Yet another attack on a password authentication scheme based on quadratic residues with parameters unknown 1

In 1988, Harn, Laih and Huang proposed a password authentication scheme based on quadratic residues. However, in 1995, Chang, Wu and Laih pointed out that if the parameters d b a , , and l are known by the intruder, this scheme can be broken. In this paper, we presented another attack on the Harn-Laih-Huang scheme. In our attack, it doesn’t need to know the parameters and it is more efficient than the Chang-Wu-Laih attack

The Interpolating Random Spline Cryptosystem and the Chaotic-Map Public-Key Cryptosystem

The feasibility of implementing the interpolating cubic spline function as encryption and decryption transformations is presented. The encryption method can be viewed as computing a transposed polynomial. The main characteristic of the spline cryptosystem is that the domain and range of encryption are defined over real numbers, instead of the traditional integer numbers. Moreover, the spline cryptosystem can be implemented in terms of inexpensive multiplications and additions. Using spline functions, a series of discontiguous spline segments can execute the modular arithmetic of the RSA system. The similarity of the RSA and spline functions within the integer domain is demonstrated. Furthermore, we observe that such a reformulation of RSA cryptosystem can be characterized as polynomials with random offsets between ciphertext values and plaintext values. This contrasts with the spline cryptosystems, so that a random spline system has been developed. The random spline cryptosystem is an advanced structure of spline cryptosystem. Its mathematical indeterminacy on computing keys with interpolants no more than 4 and numerical sensitivity to the random offset t( increases its utility. This article also presents a chaotic public-key cryptosystem employing a one-dimensional difference equation as well as a quadratic difference equation. This system makes use of the El Gamal’s scheme to accomplish the encryption process. We note that breaking this system requires the identical work factor that is needed in solving discrete logarithm with the same size of moduli

Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs

Synchronization of multi-carrier CDMA signals and security on internet.

by Yooh Ji Heng.Thesis (M.Phil.)--Chinese University of Hong Kong, 1996.Includes bibliographical references (leaves 119-128).Appendix in Chinese.Chapter I --- Synchronization of Multi-carrier CDMA Signals --- p.1Chapter 1 --- Introduction --- p.2Chapter 1.1 --- Spread Spectrum CDMA --- p.4Chapter 1.1.1 --- Direct Sequence/SS-CDMA --- p.5Chapter 1.1.2 --- Frequency Hopping/SS-CDMA --- p.5Chapter 1.1.3 --- Pseudo-noise Sequence --- p.6Chapter 1.2 --- Synchronization for CDMA signal --- p.7Chapter 1.2.1 --- Acquisition of PN Sequence --- p.7Chapter 1.2.2 --- Phase Locked Loop --- p.8Chapter 2 --- Multi-carrier CDMA --- p.10Chapter 2.1 --- System Model --- p.11Chapter 2.2 --- Crest Factor --- p.12Chapter 2.3 --- Shapiro-Rudin Sequence --- p.14Chapter 3 --- Synchronization and Detection by Line-Fitting --- p.16Chapter 3.1 --- Unmodulated Signals --- p.16Chapter 3.2 --- Estimating the Time Shift by Line-Fitting --- p.19Chapter 3.3 --- Modulated Signals --- p.22Chapter 4 --- Matched Filter --- p.23Chapter 5 --- Performance and Conclusion --- p.27Chapter 5.1 --- Line Fitting Algorithm --- p.27Chapter 5.2 --- Matched Filter --- p.28Chapter 5.3 --- Conclusion --- p.30Chapter II --- Security on Internet --- p.31Chapter 6 --- Introduction --- p.32Chapter 6.1 --- Introduction to Cryptography --- p.32Chapter 6.1.1 --- Classical Cryptography --- p.33Chapter 6.1.2 --- Cryptanalysis --- p.35Chapter 6.2 --- Introduction to Internet Security --- p.35Chapter 6.2.1 --- The Origin of Internet --- p.35Chapter 6.2.2 --- Internet Security --- p.36Chapter 6.2.3 --- Internet Commerce --- p.37Chapter 7 --- Elementary Number Theory --- p.39Chapter 7.1 --- Finite Field Theory --- p.39Chapter 7.1.1 --- Euclidean Algorithm --- p.40Chapter 7.1.2 --- Chinese Remainder Theorem --- p.40Chapter 7.1.3 --- Modular Exponentiation --- p.41Chapter 7.2 --- One-way Hashing Function --- p.42Chapter 7.2.1 --- MD2 --- p.43Chapter 7.2.2 --- MD5 --- p.43Chapter 7.3 --- Prime Number --- p.44Chapter 7.3.1 --- Listing of Prime Number --- p.45Chapter 7.3.2 --- Primality Testing --- p.45Chapter 7.4 --- Random/Pseudo-Random Number --- p.47Chapter 7.4.1 --- Examples of Random Number Generator --- p.49Chapter 8 --- Private Key and Public Key Cryptography --- p.51Chapter 8.1 --- Block Ciphers --- p.51Chapter 8.1.1 --- Data Encryption Standard (DES) --- p.52Chapter 8.1.2 --- International Data Encryption Algorithm (IDEA) --- p.54Chapter 8.1.3 --- RC5 --- p.55Chapter 8.2 --- Stream Ciphers --- p.56Chapter 8.2.1 --- RC2 and RC4 --- p.57Chapter 8.3 --- Public Key Cryptosystem --- p.58Chapter 8.3.1 --- Diffie-Hellman --- p.60Chapter 8.3.2 --- Knapsack Algorithm --- p.60Chapter 8.3.3 --- RSA --- p.62Chapter 8.3.4 --- Elliptic Curve Cryptosystem --- p.63Chapter 8.3.5 --- Public Key vs. Private Key Cryptosystem --- p.64Chapter 8.4 --- Digital Signature --- p.65Chapter 8.4.1 --- ElGamal Signature Scheme --- p.66Chapter 8.4.2 --- Digital Signature Standard (DSS) --- p.67Chapter 8.5 --- Cryptanalysis to Current Cryptosystems --- p.68Chapter 8.5.1 --- Differential Cryptanalysis --- p.68Chapter 8.5.2 --- An Attack to RC4 in Netscapel.l --- p.69Chapter 8.5.3 --- "An Timing Attack to Diffie-Hellman, RSA" --- p.71Chapter 9 --- Network Security and Electronic Commerce --- p.73Chapter 9.1 --- Network Security --- p.73Chapter 9.1.1 --- Password --- p.73Chapter 9.1.2 --- Network Firewalls --- p.76Chapter 9.2 --- Implementation for Network Security --- p.79Chapter 9.2.1 --- Kerberos --- p.79Chapter 9.2.2 --- Privacy-Enhanced Mail (PEM) --- p.80Chapter 9.2.3 --- Pretty Good Privacy (PGP) --- p.82Chapter 9.3 --- Internet Commerce --- p.83Chapter 9.3.1 --- Electronic Cash --- p.85Chapter 9.4 --- Internet Browsers --- p.87Chapter 9.4.1 --- Secure NCSA Mosaic --- p.87Chapter 9.4.2 --- Netscape Navigator --- p.89Chapter 9.4.3 --- SunSoft HotJava --- p.91Chapter 10 --- Examples of Electronic Commerce System --- p.94Chapter 10.1 --- CyberCash --- p.95Chapter 10.2 --- DigiCash --- p.97Chapter 10.3 --- The Financial Services Technology Consortium --- p.98Chapter 10.3.1 --- Electronic Check Project --- p.99Chapter 10.3.2 --- Electronic Commerce Project --- p.101Chapter 10.4 --- FirstVirtual --- p.103Chapter 10.5 --- Mondex --- p.104Chapter 10.6 --- NetBill --- p.106Chapter 10.7 --- NetCash --- p.108Chapter 10.8 --- NetCheque --- p.111Chapter 11 --- Conclusion --- p.113Chapter A --- An Essay on Chinese Remainder Theorem and RSA --- p.115Bibliography --- p.11

