On the cryptographic applications of random functions
Proceedings of CRYPTO 84 on Advances in cryptology
Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Hi-index | 0.01 |
Mobile users should be able to buy their handsets and then get service from any service provider without physically taking the handset to the provider's location or manually entering long keys and parameters into the handset. This capability to activate and provision the handset remotely is part of the current North American wireless standards and is referred to as 'over the air service provisioning' (OTASP). We examine current proposals and point out some of their limitations. Often the knowledge shared between the mobile user and the network is not fully specified and hence not exploited. We depart from this norm by first providing a classification of various sharing of secrets and secondly we make explicit the assumed shared knowledge and use it to construct various schemes for OTASP. We present a different OTASP scheme for each of the following assumptions: 1) availability of a land line, 2) public key of a CA in the handset, 3) weak secret shared by the mobile user and the network, and 4) secret of the mobile user which can only be verified by the network.