Cryptanalysis and Security Enhancement of an Advanced Authentication Scheme using Smart Cards, and a Key Agreement Scheme for Two-Party Communication

In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Song, is a password authentication scheme based on smart cards. We note that this scheme has already been shown vulnerable to the off-line password guessing attack by Tapiador et al. We perform a further cryptanalysis on this protocol and observe that it is prone to the clogging attack, a kind of denial of service (DOS) attack. We observe that all smart card based authentication protocols which precede the one by Song, and require the server to compute the computationally intensive modular exponentiation, like the one by Xu et al., or Lee at al., are prone to the clogging attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider is a two-party identity-based authenticated key agreement protocol by Hölbl et al. They have devised two such protocols in their work. They call them Protocol 1 and Protocol 2. Both the protocols have already been shown vulnerable to the insider attack in a recent work by Chen et al. Here we consider Protocol 2 and show its vulnerability to a simple man-in-the-middle attack where the adversary does not know or calculate either party\u27s private key, or the session key. Protocol 2 by Hölbl et al is an improvement over a previous work by Tseng. This makes the Tseng\u27s protocol vulnerable to the attack we illustrate. We further suggest an additional step for these protocols to make them immune against the man-in-the-middle attack

Denial of Service Attack on Protocols for Smart Grid Communications

In this work, a denial of service (DoS) attack known as the clogging attack has been performed on three different modern protocols for smart grid (SG) communications. The first protocol provides authentication between smart meters (SM) and a security and authentication server (SAS). The second protocol facilitates secure and private communications between electric vehicles (EV) and the smart grid. The third protocol is a secure and efficient key distribution protocol for the smart grid

Cryptanalysis and improvement of ecc based authentication and key exchanging protocols

Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC-based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities and to enhance them to be more secure against threats. This work demonstrates how currently-used ECC-based protocols are vulnerable to attacks. If protocols are vulnerable, damage could include critical data loss and elevated privacy concerns. The protocols considered in this work differ in their usage of security factors (e.g., passwords, pins and biometrics), encryption and timestamps. The threat model considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and the proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals

On Sorting under Special Transpositions

In this paper, we study a genome rearrangement primitive called block moves. This primitive as a special case of another well studied primitive transposition. We revisit the problem of BLOCK SORTING, which is a sorting problem under the primitive block moves in this work. BLOCK SORTING has been shown to be NP-Complete, and a couple of results have designed factor 2 approximation algorithms for the problem - the best known till date. However whether the problem is APX-Hard, or an improvement over the factor 2 approximation algorithms have been interesting open problems. We design a new factor 2 approximation algorithm for BLOCK SORTING. Our algorithm is equal to the best known in terms of approximation ratio, however, our approach is much simpler and is linear time (O (n)) as compared to the cubic (O (n3)) and quadratic (O (n2)) run-times of the existing algorithms for the problem

Security Analysis of ECC Based Authentication Protocols

In this work we consider two elliptic curve cryptography based authentication protocols for performing cryptanalysis and security enhancement. The first one by Moosavi et al., is a mutual authentication scheme for RFID implant systems. We perform a cryptanalysis on this protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Xu et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Xu et al., and require the server to compute the computationally intensive elliptic curve techniques are prone to the clogging attack. We suggest an alternative improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Moosavi et al

Energy Oriented Vulnerability Analysis on Authentication Protocols for CPS

In this work we compute the energy generated by modular exponentiation, a widely used powerful tool in password authentication protocols for cyber physical systems. We observe modular exponentiation to be an expensive operation in terms of energy consumption in addition to be known to be computationally intensive. We then analyze the security and energy consumption an advanced smart card based password authentication protocol for cyber physical systems, that use modular exponentiation. We devise a generic cryptanalysis method on the protocol, in which the attacker exploits the energy and computational intensive nature of modular exponentiation to a perform denial of service (DoS) attack. We also show other similar protocols to be vulnerable to this attack. We then suggest methods to prevent this attack. © 2014 IEEE