Related papers: Cryptanalysis of Yang-Wang-Chang's Password Authen…
We propose a quantum authentication protocol that is robust against the theft of secret keys. In the protocol, disposable quantum passwords prevent impersonation attacks with stolen secret keys. The protocol also prevents the leakage of…
Recently, Zhang, Li, and Guo have proposed a particular eavesdropping attack [Phys. Rev. A {\bf 63}, 036301 (2001), quant-ph/0009042] which shows that my quantum key distribution protocol based on entanglement swapping [Phys. Rev. A {\bf…
Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing…
Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication…
Until now, there have been developed many arbitrated quantum signature schemes implemented with a help of a trusted third party. In order to guarantee the unconditional security, most of them take advantage of the optimal quantum one-time…
By expanding the connection of objects to the Internet and their entry to human life, the issue of security and privacy has become important. In order to enhance security and privacy on the Internet, many security protocols have been…
We consider a one-time digital signature scheme recently proposed by Persichetti and show that a successful key recovery attack can be mounted with limited complexity. The attack we propose exploits a single signature intercepted by the…
This paper analyzes a revised fragile watermarking scheme proposed by Botta et al. which was developed as a revision of the watermarking scheme previously proposed by Rawat et al. A new attack is presented that allows an attacker to apply a…
Strongly unforgeable signature schemes provide a more stringent security guarantee than the standard existential unforgeability. It requires that not only forging a signature on a new message is hard, it is infeasible as well to produce a…
We analyse the security of some variants of the CFS code-based digital signature scheme. We show how the adoption of some code-based hash-functions to improve the efficiency of CFS leads to the ability of an attacker to produce a forgery…
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication…
Cancelable biometric schemes aim at generating secure biometric templates by combining user specific tokens, such as password, stored secret or salt, along with biometric data. This type of transformation is constructed as a composition of…
In 2010, Grigoriev and Shpilrain, introduced some graph-based authentication schemes. We present a cryptanalysis of some of these protocols, and introduce some new schemes to fix the problems.
In this paper, we analyze the security of an RFID authentication protocol proposed by Liu and Bailey [1], called Privacy and Authentication Protocol (PAP), and show its vulnerabilities and faulty assumptions. PAP is a privacy and…
Recently an attack strategy was proposed by Chau [H. F. Chau, quant-ph/0602099 v3], which was claimed to be able to break all quantum string seal protocols, including the one proposed by He [G. P. He, Int. J. Quant. Inform. 4, 677 (2006)].…
Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience.…
We show that, using Wang et al. attack [T.-y. Wang, Q.-y. Wen, F. Gao, S. Lin, F.-c. Zhu, Phys. Lett. A 373 (2008) 65], the first agent and the last agent cannot eavesdrop all the secret messages in Zhang et al. QSSCM scheme [Z.-j. Zhang,…
The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code…
One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login…
The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…