Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Mutual Authentication and Secure Session Termination Scheme in iATA Protocol

  • Ong, Ivy (Department of General, Dongseo University) ;
  • Lee, Shirly (Department of General, Dongseo University) ;
  • Lee, Hoon-Jae (Department of Computer & Information Engineering, Dongseo University) ;
  • Lim, Hyo-Taek (Department of Computer & Information Engineering, Dongseo University)
  • Received : 2010.07.07
  • Accepted : 2010.07.21
  • Published : 2010.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

Keywords

References

  1. Chee-Min Yeoh, Yu-Shu They, Hoon-Jae Lee, and Hyotaek Lim, "Design and Implementation of iATA on Windosw CE Platform: An ATA-based Virtual Storage System," Porc. of International Conference on Communications and Mobile Computing (WRI), pp. 85-89, Jan 2009.
  2. ErnYu Lee, YuShu They, HyoTaek Lim, HoonJae Lee, "A Lightweight Secure iSCSI-based Remote Storage Service for Mobile Devices," Proc. of 2nd International Conference on Communications and Networking in China (CHINACOM), pp. 361-364, Aug 2007.
  3. Minglei Shu, Chengxiang Tan, and Haihang Wang, "Mobile Authentication Scheme Using SMS," IITA International Conference on Service Science, Management and Engineering (SSME), pp.161-164, Jul 2009.
  4. Chun-Ta Li, "An Enhanced Remote User Authentication Scheme Providing Mutual Authentication and Key Agreement with Smart Cards," 5th International Conference on Information Assurance and Security (IAS), pp. 517-520, Aug 2009.
  5. Han-cheng Hsiang and Wei-Juan Shih, "A Secure Remote Mutual Authentication and Key Agreement with Smart Cards," Proc. of ANSI International Technology Journal, vol. 8, pp. 333-339, 2009.
  6. W. Stallings, Cryptography and Network Security. 4th ed. Pearson Education, 2005.
  7. HoonJae Lee, SangMin Sung, and HyeongRag Kim, "NLM-128, An Improved LM-type Summation Fenerator with 2-bit memories," 4th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), pp. 577-582, Nov 2009.
  8. Nguyen, T.N., Tran, B.N. and, Nguyen, D.H.M., "A lightweight solution for Wireless LAN: Letter-envelop protocol," Proc. of 3rd International Conference on Communications and Networking in China (ChinaCom), pp. 17-21, Aug 2008.
  9. Nguyen, T.D., Nguyen, D., Tran, B.N. and, Mittal, N., "A Lightweight solution for Defending against Deauthentication/Disassociation Attacks on 802.11 Networks," Proc. of 17th International Conference on Computer Communications and Networks (ICCCN), pp. 1-6, Aug 2008.