In remote authentication scheme, a remote user can communicate with server over open networks even though the physical distance is much far. Before interaction, they require to establish common session key by authenticating each other. Recently in 2014, Kumari et al. proposed the efficient scheme for remote user authentication. However in this paper, we show that the Kumari et al.’s scheme is v...

Cloud is a very hot topic currently being discussed in the new era of technology. Organizations step back from adapting cloud technology mainly because of the security and privacy concerns. Processing or sharing privacy-sensitive data sets on cloud probably engenders severe privacy concerns because of multi-tenancy. Lack of transparency attack where the flow of client’s data is not known and di...

Abstract “Classical keys,” i.e., secret keys stored permanently in digital form nonvolatile memory, appear indispensable modern computer security—but also constitute an obvious attack target any hardware containing them. This contradiction has led to perpetual battle between key extractors and protectors over the decades. It is long known that physical unclonable functions (PUFs) can at least p...

It is widely accepted that Disclosure Attacks are effective against high-latency anonymous communication systems. A number of Disclosure Attack variants can be found in the literature that effectively de-anonymize traffic sent through a threshold mix. Nevertheless, these attacks’ performance has been mostly evaluated through simulation and how their effectiveness varies with the parameters of t...

In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. However, in real network environments an adversary may easily interrupt or interfere transmission of necessary ...

Hummingbird-1 is a lightweight encryption and message authentication primitive published in RISC ’09 and WLC ’10. Hummingbird-1 utilizes a 256-bit secret key and a 64-bit IV. We report a chosen-IV, chosenmessage attack that can recover the full secret key with a few million chosen messages processed under two related IVs. The attack requires at most 2 off-line computational effort. The attack h...

Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer et al. [20] we gather the cachememory access ...

Multi-HFE (Chen et al., 2009) is one of cryptosystems whose public key is a set of multivariate quadratic forms over a finite field. Its quadratic forms are constructed by a set of multivariate quadratic forms over an extension field. Recently, Bettale et al. (2013) have studied the security of HFE and multi-HFE against the min-rank attack and found that multi-HFE is not more secure than HFE of...

We first propose a general equivalent key recovery attack to a H-MAC variant NMAC1, which is also provable secure, by applying a generalized birthday attack. Our result shows that NMAC1, even instantiated with a secure Merkle-Damg̊ard hash function, is not secure. We further show that this equivalent key recovery attack to NMAC1 is also applicable to NMAC for recovering the equivalent inner key ...

Yuan et al. recently introduced a password-based group key transfer protocol that uses secret sharing, which they claim to be efficient and secure [9]. We remark its resemblance to the construction of Harn and Lin [1], which Nam et al. proved vulnerable to a replay attack [3]. It is straightforward that the same attack can be mount against Yuan et al.’s protocol, proving that the authors’ claim...