2,110 research outputs found
Security issues in a group key establishment protocol
Get PDFMajor shortcomings in a recently published group key establishment protocol
are described. These shortcomings are sufficiently serious that the protocol
should not be used.Comment: arXiv admin note: text overlap with arXiv:1803.0536
Analysing the IOBC Authenticated Encryption Mode
Get PDFAbstract. The idea of combining a very simple form of added plaintext redundancy with a special mode of data encryption to provide data in-tegrity is an old one; however, despite its wide deployment in protocols such as Kerberos, it has largely been superseded by provably secure au-thenticated encryption techniques. In this paper we cryptanalyse a block cipher mode of operation called IOBC, possibly the only remaining en-cryption mode designed for such use that has not previously been ana-lyzed. We show that IOBC is subject to known-plaintext-based forgery attacks with a complexity of around 2n=3, where n is the block cipher block length.
Public key encryption using block ciphers
Get PDFA method for deriving a public key encryption system from any
`conventional' (secret key) block cipher is described. The method
is related to, but improves upon, Merkle's 'puzzle system'
On the security of XCBC, TMAC and OMAC
Get PDFThe security provided by the XCBC, TMAC and OMAC schemes is analysed
and compared with other MAC schemes. The results imply that there
is relatively little to be gained practically through the introduction of these
schemes by comparison with other well-established MAC functions. Moreover,
TMAC and OMAC possess design weaknesses which enable part of the
secret key to be recovered much more easily than would ideally be the case
— design changes are suggested which alleviate this problem. Whether or
not the proofs of security are retrievable for the modified designs remains an
open question, although the need for change would appear to be clear
Who needs trust for 5G?
Get PDFThere has been much recent discussion of the criticality of the 5G
infrastructure, and whether certain vendors should be able to supply 5G
equipment. The key issue appears to be about trust, namely to what degree the
security and reliability properties of 5G equipment and systems need to be
trusted, and by whom, and how the necessary level of trust might be obtained.
In this paper, by considering existing examples such as the Internet, the
possible need for trust is examined in a systematic way, and possible routes to
gaining trust are described. The issues that arise when a security and/or
reliability failure actually occurs are also discussed. The paper concludes
with a discussion of possible future ways of enabling all parties to gain the
assurances they need in a cost-effective and harmonised way
How not to secure wireless sensor networks revisited: Even if you say it twice it's still not secure
Get PDFTwo recent papers describe almost exactly the same group key establishment
protocol for wireless sensor networks. Quite part from the duplication issue,
we show that both protocols are insecure and should not be used - a member of a
group can successfully impersonate the key generation centre and persuade any
other group member to accept the wrong key value. This breaks the stated
objectives of the schemes.Comment: Minor typos fixe
Two closely related insecure noninteractive group key establishment schemes
Get PDFSerious weaknesses in two very closely related group authentication and group
key establishment schemes are described. Simple attacks against the group key
establishment part of the schemes are described, which strongly suggest that
the schemes should not be used.Comment: Paper updated to describe an attack on a closely related schem
- …
