesdropping attack. An attacker, without any secret information, can impersonate the user against a service provider and pass the authentication procedure. This may result in a serious problem in which an attacker can enjoy a service such as an on-line shopping on behalf of the real user without the permission of the real user. An improved scheme will be left as our future work.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
