Cryptanalysis of an Efficient Signcryption Scheme with Forward Secrecy Based on Elliptic Curve

The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Several signcryption schemes are proposed throughout the years, each of them having its own problems and limitations. In this paper, the security of a recent signcryption scheme, i.e. Hwang et al.'s scheme is analyzed, and it is proved that it involves several security flaws and shortcomings. Several devastating attacks are also introduced to the mentioned scheme whereby it fails all the desired and essential security attributes of a signcryption scheme.Comment: 5 Pages, 2 Figure

Attacks on improved key distribution protocols with perfect reparability

In this paper, we present attacks on two improved key distribution protocol with perfect reparability that were presented at ICON 2000. First, we show that the two ldquoattacksrdquo described in their paper are trivial and do not count as attacks at all since they are well-known attacks that apply to any security system. Further, we describe several attacks on both improved protocols, and show that an illegitimate attacker could easily impersonate legitimate parties and have other parties think they are sharing keys with the impersonated party when in fact that party is not present at all

Elliptic Curve Cryptography Digital Signature Algorithm For Privacy-Preserving Public Auditing For Shared Data In The Cloud

Cloud computing becomes one of the emerging technology on now a days to share and manage their data in organization , because of its forcefulness, small communication cost and everywhere environment. Privacy preservation concern in the cloud computing becomes arise several security challenges since information stored in the cloud data is easily outsourced anywhere at any time. To manage this privacy preservation in cloud computing several number of the mechanism have been proposed in earlier work to permit both data owners and public verifiers toward proficiently audit cloud information integrity without leakage information from cloud server. But major issue of the existing works becomes these methods is that unavoidably disclose secret data to free verifiers. In order to overcome this problem in this paper presents novel privacy-preserving elliptic curve digital signature cryptography methods data integrity with the purpose to maintain public auditing on shared information stored which is stored in the cloud computing database. In the proposed methods digital signature are created to each data owner in the cloud computing environment and attain data integrity confirmation for shared information between one cloud data owner to third party auditor. In our proposed data integrity Elliptic Curve Cryptography Digital Signature Algorithm, the individuality of the signer on every one chunk in shared information is reserved privately secure manner by creation elliptic curve based private key from public verifiers. Further improve accuracy of the privacy preservation for shared information in the cloud computing proposed ECCDSA perform manifold auditing tasks parallel. The experimentation results of the proposed ECCDSA based multiple data auditing task shows that higher efficiency and higher data integrity while performing auditing task, it can be compared with existing public auditing methods. DOI: 10.17762/ijritcc2321-8169.150313

Key Substitution in the Symbolic Analysis of Cryptographic Protocols (extended version)

Key substitution vulnerable signature schemes are signature schemes that permit an intruder, given a public verification key and a signed message, to compute a pair of signature and verification keys such that the message appears to be signed with the new signature key. A digital signature scheme is said to be vulnerable to destructive exclusive ownership property (DEO) If it is computationaly feasible for an intruder, given a public verification key and a pair of message and its valid signature relatively to the given public key, to compute a pair of signature and verification keys and a new message such that the given signature appears to be valid for the new message relatively to the new verification key. In this paper, we prove decidability of the insecurity problem of cryptographic protocols where the signature schemes employed in the concrete realisation have this two properties

Review on Leakage Resilient Key Exchange Security Model

In leakage resilient cryptography, leakage resilient key exchange protocols are constructed to defend against leakage attacks. Then, the key exchange protocol is proved with leakage resilient security model to determine whether its security proof can provide the security properties it claimed or to find out any unexamined flaw during protocol building. It is an interesting work to review the meaningful security properties provided by these security models. This work review how a leakage resilient security model for a key exchange protocol has been evolved over years according to the increasing security requirement which covers a different range of attacks. The relationship on how an adversary capability in the leakage resilient security model can be related to real-world attack scenarios is studied. The analysis work for each leakage resilient security model here enables a better knowledge on how an adversary query addresses different leakage attacks setting, thereby understand the motive of design for a cryptographic primitive in the security model

Securing PIN-based Authentication in Smartwatches With just Two Gestures

Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful devices, it also makes them very attractive targets for attackers. Indeed, PINs and Pattern Lock have been widely used in smartwatches for user authentication. However, such authentication methods are not robust against various forms of cybersecurity attacks, such as side channel, phishing, smudge, shoulder surfing, and video recording attacks. Moreover, the recent adoption of hardware-based solutions, like the Trusted Execution Environment (TEE), can mitigate only partially such problems. Thus, the user’s security and privacy are at risk without a strong authentication scheme in place. In this work, we propose 2GesturePIN, a new authentication framework that allows users to authenticate securely to their smartwatches and related sensitive services through solely two gestures. 2GesturePIN leverages the rotating bezel or crown, which are the most intuitive ways to interact with a smartwatch, as a dedicated hardware. 2GesturePIN improves the resilience of the regular PIN authentication method against state-of-the-art cybersecurity attacks while maintaining a high level of usability

Analyzing the secure simple pairing in Bluetooth v4.0

This paper analyzes the security of Bluetooth v4.0’s Secure Simple Pairing (SSP) protocol, for both the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (LE) operational modes. Bluetooth v4.0 is the latest version of a wireless communication standard for low-speed and low-range data transfer among devices in a human’s PAN. It allows increased network mobility among devices such as headsets, PDAs, wireless keyboards and mice. A pairing process is initiated when two devices desire to communicate, and this pairing needs to correctly authenticate devices so that a secret link key is established for secure communication. What is interesting is that device authentication relies on humans to communicate verification information between devices via a human-aided out-of-band channel. Bluetooth v4.0’s SSP protocol is designed to offer security against passive eavesdropping and man-inthe- middle (MitM) attacks. We conduct the first known detailed analysis of SSP for all its MitM-secure models. We highlight some issues related to exchange of public keys and use of the passkey in its models and discuss how to treat them properly