Limitations of challenge-response entity authentication
TL;DR: This work considers two basic versions of the challenge-response authentication protocol, and exhibits both a method of attack and a simple modification preventing such attacks.
Abstract: We consider two basic versions of the challenge-response authentication protocol, and exhibit both a method of attack and a simple modification preventing such attacks. We go on to consider three variants of the basic protocols and show that one of them is completely insecure.
Citations
More filters
10 Dec 2009
TL;DR: It is stated that Wang et al.
Abstract: In 2004, Ku et al. proposed an improved efficient remote authentication scheme using smart cards to repair the security pitfalls found in Chien et al.’s scheme, in which only few hashing operations are required. Later, Yoon et al. presented an enhancement on Ku et al.’s scheme. Recently, Wang et al. showed that both Ku et al.’s scheme and Yoon et al.’s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. Then, proposed an efficient improvement over Ku et al.’s and Yoon et al.’s schemes with more security. In this paper, we state that Wang et al.’s scheme is vulnerable to the impersonation attack and parallel session attack. A modification to enhance the security of Wang et al.’s scheme is proposed. Our scheme is suitable for applications with high security requirement.
5 citations
TL;DR: The authors demonstrate replay attacks on two authentication and key distribution protocols proposed by Bull, Gong and Sollins (1992) and use the observations leading to the attacks to arrive at more robust versions of the protocols.
Abstract: The authors demonstrate replay attacks on two authentication and key distribution protocols proposed by Bull, Gong and Sollins (1992). The observations leading to the attacks are used intuitively to arrive at more robust versions of the protocols.
4 citations
Posted Content•
TL;DR: A new class of attacks against authentication and authenticated key establishment protocols is described, which are called parsing ambiguity attacks, and if appropriate precautions are not deployed, they apply to a very wide range of such protocols, including those specified in a number of international standards.
Abstract: A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specifled in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modiflcations to the relevant standards.
4 citations
24 Oct 2007
TL;DR: The objective is to enable maritime market participants to electronically charter, trade and transport cargos based on information and transactions over Internet via their software agents through the use of MAVCM software agents.
Abstract: Electronic business and agents are among the most important and exciting areas of research and development in information and communication technology, with considerable potential impact and opportunities for the maritime sector. This paper proposes the design of a multi-agent system for internet virtual chartering markets (MAVCM). The MAVCM system applies for business-to-business transactions in maritime markets, and provides mechanisms for Internet-based chartering informational and transactional services. The lifecycle of the proposed system offers a solution for efficiently handling the processes involving a charterer who owns the cargo and employs a shipbroker to find a shipowner to deliver the cargo for a certain freight rate. The objective is to enable maritime market participants to electronically charter, trade and transport cargos based on information and transactions over Internet via their software agents. The roles of the identified MAVCM software agents as well as the processes of the involved agents in a chartering application scenario are described. Agent methodologies and technologies for the analysis and the design of an e-chartering system are presented. The GAIA methodology and A-UMI have been used in the design methodology employed and have been applied for the visual specification of the present pilot application scenario.
3 citations
TL;DR: In this paper, the authors present a survey of security mechanisms built in first-generation electronic passports and compare them with second-generation passports, and analyzes and describes the cryptographic protocols used in Basic Access Control and Extended Access Control (EAC).
3 citations
References
More filters
255 citations