In 2006 Yeh and Tsai proposed a mobile commerce security mechanism However in 2008 Yum et al pointed out that Yeh Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation Nevertheless this paper shows that both Yeh Tsai s and Yum et al s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off line guessing attack and Denning Sacco attack In addition we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms

• 出版日期2010-11