With the rapid growth of electronic commerce and associated demands on variants of Internet based applications,application systems providing network resources and business services are in high demand around the world....With the rapid growth of electronic commerce and associated demands on variants of Internet based applications,application systems providing network resources and business services are in high demand around the world.To guarantee robust security and computational efficiency for service retrieval,a variety of authentication schemes have been proposed.However,most of these schemes have been found to be lacking when subject to a formal security analysis.Recently,Chang et al.(2014) introduced a formally provable secure authentication protocol with the property of user-untraceability.Unfortunately,based on our analysis,the proposed scheme fails to provide the property of user-untraceability as claimed,and is insecure against user impersonation attack,server counterfeit attack,and man-in-the-middle attack.In this paper,we demonstrate the details of these malicious attacks.A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.展开更多
This paper proposes a secure offline electronic(e-)payment scheme by adopting Schnorr’s untraceable blind signature(BS).Thereby,to satisfy the essential security requirements of e-payment systems,it requires much mor...This paper proposes a secure offline electronic(e-)payment scheme by adopting Schnorr’s untraceable blind signature(BS).Thereby,to satisfy the essential security requirements of e-payment systems,it requires much more simple computations and becomes more practical than many existing schemes.Other considerations are:to prevent the forgery of e-coin,the Bank is only the lawful entity to produce the valid e-coin;and others can verify its correctness.To confirm no swindling,the e-coin owner also sticks her private signing key with the e-coin before spending it as the payment.Hence,through the commitment with challenge-response of Schnorr’s BS,the merchant can verify the spent e-coin,and the trusted authority can identify the dishonest spender if multiple spending occurs.Moreover,it embeds three distinct information of date,namely expiration,deposit,and transaction dates with every e-coin.Thereby,it minimizes the size of the Bank’s database,correctly calculates the interest of the e-coin,and helps in arbiter if multiple spending,respectively.Finally,it evaluates the performance and analyzes essential security requirements of the proposed scheme,plus studies a comparison with existing ones.展开更多
The user anonymity mechanism provided in GSM and UMTS network is analyzed,and a new approach to solve the anonymity of mobile subscriber is proposed in this paper.Using the ciphering algorithm with a dynamic key and a...The user anonymity mechanism provided in GSM and UMTS network is analyzed,and a new approach to solve the anonymity of mobile subscriber is proposed in this paper.Using the ciphering algorithm with a dynamic key and a static key,the method allows mobile subscribers to connect network with user anonymity,and it can be seamlessly integrated with the existing authentication algorithms.The analyses reveal that the proposed scheme can provide the integrity protection of messages,prevent the replay attacks,and be implemented easily.展开更多
Radio frequency identification (RFID) systems suffer many security risks because they use an insecure wireless communication channel between tag and reader. In this paper, we analyze two recently proposed RFID authe...Radio frequency identification (RFID) systems suffer many security risks because they use an insecure wireless communication channel between tag and reader. In this paper, we analyze two recently proposed RFID authentication protocols. Both protocols are vulnerable to tag information leakage and untraceability attacks. For the attack on the first protocol, the adversary only needs to eavesdrop on the messages between reader and tag, and then perform an XOR operation. To attack the second protocol successfully, the adversary may execute a series of carefully designed challenges to determine the tag's identification.展开更多
基金Project supported by the Taiwan Information Security Center(TWISC)the Ministry of Science and Technology,Taiwan(Nos.MOST 103-2221-E-259-016-MY2 and MOST 103-2221-E-011-090-MY2)
文摘With the rapid growth of electronic commerce and associated demands on variants of Internet based applications,application systems providing network resources and business services are in high demand around the world.To guarantee robust security and computational efficiency for service retrieval,a variety of authentication schemes have been proposed.However,most of these schemes have been found to be lacking when subject to a formal security analysis.Recently,Chang et al.(2014) introduced a formally provable secure authentication protocol with the property of user-untraceability.Unfortunately,based on our analysis,the proposed scheme fails to provide the property of user-untraceability as claimed,and is insecure against user impersonation attack,server counterfeit attack,and man-in-the-middle attack.In this paper,we demonstrate the details of these malicious attacks.A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.
文摘This paper proposes a secure offline electronic(e-)payment scheme by adopting Schnorr’s untraceable blind signature(BS).Thereby,to satisfy the essential security requirements of e-payment systems,it requires much more simple computations and becomes more practical than many existing schemes.Other considerations are:to prevent the forgery of e-coin,the Bank is only the lawful entity to produce the valid e-coin;and others can verify its correctness.To confirm no swindling,the e-coin owner also sticks her private signing key with the e-coin before spending it as the payment.Hence,through the commitment with challenge-response of Schnorr’s BS,the merchant can verify the spent e-coin,and the trusted authority can identify the dishonest spender if multiple spending occurs.Moreover,it embeds three distinct information of date,namely expiration,deposit,and transaction dates with every e-coin.Thereby,it minimizes the size of the Bank’s database,correctly calculates the interest of the e-coin,and helps in arbiter if multiple spending,respectively.Finally,it evaluates the performance and analyzes essential security requirements of the proposed scheme,plus studies a comparison with existing ones.
基金Supported by the National Natural Science Foundation of China (71101152)
文摘The user anonymity mechanism provided in GSM and UMTS network is analyzed,and a new approach to solve the anonymity of mobile subscriber is proposed in this paper.Using the ciphering algorithm with a dynamic key and a static key,the method allows mobile subscribers to connect network with user anonymity,and it can be seamlessly integrated with the existing authentication algorithms.The analyses reveal that the proposed scheme can provide the integrity protection of messages,prevent the replay attacks,and be implemented easily.
文摘Radio frequency identification (RFID) systems suffer many security risks because they use an insecure wireless communication channel between tag and reader. In this paper, we analyze two recently proposed RFID authentication protocols. Both protocols are vulnerable to tag information leakage and untraceability attacks. For the attack on the first protocol, the adversary only needs to eavesdrop on the messages between reader and tag, and then perform an XOR operation. To attack the second protocol successfully, the adversary may execute a series of carefully designed challenges to determine the tag's identification.
