183 research outputs found
On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard
Wireless Body Area Networks (WBAN) support a variety of real-time health
monitoring and consumer electronics applications. The latest international
standard for WBAN is the IEEE 802.15.6. The security association in this
standard includes four elliptic curve-based key agreement protocols that are
used for generating a master key. In this paper, we challenge the security of
the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols
to several attacks. We perform a security analysis on the protocols, and show
that they all have security problems, and are vulnerable to different attacks
Cryptanalysis of an Efficient Signcryption Scheme with Forward Secrecy Based on Elliptic Curve
The signcryption is a relatively new cryptographic technique that is supposed
to fulfill the functionalities of encryption and digital signature in a single
logical step. Several signcryption schemes are proposed throughout the years,
each of them having its own problems and limitations. In this paper, the
security of a recent signcryption scheme, i.e. Hwang et al.'s scheme is
analyzed, and it is proved that it involves several security flaws and
shortcomings. Several devastating attacks are also introduced to the mentioned
scheme whereby it fails all the desired and essential security attributes of a
signcryption scheme.Comment: 5 Pages, 2 Figure
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
An Elliptic Curve-based Signcryption Scheme with Forward Secrecy
An elliptic curve-based signcryption scheme is introduced in this paper that
effectively combines the functionalities of digital signature and encryption,
and decreases the computational costs and communication overheads in comparison
with the traditional signature-then-encryption schemes. It simultaneously
provides the attributes of message confidentiality, authentication, integrity,
unforgeability, non-repudiation, public verifiability, and forward secrecy of
message confidentiality. Since it is based on elliptic curves and can use any
fast and secure symmetric algorithm for encrypting messages, it has great
advantages to be used for security establishments in store-and-forward
applications and when dealing with resource-constrained devices.Comment: 13 Pages, 5 Figures, 2 Table
A Decentralized Dynamic PKI based on Blockchain
The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-connected and large systems. Log-based PKIs have been proposed as a remedy but they do not solve the problem effectively. We provide a general model and a solution for decentralized and dynamic PKI based on a blockchain and web of trust model where the traditional CA and digital certificates are removed and instead, everything is registered on the blockchain. Registration, revocation, and update of public keys are based on a consensus mechanism between a certain number of entities that are already part of the system. Any node which is part of the system can be an auditor and initiate the revocation procedure once it finds out malicious activities. Revocation lists are no longer required as any node can efficiently verify the public keys through witnesses
SSMS - A Secure SMS Messaging Protocol for the M-payment Systems
The GSM network with the greatest worldwide number of users, succumbs to
several security vulnerabilities. The short message service (SMS) is one of its
superior and well-tried services with a global availability in the GSM
networks. The main contribution of this paper is to introduce a new secure
application layer protocol, called SSMS, to efficiently embed the desired
security attributes in the SMS messages to be used as a secure bearer in the
m-payment systems. SSMS efficiently embeds the confidentiality, integrity,
authentication, and non-repudiation in the SMS messages. It provides an
elliptic curve-based public key solution that uses public keys for the secret
key establishment of a symmetric encryption. It also provides the attributes of
public verification and forward secrecy. It efficiently makes the SMS messaging
suitable for the m-payment applications where the security is the great
concern.Comment: 6 Pages, 5 Figure
Solutions to the GSM Security Weaknesses
Recently, the mobile industry has experienced an extreme increment in number
of its users. The GSM network with the greatest worldwide number of users
succumbs to several security vulnerabilities. Although some of its security
problems are addressed in its upper generations, there are still many operators
using 2G systems. This paper briefly presents the most important security flaws
of the GSM network and its transport channels. It also provides some practical
solutions to improve the security of currently available 2G systems.Comment: 6 Pages, 2 Figure
- …