3,696 research outputs found
Efficient and Provably Secure Key Agreement for Modern Smart Metering Communications
Security in modern smart metering communications and in smart grid networks has been an area of interest recently. In this field, identity-based mutual authentication including credential privacy without active involvement of a trusted third party is an important building block for smart grid technology. Recently, several schemes have been proposed for the smart grid with various security features (e.g., mutual authentication and key agreement). Moreover, these schemes are said to offer session key security under the widely accepted Canetti-Krawczyk (CK) security model. Instead, we argue that all of them are still vulnerable under the CK model. To remedy the problem, we present a new provably secure key agreement model for smart metering communications. The proposed model preserves the security features and provides more resistance against a denial of service attack. Moreover, our scheme is pairing-free, resulting in highly efficient computational and communication efforts.</jats:p
Cryptanalysis of a client-to-client password-authenticated key agreement protocol
Recently, Byun et al. proposed an efficient client-to-client password-authenticated key agreement protocol (EC2C-PAKA), which was provably secure in a formally defined security model. This letter shows that EC2C-PAKA protocol is vulnerable to password compromise impersonate attack and man-in-the-middle attack if the key between servers is compromised
The Saeed-Liu-Tian-Gao-Li authenticated key agreement protocol is insecure
A recently proposed authenticated key agreement protocol is shown to be
insecure. In particular, one of the two parties is not authenticated, allowing
an active man in the middle opponent to replay old messages. The protocol is
essentially an authenticated Diffie-Hellman key agreement scheme, and the lack
of authentication allows an attacker to replay old messages and have them
accepted. Moreover, if the ephemeral key used to compute a protocol message is
ever compromised, then the key established using the replayed message will also
be compromised. Fixing the problem is simple - there are many provably secure
and standardised protocols which are just as efficient as the flawed scheme
Cryptanalysis of an efficient certificateless two-party authenticated key agreement protocol
Recently, He et al. (Computers and Mathematics with Applications, 2012, 64(6): 1914-1926) proposed a new efficient certificateless two-party authenticated key agreement protocol. They claimed their protocol was provably secure in the extended Canetti-Krawczyk (eCK) model. In this paper, we will show that their protocol is insecure. A type I adversary, who obtains one party\u27s ephemeral private key, can impersonate the party to cheat the other party and compute the shared session key successfully. For overcoming this weakness, we also propose a simple countermeasure
Session Initiation Protocol Attacks and Challenges
In recent years, Session Initiation Protocol (SIP) has become widely used in
current internet protocols. It is a text-based protocol much like Hyper Text
Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a
strong enough signaling protocol on the internet for establishing, maintaining,
and terminating session. In this paper the areas of security and attacks in SIP
are discussed. We consider attacks from diverse related perspectives. The
authentication schemes are compared, the representative existing solutions are
highlighted, and several remaining research challenges are identified. Finally,
the taxonomy of SIP threat will be presented
- …