Outsourcing to a cloud storage brings forth new challenges for the efficient utilization of computing resources as well as simultaneously maintaining privacy and security for the outsourced data. Data deduplication refers to a technique that eliminates redundant data on the storage and the network, and is considered to be one of the most-promising technologies that offers efficient resource utilization in the cloud computing. In terms of data security, however, deduplication obstructs applying encryption on the outsourced data and even causes a side channel through which information can be leaked. Achieving both efficient resource utilization and data security still remains open. This paper addresses this challenging issue and proposes a novel solution that enables data deduplication while also providing the required data security and privacy. We achieve this goal by constructing and utilizing equality predicate encryption schemes which allow to know only equivalence relations between encrypted data. We also utilize a hybrid approach for data deduplication to prevent information leakage due to the side channel. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the outsourced data in the cloud computing.

As anonymity increasingly becomes a necessary and legitimate aim in many applications, a number of anonymous authentication schemes have been suggested over the years. Among the many schemes is Lee and Kwon's password-based authentication scheme for wireless environments. Compared with previous schemes, Lee and Kwon's scheme not only improves anonymity by employing random temporary IDs but also provides user-friendliness by allowing human-memorable passwords. In this letter, we point out that Lee and Kwon's scheme, despite its many merits, is vulnerable to off-line password guessing attacks and a forgery attack. In addition, we show how to eliminate these vulnerabilities.

In 2009, Jeong et al. proposed a new searchable encryption scheme with keyword-recoverability which is secure even if the adversaries have any useful partial information about the keyword. They also proposed an extension scheme for multi-keywords. However, this paper demonstrates that Jeong et al.'s schemes are vulnerable to off-line keyword guessing attacks, where an adversary (insider/outsider) can retrieve information of certain keyword from any captured query message of the scheme.

Abdalla et al. proposed a gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where a password is only shared between the client and the authentication server. The goal of their scheme is to securely establish a session key between the client and the gateway by the help of the authentication server without revealing any information on the password to the gateway. Recently, Byun et al. showed that Abdalla et al.'s GPAKE is insecure against undetectable on-line password guessing attacks. They also proposed a modified version to overcome the attacks. In this letter, we point out that Byun et al.'s modified GPAKE protocol is still insecure against the same attacks. We then make a suggestion for improvement.

Recently, Wu-Chieu proposed an improvement to their original scheme, in order to make the scheme withstand impersonation attacks. However, the improved scheme is susceptible to an off-line password guessing attack and is inefficiently designed. Accordingly, the current letter demonstrates the vulnerability of Wu-Chieu's modified scheme to an off-line password guessing attack and evaluates the efficiency of their schemes and related schemes.

In 2002, Zhu et al. proposed a password-based authenticated key exchange protocol based on RSA. Zhu et al. claimed the protocol is efficient for the low-power devices in wireless networks. Unfortunately, Yeh et al. pointed out that Zhu et al.'s protocol was weak against undetectable on-line password guessing attack. Not only that, Zhu et al.'s protocol does not achieve explicit key authentication. At the same time, Yeh et al. proposed an improved method. However, in this paper, we shall point out that Yeh et al.'s improvement is vulnerable to the off-line password guessing attack. At the same time, we shall propose a solution to resist the above attack.

Recently, Yeh et al. proposed an improvement on Zhu et al.'s password based authenticated key exchange protocol based on RSA, in order to make the protocol withstand undetectable on-line password guessing attacks and also to provide explicit key authentication. The improved scheme, however, is still susceptible to off-line password guessing attacks. Accordingly, the current letter demonstrates the vulnerability of Yeh et al.'s scheme regarding off-line password guessing attacks.

In 2002, Hwang and Yeh showed that Peyravian-Zunic's password authentication schemes are not secure and proposed an improvement by using the server public key. Since applying the server public key results in the additional burden, we propose secure password authentication schemes without using the server public key in this paper.

Recently, Zhu et al. proposed an password-based authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in wireless networks. They claimed that the proposed scheme is secure against dictionary attacks. In this paper, we show that the scheme proposed by Zhu et al. is insecure against undetectable on-line password guessing attacks. Furthermore, we examine Zhu et al.'s protocol and find that Zhu et al.'s protocol does not achieve explicit key authentication. An improved version is then proposed to defeat the undetectable on-line password guessing attacks and also provide explicit key authentication.

Authentication protocols are necessary for the receiver of a message to ascertain its origin in a distributed environment. Since they exchange cryptographic messages at the beginning of communication, their security is an essential requirement. However, most of the protocols have suffered from several kinds of attacks. A replay attack is one kind of those attacks. Attackers could launch it easily by replaying an eavesdropped message. Moreover, there are many types of replay attacks while most of the formal methods are not capable of detecting them. [3] classified various kinds of replay attacks and proposed a taxonomy. Therefore, it is necessary to verify authentication protocols deliberately with such a taxonomy for a basis. In this paper, at first, we give a clear definition and several remarks on replay attacks. Secondly we review the taxonomy of replay attacks presented in [3], and comment on its minor mistake. Finally we examine on the basis of the taxonomy the password-based authentication protocol, K1P, which was proposed in our earlier papers for protecting weak secrets efficiently. As a result of the examination, we have found that three way mutual K1P shown in [2] was vulnerable to one of replay attacks. Therefore, we improve three way K1P on security against the replay attack. Improved three way K1P is secure against replay attacks as well as guessing attacks and therefore it may be useful for security services of various communication networks.

We propose new key exchange and authentication protocols, which are efficient in protecting a poorly-chosen weak secret from guessing attacks, based on the use of a one-time pad and a strong one-way hash function. Cryptographic protocols assume that a strong secret should be shared between communication participants for authentication, in the light of an ever-present threat of guessing attacks. Cryptographically long secret would be better for security only if ordinary users could remember it. But most users choose an easy-to-remember password as a secret and such a weak secret can be guessed easily. In our previous work, we made much of introducing a basic concept and its application. In this paper, we describe our idea in more detail and propose more protocols which correspond to variants of our basic protocol using well-defined notations. Formal verification and efficiency comparison of the proposed protocols are also presented. By our scheme the password guessing attacks are defeated efficiently, and a session key is exchanged and participants are authenticated securely.