Cryptanalysis of a Markov Chain Based User Authentication Scheme

Session key agreement protocol using smart card is extremely popular in client-server environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.\u27s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.\u27s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase

P2P Email Encryption by An Identity-Based One-Way Group Key Agreement Protocol

As a result of high-tech companies such as Google, Yahoo, and Microsoft offering free email services, email has become a primary channel of communication. However, email service providers have traditionally offered little in the way of message privacy protection. This has made emails, of which billions are sent around the world on any day, an attractive data source for personal identity information thieves. Google was one of the first companies to provide substantial email privacy protection when they began using the HTTPS always-on option to encrypt messages sent through their email service, Gmail. Unfortunately, Gmail\u27s encryption option does not offer true point-to-point encryption since the encrypted emails are decrypted and stored in plaintext form on Google\u27s servers. This type of approach poses a security vulnerability which is unacceptable to security-minded users such as highly sensitive government agencies and private companies. For these users, true point-to-point encryption is needed. This paper introduces an identity-based one-way group key agreement protocol and describes a point-to-point email encryption scheme based on the protocol. Both the security proofs and the efficiency analysis, with experimental results, of the new scheme are provided

Identity Confidentiality in 5G Mobile Telephony Systems

The 3rd Generation Partnership Project (3GPP) recently proposed a standard for 5G telecommunications, containing an identity protection scheme meant to address the long-outstanding privacy problem of permanent subscriber-identity disclosure. The proposal is essentially two disjoint phases: an identification phase, followed by an establishment of security context between mobile subscribers and their service providers via symmetric-key based authenticated key agreement. Currently, 3GPP proposes to protect the identification phase with a public-key based solution, and while the current proposal is secure against a classical adversary, the same would not be true of a quantum adversary. 5G specifications target very long-term deployment scenarios (well beyond the year 2030), therefore it is imperative that quantum-secure alternatives be part of the current specification. In this paper, we present such an alternative scheme for the problem of private identification protection. Our solution is compatible with the current 5G specifications, depending mostly on cryptographic primitives already specified in 5G, adding minimal performance overhead and requiring minor changes in existing message structures. Finally, we provide a detailed formal security analysis of our solution in a novel security framework

Elements of a complex but still incomplete puzzle: an assessment of the EU(-Turkey) summit. CEPS Post-Summit Analysis, 21 March 2016

The March 2016 EU Summit was yet another attempt to make progress on managing the EU’s migration/refugee crisis. In this post-summit analysis, Janis A. Emmanouilidis argues that the EU-Turkey deal, which foresees a return of migrants from Greece to Turkey and a direct resettlement of Syrians from Turkey to the EU on the grounds of a ‘1-for-1’ scheme, is a key and necessary element in a very complex puzzle trying to stop ‘irregular routes’ of migration. The ultimate success of this agreement is by no means certain, but it has the chance to reduce the number of people arriving at the shores of Europe. However, this would neither settle the crisis nor will it provide an adequate response to those in need of international protection. The ‘humanitarian imperative’ requires that the EU-Turkey deal is complemented by a much more ambitious direct resettlement scheme and other long-term measures as part of a comprehensive plan aiming to balance ‘solidarity and security’ in an effort to sustainably overcome the crisis

Group authentication protocols for Internet of Things (IoT) – QoS and Security Properties Evaluation

Trabalho de conclusão de curso (graduação)—Universidade de Brasília, Faculdade de Tecnologia, 2016.The objective of this work is to provide an overview on group authentication protocols for Internet of Things (IoT) and to propose two new group protocols. Both protocols perform authentication and key agreement among a group of devices and a Mobility Management Entity (MME) and aim performance improvements, ensuring a robust security and anonymity protection. One scheme is based on both Elliptical Curves Diffie-Hellman protocol and bilinear pairing and the other is a lightweight symmetric protocol based on Shamir’s secret. Additionally, both protocols have their performance and security objectives accomplishment analyzed and compared with other works already proposed in the literature. The performance analysis and comparison comprises communication, computational, verification and storage costs. Some of the security features analyzed are forward/backward secrecy (FS/BS), anonymity and resistance to several attacks. Finally, the protocols were formally validated by AVISPA tool

An authentic-based privacy preservation protocol for smart e-healthcare systems in iot

© 2013 IEEE. Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient\u27s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8