Comments on Five Smart Card Based Password Authentication Protocols

In this paper, we use the ten security requirements proposed by Liao et al. for a smart card based authentication protocol to examine five recent work in this area. After analyses, we found that the protocols of Juang et al.'s , Hsiang et al.'s, Kim et al.'s, and Li et al.'s all suffer from offline password guessing attack if the smart card is lost, and the protocol of Xu et al.'s is subjected to an insider impersonation attack.Comment: 4 pages

Cryptanalysis on “Secure untraceable off-line electronic cash system”

Recently, Baseri et al. proposed a secure untraceable off-line electronic cash system. They claimed that their scheme could achieve security requirements of an e-cash system such as, untraceability, anonymity, unlinkability, double spending checking, un-forgeability, date-attachability, and prevent forging coins. They further prove the un-forgeability security feature by using the hardness of discrete logarithm problems. However, after cryptanalysis, we found that the scheme cannot attain the security feature, untraceability. We, therefore, modify it to comprise this desired requirement, which is very important in an e-cash system

Crypto-analyses on “user efficient recoverable off-line e-cashs scheme with fast anonymity revoking”

Recently, Fan et al. proposed a user efficient recoverable off-line e-cash scheme with fast anonymity revoking. They claimed that their scheme could achieve security requirements of an e-cash system such as, anonymity, unlinkability, double spending checking, anonymity control, and rapid anonymity revoking on double spending. They further formally prove the unlinkability and the un-forgeability security features. However, after crypto-analysis, we found that the scheme cannot attain the two proven security features, anonymity and unlinkability. We, therefore, modify it to comprise the two desired requirements which are very important in an e-cash system

ECC-Based Non-Interactive Deniable Authentication with Designated Verifier

Recently, researchers have proposed many non-interactive deniable authentication (NIDA) protocols. Most of them claim that their protocols possess full deniability. However, after reviewing, we found that they either cannot achieve full deniability, or suffer KCI or SKCI attack; moreover, lack efficiency, because they are mainly based on DLP, factoring problem, or bilinear pairings. Due to this observation, and that ECC provides the security equivalence to RSA and DSA by using much smaller key size, we used Fiat-Shamir heuristic to propose a novel ECC-based NIDA protocol for achieving full deniability as well as getting more efficient than the previous schemes. After security analyses and efficiency comparisons, we confirmed the success of the usage. Therefore, the proposed scheme was more suitable to be implemented in low power mobile devices than the others

A secure anonymous communication scheme in vehicular ad hoc networks from pairings

Security and efficiency are two crucial issues in vehicular ad hoc networks. Many researches have devoted to these issues. However, we found that most of the proposed protocols in this area are insecure and can’t satisfy the anonymous property. Due to this observation, we propose a secure and anonymous method based on bilinear pairings to resolve the problems. After analysis, we conclude that our scheme is the most secure when compared with other protocols proposed so far

Comments on: EIBAS - an efficient identity broadcast authentication scheme in wireless sensor networks

Recently, Shm et al. Proposed an efficient identity-based broadcast authentication scheme based on Tso et al.’s IBS scheme with message recovery to achieve security requirements in wireless sensor networks. They claim that their scheme can achieve security requirements and mitigated DOS attack by limiting the times of signature verification failures in wireless sensor networks (WSN). However, we found that the scheme cannot attain the security level as they claimed. We will demonstrate it in this article

Crypto-analyses on “secure and efficient privacy-preserving public auditing scheme for cloud storage”

Recently, Worku et al. pointed out that the work “privacy-preserving public auditing for data storage security in cloud computing” proposed by Wang et al. is insecure and their second work “privacy- preserving public auditing for secure cloud the storage” is inefficient. Thus, they offered a secure and efficient-privacy public auditing scheme for cloud storage. They claimed that their system is provably secure in the random oracle model and the operation is effective. However, after crypto-analysis, we found that the scheme cannot reach the security goal, it has the existential forgery attack. We, therefore, alter it to incorporate the desired privacy preserving requirement, which is very significant in a privacy-preserving public auditing protocol for cloud storage

A provably secure really source hiding designated verifier signature scheme based on random oracle model

A lot of designated verifier signature (DVS) schemes have been proposed. However, all of them only provide the basic security requirement that only the designated verifier can check the validity of the signature. They are either not secure enough or lacking source hiding. Hence, in this article, we design a provably secure DVS scheme. It not only can attain the basic security requirement but also hide the original signer’s identity which makes our scheme more suitable for the applications in an electronic voting system

A novel k-out-of-n Oblivious Transfer Protocols Based on Bilinear Pairings

Low bandwidth consumption is an important issue in a busy commercial network whereas time may not be so crucial, for example, the end-of-day financial settlement for commercial transactions in a day. In this paper, we construct a secure and low bandwidth-consumption k-out-of-n oblivious transfer scheme based on bilinear pairings. We analyze the security and efficiency of our scheme and conclude that our scheme is more secure and efficient in communication bandwidth consumption than most of the other existing oblivious transfer schemes that we know