Various wireless technologies, such as RF, Bluetooth, and Zigbee, have been applied to sensor communications. However, the applications of Bluetooth-based wireless sensor networks (WSN) have a security issue. In one pairing process during Bluetooth communication, which is known as simple secure pairing (SSP), the devices are required to specify I/O capability or user interference to prevent man...

By the advancing of microelectronics, we propose an improved version of Aydos’s protocol, which uses the restraint of RTT. The new protocol can resist two types of MITM attack that presented by Mangipudi and Liu. It can even resist the strengthened MITM attack in which the attacker has infinite computing resource. We then analyse the new protocol both theoretical and experimental.

At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight blockcipher with a SPN structure. The truncated difference they used is derived from the existing multidimensional linear characteristics. An innovative technique of their work is the design of a MITM layer added before the characteristic that covers ...

This paper analyzes the security of Bluetooth v4.0’s Secure Simple Pairing (SSP) protocol, for both the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (LE) operational modes. Bluetooth v4.0 is the latest version of a wireless communication standard for low-speed and low-range data transfer among devices in a human’s PAN. It allows increased network mobility among de...

In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neigh...

Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the process of establishing these networks. Nevertheless, security-wise precautions were not taken in some of them. In this paper, we expose some of the vulnerability that exists in a c...

In this paper we consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications, where the attacker is able to successfully impersonate the legitimate server to the user, with the goal of impersonating the user to the server and thus compromising the user’s online account and data. We describe in detail why the recently proposed client authentication protocols based on TLS Cha...

Radio Frequency Identification (RFID), the technology for contactless transmission of data between small devices and readers, penetrates more and more our daily life. The technology is nowadays used in passports, transponder keys, or logistics, usually as a mean to identify the tag to the reader. Security solutions for such devices are often vulnerable to so-called man-in-the-middle (MITM) atta...

Solar power (SP) passive optical network (PON)-based fiber-wireless (FiWi) access systems are becoming increasingly popular as they provide coverage to rural and urban areas where no grid exists. Secure operation of such networks which includes solar- and/or battery-powered devices, is crucial for anticipating potential issues prolong the life operation. Since units (ONUs) may be powered by SP-...

At EUROCRYPT 2006, Kelsey and Kohno proposed the so-called chosen target forced-prefix (CTFP) preimage attack, where for any challenge prefix P, attacker can generate a suffix S such that H(P∥S) = y some hash value published in advance by attacker. Consequently, pretend to predict event represented P she did not know before, thus this type of attack is also known as Nostradamus attack. ASIACRYP...