Secret-key authentication protocols have recently received a considerable amount of attention, and a long line of research has been devoted to devising efficient protocols with security based on the hardness of the learning-parity with noise (LPN) problem, with the goal of achieving low communication and round complexities, as well as highest possible security guarantees. In this paper, we cons...

Secure initial pairing of electronic gadgets is a challenging problem, especially considering lack of any common security infrastructure. The main security issue is the threat of so-called Man-in-the-Middle (MiTM) attacks, whereby an attacker inserts itself into the pairing protocol by impersonating one of the legitimate parties. A number of interesting techniques have been proposed, all of whi...

BankID is a PKI-substitute widely deployed by Norwegian banks to provide digital signatures and identification on the internet. We have performed a reverse-engineering of part of the BankID system and analysed the security protocols and the implementation of certain cryptographic primitives. We have found cryptographic weaknesses that may indicate security problems, protocol flaws facilitating ...

Recently, Shim proposed a tripartite authenticated key agreement protocol from Weil pairing to overcome the security flaw in Joux’s protocol. Later, Shim also proposed an ID-based authenticated key agreement protocol which is an improvement of Smart’s protocol in order to provide the forward secrecy. In this paper, we show that these two protocols are insecure against the key-compromise imperso...

Automated Social Engineering poses a serious information security threat to human communications on the Internet since the attacks can easily scale to a large number of victims. We present a new attack that instruments human conversations for social engineering, or spamming. The detection rate is low, which becomes manifest in link click rates of up to 76.1%. This new attack poses a challenge f...

We study Input Indistinguishable Computation (IIC), a security notion proposed by Micali, Pass, and Rosen in [14] and recently considered also by Garg, Goyal, Jain and Sahai in [9]. IIC aims at generalizing the notion of a Witness Indistinguishable (WI) proof system to general two-party functionalities and in its concurrent version (cIIC) also considers security against man-in-the-middle (MiM) ...

This paper presents a critical analysis of the AACS drive-host authentication scheme. A few weaknesses are identified which could lead to various attacks on the scheme. In particular, we observe that the scheme is susceptible to unknown key-share and man-in-the-middle attacks. Modifications of the scheme are suggested in order to provide better security. A proof of security of the modified sche...

It is well-known that protocols that satisfy a security property when executed in isolation do not necessarily satisfy the same security property when they are executed in an environment containing other protocols. We demonstrate this fact on a family of recently proposed RFID protocols by Lee, Batina, and Verbauwhede. We invalidate the authentication and untraceability claims made for several ...

This paper compares the popular quantum key distribution (QKD) protocol BB84 with the more recent Kak’s three-stage protocol and the latter is shown to be more secure. A theoretical representation of an authentication-aided version of Kak’s threestage protocol is provided that makes it possible to deal with man-in-the-middle attack.

This paper introduces a variation on Kak’s three-stage quanutm key distribution protocol which allows for defence against the man in the middle attack. In addition, we introduce a new protocol, which also offers similar resiliance against such an attack.