A Robust Security Mechanism for Mobile Commerce Transactions

抄録

In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.