Non-malleability is an important security property of commitment schemes. The property means security against the man-in-the-middle attack, and it is defined and proved in the simulation paradigm using the corresponding simulator. Many known non-malleable commitment schemes have the common drawback that their corresponding simulators do not work in a straight-line manner, requires rewinding of ...

Secret-key authentication protocols have recently received a considerable amount of attention, and a long line of research has been devoted to devising efficient protocols with security based on the hardness of the learning-parity with noise (LPN) problem, with the goal of achieving low communication and round complexities, as well as highest possible security guarantees. In this paper, we cons...

Wear and fatigue in rails are major contributors of rail degradation depending on operational conditions, track, characteristics of bogie type, Million Gross Tonnes (MGT), curvature, traffic type and environmental conditions. Estimation of parameter for failure models is necessary for accurate prediction of expected number of rail defects over a period of time based on MGT of traffic and operat...

Secure initial pairing of electronic gadgets is a challenging problem, especially considering lack of any common security infrastructure. The main security issue is the threat of so-called Man-in-the-Middle (MiTM) attacks, whereby an attacker inserts itself into the pairing protocol by impersonating one of the legitimate parties. A number of interesting techniques have been proposed, all of whi...

Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. The main goal of this paper is to analyze the most critical Bluetooth attacks in real scenarios. In order to find out the major vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have performed successfully such...

This paper discusses Brooks’ The Mythical Man-Month, a landmark work in the software project management field, and compares the software project management advice given there with practices employed some 25 years later. To find out the state of today’s practice 20 experienced software developers were interviewed regarding their impressions of factors leading to success or failure of software de...

BankID is a PKI-substitute widely deployed by Norwegian banks to provide digital signatures and identification on the internet. We have performed a reverse-engineering of part of the BankID system and analysed the security protocols and the implementation of certain cryptographic primitives. We have found cryptographic weaknesses that may indicate security problems, protocol flaws facilitating ...

Recently, Shim proposed a tripartite authenticated key agreement protocol from Weil pairing to overcome the security flaw in Joux’s protocol. Later, Shim also proposed an ID-based authenticated key agreement protocol which is an improvement of Smart’s protocol in order to provide the forward secrecy. In this paper, we show that these two protocols are insecure against the key-compromise imperso...

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, and there are only a few technologies available to mitigate the risks. In [OHB05], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLSbased e-commerce applications against MITM attacks, and we proposed an implementation based on impersonal authentication tokens. ...

Automated Social Engineering poses a serious information security threat to human communications on the Internet since the attacks can easily scale to a large number of victims. We present a new attack that instruments human conversations for social engineering, or spamming. The detection rate is low, which becomes manifest in link click rates of up to 76.1%. This new attack poses a challenge f...