XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

BT Hsieh,HM Sun

2004-01-01

IEICE Transactions on Communications

Abstract:A deniable authentication protocol is used to identify the source of a received message for a receiver. but the receiver is unable to prove to a third party the source of the received message. Recently, Fan et al. proposed a deniable authentication protocol based on Diffie-Hellman algorithm. In this paper. we show that Fan et al.'s protocol does not possess the deniable property as they claimed. A cheating receiver can prove the source of the received message to a third party. In addition, we also present a modification of Fan et al.'s protocol to overcome the security flaw.

YJ Wang,JH Li,L Tie

DOI: https://doi.org/10.1002/net.20062

2005-01-01

Abstract:Deniable authentication is different from traditional authentication in that the receiver cannot prove the source of a given message to a third party. This article presents a new deniable authentication protocol, based on ElGamal cryptography. The protocol meets the two properties of deniable authentication and can withstand person-in-middle (PIM) attacks. Compared with previous schemes, it is simpler and more efficient. © 2005 Wiley Periodicals, Inc. NETWORKS, Vol. 45(4), 193–194 2005

L Fan,CX Xu,JH Li

DOI: https://doi.org/10.1049/el:20020502

2002-01-01

Electronics Letters

Abstract:Deniable authentication is a new kind of authentication, by which means a receiver cannot prove the source of a message to a third party. A deniable authentication protocol, which is based on the Deffie-Hellman key exchange protocol, is presented. It does not require a trusted third party, and the protocol can resist person-in-the-middle attack.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Haifeng Qian,Zhenfu Cao,Lichen Wang,Qingshui Xue

DOI: https://doi.org/10.1109/CIT.2005.109

2005-01-01

Abstract:Deniable authentication protocol is an authentication protocol that allows a sender to authenticate a message for a receiver, in a way that the receiver cannot convince a third party that such authentication ever took place. In recent years, due to the popularity of Internet and its special property, many deniable authentication protocols have been proposed. However, most of these proposed schemes are interactive and less efficient. To our knowledge, Shao has proposed an efficient non-interactive deniable authentication protocol based on generalized ElGamal signature scheme without security proof. Lu et al have proposed a deniable authentication also, however, the protocol suffers from the receiver's attack who once interacts with the sender. For the reason above, we would like to propose a generic method to construct efficient non-interactive deniable authentication protocols from any trapdoor permutations. Using RSA trapdoor permutations we introduce a new digital signature with tight security and use it to construct a concrete deniable authentication protocol. Concentrated on security problem we prove the protocol secure in random oracle. We also believe that the protocol is much efficient and practical in application with non-interactive property.

Chengyu Fan,Shijie Zhou,Fagen Li

DOI: https://doi.org/10.1109/ispa.2009.113

2009-01-01

Abstract:A deniable authentication allows the receiver to identify the source of the received messages but cannot prove it to any third party. However, the deniability of the content, which is called restricted deniability in this paper, is concerned in electronic voting and some other similar application. At present, most non-interactive deniable authentication protocols cannot resist weaken key-compromise impersonation (W-KCI) attack. To settle this problem, a non-interactive identity-based restricted deniable authentication protocol is proposed. It not only can resist W-KCI attack but also has the properties of communication flexibility. It meets the security requirements such as correctness, restricted deniability as well. Therefore, this protocol can be applied in electronic voting.

Cheng Jicheng,Yang Shoubao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.04.042

2006-01-01

Abstract:Deniable authentication is a kind of authentication by which a receiver cannot prove the source of a message to a third party.A deniable authentication scheme for secret communication suits the sender to parallel implementation is provided.

Tianjie Cao,Yingying Kan

2009-01-01

Journal of Information and Computational Science

Abstract:On ICCSA 2007 and ICISS 2008, Lim et al.'s proposed two improved ID-based deniable authentication protocol from pairings to resist the key-compromise impersonation (KCI) attack. However in this paper, we show that both of Lim et al.'s protocols suffer from the KCI attack. In our attacks, when the longterm key of an entity A is compromised, the adversary may be able to masquerade not only as A but also to A as another party B. © 2009 Binary Information Press.

Fagen Li,Di Zhong,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/tifs.2016.2585086

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Confidentiality and authentication are two main security goals in secure electronic mail (e-mail). Pretty good privacy (PGP) and secure/multipurpose internet mail extensions (S/MIME) are two famous secure e-mail solutions. Both PGP and S/MIME use digital envelope to provide message confidentiality and digital signature to provide message authentication. However, these methods have the following two weaknesses: 1) digital signature provides non-repudiation evidence of sender that is not desired in some e-mail applications and 2) efficiency is low, since these methods use two kinds of public key cryptographic primitives: public key encryption and digital signature. To overcome the above two weaknesses, we introduce a new concept called deniably authenticated encryption that can achieve confidentiality, integrity, and deniable authentication in a logical single step. We first propose a deniably authenticated encryption scheme and prove its security in the random oracle model. Then, we design a secure e-mail protocol using the proposed deniably authenticated encryption scheme. The deniable authentication property protects senders' privacy.

