Security providing devices that are used to protect against multiple threats like man-in-the-middle attack and phishing are known as ―security keys‖. With the help of security keys, user can register himself with any kind of online services that works with this protocol. If we install these security keys in some devices, deployment, implementation and use becomes very easy. We can also see the ...

The protocol is, however, susceptible to a man-in-the-middle attack [3], in which the adversary (Eve) intercepts a message from Alice and creates a new message to send to Bob (Fig.1). Eve performs the exchange with Alice using the original message, while Bob performs the exchange using the newly created message. At the final stage, Eve has the original message in decrypted form, while Bob has t...

In this paper, we investigate the current state of practice about mixed-content websites, websites that are accessed using the HTTPS protocol, yet include some additional resources using HTTP. Through a large-scale experiment, we show that about half of the Internet’s most popular websites are currently using this practice and are thus vulnerable to a wide range of attacks, including the steali...

The integration of Near Field Communication (NFC) into consumer electronics devices has opened up opportunities for the internet of things applications such as electronic payment, electronic ticketing and sharing contacts, etc.. Meanwhile, various security risks should not be ignored. Therefore, all kinds of different protocols have been released with the purposing of securing NFC communication...

Unconditionally secure authentication codes with arbitration (A 2-codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. In this paper, we present combinatorial lower bounds on the cheating probabilities and the sizes of keys of A 2-codes. Especially, our bounds for A 2-codes without secrecy are all tight for small size of source states. Our m...

We present new physical bounds on quantum information, and use them to prove the security of quantum cryptography against a large class of collective attacks. Such attacks are directed against the final key, and security against them suggests that quantum cryptography is ultimately secure.

Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltrat...

In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the PRF assumption alone: one leads to dist...

Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle ...

The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a man-in-the-middle vulnerability in online banking applications using BankID. An ...