Weakness of Several Identity-based Tripartite Authenticated Key Agreement Protocols

Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In recent years, several identity-based authenticated key agreement protocols have been proposed. In this study, we analyze three identity-based tripartite authenticated key agreement protocols. After the analysis, we found that these protocols do not possess the desirable security attributes

Efficient CCA-secure Threshold Public-Key Encryption Scheme

In threshold public-key encryption, the decryption key is divided into n shares, each one of which is given to a different decryption user in order to avoid single points of failure. In this study, we propose a simple and efficient non-interactive threshold public-key encryption scheme by using the hashed Diffie-Hellman assumption in bilinear groups. Compared with the other related constructions, the proposed scheme is more efficient

Fully Deniable Mutual Authentication Protocol Based on RSA Signature

Deniable authentication protocols allow a sender to authenticate a receiver, in a way that the receiver cannot convince a third party that such authentication (or any authentication) ever took place. In this study, we construct a fully deniable mutual authentication protocol based on RSA signature, and then a deniable authenticated key exchange protocol is constructed from the proposed protocol

Cryptanalysis and improvement of a dynamic and secure key management model for hierarchical heterogeneous sensor networks

In 2012, Alagheband and Aref presented a dynamic and secure key manage ment model for hierarchical heterogeneous sensor networks. They proposed a signcryption algorithm which is the main building block in their key management model. They proved the algorithm is as strong as the elliptical curve discrete logarithm problem. In this work, we study the security of their signcryption algorithm. It is regretful that we found their algorithm is insecure. The adversary can impersonate the base station by sending forged messages to the cluster leaders after capturing the signcrypted messages. Hence, the key management model proposed by them is insecure. Then, we propose an improved signcryption algorithm to fix this weakness

Insecurity of An Anonymous Authentication For Privacy-preserving IoT Target-driven Applications

The Internet of Things (IoT) will be formed by smart objects and services interacting autonomously and in real-time. Recently, Alcaide et al. proposed a fully decentralized anonymous authentication protocol for privacy-preserving IoT target-driven applications. Their system is set up by an ad-hoc community of decentralized founding nodes. Nodes can interact, being participants of cyberphysical systems, preserving full anonymity. In this study, we point out that their protocol is insecure. The adversary can cheat the data collectors by impersonating a legitimate user

New Approaches for Secure Outsourcing Algorithm for Modular Exponentiations

Outsourcing paradigm is one of the most attractive benefits of cloud computing, where computation workloads can be outsourced to cloud servers by the resource-constrained devices, such as RFID tags. With this paradigm, cloud users can avoid setting up their own infrastructures. As a result, some new challenges, such as security and checkability, are inevitably introduced. In this paper, we address the problem of secure outsourcing algorithm for modular exponentiations in the one-malicious version of two untrusted program model. We show that our proposed algorithm is more efficient than the state-of-the-art algorithms. On the other hand, we point out in this paper that the first outsource-secure algorithm for simultaneous modular exponentiations proposed recently is insecure, where the sensitive information can be leaked to the malicious servers. As a result, we propose a new and more efficient algorithm for simultaneous modular exponentiations. We also propose the constructions for outsource-secure Cramer-Shoup encryptions and Schnorr signatures which are also more efficient than the state-of-the-art algorithms

Cryptanalysis of A Privacy-Preserving Smart Metering Scheme Using Linkable Anonymous Credential

To accomplish effective privacy protection in smart grid systems, various approaches were proposed combining information security technology with the smart grid\u27s new features. Diao et al. proposed a privacy-preserving scheme using linkable anonymous credential based on CL signature, and demonstrated its identity anonymity, message authentication and traceability of broken smart meters. In this paper, a forgery attack is presented to point out the protocol dissatisfies message authentication and unforgeability. We hold the idea that this scheme doesn\u27t have basic safety requirements and application value

Effects and mechanisms of a new multivitamin on chronic metabolic syndromes and aging

No Abstrac