Tag cost and privacy of RFID technology are two main factors that determine whether it will be applied to Internet of Things on a large scale. Recently, RFID industry and research community have focused on RFID authentication protocols with provable privacy and low tag cost. In this paper, we propose an RFID security protocol that achieves all security requirements based on a hash function and ...

Cryptographic protocol design demands careful verification during all phases of development. Belief logics, in the tradition of the Burrows, Abadi, and Needham (BAN) logic of authentication [BAN90], provide a simple, intuitive model, and allow natural expressions of a protocol and its goals. Since manual deduction is error-prone, protocol designers need automated tools to make effective use of ...

Many existing authentication protocols supporting inter-domain authentication on the Internet require their clients to communicate with every involved key distribution center (KDC) directly. This is inefficient and costly when the client side is a wireless mobile unit, for wireless transmission has relatively lower bandwidth, and a mobile unit is battery powered. In this paper, we present a mob...

Authentication between mobile devices in ad-hoc computing environments is a challenging problem. Without pre-shared knowledge, existing applications must rely on additional communication methods, such as out-of-band or location-limited channels for device authentication. Much of the focus in development of new applications in this area seeks to reduce or eliminate the impact of this additional ...

As the Internet technology has developed rapidly, the number of identities (IDs) managed by each individual person has increased and various ID management technologies have been developed to assist users. However, most of these technologies are vulnerable to the existing hacking methods such as phishing attacks and key-logging. If the administrator’s password is exposed, an attacker can access ...

The logic BAN was developed in the late eighties to reason about authenticated key establishment protocols. It uncovered many aws and properties of protocols, thus generating lots of attention in protocol analysis. BAN itself was also subject of much attention, and work was done examining its properties and limitations, developing extensions and alternatives, and giving it a semantics. More rec...

In wireless ad hoc networks environment, Bellovin and Merritt first developed a password-based Encrypted Key Exchange (EKE) protocol against offline dictionary attacks using both symmetric and public-key cryptography independent of the public key infrastructure (PKI). In this paper, we first discover that there exist some weaknesses in EKE protocol that is subjected to imposter attacks based on...

Let A be a well-formed formula of first-order modal logic whose only free variable is x. We shall use the following abbreviations: Mat(A) for (x)[OA * 0~A] Form(A) for (x)[DA vD-i] Ban(A) for ((x)DA) v ((x)U~A) Pred(A) for Form(A) v Mat(A). We read Mat(A), FormjA), and Ban(A) respectively as: "A is material", "A is formal", and "A is banal"; Pred(A) is the assertion of the Principle of Predica-...

The logic BAN was developed in the late eighties to reason about authenticated key establishment protocols. It uncovered many aws and properties of protocols, thus generating lots of attention in protocol analysis. BAN itself was also subject of much attention, and work was done examining its properties and limitations, developing extensions and alternatives, and giving it a semantics. More rec...

Belief-logic deductions are used in the analysis of cryptographic protocols. We show a new method to decide such logics. In addition to the familiar BAN logic, it is also applicable to the more advanced versions of protocol security logics, and GNY in particular; and it employs an efficient forward-chaining algorithm the completeness and termination of which are proved. Theoretic proofs, implem...