XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

QIAN Yong,ZHANG Yong,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.03.008

2001-01-01

Abstract:An approach which made use of running modes of two-party cryptographic protocols to analyze protocols was put forwarded in [1]. Through some counter-examples, we found flaws in the approach. In this paper, an efficient method is developed, which matchs faked messages with received set of attacks,messages in other run of protocol. Using the method, we found holes of some cryptographic protocols successly.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.03.008

2010-01-01

Abstract:The security of a recently proposed password-based authenticated key exchange protocol was analyzed. Al- though it was provably secure in the standard model, it was vulnerable to reflection attacks. A modify scheme was pro- posed, which eliminated the defect of original scheme and improved the efficiency of the protocol. The security of the proposed scheme had been proven in the standard model under DDH assumption. The results show that it provides per- fect forward secrecy.

顾文俊,熊云风,杨宇航

DOI: https://doi.org/10.3321/j.issn:1006-2467.2003.z1.017

2003-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:This paper analysed the HARN-LIN protocol and the two modifications, and pointed out the essential cause of the bug for security. Also, this paper proposed one modification that not only eradicated the bug of the original protocol, but also obeyed the original intention not to use one-way function. It discussed the proposed modification in validity, security and efficiency. The results indicate that the proposed modification can guarantee the creation and sharing of multiple secret keys between communication peers.

DU Jin-hui,HU Ming-zeng,ZHANG Zhao-xin

2008-01-01

Abstract:Verification and analyzing the authentication protocol with formal method has become international researcher’s new focus. This paper researches on Needham-Schroeder authentication protocol based on BAN logic. It points out the flaw of the protocol that can be used by replay attack and improves the protocol by adding nonce in the transferred message. Finally,this paper proves the correctness of the improved protocol with BAN logic.

Hung-Min Sun,Bin-Tsan Hsieh

2003-01-01

Abstract:Recently, Shim proposed a tripartite authenticated key agreement pro- tocol from Weil pairing to overcome the security flaw in Joux's protocol. Later, Shim also proposed an ID-based authenticated key agreement pro- tocol which is an improvement of Smart's protocol in order to provide the forward secrecy. In this paper, we show that these two protocols are insecure against the key-compromise impersonation attack and the man- in-the-middle attack respectively.

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Zeyad Mohammad

DOI: https://doi.org/10.1002/dac.4386

2020-03-11

International Journal of Communication Systems

Abstract:Hao proposed the YAK as a robust key agreement based on public‐key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two‐party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie‐Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols.

telecommunications,engineering, electrical & electronic

皮建勇,杨雷,刘心松,李泽平

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.01.028

2010-01-01

Computer Science

Abstract:We proposed a novel PJY identity authentication and key agreement security protocol based on computational difficulty of discrete logarithm in finite field.The PJY security protocol can validate identity of the both parties with two session,and generate peer session key.We analyzed the correctness of the security protocol on strand space model.First we constructed infiltrate strand space,and proved the PJY security protocol has injective agreement and secrecy by authentication tests under arbitrary penetration strand,so proved the PJY security protocol is correct.

石曙东,李之棠

DOI: https://doi.org/10.3969/j.issn.1000-1220.2004.12.031

2004-01-01

Abstract:Proposed a new framework is for the analysis of secure protocols. Comparing to the framework proposed by Kailar, it has some improvements. Firstly, it can analyze accountability of protocols . Secondly, it can analyze fairness of protocols efficiently. At last, by introducing the cipher text understanding rule the new framework can analyze the message that includes signed cipher text.

Jinze Du,Junwei Du,Tao Liu,Feng Zhang

DOI: https://doi.org/10.53106/199115992023083404003

2023-01-01

Abstract:In order to verify the security of the Z-Wave communication protocol, the possible attacks in the protocol are analyzed to reduce user privacy security vulnerabilities. For the communication process and key exchange process between the controller and the node, this paper uses CPN tools to model the Z-Wave S2 protocol, and introduces the Dolev-Yao attack model to verify the security behavior of the protocol. The results show that there is a man-in-the-middle attack when using S2 authentication for device inclusion. In response to this vulnerability, we propose a lightweight static authentication scheme based on HKDF function and XOR operation, which performs authentication between Z-Wave controller and slave device. Secondly, we formally verify the security objectives of the improved scheme, and prove that the optimization scheme can effectively prevent man-in-the-middle attacks in the S2 security mode.

