Topic
Otway–Rees protocol
About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.
Papers published on a yearly basis
Papers
More filters
01 Jan 2015
TL;DR: A cryptanalysis of an attachable blind signature is presented and it is demonstrated that the PAACP’s Authorized Credential is not secure and private even if the AC is secretly stored in a tamper-proof device.
Abstract: In 2011, Yeh et al. proposed a PAACP: A portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks. However, PAACP in the authorization phase is breakable and cannot maintain privacy in VANETs. In this paper, we present a cryptanalysis of an attachable blind signature and demonstrate that the PAACP’s Authorized Credential (AC) is not secure and private even if the AC is secretly stored in a tamper-proof device. An eavesdropper can construct an AC from an intercepted blind document. Any eavesdropper can determine who has which access privileges to access which service. For this reason, this paper copes with these challenges and proposes an efficient scheme. We conclude that a simple authentication scheme and access control protocol for VANETs not only resolves the problems that have appeared, but also is more secure and efficient.
29 Sep 2009
TL;DR: This paper proposes to use the method of fuzzy control to realize the security identification of Kerberos protocol by embedding three fuzzy controllers and a system health and safety validator (SHSV) in the protocol.
Abstract: In order to prevent password attack and replay attack existing in Kerberos protocol, the traditional method was to make use of encryption techniques and authentication techniques on enhancing the security of protocol itself, but it was failure to prevent protocol's external factors of impacting on security. In this regard, this paper proposes to use of the method of fuzzy control to realize the security identification of Kerberos protocol by embedding three fuzzy controllers and a system health and safety validator (SHSV) in the protocol; wherein the SHSV is to collect the health and security information in the client, whereas the three fuzzy controllers are using to process and determine the external security factors of the relevant servers respectively. This proposed method can be able to effectively realize on assessment and prevention from the potential and existing threats caused by protocol's external factors of security.
01 Jan 2011
TL;DR: This work mounts an undetectable on-line password guessing attack on Yoon et al.
Abstract: Recently, Yoon et al. proposed authentication scheme suited for session initiation environments. Our analysis shows that Yoon et al.’s scheme does not achieve its fundamental goal of password security. We demonstrate this by mounting an undetectable on-line password guessing attack on Yoon et al.’s scheme. We then figure out how to eliminate the security vulnerabilities of Yoon et al.’s scheme and improved over their scheme.
01 Jan 2014
TL;DR: The proposed protocol is a two-sided key bilateral management protocol for authenticating originality which has asymmetric encryption and uses nonce and timestamps to ensure that keys and messages are new and prevents the repetition attack.
Abstract: Wireless sensor networks (WSN) use sensor nodes in an unprotected environment in which data are transmitted and received. Data should be transmitted in the encrypted format to prevent the leakage of data by information invaders. For this purpose, encrypting mechanisms should be used. Having secure encryption mechanisms requires using protocols of secure key management. There are many key management protocols which have both strong and weak points. They are vulnerable to attacks. The protocol proposed in this paper is a two-sided key bilateral management protocol for authenticating originality which has asymmetric encryption. The proposed protocol uses nonce and timestamps to ensure that keys and messages are new and prevents the repetition attack. To evaluate the overall security of the proposed protocol, security of the protocol in WSNs was examined. In this study, the proposed protocol was investigated in AVISPA software and the results of the study revealed that the proposed protocol is secure.
01 Aug 2012
TL;DR: A keyed-message authentication code aimed at preventing an intruder from tampering with packets in transit is proposed, with a revised authentication scheme to avoid authentication spoofing and reduce replay attacks.
Abstract: Wired Equivalent Privacy (WEP) protocol was adopted to protect authorized users from unauthorized access and eavesdropping in the IEEE 802.11 wireless LANs (WLAN). However, it has been proved that the WEP protocol fails to provide data confidentiality and authentication. The WEP provides encrypted communication using an encryption key between the client station and Access point (AP). All client stations and APs on a network use the same key to encrypt and decrypt data. The key resides on both the client station and the AP. The above rendered WEP protocol is naked to major forms of attack. Thus in this paper a keyed-message authentication code aimed at preventing an intruder from tampering with packets in transit is proposed, with a revised authentication scheme to avoid authentication spoofing and reduce replay attacks. We also employed private key scheme alongside the use of day and session keys that counters several attacks.