Sense-response applications are widely being used for safeguarding critical infrastructure. In such applications, the sensor nodes detect and report events of interest to the base-station which promptly responds with a physical response. A concern that arises immediately is regarding the ability of the sensor nodes to encounter malicious entities that benefit from any form of damage to the crit...

Consider key agreement by two parties who start out knowing a common secret (which we refer to as “pass-string”, a generalization of “password”), but face two complications: (1) the pass-string may come from a low-entropy distribution, and (2) the two parties’ copies of the pass-string may have some noise, and thus not match exactly. We provide the first efficient and general solutions to this ...

Ž . It is shown that allowed double-quantum coherences DQC can now be routinely generated in disordered and oriented solids containing nitroxide biradicals and random distributions of stable radicals. The Pake doublets obtained from DQC ̊ Ž . pathways can be effectively used to determine long ;30 A distances in the former case, and concentrations in the latter. The DQC signals are strong and oft...

We here describe a new Password-based Authenticated Key Exchange (PAKE) protocol based on elliptic curve cryptography. We prove it secure in the Bellare-Pointcheval-Rogaway (BPR) model. A significant novelty in our work is that our proposal is conceived in a such a way that it ensures that the elliptic curve public parameters remain private. This is important in the context of ID contactless de...

Zero-Knowledge Password Policy Checks (ZKPPC), introduced in this work, enable blind registration of client passwords at remote servers, i.e., client passwords are never transmitted to the servers. This eliminates the need for trusting servers to securely process and store client passwords. A ZKPPC protocol, executed as part of the registration procedure, allows clients to further prove complia...

In a Password-Protected Secret Sharing (PPSS) scheme with parameters (t, n) (formalized by Bagherzandi et al. [2]), a user Alice stores secret information among n servers so that she can later recover the information solely on the basis of her password. The security requirement is similar to a (t, n)-threshold secret sharing, i.e., Alice can recover her secret as long as she can communicate wit...

This paper specifies a two-step migration towards a stronger authentication in the Session Initiation Protocol. First, we add support for a Password Authenticated Key Exchange algorithm that can function as a drop-in replacement for the widely adopted Digest Access Authentication mechanism. This new authentication mechanism adds support for mutual authentication, is considered stronger and can ...

Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on securit...

The SPEKE protocol is commonly considered one of the classic Password Authenticated Key Exchange (PAKE) schemes. It has been included in international standards (particularly, ISO/IEC 11770-4 and IEEE 1363.2) and deployed in commercial products (e.g., Blackberry). We observe that the original SPEKE specification is subtly different from those defined in the ISO/IEC 11770-4 and IEEE 1363.2 stand...

Password collection by keyloggers and related malware is increasing at an alarming rate. We investigate client-only defenses and methods that require server-side assistance. Password hashing and password injection, in which passwords are isolated from spyware, provide protection against phishing, commonpassword attacks, and spyware on the client platform. To protect against network sniffing and...