Authentication with recently proposed quantum password protocol is secure against impersonation. Here we show that original version of the protocol is not secure against active malicious prover and verifier, however a slight modification provides a possibility for a legitimate party to detect the attacks. The password is reusable in the absence of the attacks. Otherwise the security of the auth...

Since the Middle Ages the Jews have been engaged primarily in urban, skilled occupations, such as crafts, trade, Þnance, and medicine. This distinctive occupational selection occurred between the seventh and the ninth centuries in the Muslim Empire and then it spread to other locations. We argue that this transition was the outcome of the widespread literacy among Jews prompted by an educationa...

Distance Bounding (DB) is designed to mitigate relay attacks. This paper provides a complete study of the DB protocol of Kleber et al. based on Physical Unclonable Functions (PUFs). We contradict the claim that it resists to Terrorist Fraud (TF). We propose some slight modifications to increase the security of the protocol and formally prove TF-resistance, as well as resistance to Distance Frau...

Recent advances in hardware, software, computing, and communication technologies have enabled the design and deployment of a smarter, interactive, dynamic 21st century electrical grid, also known as the smart grid. The bi-directional flow of information between the customer premise and the utility provider opens up several privacy challenges that must be addressed. We describe possible man-in-t...

This paper is the result of a study which analyzes the characteristics of mobile data with regard to both amount and content of the data collected. It will be shown what information is revealed through a man-in-the-middle attack on an unjailbroken iPhone 3GS within one week of internet usage. The results will reveal that the average transfer size of a datastream is very small in comparison to t...

Since the introduction at Crypto’05 by Juels and Weis of the protocol HB, a lightweight protocol secure against active attacks but only in a detection based-model, many works have tried to enhance its security. We propose here a new approach to achieve resistance against Man-in-The-Middle attacks. Our requirements – in terms of extra communications and hardware – are surprisingly low.

In this paper we show how to break the most recent version of EC-RAC with respect to privacy. We show that both the ID-Transfer and ID&PWD-Transfer schemes from EC-RAC do not provide the claimed privacy levels by using a man-in-the-middle attack. The existence of these attacks voids the presented privacy proofs for EC-RAC.

In 2003, Novikov and Kiselev proposed an authentication of the user from the remote autonomous object. In this article, we shall show that the Novikov-Kiselev scheme cannot against a man-in-the-middle attack.

Gemmell and Naor proposed a new protocol for unconditionally secure authentication of long messages. However Gehrmann showed that the proof of the security of the protocol was incorrect. Here we generalize the multiround protocol model. We prove the security of a 3-round protocol and give for this case a new easy implementable construction which has a key size close to the fundamental lower bou...