In this paper we analyze the security of the mutual authentication and ownership transfer protocols which have been recently proposed by Kulseng et al. Our analysis demonstrates a variety of attacks against these protocols. We present a secret parameters disclosure attack which discloses any secret parameter between the tag and the reader. Our disclosure attack can be easily used as an imperson...

Recently, there are several articles proposed for the so-called SAS password authentication scheme with lower storage, processing, and transmission overheads. For benefiting from these advantages, there are a series of researches on the SAS-like schemes. However, as knowledge of cryptanalysis has involved, a series of modification have been made. Unfortunately, those enhancements have still sec...

Radio Frequency Identification (RFID) tags, due to their ability to uniquely identify every individual item and low cost, are well suited for supply chain management and are expected to replace barcodes in the near future. However, unlike barcodes, these tags have a longer range in which they are allowed to be scanned, subjecting them to unauthorized scanning by malicious readers and to various...

We examine several ad-hoc pairing protocols that strengthen their radio exchanges with additional transmissions over another channel, for example a screen showing graphically encoded information to a camera. Additional channels may have limited capacity and may still be subject to eavesdropping, but they may offer specific advantages over radio such as data origin authenticity. A single protoco...

Recently, Chai et al. proposed a threshold password authentication scheme that t out of n server nodes could efficiently carry out mutual authentication with a user while preserving strong security requirements in the mobile ad hoc networks. In this article, we will show that their scheme suffers from a number of security vulnerabilities by passive attacks.

Bilinear pairings based mutual authentication scheme using smart card is presented. We propose a novel technique of using two different servers, one for registration and other for authentication. The scheme is resilient to replay, forgery, man-in-the-middle and insider attacks.

This document presents brief software specification of a secure file exchange system prototype involving mutual authentication of the users via their browser and the application server with PKI-based certificates as credentials, the use of LDAP for credential management, and authentication between the application and database servers to maintain a high level of trust between all parties.

Many security mechanisms for mobile communications have been introduced in the literature. Among these mechanisms, a simple authentication technique for use in the global mobility network (GLOMONET) is proposed. Specifically, the wireless medium introduces new opportunities for eavesdropping of wireless data communications. Anyone with the appropriate wireless receiver can eavesdrop and this ki...

Most recently, Yang et al proposed an ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem in journal of Computer and Security. In this paper, we find some disadvantages in their scheme and thereafter propose such an improved scheme that overcomes all those disadvantages existing in their scheme while the merits are left unchanged. Ou...

In the last decade RFID technology has become widespread. It can be found in various fields of our daily life. Due to the rapid development more and more security problems were raised. Since tags have limited memory and very low computational capacity a so-called lightweight authentication is needed. Several protocols have been proposed to resolve security and privacy issues in RFID systems. Ho...