By Topic

On the Insecurity of Proactive RSA in the URSA Mobile Ad Hoc Network Access Control Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Jarecki, S. ; Comput. Sci. Dept., Univ. of California, Irvine, CA, USA ; Saxena, N.

Access control is the fundamental security service in ad hoc groups. It is needed not only to prevent unauthorized entities from joining the group, but also to bootstrap other security services. Luo, proposed a set of protocols for providing ubiquitous and robust access control (called URSA) in mobile ad hoc networks without relying on a centralized authority. The URSA protocol relies on the new proactive RSA signature scheme, which allows members in an ad hoc group to make access control decisions in a distributed manner. The proposed proactive RSA signature scheme is assumed secure as long as no more than an allowed threshold of participating members is simultaneously corrupted at any point in the lifetime of the scheme. In this paper, we show an attack on this proposed proactive RSA scheme, in which an admissible threshold of malicious group members can completely recover the group RSA secret key in the course of the lifetime of this scheme. Our attack stems from the fact that the threshold signature protocol which is a part of this proactive RSA scheme leaks some seemingly innocuous information about the secret signature key. We show how the corrupted members can influence the execution of the scheme in such a way so that the slowly leaked information is used to reconstruct the entire shared secret.

Published in:

Information Forensics and Security, IEEE Transactions on  (Volume:5 ,  Issue: 4 )