Authentication protocols, run between a so-called prover and a so-called verifier, enable the verifier to decide whether a prover is legitimate or not. Such protocols enable access control, and are used in e.g. logistics, public transport, or personal identification. An authentication protocol is considered secure if an adversary cannot impersonate a legitimate prover. Such an adversary may eav...

With the convergence of fixed and mobile networks, heterogeneous networks are becoming ubiquitous. Internet giants seeing plight identity authentication. To address this issue, unified access management (UAM) was conceived. This paper provides a novel scheme, named SGX-UAM, with one-time passwords (OTPs) based on Intel software guard extensions (SGX). SGX-UAM outperforms generic UAM for providi...

To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the middle of the host’s communications. We set out to analyze such proxies as there are known problems in other (more matured) TLS processing engines, such as browsers and common TLS libraries. Compared to regular proxies, client-end TLS proxies impose several unique constraints, and ...

In this paper, the security of a distance bounding protocol is analyzed which has been recently proposed by Jannati and Falahati (so-called JF). We prove that an adversary can recover key bits of JF protocol with probability of “1” while the complexity of attack is “2n” runs of protocol. In addition, we propose an improved protocol and prove that the improved protocol is resistant to mafia frau...

With the development of more types of devices which have bluetooth as a primary option to communicate, the importance of secure communication is growing. Bluetooth provides a short range wireless communication between devices making convenient for users and thus eliminating the need for messy cables. The proliferation of the Bluetooth devices in the workplace exposes organizations to security r...

An increasing number of popular websites support the SSL/TLS protocol, the current standard for encrypting web traffic. Most commonly seen as part of the HTTPS protocol, SSL/TLS provides data and message confidentiality to protect users browsing the web from malicious attackers attempting to eavesdrop or tamper with traffic. Nonetheless, about 48% of popular websites remain insecure by only sup...

We de ne stealth Man-in-the-Middle adversaries, and analyse their ability to launch denial and degradation of service (DoS) attacks on secure channels. We show realistic attacks, disrupting TCP communication over secure VPNs using IPsec. We present: 1. First amplifying DoS attack on IPsec, when deployed without anti-replay window. 2. First amplifying attack on IPsec, when deployed with a `small...

In GSM, the network is not authenticated which allows for man-in-the-middle (MITM) attacks. Attackers can track traffic and trace users of cellular networks by creating a rogue base transceiver station (BTS). Such defect in addition to need backward compatibility mobile makes all UMTS, LTE susceptible MITMs. These attacks are conducted using IMSI-Catchers (ICs). Most solutions proposed detectin...

The Internet of Things (IoT) encompasses a technological ecosystem that improves the daily lives individuals by increasing productivity, safety, comfort, health and sustainability. In addition, IoT brings variety benefits to many industries, including increased efficiency, productivity cost savings. However, proliferation technologies has revealed security vulnerabilities, especially in middlew...