In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR. By the 2GR protocol, an attacker who has stolen the verifiers from the server cannot impersonate a valid user. However, Lin and Hung described that it is vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user. In this paper, we sh...

Defenders fighting against Advanced Persistent Threats need to discover the propagation area of an adversary as quickly possible. This discovery takes place through a phase incident response operation called Threat Hunting, where defenders track down attackers within compromised network. In this article, we propose formal model that dissects and abstracts elements attack, from both attacker def...

We analyze the concrete security of a hash-based signature scheme described in the most recent Internet Draft by McGrew, Fluhrer and Curcio. We perform this analysis in the random-oracle model, where the Merkle-Damgård hash compression function is models as the random oracle. We show that, even with a large number of different keys the attacker can choose from, and a huge computational budget, ...

It is a hard problem to achieve anonymity for real-time services in the Internet (e.g. Web access). All existing concepts fail when we assume a very strong attacker model (i.e. an attacker is able to observe all communication links). We also show that these attacks are real-world attacks. This paper outlines alternative models which mostly render these attacks useless. Our present work tries to...

In this note we formally show a well known (but not well documented) fact that in order to beat the famous Shannon lower bound on key length for one-time-secure encryption, one must simultaneously restrict the attacker to be efficient, and also allow the attacker to break the system with some non-zero (i.e., negligible) probability. Our proof handles probabilistic encryption, as well as a small...

We study the complexity of bribery in a network-based rating system, where individuals are connected in a social network and an attacker, typically a service provider, can influence their rating and increase the overall profit. We derive a number of algorithmic properties of this framework, in particular we show that establishing the existence of an optimal manipulation strategy for the attacke...

Security emerges as a central requirementas mobile ad hoc network applications are deployed. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. Wormhole attacks enable an attacker with limited resources and no cryptographic material to wreak havoc on wireless networks. It is possible even if the attacker has no...

In this paper alternatives of tamper-proof and privacy-protected biometric identification systems are shown. One approach to secure such databases is to use cryptography. With its help it is possible to highly protect a system from any external attacker but an internal attacker still has direct access to all stored biometric data. This risk shall be avoided by using biometric encryption with an...