Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
24 Oct 2013
TL;DR: This paper presents a secure mutual authentication protocol for RFID systems that is based on symmetric key technique with an efficient key updating mechanism to improve the system security against replay, eavesdropping and man-in-the-middle attacks while maintaining lower computation, communication and storage.
Abstract: RFID systems are being used in various pervasive applications. Therefore, security and privacy protection is an important issue that needs to be addressed. In this paper, we present a secure mutual authentication protocol for RFID systems that is based on symmetric key technique with an efficient key updating mechanism. The objective is to improve the system security against replay, eavesdropping and man-in-the-middle attacks while maintaining lower computation, communication and storage. We also compare our authentication method with some recent protocols that deploy the same cipher (XTEA) by implementing the protocols on the same RF based system. Our proposed authentication protocol provides higher security level and lower computation and communication costs.
14 citations
26 Jun 2012
TL;DR: An enhanced remote authentication protocol is proposed to mitigate Man-in-the-browser attack and it was found that the proposed protocol is able to mitigate the attack successfully.
Abstract: Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a client-server communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these attacks. Man-in-the-browser attack is an example of such attacks. In this type of attack, an attacker tries to take advantage at the vulnerabilities caused by the client's browser extension. This attack is able to manipulate the information contained in a transaction without the user's consent. In this paper, an enhanced remote authentication protocol is proposed to mitigate the attack. Experiments were conducted in order to test the proposed protocol. From the experiments, it was found that the proposed protocol is able to mitigate the attack successfully.
14 citations
TL;DR: Compared to other authentication protocols with respect of security and performance, the results shows that the proposed protocol is feasible for RFID tags which are low cost and resource-constrained devices.
Abstract: Last few years, many security schemes are designed for RFID system since the release of the EPC Class 1 Generation 2 standard. In 2010, Yeh et al. proposed a new RFID authentication protocol conforming to EPC Class 1 Generation 2 standard. Yoon pointed that their protocol still had two serious security problems such as DATA integrity problem and forward secrecy problem. Then he proposed an improved protocol which claimed to eliminate the weakness in 2011. This paper shows that Yoon’ s protocol had no resistance to replay attack and did not resolve the problem of data forge and tag’s location privacy. An improved protocol is also proposed to protect RFID system from all major attacks. By comparing to other authentication protocols with respect of security and performance, the results shows that the proposed protocol is feasible for RFID tags which are low cost and resource-constrained devices.
14 citations
12 Aug 2009
TL;DR: It is demonstrated that Tsai’s protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack and Server spoofing, and an enhanced protocol is presented to isolate such problems.
Abstract: Recently, Tsai et al. have proposed a multi-server authentication protocol. They claimed their protocol is secure and can withstand various attacks. But we found some security loopholes in the protocol. Accordingly, the current paper demonstrates that Tsai’s protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack and Server spoofing. We then present an enhanced protocol to isolate such problems.
14 citations
01 Jan 2009
TL;DR: A simple and efficient authentication protocol for the establishment of secure communication between base station and nodes in mobile networks, designed by employing a most familiar public-key cryptographic scheme, elliptic curve cryptography, and dedicated to mobile networks for authentication of base station.
Abstract: Summary Mobile Networks offer unrestricted mobility devoid of any underlying infrastructure. Typically, mobile networks are deployed in un-trusted environments. Such networks in this day and age have to keep privacy and security of data as a top concern, because eaves dropping peaks here. The root cause behind such eavesdropping is the un-authenticated access of base station on nodes. The eventual outcome is the menace of insecure environment, information misuse, and so on. Cryptosystem is an important technique to identify the authenticity in order to protect the confidential and sensitive data in mobile networks. This paper proposes a simple and efficient authentication protocol for the establishment of secure communication between base station and nodes in mobile networks. The protocol proposed, here, is new one for authentication scheme, having simplicity and efficacy. The protocol is designed by employing a most familiar public-key cryptographic scheme, elliptic curve cryptography and then it is dedicated to mobile networks for authentication of base station. Usage of this protocol in mobile networks will allow only the authorized base station to access the node and hence it will deny the information to eavesdroppers when they try to hack or misuse the node.
14 citations