Guang Ping He

DOI: https://doi.org/10.1142/S0219749920500410

2023-07-23

Abstract:In a recent paper (Int. J. Quantum Inf. 17 (2019) 1950026), the authors discussed the shortcomings in the security of a quantum private comparison protocol that we previously proposed (Int. J. Quantum Inf. 15 (2017) 1750014). They also proposed a new protocol aimed to avoid these problems. Here we analysis the information leaked in their protocol, and find that it is even less secure than our protocol in certain cases. We further propose an improved version which has the following advantages: (1) no entanglement needed, (2) quantum memory is no longer required, and (3) less information leaked. Therefore, better security and great feasibility are both achieved.

Quantum Physics

Debiao He,Yitao Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s11071-012-0335-0

IF: 5.741

2012-01-01

Nonlinear Dynamics

Abstract:Very recently, Lee et al. (C. Lee, C. Chen, C. Wu, S. Huang, An extended chaotic maps-based key agreement protocol with user anonymity, Nonlinear Dynamics, doi: 10.1007/s11071-011-0247-4) proposed a chaotic maps-based key agreement protocol with user anonymity and claimed their protocol could resist various attacks. In this paper, we will point out that Lee et al.'s protocol suffers from three weaknesses: (1) inability of resisting the privileged insider attack; (2) inability of resisting the denial-of-service attack; and (3) inability of providing anonymity. To overcome the weaknesses, we also proposed an improved protocol. The analysis shows our protocol is more suitable for practical applications.

Yan Chang,Chun-Xiang Xu,Shi-Bin Zhang,Hai-Chun Wang,Li-Li Yan,Gui-Hua Han,Yuan-Yuan Huang,Zhi-Wei Sheng

DOI: https://doi.org/10.1088/0256-307x/33/1/010301

2016-01-01

Chinese Physics Letters

Abstract:In a recent work [Quantum Inf. Process 12 (2013) 1077], a multi-user protocol of quantum private comparison of equality (QPCE) is presented. Here we point out that if we relax the constraint of a semi-honest third party, the private information of the users will be totally leaked out to the third party. A special attack is demonstrated in detail. Furthermore, a possible improvement is proposed, which makes the protocol secure against this kind of attack.

Yuanyuan Zhang,Jianhua Chen,Baojun Huang

DOI: https://doi.org/10.1002/dac.2612

2014-01-01

International Journal of Communication Systems

Abstract:SUMMARYRecently, Chang et al. proposed an authentication and key agreement protocol for satellite communications, and they claimed that their scheme could withstand various attacks. However, in this paper, we will show that their scheme is vulnerable to the denial of service attack and the impersonation attack. Moreover, we also point out that the adversary could compute the session key through the intercepted message. The analysis shows the scheme of Chang et al. is not secure for practical applications. Copyright © 2013 John Wiley & Sons, Ltd.

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

刘胜利,郑东,陈克非

2006-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:Quantum key agreement is one of the approaches to unconditional security. Since 1980's, different protocols for quantum key agreement have been proposed and analyzed. A new quantum key agreement protocol was presented in 2004, and a detailed analysis to the protocol was given. The possible game played between legitimate users and the enemy was described: sitting in the middle, an adversary can play a “man-in-the-middle” attack to cheat the sender and receiver. The information leaked to the adversary is essential to the length of the final quantum secret key. It was shown how to determine the amount of information leaked to the enemy and the amount of uncertainty between the legitimate sender and receiver.

Debiao He,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.1007/s11277-013-1282-x

IF: 2.017

2013-01-01

Wireless Personal Communications

Abstract:Authentication protocols with anonymity attracted wide attention since they could protect users’ privacy in wireless communications. Recently, Hsieh and Leu proposed an anonymous authentication protocol based on elliptic curve Diffie–Hellman problem for wireless access networks and claimed their protocol could provide anonymity. However, by proposing a concrete attack, we point out that their protocol cannot provide user anonymity. To overcome its weakness, we propose an improved protocol. We also provide an analysis of our proposed protocol to prove its superiority, even though its computational cost is slightly higher.

Sheng Zhong

DOI: https://doi.org/10.1080/01611190701548180

2007-01-01

Cryptologia

Abstract:Recently, an improved protocol for authenticated multiple-key agreement was proposed. In this article, an attack on that protocol is shown in which, with half probability, an adversary can impersonate any participant of the protocol to generate "shared" keys with others.

Zhang Huqiang,Hong Peilin,Li Jinsheng

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.11.064

2006-01-01

Abstract:We point out secure weakness of the Zero-knowledge proof scheme proposed by Sultan Almuhammadi and Clifford Neuman[1] in parameter selecting of public key, and analyze it from calculation of discrete logarithm. Then we propose a new Zero-knowledge proof identification scheme by combining with the effectual cipher key selection method in DSA. The analysis shows that the new scheme is secure, efficient and 1/3 faster than Schnorr's.