Based on the analysis of 6-digit one-time passwords(OTP) generated by DIGIPASS GO3 we were able to reconstruct the synchronisation system of the token, the OTP generating algorithm and the verification protocol in details essential for an attack. The OTPs are more predictable than expected. A forgery attack is described. We argue the attack success probability is 8. That is much higher than 10 ...

Biometric systems including keystroke-dynamics based authentication have been well studied in the literature. The attack model in biometrics typically considers impersonation attempts launched by human imposters. However, this attack model is not adequate, as advanced attackers may utilize programs to forge data. In this paper, we consider the effects of synthetic forgery attacks in the context...

In imaging science, the photo editing software packages can alter the original images without any detecting traces of tampering. Hence, the image forgery detection technique plays an important role in verifying the integrity of digital image forensics for authentication. The techniques such as watermarking are used for authentication but it can be modified through third parties attack through e...

Radio frequency identification systems need secure protocols to provide confidentiality, privacy protection, mutual authentication, etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and de-synchronization attacks. Cho et al. recently proposed a hash-basedmutual authentication protocol (Cho et al., 2012) and claimed that their scheme addresses al...

Even though a method to perfectly sign quantum messages has not been known, the arbitrated quantum signature scheme has been considered as one of good candidates. However, its forgery problem has been an obstacle to the scheme being a successful method. In this paper, we consider one situation, which is slightly different from the forgery problem, that we check whether at least one quantum mess...

This paper presents an approach related to authenticate mutually a RFID (Radio Frequency Identification) tag from a RFID reader by using the cryptography based on Elliptic curve. Our proposal mutual authentication lies on the Elliptic curve discrete logarithm problem, which is considered the core in order to fight against all of attacks like replay attack, forgery attack and man-in-the-middle a...

The WAP WTLS protocol was designed to provide privacy, data integrity, and authentication for wireless terminals. The protocol is currently being fielded, and it is expected that the protocol will be contained in millions of devices in a few years. Even though the WTLS protocol is closely modeled after the wellstudied TLS protocol, we have identified a number of potential security problems in i...

Diameter standard authentication system does not provide mutual authentication and non-repudiation. AAA authentication system using public key was suggested to supplement such Diameter authentication but application in mobile service control nodes is difficult due to overhead of communication and arithmetic. ID based AAA authentication system was suggested to overcome such weak point but it sti...

This lecture discusses how software weaknesses on the Web manifest, the vulnerabilities that lead to these weaknesses being exploited, and how they can be mitigated. The topics examined include the concept of weird machines, how privilege escalation works on the web via injection attacks such as Cross-Site Scripting, and defensive principles and programming techniques that can be used to guard ...