Tianjie Cao,Dongdai Lin,Rui Xue

DOI: https://doi.org/10.1109/AINA.2005.100

2005-01-01

Abstract:Deniability is a privacy property that ensures protocol participants can later deny taking part in a particular protocol run. A deniable authentication protocol enables an intended receiver to identify the source of a given message, but not prove the identity of the sender to a third party even if the intended receiver is willing to reveal his secret-key. In this paper, we present an efficient ID-based deniable authentication protocol from pairings. The proposed protocol satisfies the correctness, authentication and deniability properties.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Jianhong Zhang,Yuehai Wang

2019-01-01

Abstract:.As a significant cryptographical primitive, proxy re-signature(PRS) technique is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits that a proxy translates an entity’s signature into the other entity’s signature on the identical data. Recently, to discard time-consuming pairing operator and intricate certificate-maintenance, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analysing their security, i.e., anyone can fabricate a signature on arbitrary file. After the relevant attacks are shown, the reasons which result in such attacks is analyzed. Finally, we discuss the corresponding improved method. Key–Words: ID-based PRS, integer factorization problem, universal forgeability, security attack

Yalin Chen,Jue-Sam Chou*,Chun-Hui Huang

DOI: https://doi.org/10.48550/arXiv.1007.0060

2010-07-01

Abstract:In this paper, we analyze four authentication protocols of Bindu et al., Goriparthi et al., Wang et al. and Hölbl et al.. After investigation, we reveal several weaknesses of these schemes. First, Bindu et al.'s protocol suffers from an insider impersonation attack if a malicious user obtains a lost smart card. Second, both Goriparthi et al.'s and Wang et al.'s protocols cannot withstand a DoS attack in the password change phase, i.e. an attacker can involve the phase to make user's password never be used in subsequent authentications. Third, Hölbl et al.'s protocol is vulnerable to an insider attack since a legal but malevolent user can deduce KGC's secret key.

Cryptography and Security

Debiao He,Jianhua Chen

DOI: https://doi.org/10.1504/ijesdf.2012.049754

2014-01-01

Abstract:Recently, Zeng et al. proposed a three-party password-based authenticated key exchange protocol, in which two users could generate a common secret key with the help of the server. Although Zeng et al. claimed that their protocol could withstand various attacks, we point out that their protocol cannot resist impersonation attacks and undetectable online dictionary attacks. The analysis shows Zeng et al.'s protocol is insecure for practical applications.

Tianjie Cao,Tao Quan,Bo Zhang

DOI: https://doi.org/10.4304/jnw.4.4.263-270

2009-01-01

Journal of Networks

Abstract:Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) protocols allow two clients establish a common session key based on their passwords. In a secure C2C-PAKE protocol, there is no computationally bounded adversary learns anything about session keys shared between two clients. Especially a participating server should not learn anything about session keys. Server- compromise impersonation resilience is another desirable security property for a C2C-PAKE protocol. It means that compromising the password verifier of any client A should not enable outside adversary to share session key with A. Recently, Kwon and Lee proposed four C2C-PAKE protocols in the three-party setting, and Zhu et al. proposed a C2C-PAKE protocol in the cross-realm setting. All the proposed protocols are claimed to resist server compromise. However, in this paper, we show that Kwon and Lee’s protocols and Zhu et al’s protocol exist server compromise attacks, and a malicious server can mount man-in-themiddle attacks and can eavesdrop the communication between the two clients.

Hung-Min Sun,Bin-Tsan Hsieh

2003-01-01

Abstract:Recently, Shim proposed a tripartite authenticated key agreement pro- tocol from Weil pairing to overcome the security flaw in Joux's protocol. Later, Shim also proposed an ID-based authenticated key agreement pro- tocol which is an improvement of Smart's protocol in order to provide the forward secrecy. In this paper, we show that these two protocols are insecure against the key-compromise impersonation attack and the man- in-the-middle attack respectively.

