An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication; however, some of them have been proved to be insecure. In this paper, we propose an efficient timestamp-based password authentication scheme using smart cards. We show various types of forgery attacks against a previously proposed timestamp-based password authentication scheme and improve that scheme to ensure robust security for the remote authentication process, keeping all the advantages that were present in that scheme. Our scheme successfully defends the attacks that could be launched against other related previous schemes. We present a detailed cryptanalysis of previously proposed Shen et. al scheme and an analysis of the improved scheme to show its improvements and efficiency.Comment: 6 page

(In)security of efficient tree-based group key agreement using bilinear map

A group key agreement protocol enables three or more parties to agree on a secret group key to allow for communication of secret messages between them. In this paper, we consider the security of an efficiency-improved version of the tree-based group key agreement protocol using bilinear maps proposed by Lee et al., and claimed to reduce computational costs while preserving security. To be precise, we show several attacks on this protocol and discuss how they could have been avoided

An efficient bilateral remote user authentication scheme with smart cards

In this paper, we propose an efficient bilateral remote user authentication scheme with smart cards. Our scheme ensures both-way authentication, so that any attempt of the adversary to affect the secure communications between the authentication server and the user could not be successful. We also present a brief analysis of our proposed scheme and show that it is well-resistant against the known attacks in remote user authentication process

Attacks on improved key distribution protocols with perfect reparability

In this paper, we present attacks on two improved key distribution protocol with perfect reparability that were presented at ICON 2000. First, we show that the two ldquoattacksrdquo described in their paper are trivial and do not count as attacks at all since they are well-known attacks that apply to any security system. Further, we describe several attacks on both improved protocols, and show that an illegitimate attacker could easily impersonate legitimate parties and have other parties think they are sharing keys with the impersonated party when in fact that party is not present at all

Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol