Showing papers on "Otway–Rees protocol published in 2012"

An extended chaotic maps-based key agreement protocol with user anonymity

Abstract: A key agreement protocol is used to derive a shared secure session key by two or more parties, but no party can predetermine the resulting value. Users can securely exchange information over an open network by using the shared session key to encrypt/decrypt secure information. Recently, several key agreement protocols based on chaotic maps are proposed. Xiao et al. proposed a novel key agreement protocol based on chaotic maps and claimed their protocol can resist the known attack which is proposed by Bergamo et al. However, Han et al. and Xiang et al. pointed out that the Xiao et al. protocol is still insecure. To overcome these attacks, we shall propose an extended chaotic maps-based key agreement protocol. The proposed protocol not only can resist these attacks, but also provide mutual authentication and user anonymity.

Lapin: an efficient authentication protocol based on Ring-LPN

Abstract: We propose a new authentication protocol that is provably secure based on a ring variant of the learning parity with noise (LPN) problem. The protocol follows the design principle of the LPN-based protocol from Eurocrypt'11 (Kiltz et al.), and like it, is a two round protocol secure against active attacks. Moreover, our protocol has small communication complexity and a very small footprint which makes it applicable in scenarios that involve low-cost, resource-constrained devices. Performance-wise, our protocol is more efficient than previous LPN-based schemes, such as the many variants of the Hopper-Blum (HB) protocol and the aforementioned protocol from Eurocrypt'11. Our implementation results show that it is even comparable to the standard challenge-and-response protocols based on the AES block-cipher. Our basic protocol is roughly 20 times slower than AES, but with the advantage of having 10 times smaller code size. Furthermore, if a few hundred bytes of non-volatile memory are available to allow the storage of some off-line pre-computations, then the online phase of our protocols is only twice as slow as AES.

An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings

Abstract: With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client-server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client-server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.'s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.'s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client-server environment. Performance analysis shows that our protocol has better performance than Wu et al.'s protocol and Yoon et al.'s protocol. Then our protocol is more suited for mobile client-server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.

Identity establishment and capability based access control (IECAC) scheme for Internet of Things

Abstract: Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned attacks. The protocol evaluation by using security protocol verification tool shows that IECAC is secure against these attacks. This paper also discusses performance analysis of the protocol in terms of computational time and compared with other existing solutions.

Enhancing S-LEACH security for wireless sensor networks

Abstract: Developing effective security solutions for wireless sensor networks (WSN) are not easy due to limited resources of WSNs and the hazardous nature of wireless medium. The implementation of encryption/decryption algorithms which are the most essential part of the secure communication can be very intricate in WSNs since they incorporate routines that having very complex and intense computing procedures. A secure clustering protocol that achieves the desired security goals while keeping an acceptable level of energy consumption is a challenging problem in wireless sensor network. LEACH (Low-Energy Adaptive Clustering Hierarchy) protocol is a basic clustering-based routing protocol for WSNs. S-LEACH is the first modified version of LEACH with cryptographic protection against outsider attacks. This paper proposes MS-LEACH to enhance the security of S-LEACH by providing data confidentiality and node to cluster head (CH) authentication using pairwise keys shared between CHs and their cluster members. The security analysis of proposed MS-LEACH shows that it has efficient security properties and achieves all WSN security goals compared to the existing secured solutions of LEACH protocol. A simulation based performance evaluation of MS-LEACH demonstrates the effectiveness of proposed MS-LEACH protocol and shows that the protocol achieves the desired security goals and outperforms other protocols in terms of energy consumption, network lifetime, network throughput and normalized routing load.

The Insecurity of Wireless Networks

Abstract: Wi-Fi is the standard protocol for wireless networks used extensively in US critical infrastructures. Since the Wired Equivalency Privacy (WEP) security protocol was broken, the Wi-Fi Protected Access (WPA) protocol has been considered the secure alternative compatible with hardware developed for WEP. However, in November 2008, researchers developed an attack on WPA, allowing forgery of Address Resolution Protocol (ARP) packets. Subsequent enhancements have enabled ARP poisoning, cryptosystem denial of service, and man-in-the-middle attacks. Open source systems and methods (OSSM) have long been used to secure networks against such attacks. This article reviews OSSMs and the results of experimental attacks on WPA. These experiments re-created current attacks in a laboratory setting, recording both wired and wireless traffic. The article discusses methods of intrusion detection and prevention in the context of cyberphysical protection of critical Internet infrastructure. The basis for this research is a specialized (and undoubtedly incomplete) taxonomy of Wi-Fi attacks and their adaptations to existing countermeasures and protocol revisions. Ultimately, this article aims to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.

The PACE|AA Protocol for Machine Readable Travel Documents, and Its Security

Abstract: We discuss an efficient combination of the cryptographic protocols adopted by the International Civil Aviation Organization (ICAO) for securing the communication of machine readable travel documents and readers. Roughly, in the original protocol the parties first run the Password-Authenticated Connection Establishment (PACE) protocol to establish a shared key and then the reader (optionally) invokes the Active Authentication (AA) protocol to verify the passport’s validity. Here we show that by carefully re-using some of the secret data of the PACE protocol for the AA protocol one can save one exponentiation on the passports’s side. We call this the PACE|AA protocol. We then formally prove that this more efficient combination not only preserves the desirable security properties of the two individual protocols but also increases privacy by preventing misuse of the challenge in the Active Authentication protocol. We finally discuss a solution which allows deniable authentication in the sense that the interaction cannot be used as a proof towards third parties.

Authenticated Modbus Protocol for Critical Infrastructure Protection

Abstract: Protecting a nation's critical infrastructure, notably its power grid is crucial in view of increasing threats, such as international terrorism. We focus on the security of the Modbus protocol, a de-facto protocol for distributed control systems popularly used for power plants. Specifically, we analyze the security of a recently proposed authenticated Modbus protocol. We present attacks on the protocol, discuss reasons behind these phenomena, and motivate how these problems can be addressed.

Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2

Abstract: This document describes an efficient augmented password-only authentication and key exchange (AugPAKE) protocol where a user remembers a low-entropy password and its verifier is registered in the intended server. In general, the user password is chosen from a small set of dictionary words that allows an attacker to perform exhaustive searches (i.e., off-line dictionary attacks). The AugPAKE protocol described here is secure against passive attacks, active attacks, and off-line dictionary attacks (on the obtained messages with passive/active attacks), and also provides resistance to server compromise (in the context of augmented PAKE security). In addition, this document describes how the AugPAKE protocol is integrated into the Internet Key Exchange Protocol version 2 (IKEv2). This document defines an Experimental Protocol for the Internet community.

Multi-Party Trust Computation in Decentralized Environments

Abstract: In this paper, we describe a decentralized privacy- preserving protocol for securely casting trust ratings in distributed reputation systems Our protocol allows n participants to cast their votes in a way that preserves the privacy of individual values against both internal and external attacks The protocol is coupled with an extensive theoretical analysis in which we formally prove that our protocol is resistant to collusion against as many as n-1 corrupted nodes in the semi-honest model The behavior of our protocol is tested in a real P2P network by measuring its communication delay and processing overhead The experimental results uncover the advantages of our protocol over previous works in the area; without sacrificing security, our decentralized protocol is shown to be almost one order of magnitude faster than the previous best protocol for providing anonymous feedback

Device authentication protocol for smart grid systems using homomorphic hash

Abstract: In a smart grid environment, data for the usage and control of power are transmitted over an Internet protocol (IP)-based network. This data contains very sensitive information about the user or energy service provider (ESP); hence, measures must be taken to prevent data manipulation. Mutual authentication between devices, which can prevent impersonation attacks by verifying the counterpart's identity, is a necessary process for secure communication. However, it is difficult to apply existing signature-based authentication in a smart grid system because smart meters, a component of such systems, are resource-constrained devices. In this paper, we consider a smart meter and propose an efficient mutual authentication protocol. The proposed protocol uses a matrix-based homomorphic hash that can decrease the amount of computations in a smart meter. To prove this, we analyze the protocol's security and performance.

Secure Delegation-Based Authentication Protocol for Wireless Roaming Service

Abstract: Portable devices, with wireless communication capability, are used widely in everyday life. Preventing personal sensitive information from being revealed to an adversary through insecure wireless communication channels has therefore become a serious concern. This study proposes a novel ECC-based authentication protocol for portable communication systems. The proposed protocol resists DoS attacks and requires less computation cost when authenticating a communication session. In addition, the proposed protocol provides user unlinkability.

Identity-based key agreement protocol employing a symmetric balanced incomplete block design

Abstract: Key agreement protocol is a fundamental protocol in cryptography whereby two or more participants can agree on a common conference key in order to communicate securely among themselves. In this situation, the participants can securely send and receive messages with each other. An adversary not having access to the conference key will not be able to decrypt the messages. In this paper, we propose a novel identity-based authenticated multi user key agreement protocol employing a symmetric balanced incomplete block design. Our protocol is built on elliptic curve cryptography and takes advantage of a kind of bilinear map called Weil pairing. The protocol presented can provide an identification (ID)-based authentication service and resist different key attacks. Furthermore, our protocol is efficient and needs only two rounds for generating a common conference key. It is worth noting that the com munication cost for generating a conference key in our protocol is only O(n√n) and the computation cost is only O(nm2), where n implies the number of participants and m denotes the extension degree of the finite field Fpm. In addition, in order to resist the different key attack from malicious participants, our protocol can be further extended to provide the fault tolerant property.

A quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation

Abstract: In order to transmit secure messages, a quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation is presented. The five-particle cluster state is used to detect eavesdroppers, and the classical XOR operation serving as a one-time-pad is used to ensure the security of the protocol. In the security analysis, the entropy theory method is introduced, and three detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference introduced. If the eavesdroppers intend to obtain all the information, the detection rate of the original ping-pong protocol is 50%; the second protocol, using two particles of the Einstein-Podolsky-Rosen pair as detection particles, is also 50%; while the presented protocol is 89%. Finally, the security of the proposed protocol is discussed, and the analysis results indicate that the protocol in this paper is more secure than the other two.

Network access security for the internet: protocol for carrying authentication for network access

Abstract: Network access authentication is a key procedure for network operators to control user access to the network service. The IETFs recently finished its major work in this area by standardizing an IP-based protocol named Protocol for Carrying Authentication for Network Access (PANA). We provide a comprehensive survey of PANA based on developed IETF standards, and describe its applicability to both existing and emerging network environments.

PUF-Based RFID authentication protocol against secret key leakage

Abstract: RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography

Abstract: With the popularity of Internet and wireless networks, more and more network architectures are used in multi-server environment, in which users remotely access servers through open networks For the reliability of accessing these remote services, user must pass a verification procedure to obtain the authorization for legal resource acquisition and data exchange Recently, several dynamic identity-based authentication protocols for multi-server environment have been proposed, but all of these protocols have been cryptanalyzed by other scholars In this paper, we propose a new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography The analysis shows that our protocol could overcome security weaknesses in the previously published protocols Hence, our protocol is more suitable for practical applications Copyright © 2012 John Wiley & Sons, Ltd

An Efficient Mutation-Based Fuzz Testing Approach for Detecting Flaws of Network Protocol

Abstract: Security flaws existed in protocol implementations might be exploited by malicious attackers and the consequences can be very serious. Therefore, detecting vulnerabilities of network protocol implementations is becoming a hot research topic recently. However, protocol security test is a very complex, challenging and error-prone task, as constructing test packets manually or randomly are not practical. This paper presents an efficient mutation-based approach for detecting implementation flaws of network protocol. Compared with other protocol testing tools, our approach divides the procedure of protocol testing into many phases, and flexible design can cover many testing cases for the protocol implementations under testing, and could apply for testing various protocol implementations quite easily. Besides, this approach is more comprehensible that makes the protocol security test easier to carry out. To assess the usefulness of this approach, several experiments are performed on four FTP server implementations and the results showed that our approach can find flaws of protocol implementation very easily. The method is of the important application value and can improve the security of network protocols.

Efficient privacy-preserving authentication protocol for vehicular communications with trustworthy

Abstract: In this paper, we introduce an efficient and trustworthy conditional privacy-preserving communication protocol for VANETs based on proxy re-signature. The proposed protocol is characterized by the trusted authority (TA) designating the roadside units to translate signatures computed by the on-board units into one that are valid with respect to TA's public key. In addition, the proposed protocol offers both a priori and a posteriori countermeasures: it can not only provide fast anonymous authentication and privacy tracking, but also guarantee message trustworthiness for vehicle-to-vehicle communications. Furthermore, it reduces the communication overhead and offers fast message authentication and low storage requirements. We use extensive analysis to demonstrate the merits of the proposed protocol and to contrast it with previously proposed solutions. Copyright © 2012 John Wiley & Sons, Ltd.

Wireless Network Security Protocols A Comparative Study

Abstract: In recent years, wireless networks have gained rapid popularity. Wireless networks are inexpensive and provides mobility but they are prone to a variety of threats like denial of service, replay attacks, eavesdropping and data modification. This paper discusses the three wireless security protocols with details about the encryption methods used, authentication mechanisms and their limitations.

Security Weaknesses in Harn-Lin and Dutta-Barua Protocols for Group Key Establishment

Abstract: Key establishment protocols are fundamental for establishing secure communication channels over public insecure networks. Security must be given the topmost priority in the design of a key establishment protocol. In this work, we provide a security analysis on two recent key establishment protocols: Harn and Lin’s group key transfer protocol and Dutta and Barua’s group key agreement protocol. Our analysis shows that both the Harn-Lin protocol and the Dutta-Barua protocol have a flaw in their design and can be easily attacked. The attack we mount on the Harn-Lin protocol is a replay attack whereby a malicious user can obtain the long-term secrets of any other users. The Dutta-Barua protocol is vulnerable to an unknown key-share attack. For each of the two protocols, we present how to eliminate their security vulnerabilities. We also improve Dutta and Barua’s proof of security to make it valid against unknown key share attacks.

Rapid Identification Authentication Protocol for Mobile Nodes in Internet of Things with Privacy Protection

Abstract: Mobile nodes in the Internet of things often move from one cluster to another, in which cryptography based protocols are required to provide rapid identification authentication and privacy protection. A single-step protocol was presented for the occasion that the mobile node joins a new cluster. The presented protocol contains a valid request message and an answer authentication message, which rapidly implements identification authentication and privacy protection. The protocol’s privacy protection properties were formalized in the applied pi calculus and security performance was analyzed. It is concluded that the proposed protocol can resist replay attack, eavesdropping attack, and tracking or location privacy attack. It satisfies both untraceability and forward privacy these two privacy protection properties. Compared with other single-step protocols such as basic hash protocol and OSK protocol, the proposed protocol has less communication overhead, more security and more privacy protection properties over these related protocols.

On the security of a unique batch authentication protocol for vehicle-to-grid communications

Abstract: The concept of vehicle-to-grid (V2G) is that electric vehicles (EVs) communicate with the smart grid to sell demand response services by delivering electricity into the grid. By letting EVs discharge during peak hours and charge during off-peak hours, V2G networks could bring numerous social and technical benefits to the smart grid. Due to the scale of the network, the speed of the vehicles, their geographic positions, and the very sporadic connectivity between them, V2G communications have the crucial requirements of fast authentication. In 2011, Guo et al. proposed a unique batch authentication protocol for V2G communications. They claimed their protocol is strong enough to defend against security attacks. In this paper, we investigate the security of Guo et al.'s protocol. More precisely, we show that either the vehicle or aggregator can easily generate a collection of bogus signatures that satisfies the batch verification criterion, i.e., forgery attacks. Any attackers can easily forge signatures satisfying the batch verification criterion without the knowledge of the signer's private key. Consequently, Guo et al.'s protocol is not secure at all.

An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

Abstract: Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a client-server communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these attacks. Man-in-the-browser attack is an example of such attacks. In this type of attack, an attacker tries to take advantage at the vulnerabilities caused by the client's browser extension. This attack is able to manipulate the information contained in a transaction without the user's consent. In this paper, an enhanced remote authentication protocol is proposed to mitigate the attack. Experiments were conducted in order to test the proposed protocol. From the experiments, it was found that the proposed protocol is able to mitigate the attack successfully.

Hash-based RFID mutual authentication protocol

Abstract: RFID system has many security problems because of limited resource and broadcasting information in an open environment.An improved mutual authentication protocol is put forward in this paper based on existing RFID protocol and Hash function.The protocol can effectively solve the security attacks,such as illegal access,masquerade,etc.It has advantages in balancing the security,efficiency and cost.