Security Analysis on AUTH Protocol and Its Variant against the Man-in-the-Middle Attack

2015 ◽  
Vol E98.A (1) ◽  
pp. 153-161
Author(s):  
Kosei ENDO ◽  
Noboru KUNIHIRO
Keyword(s):  
Security Analysis ◽  
Man In The Middle

A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme

2016 ◽  
Vol 12 (2) ◽  
pp. 62-79 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Session Key ◽  
Key Agreement Protocol ◽  
Remote User Authentication ◽  
Session Key Agreement ◽  
Man In The Middle ◽  
Remote User

In this article, the authors have proposed a secure two-factor remote user authentication and session key agreement protocol. As they have shown in the presented scheme, is precise and secure according to both formal and informal security analysis. For formal security analysis, they have applied BAN (Burrows-Abadi-Needham) logic which certifies that the presented scheme provides the amenity of mutual authentication and session key agreement safely. The informal security verification has shown that the proposed scheme is more vigorous against various sort of cruel threats. Moreover, the authors have simulated the presented scheme using broadly accepted AVISPA tool, whose simulation results make sure that the protocol is not dangerous from active and passive attacks together with replay and man-in-the-middle attacks. In addition, the performance evaluation and the security comparison have revealed that the presented scheme gives strong security as well as better complexity in the context of smart card memory requirement, communication cost and computation cost.

scholarly journals Security and Performance of Single Sign-on Based on One-Time Pad Algorithm

Cryptography ◽  
2020 ◽  
Vol 4 (2) ◽  
pp. 16
Author(s):  
Maki Kihara ◽  
Satoshi Iriyama
Keyword(s):  
Access Control ◽  
Personal Information ◽  
Security Analysis ◽  
Free Access ◽  
Multiple Systems ◽  
Single Sign On ◽  
Man In The Middle ◽  
Execution Speed ◽  
And Performance ◽  
The One

Single sign-on (SSO) techniques allow access control for multiple systems with a single login. The aim of our study is to construct an authentication algorithm that provides the authentication information of a user to a requester without requiring any specific token, thereby achieving domain-free access control. In this study, we propose an authentication algorithm for SSO based on a verifiable encryption (VE)-based authentication algorithm and implementation. VE is a kind of cryptosystem that allows calculation on cyphertexts, generating an encrypted result, which matches the distance between two plaintexts when decrypting. In our approach, we first construct the mathematical SSO algorithm based on the VE-based algorithm, and then implement the algorithm by applying the one-time pad to the algorithm and using sample data. We also consider robustness against theoretical attacks such as man-in-the-middle attack. In addition to that, our algorithm is robust against the well-known classical and theoretical attacks, the man-in-the-middle attack against the proposed algorithm is also impracticable. Furthermore, with security analysis using Proverif, the algorithm has been shown to be secure. The execution speed is less than 1 ms even with a text length of 8192 bits. Based on our results, it is evident that the computational burden of trusted third parties, such as a certificate authority, can be alleviated because the public key agreement is not required in our algorithm. Moreover, since only the authentication information is disclosed to the service provider, big tech such as GAFA cannot obtain personal information of the user without consent. As for the originality of our algorithm, any personal information, such as biometric information and non-contact magnetic IC cards in addition to the pair of ID and password, which is used for common SSO algorithms, is available.

scholarly journals A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace

2017 ◽  
Vol 2017 ◽  
pp. 1-15
Author(s):  
Fusheng Wu ◽  
Huanguo Zhang ◽  
Wengqing Wang ◽  
Jianwei Jia ◽  
Shi Yuan
Keyword(s):  
Code Generation ◽  
Source Code ◽  
Security Analysis ◽  
Memory Access ◽  
New Method ◽  
Pointer Analysis ◽  
C Language ◽  
Model Extraction ◽  
Diffie Hellman ◽  
Man In The Middle

