We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the c...

Multiparty cryptography is an important topic in contemporary cryptography. In this paper we examine the security of some multi-party signature schemes. In particular, we point out that a multisignature scheme is vulnerable to universal forgery by an insider attacker under reasonable assumptions. This attack can be applied to some generalizations as well. Then we present a universal forgery att...

We investigate the security of DTW, VQ and GMM methods that have been used in speaker authentication systems. We present attack models based on adversary knowledge. We start with naive adversaries without knowledge of an authentic speaker and develop them into highly knowledgeable adversaries who know the speaker’s information, have the speaker’s voice samples, acquire the speaker’s template, a...

We present a detailed security analysis of the CAESAR candidate Ascon. Amongst others, cube-like, differential and linear cryptanalysis are used to evaluate the security of Ascon. Our results are practical key-recovery attacks on round-reduced versions of Ascon-128, where the initialization is reduced to 5 out of 12 rounds. Theoretical keyrecovery attacks are possible for up to 6 rounds of init...

Secure user authentication is an important issue in wireless environments. Various user authentication schemes have been proposed in recent years. In 2012, Mun et al. presented an enhanced secure anonymous authentication scheme for roaming service in global mobility networks. However, Mun et al.’s scheme is not secure. In this paper, we show that Mun et al.’s scheme can not provide the mutual a...

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the ...

Testing of biometric systems requires the consideration of aspects beyond technical and statistical parameters. Especially for testing biometric techniques based on behavior, human factors like intention and forgery strength need to be considered. In this paper, a test tool to support skilled forgeries by test subjects is presented for handwriting verification systems. The software tool has bee...

Testing of biometric systems requires the consideration of aspects beyond technical and statistical parameters. Especially for testing biometric techniques based on behavior, human factors like intention and forgery strength need to be considered. In this paper, a test tool to support skilled forgeries by test subjects is presented for handwriting verification systems. The software tool has bee...

PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a state recovery attack against PANDA-s with time complexity about 2 under the known-plaintext-attack model, which needs about 132 pairs of known plaintext/ciphertext. Based on the above attack, we further deduce a forgery attack against PANDA-s. Our result...

An enhanced authentication key exchange protocol was proposed to exchange multiple session keys between two participants at a time. This paper shows that this enhanced protocol is insecure under the known session key attack, known long-term private key attack, signature forgery attack, and replay attack. This paper also proposes an enhanced and secure key agreement protocol for exchanging multi...