Fagen Li,Tsuyoshi Takagi

DOI: https://doi.org/10.1007/s11277-012-0640-4

IF: 2.017

2012-01-01

Wireless Personal Communications

Abstract:A deniable authentication protocol enables a receiver to identify the source of a given message, but the receiver cannot prove the source of the message to a third party. Recently, Yoon et al. (Wirel Pers Commun 55:81–90, 2010) proposed a robust deniable authentication protocol based on ElGamal cryptosystem. Although they proved that their protocol satisfies the deniable authentication, mutual authentication and confidentiality, we show that their protocol does not satisfy the deniable authentication property. The receiver can prove the source of a given message to a third party. In addition, we propose an improved protocol that removes this weakness.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Fagen Li

DOI: https://doi.org/10.1504/ijesdf.2015.069611

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:A deniable authentication protocol enables an intended receiver to identify the source of a given message, but the receiver cannot prove the source of a given message to any third party. It is very useful in some particular applications such as electronic voting, online negotiation and online shopping. However, many related protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we present a certificateless deniable authentication protocol. Our protocol is based on certificateless cryptography, which can solve the public key certificate management problem of public key infrastructure PKI-based cryptography and the key escrow problem of identity-based cryptography. Our protocol does not need the pairing operation which is the most time-consuming. In addition, our protocol can admit formal security proof in the random oracle model and resist key compromise impersonation KCI attack. Compared with the existing deniable authentication protocols, our protocol can be well applied in electronic voting system.

Fangguo Zhang,Shengli Liu,Kwangjo Kim

2002-01-01

Abstract:With various applications of Weil pairing (Tate pairing) to cryptography, ID-based encryption schemes, digital signature schemes, blind signature scheme, two-party authenticated key agreement schemes, and tripartite key agreement scheme were proposed recently, all of them using bilinear pairing (Weil or Tate pairing). In this paper, we propose an ID-based one round authenticated tripartite key agreement protocol. The authenticity of the protocol is assured by a special signature scheme, so that messages carrying the information of two ephemeral keys can be broadcasted authenticly by an entity. Consequently, one instance of our protocol results in eight session keys for three entities. Security attributes of our protocol are presented, and the computational overhead and band- width of the broadcast messages are analyzed as well.

Fagen Li,Pan Xiong,Chunhua Jin

DOI: https://doi.org/10.1007/s00607-013-0321-5

2013-01-01

Computing

Abstract:Deniable authentication is an important security requirement for ad hoc networks. However, all known identity-based deniable authentication (IBDA) protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we propose a non-interactive IBDA protocol using bilinear pairings. Our protocol admits formal security proof in the random oracle model under the bilinear Diffie-Hellman assumption. Our protocol is faster than all known IBDA protocols of its type. In addition, our protocol supports batch verification that can speed up the verification of authenticators. This characteristic makes our protocol useful in ad hoc networks.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.4304/jcm.3.7.20-27

2008-01-01

Journal of Communications

Abstract:Two effective attacks, namely de-synchronization attack and impersonation attack, against Ha et al.’s LCSS RFID authentication protocol, Song and Mitchell’s protocol are identified. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. An impersonation attack against Chen et al.’s RFID authentication scheme is also identified. By sending malicious queries to the tag and collecting the response messages emitted by the tag, the attack allows an adversary to extract the secret information from the tag and further to impersonate the legal tag.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Chengyu Fan,Shijie Zhou,Fagen Li

DOI: https://doi.org/10.1109/ispa.2009.113

2009-01-01

Abstract:A deniable authentication allows the receiver to identify the source of the received messages but cannot prove it to any third party. However, the deniability of the content, which is called restricted deniability in this paper, is concerned in electronic voting and some other similar application. At present, most non-interactive deniable authentication protocols cannot resist weaken key-compromise impersonation (W-KCI) attack. To settle this problem, a non-interactive identity-based restricted deniable authentication protocol is proposed. It not only can resist W-KCI attack but also has the properties of communication flexibility. It meets the security requirements such as correctness, restricted deniability as well. Therefore, this protocol can be applied in electronic voting.

