1-13hit |
In 2006, Yeh and Tsai proposed a mobile commerce security mechanism. However, in 2008, Yum et al. pointed out that Yeh-Tsai security mechanism is not secure against malicious WAP gateways and then proposed a simple countermeasure against the attack is to use a cryptographic hash function instead of the addition operation. Nevertheless, this paper shows that both Yeh-Tsai's and Yum et al.'s security mechanisms still do not provide perfect forward secrecy and are susceptible to an off-line guessing attack and Denning-Sacco attack. In addition, we propose a new security mechanism to overcome the weaknesses of the previous related security mechanisms.
Eun-Jun YOON Muhammad Khurram KHAN Kee-Young YOO
Quite recently [IEEE Commu. Letters, Vol.14, No.1, 2010], Choi et al. proposed a handover authentication scheme using credentials based on chameleon hashing, claiming to provide several security features including Perfect Forward/Backward Secrecy (PFS/PBS). This paper examines the security of the scheme and shows that the scheme still fails to achieve PFS/PBS unlike their claims.
This letter proposes a robust biometric authenticated key agreement (BAKA) protocol for a secure token to provide strong security and minimize the computation cost of each participant. Compared with other related protocols, the proposed BAKA protocol not only is secure against well-known cryptographical attacks but also provides various functionality and performance requirements.
Recently, Yeh et al. proposed an improvement on Zhu et al.'s password based authenticated key exchange protocol based on RSA, in order to make the protocol withstand undetectable on-line password guessing attacks and also to provide explicit key authentication. The improved scheme, however, is still susceptible to off-line password guessing attacks. Accordingly, the current letter demonstrates the vulnerability of Yeh et al.'s scheme regarding off-line password guessing attacks.
This research paper points out that the gateway-oriented password-based authenticated key exchange protocol recently developed by Shim (S-GPAKE) was inefficiently and incorrectly designed to overcome an undetectable on-line password guessing attack. To resolve the computation efficiency and security problems, an optimized GPAKE protocol (O-GPAKE), which was not only secure against various security attacks, but also had considerably lower computational cost and provided mutual authentication unlike previous related protocols including the S-GPAKE protocol was proposed.
In 2010, Guo and Zhang proposed a group key agreement protocol based on the chaotic hash function. This letter points out that Guo-Zhang's protocol is still vulnerable to off-line password guessing attacks, stolen-verifier attacks and reflection attacks.
In 2009, Jeong et al. proposed a new searchable encryption scheme with keyword-recoverability which is secure even if the adversaries have any useful partial information about the keyword. They also proposed an extension scheme for multi-keywords. However, this paper demonstrates that Jeong et al.'s schemes are vulnerable to off-line keyword guessing attacks, where an adversary (insider/outsider) can retrieve information of certain keyword from any captured query message of the scheme.
Eun-Jun YOON Muhammad KHURRAM KHAN Kee-Young YOO
In 2009, Jeong et al. proposed a secure binding encryption scheme and an efficient secret broadcast scheme. This paper points out that the schemes have some errors and cannot operate correctly, contrary to their claims. In addition, this paper also proposes improvements of Jeong et al.'s scheme that can withstand the proposed attacks.
Eun-Jun YOON Il-Soo JEON Kee-Young YOO
Autonomous objects represent active database objects which can be distributed over the Internet. This paper proposes a robust authentication scheme for the remote autonomous object based on AES (Advanced Encryption Standard) symmetric cryptosystem. Compared with related schemes, the proposed scheme not only resists various security attacks but also provides computation and communication efficiency.
Recently, Wu-Chieu proposed an improvement to their original scheme, in order to make the scheme withstand impersonation attacks. However, the improved scheme is susceptible to an off-line password guessing attack and is inefficiently designed. Accordingly, the current letter demonstrates the vulnerability of Wu-Chieu's modified scheme to an off-line password guessing attack and evaluates the efficiency of their schemes and related schemes.
In 2009, Wang et al. proposed an efficient and secure dynamic ID-based remote user authentication scheme based on the one-way secure hash function. This letter demonstrates that Wang et al.'s scheme is still vulnerable to impersonation attacks.
A user identity anonymity is an important property for roaming services. In 2011, Kang et al. proposed an improved user authentication scheme that guarantees user anonymity in wireless communications. This letter shows that Kang et al.'s improved scheme still cannot provide user anonymity as they claimed.
Eun-Jun YOON Eun-Kyung RYU Kee-Young YOO
In 2003, Shen et al. proposed an improvement on Yang-Shieh's timestamp-based password authentication scheme using smart cards. Then they claimed that their scheme cannot withstand a forged login attack, but also eliminate a problem of Yang-Shieh's. However, their scheme is still susceptible to forged login attack. In this letter, we show how the forged login attack can be worked out on Shen et al.'s scheme.