The security analysis of protocols on theory level cannot guarantee the security of protocol implementations. To solve this problem, researchers have done a lot, and many achievements have been reached in this field, such as model extraction and code generation. However, the existing methods do not take the security of protocol implementations into account. In this paper, we have proposed to exploit the traces of function return values to analyze the security of protocol implementations at the source code level. Taking classic protocols into consideration, for example (like the Needham-Schroeder protocol and the Diffie-Hellman protocol, which cannot resist man-in-the-middle attacks), we have analyzed man-in-the-middle attacks during the protocol implementations and have carried out experiments. It has been shown in the experiments that our new method works well. Different from other methods of analyzing the security of protocol implementations in the literatures, our new method can avoid some flaws of program languages (like C language memory access, pointer analysis, etc.) and dynamically analyze the security of protocol implementations.

scholarly journals Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

2014 ◽  
Vol 2014 ◽  
pp. 1-8 ◽  
Author(s):  
Youngsook Lee ◽  
Juryon Paik
Keyword(s):  
Mutual Authentication ◽  
Security Analysis ◽  
Mobile User ◽  
Authentication Scheme ◽  
Third Party ◽  
Dictionary Attack ◽  
Session Key ◽  
Foreign Agent ◽  
Anonymous Authentication ◽  
Man In The Middle

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

scholarly journals Security Analysis on Remote Authentication against Man-in-the-Middle Attack on Secure Socket Layer

2020 ◽  
Vol 981 ◽  
pp. 022015
Author(s):  
O. Rama Devi ◽  
S Parvathi Vallabhaneni ◽  
Mohammed Ali Hussain ◽  
Tulisetti Kranthi Kumar
Keyword(s):  
Security Analysis ◽  
Secure Socket Layer ◽  
Remote Authentication ◽  
Man In The Middle

scholarly journals Security Analysis and Improvement of Lighweight VANET Authentication Protocol (Case Study : Zhao et al. LVAP)

2021 ◽  
Vol 3 (2) ◽  
pp. 135-143
Author(s):  
Sepha Siswantyo
Keyword(s):  
Traffic Safety ◽  
Traffic Management ◽  
Ad Hoc ◽  
Security Analysis ◽  
Authentication Protocol ◽  
Security Protocol ◽  
Sybil Attack ◽  
Session Key ◽  
Man In The Middle ◽  
Vanet Security

VANET is an ad-hoc network implemented on vehicle communication to ensure traffic safety and traffic management efficiency. VANET security is a concern because of various vulnerabilities, especially from authentication criteria that the attacker can exploit. VANET is vulnerable to Sybil attack, entity impersonation, message modification, and identity falsification. Several mechanisms and protocols have been developed to address these vulnerabilities. The design of the VANET authentication protocol also needs to be proven using formal methods to ensure that the protocol meets the required security criteria.  In this research, the security of VANET authentication protocol developed by Zhao et al. was analyzed using the Datta et al. security protocol analysis method. Instead of BAN Logic, the Scyther tool was used to verify security claims and find possible attacks. Our Security analysis results show that Zhao et al.'s protocol does not meet confidentiality and entity authentication criteria. Scyther tool can find attacks on nonce confidentiality and man-in-the-middle attack. Therefore, we modify Zhao et al. protocol by adding signature and session key confirmation to improve its security. Based on analysis results, our modified Zhao et al. authentication protocol met confidentiality and entity authentication criteria. The use of signature and session key confirmation prevents man-in-the-middle attack and protects nonce confidentiality. Therefore, our research concludes that modified Zhao et al. authentication protocol more secure than the original protocol in terms of nonce and session key confidentiality, aliveness, weak agreement, non-injective agreement, and non-injective synchronization.

"Man-in-the-Middle."

1969 ◽  
Vol 1 (1) ◽  
pp. 89-90
Author(s):  
Robert W. Balentine
Keyword(s):  
Man In The Middle

FOOD SECURITY ANALYSIS OF STAVROPOL KRAI

2020 ◽  
pp. 85-90
Author(s):  
Yu.M. Sklyarova ◽  
I.Yu. Sklyarov ◽  
E.N. Lapina
Keyword(s):  
Food Security ◽  
Security Analysis ◽  
Stavropol Krai
Sign in / Sign up

Export Citation Format

Share Document