Fagen Li,Jiaojiao Hong,Anyembe Andrew Omala

DOI: https://doi.org/10.1007/s11276-016-1317-9

IF: 2.701

2016-01-01

Wireless Networks

Abstract:Pervasive computing environments allow users to get services anytime and anywhere. Security has become a great challenge in pervasive computing environments because of its heterogeneity, openness, mobility and dynamicity. In this paper, we propose two heterogeneous deniable authentication protocols for pervasive computing environments using bilinear pairings. The first protocol allows a sender in a public key infrastructure (PKI) environment to send a message to a receiver in an identity-based cryptography (IBC) environment. The second protocol allows a sender in the IBC environment to send a message to a receiver in the PKI environment. Our protocols admits formal security proof in the random oracle model under the bilinear Diffie–Hellman assumption. In addition, our protocols support batch verification that can speed up the verification of authenticators. The characteristic makes our protocols useful in pervasive computing environments.

xu chongxiang,fan lei,li jianhua

DOI: https://doi.org/10.3969/j.issn.1002-0802.2002.04.022

2002-01-01

Abstract:A deniable authentication protocol is proposed in this paper.This proto col is based on public key algorithm,Hash function and common key encryption are used.T his protocol can make the re-ceiver assure the source of a given me ssage,but others cannot do that.At t he same time,this protocol can resist Person -In -the -Middle(PIM)attack.deniable authentication,public -key algorithm,person -in -the -middl e attack

Ding Wang,Chun-guang Ma,De-li Gu,Zhen-shan Cui

DOI: https://doi.org/10.1007/978-3-642-34601-9_35

2012-01-01

Abstract:In NSS'10, Shao and Chin pointed out that Hsiang and Shih's dynamic ID-based remote user authentication scheme for multi-server environment has several security flaws and further proposed an improved version which is claimed to be efficient and secure. In this study, however, we will demonstrate that Shao-Chin's scheme still cannot achieve the claimed security goals, and we report its following flaws: (1) It cannot withstand offline password guessing attack under their non-tamper resistance assumption of the smart card; (2) It fails to provide user anonymity; (3) It is prone to user impersonation attack. More recently, Li et al. found that Sood et al.'s dynamic ID-based authentication protocol for multi-server architecture is still vulnerable to several kinds of attacks and presented a new scheme that attempts to overcome the identified weaknesses. Notwithstanding their ambitions, Li et al.'s scheme is still found vulnerable to various known attacks by researchers. In this study, we perform a further cryptanalysis and uncover its two other vulnerabilities: (1) It cannot achieve user anonymity, which is the essential goal of a dynamic ID-based scheme; (2) It is susceptible to offline password guessing attack. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

Zhen Qin,Chen Yuan,Yilei Wang,Hu Xiong

DOI: https://doi.org/10.1016/j.ipl.2016.02.003

IF: 0.851

2016-01-01

Information Processing Letters

Abstract:ID-based signature enables users to verify signatures using only public identifier. Very recently, Rossi and Schmid (2015) [9] proposed two identity-based signature schemes along with the application to group communications. Unfortunately, by proposing concrete attack, we demonstrate that the former scheme is insecure against forgery attack, while the latter scheme has been totally broken in the sense that the signing key can be recovered from the valid signature easily.

Jiyao Wang,Tianjie Cao

DOI: https://doi.org/10.1109/icct.2006.341974

2006-01-01

Abstract:Blind signatures allow the user to obtain a signature of a message in a way that the signer learns neither the message nor the resulting signature. Proxy blind signature schemes enable a proxy signer to sign message blindness on behalf of an original signer. Blind signatures can be used in cryptographic applications such as digital watermark, electronic voting and electronic cash systems. All blind signatures should satisfy the security requirement of unforgeability. In this paper, we show that Liao et al.'s pairing-based blind signature scheme is universally forgeable and Li's ID-based proxy blind signature scheme from pairings is insecure against the original signer's forgery.

Baoyuan Kang,Jinguang Han,Qingju Wang

DOI: https://doi.org/10.1109/ICCET.2010.5486299

2010-01-01

Abstract:Wang et al. presented a remote password authentication scheme using IC (integrated Circuit)cards in 2004. Recently, Cheng et al. pointed that the Wang et al.'s scheme is unable to withstand the forgery attack. They consequently proposed a novel version to resist the forgery attack. Although Cheng et al. claimed that their scheme is secure against all known attacks and more practical in application than other IC-card-based authentication schemes, in this paper, we show that Cheng et al. scheme is vulnerable to the guessing attack, parallel session attack and key-compromise attack. To remedy these flaws, this paper proposes an improvement over Cheng et al. scheme with more security.