A Secure Distance-Bounding Protocol with Mutual Authentication

Distance-bounding protocol is a useful primitive in resisting distance-based attacks. Currently, most of the existing distance-bounding protocols usually do not take the reuse of nonces in designing the protocols into consideration. However, there have been some literature studies showing that nonce repetition may lead to the leakage of the shared key between protocol participants. Aikaterini et al. introduced a countermeasure that could serve as a supplementary in most distance-bounding systems allowing nonce repetition. However, their proposal only holds against passive attackers. In this paper, we introduce an active attack model and show that their countermeasure is insecure under the proposed active attack model. We also discover that all existing distance-bounding protocols with mutual authentication are vulnerable to distance-based attacks if a short nonce is applied under the proposed active model. To address this security concern, we propose a new distance-bounding protocol with mutual authentication to prevent distance-based attacks under the active adversary model. A detailed security analysis is presented for the proposed distance-bounding protocol with mutual authentication.

Download Full-text

An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

Applied Computational Intelligence and Soft Computing ◽

10.1155/2016/3916942 ◽

2016 ◽

Vol 2016 ◽

pp. 1-10

Author(s):

Yousheng Zhou ◽

Junfeng Zhou ◽

Feng Wang ◽

Feng Guo

Keyword(s):

Key Management ◽

Chaotic Map ◽

Mutual Authentication ◽

Security Analysis ◽

Random Oracle Model ◽

Random Oracle ◽

Authentication Scheme ◽

Session Key ◽

The Real ◽

Shared Key

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

Download Full-text

A Novel ECC-Based RFID Authentication Protocol

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.474-476.1764 ◽

2011 ◽

Vol 474-476 ◽

pp. 1764-1769

Author(s):

Ming Wei Fang ◽

Jun Jun Wu ◽

Xin Fang Zhang ◽

Hong Chen

Keyword(s):

Mutual Authentication ◽

Security Analysis ◽

Authentication Protocol ◽

Automatic Identification ◽

Identification System ◽

Security Issues ◽

Rfid System ◽

Active Attack ◽

Security Communication ◽

Signal Channel

RFID technology plays an important role in our daily life nowadays. It widely used in the automatic identification system by embedding the tag into product. However, some security risks presented due to radio frequency signal channel between the tag and the reader which may lead privacy disclosure for the user. Various solutions are proposed to resole to security issues in RFID system, but there still presented some limitations. A security elliptic curve cryptography based authentication protocol is presented in this paper to preserve the privacy of the RFID system. The proposed protocol provides mutual authentication and a security communication channel between the tag and the reader. By the security analysis, our protocol can resist common passive and active attack; moreover, it also can provide forward security.

Download Full-text

RFID Mutual Authentication Protocols based on Gene Mutation and Transfer

Journal of Communications Software and Systems ◽

10.24138/jcomss.v9i1.157 ◽

2013 ◽

Vol 9 (1) ◽

pp. 44 ◽

Cited By ~ 1

Author(s):

Raghav V. Sampangi ◽

Srinivas Sampalli

Keyword(s):

Gene Mutation ◽

Radio Frequency Identification ◽

Mutual Authentication ◽

Security Analysis ◽

Key Exchange ◽

Rfid Tags ◽

Simulation Studies ◽

Frequency Identification ◽

Dynamic Updates ◽

Mutual Authentication Protocol

Radio Frequency Identification (RFID) is a technology that is very popular due to the simplicity in its technology and high adaptability in a variety of areas. The simplicity in the technology, however, comes with a caveat – RFID tags have severe resource restrictions, which make them vulnerable to a range of security attacks. Such vulnerability often results in the loss of privacy of the tag owner and other attacks on tags. Previous research in RFID security has mainly focused on authenticating entities such as readers / servers, which communicate with the tag. Any security mechanism is only as strong as the encryption keys used. Since RFID communication is wireless, critical messages such as key exchange messages are vulnerable to attacks. Therefore, we present a mutual authentication protocol that relies on independent generation and dynamic updates of encryption keys thereby removing the need for key exchange, which is based on the concept of gene mutation and transfer. We also present an enhanced version of this protocol, which improves the security offered by the first protocol. The novelty of the proposed protocols is in the independent generation, dynamic and continuous updates of encryption keys and the use of the concept of gene mutation / transfer to offer mutual authentication of the communicating entities. The proposed protocols are validated by simulation studies and security analysis.

