Weakness in Jung et al.'s ID-based conference key distribution scheme

Junghyun Nam, Seung-Joo Kim, Dongho Won

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

In 2000, Xu and Tilborg proposed an ID-based conference key distribution scheme which builds on earlier work of Harn and Yang in the 2-party setting. Recently, Jung et al. have discovered security flaws in the Xu-Tilborg scheme and proposed an improvement of this scheme to fix the security flaws. However, Jung et al.'s improvement introduces another security weakness. We demonstrate this by showing that the improved scheme is vulnerable to a parallel session attack mounted by two colluding adversaries. Further, we recommend changes to the scheme that address this vulnerability.

Original languageEnglish
Pages (from-to)213-218
Number of pages6
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE89-A
Issue number1
DOIs
Publication statusPublished - 2006 Jan 1
Externally publishedYes

Fingerprint

Key Distribution
Identity-based
Defects
Vulnerability
Attack
Demonstrate

Keywords

  • Conference key distribution
  • Implicit key authentication
  • Parallel session attack

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture
  • Information Systems

Cite this

Weakness in Jung et al.'s ID-based conference key distribution scheme. / Nam, Junghyun; Kim, Seung-Joo; Won, Dongho.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E89-A, No. 1, 01.01.2006, p. 213-218.

Research output: Contribution to journalArticle

@article{375065c7c96748698587349a0774c476,
title = "Weakness in Jung et al.'s ID-based conference key distribution scheme",
abstract = "In 2000, Xu and Tilborg proposed an ID-based conference key distribution scheme which builds on earlier work of Harn and Yang in the 2-party setting. Recently, Jung et al. have discovered security flaws in the Xu-Tilborg scheme and proposed an improvement of this scheme to fix the security flaws. However, Jung et al.'s improvement introduces another security weakness. We demonstrate this by showing that the improved scheme is vulnerable to a parallel session attack mounted by two colluding adversaries. Further, we recommend changes to the scheme that address this vulnerability.",
keywords = "Conference key distribution, Implicit key authentication, Parallel session attack",
author = "Junghyun Nam and Seung-Joo Kim and Dongho Won",
year = "2006",
month = "1",
day = "1",
doi = "10.1093/ietfec/e89-a.1.213",
language = "English",
volume = "E89-A",
pages = "213--218",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "1",

}

TY - JOUR

T1 - Weakness in Jung et al.'s ID-based conference key distribution scheme

AU - Nam, Junghyun

AU - Kim, Seung-Joo

AU - Won, Dongho

PY - 2006/1/1

Y1 - 2006/1/1

N2 - In 2000, Xu and Tilborg proposed an ID-based conference key distribution scheme which builds on earlier work of Harn and Yang in the 2-party setting. Recently, Jung et al. have discovered security flaws in the Xu-Tilborg scheme and proposed an improvement of this scheme to fix the security flaws. However, Jung et al.'s improvement introduces another security weakness. We demonstrate this by showing that the improved scheme is vulnerable to a parallel session attack mounted by two colluding adversaries. Further, we recommend changes to the scheme that address this vulnerability.

AB - In 2000, Xu and Tilborg proposed an ID-based conference key distribution scheme which builds on earlier work of Harn and Yang in the 2-party setting. Recently, Jung et al. have discovered security flaws in the Xu-Tilborg scheme and proposed an improvement of this scheme to fix the security flaws. However, Jung et al.'s improvement introduces another security weakness. We demonstrate this by showing that the improved scheme is vulnerable to a parallel session attack mounted by two colluding adversaries. Further, we recommend changes to the scheme that address this vulnerability.

KW - Conference key distribution

KW - Implicit key authentication

KW - Parallel session attack

UR - http://www.scopus.com/inward/record.url?scp=32244449022&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=32244449022&partnerID=8YFLogxK

U2 - 10.1093/ietfec/e89-a.1.213

DO - 10.1093/ietfec/e89-a.1.213

M3 - Article

VL - E89-A

SP - 213

EP - 218

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -