Sharif Digital Repository

In this paper we propose two new attacks on UMTS network. Both attacks exploit the UMTS-GSM interworking and are possible in the GSM access area of UMTS network. The first attack allows the attacker to eavesdrop on the entire traffic of the victim UMTS subscriber in the GERAN coverage of the UMTS network. The second attack is an impersonation attack i.e. the attacker impersonates a genuine UMTS subscriber to a UMTS network and fools the network to provide services at the expense of the victim subscriber in its GERAN coverage. © 2009 IEEE  

Nowadays low-cost RFID systems have moved from obscurity into mainstream applications which cause growing security and privacy concernsThe lightweight cryptographic primitives and authentication protocols are indispensable requirements for these devices to grow pervasiveIn recent years, there has been an increasing interest in intuitive analysis of RFID protocolsThis concept has recently been challenged by formal privacy modelsThis paper investigates how to analyse and solve privacy problems in formal modelFirst, we highlight some vague drawbacks especially in forward and backward traceability analysis and extend it in the simulation-based privacy model familyThen, the privacy weaknesses of... 

Since low-cost RFID systems are applied in ubiquitous varied applications, privacy and security of their users became a great concern. Therefore, the various authentication protocols have been proposed. In this paper, we inspect the three new-found RFID authentication protocols based on quadratic residue property via one of the well-organized formal RFID privacy models instead of intuitive analysis. We formally prove that modular squaring is the suitable technique to guarantee RFID authentication protocols against backward traceability. Then, the flaws are alleviated to resist traceability attacks  

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not... 

By combining portable, handheld near-infrared (NIR) spectroscopy with state-of-the-art classification algorithms, we developed a powerful method to test chicken meat authenticity. The research presented shows that it is both possible to discriminate fresh from thawed meat, based on NIR spectra, as well as to correctly classify chicken fillets according to the growth conditions of the chickens with good accuracy. In all cases, the random subspace discriminant ensemble (RSDE) method significantly outperformed other common classification methods such as partial least squares-discriminant analysis (PLS-DA), artificial neural network (ANN) and support vector machine (SVM) with classification... 

In 2003, Wu and Chieu proposed a user friendly remote authentication scheme using smart cards. Later, Yang and Wang pointed out that Wu and Chieu's scheme is vulnerable to the password guessing and forgery attacks. Recently, Lee et al. proposed an improved authentication scheme and claimed that their scheme is secure against forgery attack. However, in this paper, we illustrate that Lee et al.'s scheme is still vulnerable to the forgery attack. We also propose an enhancement of the scheme to resist such that attack. © 2010  

Authentication schemes play vital roles in computer and communication security. In order to authenticate the remote users, password based schemes have been widely used. In this paper we introduce a secure remote user authentication scheme based on bilinear pairing that satisfies all security requirements which are mentioned for password based authentication schemes using smart card  

In some applications of the Internet of Things (IoT), for privacy preserving and authentication of entities, it is necessary to use ultra-lightweight cryptographic algorithms. In this paper, we propose a new ultra-lightweight authentication protocol between RFID components, in which only simple operations are used. In this protocol, the server has access to the data gathered by the tag in the same authentication phase through the reader interface, instead of sharing a secret key. The proposed protocol is secure against several attacks, such as replay attacks, denial of service, offline guessing attacks, modification attacks, full disclosure attacks and impersonation attacks, in addition to... 

Privacy is faced with serious challenges in the ubiquitous computing world. In order to handle this problem, some researchers in recent years have focused on design and analysis of privacy-friendly ultralightweight authentication protocols. Although the majority of these schemes have been broken to a greater or lesser extent, most of these attacks are based on ad-hoc methods that are not extensible to a large class of ultralightweight protocols. So this research area still suffers from the lack of structured cryptanalysis and evaluation methods. In this paper, we introduce new frameworks for full disclosure attacks on ultralightweight authentication protocols based on new concepts of... 

Security is a critical and vital task in WSNs. Recently, key management as the core of a secure communication has received lots of attention, but in most of the proposed methods security has been compromised in favor of reducing energy consumption. Consequently, perfect resiliency has not been achieved by most of the previous works. Hostile environment, ability of adversary to capture the nodes, and dead nodes with sensitive data scattered in the region, calls for a more secure and yet practical method. This paper proposes a novel authentication scheme based on broadcast messages from BS to improve security of key management system. Through simulation it is shown that energy consumption of... 

The developing of RFID systems in sensitive applications like e-passport, e-health, credit cards, and personal devices, makes it necessary to consider the related issues such as maximum reading distance, communication speed and data security. The use of signal processing methods is an efficient and convenient way to achieve the maximum reading distance and communication rate. However, the signal processing techniques are not adequate to provide a reasonable level of security and privacy for RFID systems. Thus, it is necessary to employ specific authentication protocols which assure data security and preserve the user’s privacy. Among other security and privacy characteristic of an RFID... 

In vehicular ad-hoc networks (VANETs), the correctness of a message requires authentication of the origin vehicle.In this paper, we introduce a novel authentication scheme for VANETs which suggests a new solution for secure vehicle communications. The proposed scheme is an road side unit (RSU) based scheme in which the master key of the Trusted Authority (TA) is embedded in a tamper-proof device provided at the RSUs. Compared with the schemes that store the master key in the on-board units, our scheme is more practical because of a secure and high speed communication link between TA and RSUs. To the best of our knowledge,this solution has not yet been devised for secure authentication in... 

Many smart-card-based remote authentication schemes have been proposed recently. In 2004, Yoon et al. presented an improved scheme which is the leading of a research track started from Sun, 2000. In this paper, we illustrate that Yoon et al.'s scheme is vulnerable to the parallel session attack and propose an enhancement of the scheme to resist that attack. In our scheme the parties further establish a forward-secure session key by employing only hash functions to protect the subsequent communications. We also demonstrate that our scheme has better security in comparison to other related works, while it does not incur much computational cost © 2007 Springer  

A practical approach to prevent location-based attacks in RFID systems is the use of Distance Bounding (DB) protocols. These protocols enable an entity to determine an upper bound on the physical distance to another entity as well as to authenticate it. It makes, rejection of the requests located out of this distance limitation. So far, many DB protocols have been designed with the aim of resistance to location-based attacks. In this paper, we propose a unilateral DB protocol using delay concept while sending two random binary challenges. This protocol can resist better than other unilateral DB protocols against mafia and distance fraud attacks. In addition, the proposed protocol can be... 

Ubiquitousness of Radio Frequency Identification (RFID) systems with inherent weaknesses has been a cause of concern about their privacy and security. Therefore, secure protocols are essentially necessary for the RFID tags to guarantee privacy and authentication among them and the reader. This paper inspects privacy in the RFID systems. First, we survey four new-found RFID authentication protocols, and then, their weaknesses in formal privacy model are analyzed. Although the authors of the schemes claimed that their protocols completely resist privacy attacks, we formally prove that all of them suffer from the family of traceability attacks. Furthermore, not only are the four improved... 

Following the fact that there are some efficient implementations of ECC-based RFID authentication protocols on RFID tags, a new family of RFID authentication protocols known as EC-RAC family has been introduced. However, it has been shown that all the versions of EC-RAC protocols are exposed to privacy and/or security threats. In this paper we analyzed a version of the EC-RAC RFID authentication protocol as well as a version of Schnorr protocol which were presented in a recent work and are claimed to have the demanding requirements. We demonstrated an impersonation attack on the claimed improved EC-RAC, and consequently showed that it would not satisfy the tag authentication property. Also,... 

Recently, different RFID authentication protocols conforming to EPC Class 1 Generation 2 (EPC C1 G2) standard have been proposed. In 2013, Xiao et al. have proposed an improved mutual authentication protocol which claimed to eliminate the weaknesses of Yoon's protocol that has been proposed in 2012. In this paper, we study the security and the privacy of Xiao et al.'s protocol. It is shown that their protocol suffers from secret parameters reveal, tag impersonation attack, backward and forward traceability attacks. Then, in order to enhance the security and the privacy of this protocol, a modified version is proposed. In order to evaluate our proposed protocol, its security and privacy are... 

Multi sender attribute-based broadcast authentication scheme for the network containing resource constrained nodes is the main focus of this research. In this paper, we proposed a framework in which each element of a set of authorized users whose attributes satisfy a special sign control policy can generate a valid signature. In this framework, there exists a trusted server who receives and verifies the validity of the generated attribute-based signatures and broadcast the intended message through the nodes of the network in an efficient and authenticated manner. We also proposed a new symmetric-based broadcast authentication scheme which is used for broadcasting the authenticated messages... 

Lightweight authentication protocols are crucial for privacy preserving in Internet of Things (IoT). Authentication protocols should be implementable for devices with constrained memory and computational power in this area, in addition to resistance against cryptographic threats. On the other hand, these protocols should not impose a heavy computational load on such devices. In this paper we proposed an authentication protocol that properly meets these features. Our protocol is suitable for wireless sensor networks (WSNs). In this protocol, authentication is fulfilled with low communication and computational loads between sensors and users through the gateway interface using a hash function...