81 research outputs found
An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards
With the recent proliferation of distributed systems and networking, remote
authentication has become a crucial task in many networking applications.
Various schemes have been proposed so far for the two-party remote
authentication; however, some of them have been proved to be insecure. In this
paper, we propose an efficient timestamp-based password authentication scheme
using smart cards. We show various types of forgery attacks against a
previously proposed timestamp-based password authentication scheme and improve
that scheme to ensure robust security for the remote authentication process,
keeping all the advantages that were present in that scheme. Our scheme
successfully defends the attacks that could be launched against other related
previous schemes. We present a detailed cryptanalysis of previously proposed
Shen et. al scheme and an analysis of the improved scheme to show its
improvements and efficiency.Comment: 6 page
(In)security of efficient tree-based group key agreement using bilinear map
A group key agreement protocol enables three or more parties to agree on a secret group key to allow for communication of secret messages between them. In this paper, we consider the security of an efficiency-improved version of the tree-based group key agreement protocol using bilinear maps proposed by Lee et al., and claimed to reduce computational costs while preserving security. To be precise, we show several attacks on this protocol and discuss how they could have been avoided
An efficient bilateral remote user authentication scheme with smart cards
In this paper, we propose an efficient bilateral remote user authentication scheme with smart cards. Our scheme ensures both-way authentication, so that any attempt of the adversary to affect the secure communications between the authentication server and the user could not be successful. We also present a brief analysis of our proposed scheme and show that it is well-resistant against the known attacks in remote user authentication process
Attacks on improved key distribution protocols with perfect reparability
In this paper, we present attacks on two improved key distribution protocol with perfect reparability that were presented at ICON 2000. First, we show that the two ldquoattacksrdquo described in their paper are trivial and do not count as attacks at all since they are well-known attacks that apply to any security system. Further, we describe several attacks on both improved protocols, and show that an illegitimate attacker could easily impersonate legitimate parties and have other parties think they are sharing keys with the impersonated party when in fact that party is not present at all
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
- โฆ