Weifeng Wu,Fagen Li

DOI: https://doi.org/10.3837/tiis.2015.05.020

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

Debiao He,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.1007/s11277-013-1282-x

IF: 2.017

2013-01-01

Wireless Personal Communications

Abstract:Authentication protocols with anonymity attracted wide attention since they could protect users’ privacy in wireless communications. Recently, Hsieh and Leu proposed an anonymous authentication protocol based on elliptic curve Diffie–Hellman problem for wireless access networks and claimed their protocol could provide anonymity. However, by proposing a concrete attack, we point out that their protocol cannot provide user anonymity. To overcome its weakness, we propose an improved protocol. We also provide an analysis of our proposed protocol to prove its superiority, even though its computational cost is slightly higher.

xu chongxiang,fan lei,li jianhua

DOI: https://doi.org/10.3969/j.issn.1002-0802.2002.04.022

2002-01-01

Abstract:A deniable authentication protocol is proposed in this paper.This proto col is based on public key algorithm,Hash function and common key encryption are used.T his protocol can make the re-ceiver assure the source of a given me ssage,but others cannot do that.At t he same time,this protocol can resist Person -In -the -Middle(PIM)attack.deniable authentication,public -key algorithm,person -in -the -middl e attack

Yichen Wang,Qiong Pu,Shuhua Wu

DOI: https://doi.org/10.1504/ijesdf.2012.049755

2012-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Most recently, Youn and Lim proposed an improved delegation-based authentication protocol for secure roaming service with unlinkability. In this letter, we show that: 1) it is vulnerable to a denial of service (DoS) attack; 2) cannot provide the unlinkability as claimed. Finally, we propose an enhanced protocol to remedy the security loopholes existing in it. Moreover, our improved protocol is still efficient.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Fagen Li

DOI: https://doi.org/10.1504/ijesdf.2015.069611

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:A deniable authentication protocol enables an intended receiver to identify the source of a given message, but the receiver cannot prove the source of a given message to any third party. It is very useful in some particular applications such as electronic voting, online negotiation and online shopping. However, many related protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we present a certificateless deniable authentication protocol. Our protocol is based on certificateless cryptography, which can solve the public key certificate management problem of public key infrastructure PKI-based cryptography and the key escrow problem of identity-based cryptography. Our protocol does not need the pairing operation which is the most time-consuming. In addition, our protocol can admit formal security proof in the random oracle model and resist key compromise impersonation KCI attack. Compared with the existing deniable authentication protocols, our protocol can be well applied in electronic voting system.

Yunlei Zhao

DOI: https://doi.org/10.1016/j.ipl.2006.04.017

IF: 0.851

2006-01-01

Information Processing Letters

Abstract:In this paper, we present an improved Dwork-Naor 2-round timed deniable authentication scheme with reduced computational and communication complexity. The improved protocol is convenient for authenticating arbitrarily large files (e.g., the contents of a large data-base or a large software), and its first message (from the verifier to the authenticator) is independent on the message to be authenticated by the authenticator.

Fagen Li,Jiang Deng,Tsuyoshi Takagi

DOI: https://doi.org/10.1587/transinf.e94.d.2171

2011-01-01

IEICE Transactions on Information and Systems

Abstract:Authenticated encryption schemes are very useful for private and authenticated communication. In 2010, Rasslan and Youssef showed that the Hwang et al.'s authenticated encryption scheme is not secure by presenting a message forgery attack. However, Rasslan and Youssef did not give how to solve the security issue. In this letter, we give an improvement of the Hwang et al.'s scheme. The improved scheme not only solves the security issue of the original scheme, but also maintains its efficiency.

Chunbo Ma,Jun Ao,Jianhua Li

DOI: https://doi.org/10.1007/978-3-540-73257-0_14

2007-01-01

Abstract:As a useful means of safeguarding privacy of communications, deniable authentication has received much attention. A Chameleon-based deniable authenticated key agreement protocol is presented in this paper. The protocol has following properties. Any one of the two participants can't present a digital proof to convince a third party that a claimed agreement has really taken place. Once a forgery occurs, the original entity can present a digital proof to disclose the forgery.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Qianna Xie,Fagen Li

DOI: https://doi.org/10.1080/1206212x.2016.1188564

2015-01-01

Abstract:Deniable authenticate is a different and attractive authenticate mechanism compared with the traditional authentication. It allows the appointed receiver to identify the identity of the sender, but not to prove the source of a given message to a third party even if the appointed receiver is willing to reveal its private key. Certificateless public key cryptography can solve both the public key certificate management problem of public key infrastructure-based cryptography and the key escrow problem of identity-based cryptography. In this paper, we first define a security model for certificateless deniable authentication protocols. Then we propose a non-interactive certificateless deniable authentication protocol. In addition, we prove its security in the random oracle model. Our protocol can be applied in many actual application scenarios, such as electronic voting, electronic tendering, and online shopping.

Tianjie Cao,Dongdai Lin,Rui Xue

DOI: https://doi.org/10.1109/AINA.2005.100

2005-01-01

Abstract:Deniability is a privacy property that ensures protocol participants can later deny taking part in a particular protocol run. A deniable authentication protocol enables an intended receiver to identify the source of a given message, but not prove the identity of the sender to a third party even if the intended receiver is willing to reveal his secret-key. In this paper, we present an efficient ID-based deniable authentication protocol from pairings. The proposed protocol satisfies the correctness, authentication and deniability properties.