As radio communication modules combined with adequate hardware based cryptography are becoming available at low cost, sensor network security has reached a new level. However it is still possible to gain access to networks, even if they require authorisation and authentication, as single nodes cannot be assumed to be tamper proof. Therefore the question remains what kind of misbehaviour is poss...

Recent results have shown the usefulness of tamper-proof hardware tokens as a setup assumption for building UC-secure two-party computation protocols, thus providing broad security guarantees and allowing the use of such protocols as buildings blocks in the modular design of complex cryptography protocols. All these works have in common that they assume the tokens to be completely isolated from...

Batina et al. have proposed a privacy-preserving grouping-proof RFID protocol with colluding tag prevention (CTP) recently which relies exclusively on the use of Elliptic Curve Cryptography (ECC). In this paper, we show that this proposed protocol is not secure against the tracking attack. To make this attack successfully, the adversary needs to execute three phases. Firstly, the attacker just ...

Abstract— Legislation in many countries treats electronic signatures similar to autographic ones. Completely electronic processes thereby are theoretically possible but customers today have neither knowledge nor means to issue electronic signatures. This study describes a process that will produce some reliable signature without the need of preparation on side of the customer. As an example the...

We continue the recent trend in cryptography to study protocol design in presence of tamper-proof hardware tokens. We present a very efficient protocol for password-based authenticated key exchange based on the weak model of one-time memory tokens, recently introduced by Goldwasser et al. (Crypto 2008). Our protocol only requires four moves, very basic operations, and the sender to send ` token...

Several protocols for authentication using memory-constrained smart cards or tokens based on symmetric key cryptography are described. Key property of these protocols is that verification on the server can be performed in public based on (more or less) publicly known information. The protocols use a symmetric cipher in an asymmetric fashion: the verifier uses a verification key that cannot be u...

Electronic payment systems for wireless devices need to take into account the limited computational and storage ability of such devices. Micropayment schemes seem well suited to this scenario since they are specifically designed for efficient operation. Most micropayment schemes require a digital signature and therefore users must support public key operations and, furthermore, a public key inf...

A “secure system” should be secure—but should also be a system that achieves some particular functionality. A family of secure systems that our group has been investigating (and building) are high-end secure coprocessors: devices that combine a general-purpose computing environment with high-performance cryptography inside a tamper-responding secure boundary. With the appropriate application so...

On the way to a completely electronic workflow, it is necessary to include customer signatures. Legislation in many countries treats electronic signatures similar to handwritten ones. Both are accepted for various purposes such as for finalization of documents, acknowledgement of the document’s contents as well as conclusion of agreements. Most important, electronic signatures are accepted as p...

We introduce the relationship between incremental cryptography and memory checkers. We present an incremental message authentication scheme based on the XOR MACs which supports insertion, deletion and other single block operations. Our scheme takes only a constant number of pseudorandom function evaluations for each update step and produces smaller authentication codes than the tree scheme pres...