The design of secure grouping-proof protocol is imperative to the pervasive deployment of low-cost RFIDs, though many protocols have been published recently. In this paper, we analyze the security vulnerabilities of a scalable grouping-proof protocol for RFID tags based on Shamir’s (n, n) secret sharing proposed by Dang and Kwangjo in 2009. This protocol attempts to alleviate many security weak...

The SIP being an application layer protocol for signaling has been considered as the most appropriate one for multimedia applications. In order to detect some collisions and replay attacks, the SIP offers built-in authentication mechanism as per its specification, designated as HTTP digest based authentication, but study reveals that it is vulnerably susceptible to heterogeneous security issues...

Most attacks are launched inside the companies by the employees of the same company. These kinds of attacks are generally against layer-2, not against layer-3 or IP. These attacks abuse the switch operation at layer-2. One of the attacks of this kind is Address Resolution Protocol (ARP) Spoofing (sometimes it is called ARP poisoning). This attack is classified as the “man in the middle” (MITM) ...

The security of the post-quantum signature scheme Picnic is highly related to difficulty recovering secret key LowMC from a single plaintext-ciphertext pair. Since one alternate third-round candidates in NIST cryptography standardization process, it has become urgent and important evaluate setting. best attacks on with full S-box layers used Picnic3 were achieved Dinur’s algorithm. For partial ...

The large distributed electric power system is a hierarchical network involving the transportation of power from the sources of power generation via an intermediate densely connected transmission network to a large distribution network of end-users at the lowest level of the hierarchy. At each level of the hierarchy (generation/ transmission/ distribution), the system is managed and monitored w...

Blockchains and other public ledger structures promise a new way to create globally consistent event logs and other records. We make use of this consistency property to detect and prevent man-in-the-middle attacks in a key exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates an inconsistency in the world views of the two honest parties, and they can detect it with the h...

We propose hPIN/hTAN, a low-cost token-based e-banking protection scheme when the adversary has full control over the user’s computer. Compared with existing hardware-based solutions, hPIN/hTAN depends on neither second trusted channel, nor secure keypad, nor computationally expensive encryption module. Due to the rapid progress of the Internet, e-banking has become more and more popular all ov...

The number and diversity of electronic gadgets has been steadily increasing and they are becoming indispensable to more and more professionals and non-professionals alike. At the same time, there has been fairly little progress in secure pairing of such devices. The pairing challenge revolves around establishing on-the-fly secure communication without any trusted (onor off-line) third parties b...

In spite of the availability of DNSSEC, which protects against cache poisoning even by MitM attackers, many caching DNS resolvers still rely for their security against poisoning on merely validating that DNS responses contain some ‘unpredictable’ values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different ‘patches’ t...