Recently Harn and Lin proposed a novel authenticated group key transfer protocol that a mutually trusted key generation center (KGC) can broadcast group key information to all group members at once and only authorized group members can recover the group key. This paper presents that Harn and Lin’s protocol can not withstand man-in-the-middle attack and describes the reasons and detailed process...

We propose the first generic construction of certificateless key encapsulation mechanism (CL-KEM) in the standard model, which is also secure against malicious-but-passive KGC attacks. It is based on an ID-based KEM, a public key encryption and a message authentication code. The high efficiency of our construction is due to the efficient implementations of these underlying building blocks, and ...

Malicious URLs have been widely used to mount various cyber attacks including spamming, phishing and malware. Detection of malicious URLs and identification of threat types are critical to thwart these attacks. Knowing the type of a threat enables estimation of severity of the attack and helps adopt an effective countermeasure. Existing methods typically detect malicious URLs of a single attack...

We implemented an attack against WEP, the link-layer security protocol for 802.11 networks. The attack was described in a recent paper by Fluhrer, Mantin, and Shamir. With our implementation, and permission of the network administrator, we were able to recover the 128 bit secret key used in a production network, with a passive attack. The WEP standard uses RC4 IVs improperly, and the attack exp...

Wireless Mesh Network has come out to be the next generation wireless communication technology. It provides a good solution to cheap wireless networking. The Network Layer in WMN is responsible for routing packets delivery and intruders take a deep interest in sabotaging this layer. Black-hole attack is a type of Denial-of-Service (DoS) attack which when carried out can disrupt the services of ...

A profiling attack is a powerful variant among the noninvasive side channel attacks. In this work, we target RSA key generation relying on binary version of extended Euclidean algorithm for modular inverse and GCD computations. To date, has only been exploited by simple power analysis; therefore, countermeasures described in literature are focused mitigating kind attack. We demonstrate that one...

Most remote authentication schemes use key exchange protocol to provide secure communication over an untrusted network. The protocol enables remote client and host to authenticate each other and communicate securely with prearranged shared secret key or server secret key. Many remote services environment such as online banking and electronic commerce are dependent on remote authentication schem...

When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key w...

In this paper, we construct several tools for building and manipulating pools of biases in the analysis of RC4. We report extremely fast and optimized active and passive attacks against IEEE 802.11 wireless communication protocol WEP and a key recovery and a distinguishing attack against WPA. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packet...

Internet sensor networks, including honeypots and log analysis centers such as the SANS Internet Storm Center, are used as a tool to detect malicious Internet traffic. For maximum effectiveness, such networks publish public reports without disclosing sensor locations, so that the Internet community can take steps to counteract the malicious traffic. Maintaining sensor anonymity is critical beca...