Download Full-text

Security analysis of image CAPTCHA using a mask R-CNN-based attack model

International Journal of Ad Hoc and Ubiquitous Computing ◽

10.1504/ijahuc.2021.114108 ◽

2021 ◽

Vol 36 (4) ◽

pp. 238

Author(s):

Vijaypal Singh Rathor ◽

Bharat Garg ◽

Mandar Patil ◽

G.K. Sharma

Keyword(s):

Security Analysis ◽

Attack Model

Download Full-text

A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch003 ◽

2013 ◽

pp. 35-51

Author(s):

Ioana Lasc ◽

Reiner Dojen ◽

Tom Coffey

Keyword(s):

Denial Of Service ◽

Mutual Authentication ◽

Security Analysis ◽

Service Condition ◽

Satellite Communications ◽

Authentication Protocol ◽

Security Protocol ◽

New Type ◽

Mobile Satellite ◽

Mutual Authentication Protocol

Many peer-to-peer security protocols proposed for wireless communications use one-time shared secrets for authentication purposes. This paper analyses online update mechanisms for one-time shared secrets. A new type of attack against update mechanisms, called desynchronisation attack, is introduced. This type of attack may lead to a permanent denial of service condition. A case study demonstrates the effectiveness of desynchronisation attacks against a security protocol for mobile satellite communications. A new mutual authentication protocol for satellite communications, incorporating a resynchronisation capability, is proposed to counter the disruptive effects of desynchronisation attacks. The new protocol has an esynchronisation phase that is initiated whenever desynchronisation is suspected. Thus, the possibility of causing permanent denial of service conditions by mounting desynchronisation attacks is eliminated. A security analysis of the proposed protocol establishes its resistance against attacks like replay attacks, dictionary attacks, and desynchronisation attacks.

Download Full-text

Security analysis for chaotic maps-based mutual authentication and key agreement using smart cards for wireless networks

Journal of Information and Optimization Sciences ◽

10.1080/02522667.2018.1470752 ◽

2019 ◽

Vol 40 (3) ◽

pp. 725-750 ◽

Cited By ~ 1

Author(s):

A. Shakiba

Keyword(s):

Wireless Networks ◽

Key Agreement ◽

Chaotic Maps ◽

Mutual Authentication ◽

Security Analysis ◽

Smart Cards ◽

Authentication And Key Agreement

Download Full-text

Simple and Effective Secure Group Communications in Dynamic Wireless Sensor Networks

Sensors ◽

10.3390/s19081909 ◽

2019 ◽

Vol 19 (8) ◽

pp. 1909 ◽

Cited By ~ 5

Author(s):

Hisham N. AlMajed ◽

Ahmad S. AlMogren

Keyword(s):

Network Performance ◽

Security Analysis ◽

Wireless Sensor ◽

Group Key ◽

Security Research ◽

Group Members ◽

Shared Key ◽

Definition Of ◽

First Time ◽

Secure Group Communications

Wireless Sensor Network (WSN) is a growing area of research in terms of applications, life enhancement and security. Research interests vary from enhancing network performance and decreasing overhead computation to solving security flaws. Secure Group Communication (SGC) is gaining traction in the world of network security. Proposed solutions in this area focus on generating, sharing and distributing a group key among all group members in a timely manner to secure their communication and reduce the computation overhead. This method of security is called SGC-Shared Key. In this paper, we introduce a simple and effective way to secure the network through Hashed IDs (SGC-HIDs). In our proposed method, we distribute a shared key among the group of nodes in the network. Each node would have the ability to compute the group key each time it needs to. We provide a security analysis for our method as well as a performance evaluation. Moreover, to the best of our knowledge, we present for the first time a definition of joining or leaving attack. Furthermore, we describe several types of such an attack as well as the potential security impacts that occur when a network is being attacked.

Download Full-text

Security Analysis on a Public POR Scheme in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5395 ◽

2014 ◽

Vol 556-562 ◽

pp. 5395-5399

Author(s):

Jian Hong Zhang ◽

Wen Jing Tang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Integrity ◽

Data File ◽

Cloud Data ◽

Security Proof ◽

Cloud Server ◽

Cloud Data Storage ◽

Active Attack

Data integrity is one of the biggest concerns with cloud data storage for cloud user. Besides, the cloud user’s constrained computing capabilities make the task of data integrity auditing expensive and even formidable. Recently, a proof-of-retrievability scheme proposed by Yuan et al. has addressed the issue, and security proof of the scheme was provided. Unfortunately, in this work we show that the scheme is insecure. Namely, the cloud server who maliciously modifies the data file can pass the verification, and the client who executes the cloud storage auditing can recover the whole data file through the interactive process. Furthermore, we also show that the protocol is vulnerable to an efficient active attack, which means that the active attacker is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. After giving the corresponding attacks to Yuan et al.’s scheme, we suggest a solution to fix the problems.

Download Full-text