The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Radio Frequency Identification (RFID) is an efficient technology for identification, tracking and group proof construction. The multi-round protocols for authentication and group proof construction increase the cost with increase in participants. In this work, computational and communication cost of multi-round protocol is calculated to identify the protocol with least cost and high security. The...
After several years of research on cryptographic models for privacy in RFID systems, it appears that no universally model exists yet. Experience shows that security experts usually prefer using their own ad-hoc model than the existing ones. In particular, the impossibility of the models to refine the privacy assessment of different protocols has been highlighted in several studies. The paper emphasizes...
This paper analyses the TLS Handshake protocol in a progressive manner, by gradually building the protocol's messages and message fields. Messages constituting the TLS protocol are described by Casper, a compiler for the analysis of security protocols. FDR, a model checking tool is then used to test whether the protocol achieves its goals. It has been shown that TLS achieves its security goals for...
Security analysis of communication protocols is a slippery business, many ``secure'' protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy...
In this paper, we first analyze the novel 3GPP SAE AKA protocol proposed by Deng et al., and point out the flaws of protocol's authentication, and then we give an attack to the protocol. Moreover, we propose an improved 3GPP SAE AKA protocol, which can keep the frame of the 3GPP's protocol and overcome the security shortages of the D-AKA protocol. Finally, the security of the improved protocol is...
Mobile Grid is one of the recent emerging technologies. It has a lot of challenges due to the scarcity of resources such as processing power, persistent storage, runtime heap, battery lifetime, memory, bandwidth, and connectivity and network faults. Dynamic environment affects both mobile and non-mobile grids. This creates a need for the virtual administrator. Virtual Organization (VO) is responsible...
This paper first analyzes authentication and key agreement protocol adopted by 3rd generation partnership project (3GPP) system architecture evolution (SAE) release 8 standard, and points out the security problems solved and not solved in contrast with third generation wireless communications. Then we focus on several security defects in the protocol, and based on public key cryptosystem, puts forward...
Mobile ad hoc networks allow to create very dynamic communication systems, which are independent from any fixed infrastructure. One of the most important issues regarding the management of an ad hoc network is the configuration of the system according to the way users move. Since a centralized control structure does not exist, we need to determine how the IP addresses must be assigned to the nodes...
In this paper, we propose a secure binding update authentication scheme in FMIPv6 for wireless vehicular networks. The scheme guarantees mutual authentication, secrecy, and integrity based on pre-authentication. We analyze the security of the binding update authentication scheme and the security requirements using AVISPA Tool that supports a rigorous analysis of security.
The extensible authentication protocol (EAP), which is typically used over wireless LANs and point-to-point links, allows a server to request authentication information from a client. The protocol for carrying authentication for network access (PANA) is designed to transport EAP messages over IP networks. This paper presents a formal coloured Petri net model and analysis of PANA, focusing on the initial...
Formal and efficient protocol analysis by pen and paper is highly desired when informal and model-checking methods are not trusted in proving correctness of complicated e-commerce protocols. Based on strand spaces, this paper presents a method for fairness analysis of offline fair exchange protocols. With the new method, this paper formally analyzes an important offline fair exchange protocol -- the...
Authentication tests are widely used in formal analysis, design and automatic verification of security protocols. However, they are not sufficient in proving symmetric key protocols, and fail to detect potential attacks on Neuman-Stubblebine protocol. By analyzing the failure reasons of authentication tests, some of their deficiencies have been pointed out. In order to break through these limitations...
IEEE 802.16 is the standard for broadband wireless access. The security sublayer is provided within IEEE 802.16 MAC layer for privacy and access control, in which the Privacy and Key Management (PKM) protocols are specified. This paper models the PKM protocols using Casper and analyzes the CSP output with FDR, which are formal analysis tools based on the model checker. Later versions of PKM protocols...
In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information...
RFID technology has become one of the most hotly debated ubiquitous computing technologies, and public fears of its alleged capability for comprehensive surveillance have prompted a flurry of research trying to alleviate such concerns. Security mechanisms for RFID systems are therefore of utmost important. In this paper, we describe problems of previous work on RFID security protocols and specify...
Recently, Lee et al. proposed a remote authentication model of information appliances (RAMIA). Unfortunately, RAMIA has a fatal error that opens the entire home network of information appliances to hackers. In this paper, we propose a new secure remote control model for information appliances (SRCMIA) to fix this error. Besides, our model can also achieve both message authentication and one-time secret...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.