The Legendre Pseudorandom Function as a Multivariate Quadratic Cryptosystem: Security and Applications

Sequences of consecutive Legendre and Jacobi symbols as pseudorandom bit generators were proposed for cryptographic use in 1988. Major interest has been shown towards pseudorandom functions (PRF) recently, based on the Legendre and power residue symbols, due to their efficiency in the multi-party setting. The security of these PRFs is not known to be reducible to standard cryptographic assumptions. In this work, we show that key-recovery attacks against the Legendre PRF are equivalent to solving a specific family of multivariate quadratic (MQ) equation system over a finite prime field. This new perspective sheds some light on the complexity of key-recovery attacks against the Legendre PRF. We conduct algebraic cryptanalysis on the resulting MQ instance. We show that the currently known techniques and attacks fall short in solving these sparse quadratic equation systems. Furthermore, we build novel cryptographic applications of the Legendre PRF, e.g., verifiable random function and (verifiable) oblivious (programmable) PRFs

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

Smooth Number Message Authentication Code in the IoT Landscape

This paper presents the Smooth Number Message Authentication Code (SNMAC) for the context of lightweight IoT devices. The proposal is based on the use of smooth numbers in the field of cryptography, and investigates how one can use them to improve the security and performance of various algorithms or security constructs. The literature findings suggest that current IoT solutions are viable and promising, yet they should explore the potential usage of smooth numbers. The methodology involves several processes, including the design, implementation, and results evaluation. After introducing the algorithm, provides a detailed account of the experimental performance analysis of the SNMAC solution, showcasing its efficiency in real-world scenarios. Furthermore, the paper also explores the security aspects of the proposed SNMAC algorithm, offering valuable insights into its robustness and applicability for ensuring secure communication within IoT environments.Comment: 19 pages, 7 figure

Smooth Number Message Authentication Code in the IoT Landscape

This paper presents the Smooth Number Message Authentication Code (SNMAC) for the context of lightweight IoT devices. The proposal is based on the use of smooth numbers in the field of cryptography, and investigates how one can use them to improve the security and performance of various algorithms or security constructs. The literature findings suggest that current IoT solutions are viable and promising, yet they should explore the potential usage of smooth numbers. The methodology involves several processes, including the design, implementation, and results evaluation. After introducing the algorithm, provides a detailed account of the experimental performance analysis of the SNMAC solution, showcasing its efficiency in real-world scenarios. Furthermore, the paper also explores the security aspects of the proposed SNMAC algorithm, offering valuable insights into its robustness and applicability for ensuring secure communication within IoT environments