Machine to machine communications are at the center stage of the Internet of things (IoT). Connecting the physical world with the digital world not only creates new opportunities for innovation and discovery, but also opens doors for misuse and abuse. This paper argues that reputation based trust can be an effective countermeasure for securing machine-to-machine communications. We propose to es...

In this paper, we address the following problem: \ Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak error-handling methods. Our attack relies on the cryptana-lyst being able to modify some ciphertext and then getting access to the decryption of this modiied ciphertext. and Re-iter 4] presented a serious weakness in the...

With the explosive growth of computer networks, two-party authentication mechanism is no longer sufficient for real world. In 2008, Lee and Lee presented an efficient remote authenticated key agreement scheme for a multi-server environment. Their approach is efficient due to light operations such as hash function and exclusiveOR. Unfortunately, we discovered that their scheme is unable to withs...

Due to dynamic topology and non-wired infrastructure of Wireless Sensor Networks (WSN), they are prone to attacks. Wormhole attack is one of the most popular and serious attack in WSNs. In Wormhole attack two or more malicious nodes makes a covert channel which attracts the traffic towards itself by depicting a low latency link and then start dropping and replaying packets in the multi-path rou...

Password-based key-server protocols are susceptible to password chaining attacks, in which an enemy uses knowledge of a user's current password to learn all future passwords. As a result, the exposure of a single password eeectively compromises all future communications by that user. The same protocols also tend to be vulnerable to dictionary attacks against user passwords. Bellovin and Merritt...

Since two different types of side channel attacks based on passive information leakage and active fault injection are independently considered as implementation threats on cryptographic modules, most countermeasures have been separately developed according to each attack type. But then, Amiel et al. proposed a combined side channel attack in which an attacker combines these two methods to recov...

The approaches taken to secure IT systems are currently technically focused. For instance, a recent project funded by the European Commission, MAFTIA, investigates an attack tolerance paradigm that aims at implementing technical solutions in order to protect internet-based applications against potential attacks. This technical approach is necessary but it disregards the consideration of human f...

As a variant of the HB authentication protocol for RFID systems, which relies on the complexity of decoding linear codes against passive attacks, Madhavan et al. presented Non-Linear HB(NLHB) protocol. In contrast to HB, NLHB relies on the complexity of decoding a class of non-linear codes to render the passive attacks proposed against HB ineffective. Based on the fact that there has been no pa...

Distributed RSA key generation protocols aim to generate RSA keys in such a way that no single participant of the protocol can learn factorization of the RSA modulus. In this note we show that two recent protocols of this kind (Journal of Network Security, Vol. 7, No. 1, 2008, pp. 106-113 and Vol. 8, No. 2, 2009, pp. 139-150) fail their security target. We present an attack that can be launched...

Many applications of embedded devices require the generation of cryptographic secret parameters during the life cycle of the product. In such an unsafe context, several papers have shown that key generation algorithms are vulnerable to side-channel attacks. This is in particular the case of the generation of the secret prime factors in RSA. Until now, the threat has been demonstrated against na...