For secure communication it is not just sufficient to use strong cryptography with good and strong keys, but to actually have the assurance, that the keys in use for it are authentic and from the contact one is expecting to communicate with. Without that, it is possible to be subject to impersonation or man-in-the-middle (MitM) attacks. Mega meets this problem by providing a hierarchical authen...

In this paper, we principally introduce a new class of unconditionally secure authentication codes, called linear authentication codes(or linear A-codes)from free modules. We then derive an upper bound on the size of source space when other parameters of the system, that is, the sizes of the key space and authenticator space, and the deception probability are fixed. We give constructions that a...

We propose a novel method to detect and locate a Man-in-the-Middle attack in a fixed wireless network by analyzing round-trip time and measured received signal strength from fixed access points. The proposed method was implemented as a client-side application that establishes a baseline for measured round trip time (RTTs) and received signal strength (RSS) under no-threat scenarios and applies ...

Generating secret keys using physical properties of the wireless channel has recently become a popular research area. The main security assumption of these protocols is that a sufficiently distant adversary is unable to guess a generated secret due to the unpredictable behavior of multipath signal propagation. In this paper, we introduce a practical and efficient man-in-the-middle attack agains...

This paper shows an attack against APOP protocol which is a challenge-and-response protocol. We utilize the Wang’s attack to make collisions in MD5, and apply it to APOP protocol. We confirmed that the first 3 octets of secret key can be recovered by several hundred queries under the man-in-the-middle environment.

The wide development of interconnectivity of cellular networks with the internet network has made them to be vulnerable. This exposure of the cellular networks to internet has increased threats to customer end equipment as well as the carrier infrastructure. If is very difficult to deal with the full fledged infrastructure in a typical service provider network due to operational constraints.How...

The piggy bank idea allows one-way encryption of information that can be accessed only by authorized parties. Here we show how the piggy bank idea can be used to authenticate parties to counter man-in-the-middle (MIM) attack that can jeopardize the double-lock cryptography protocol. We call this method double-signature double lock cryptography and it can be implemented in ways that go beyond ha...

Trusted computing is one of the most important technologies to ensure the information security of smart grid. Remote attestation can guarantee the trusted access of interactive terminals of smart grid (SGIT).The existing remote attestation schemes have the following disadvantages:  The verifier initiates authentication request, and the attestor returns the platform configuration information. T...

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications, such as Internet banking. SSL/TLS session-aware user authentication can be used to mitigate the risks and to protect users against MITM attacks in an SSL/TLS setting. In this paper, we further delve into SSL/TLS session-aware user authentication and possibilities to implement it. More specifically, ...

Online social networks are rapidly changing our lives. Their growing pervasiveness and the trust that we develop in online identities provide us with a new platform for security applications. Additionally, the integration of various sensors and mobile devices on social networks has shortened the separation between one’s physical and virtual (i.e. web) presences. We envisage that social networks...