We construct the first constant-round non-malleable commitment scheme and the first constantround non-malleable zero-knowledge argument system, as defined by Dolev, Dwork and Naor. Previous constructions either used a non-constant number of rounds, or were only secure under stronger setup assumptions. An example of such an assumption is the shared random string model where we assume all parties...

In this article we present the Hayastan Shakarian (HS), a robustness index for complex networks. HS measures the impact of a network disconnection (edge) while comparing the sizes of the remaining connected components. Strictly speaking, the Hayastan Shakarian index is defined as edge removal that produces the maximal inverse of the size of the largest connected component divided by the sum of ...

In today’s world wide web hundreds of thousands of companies use SSL to protect their customers’ transactions from potential eavesdroppers. Recently, a new attack against the common usage of SSL surfaced, SSL stripping. The attack is based on the fact that users almost never request secure pages explicitly but rather rely on the servers, to redirect them to the appropriate secure version of a p...

We point to three types of potential vulnerabilities in the Bluetooth standard, version 1.0B. The first vulnerability opens up the system to an attack in which an adversary under certain circumstances is able to determine the key exchanged by two victim devices, making eavesdropping and impersonation possible. This can be done either by exhaustively searching all possible PINs (but without inte...

Authentication for resource-constrained devices is seen as one of themajor challenges in current wireless communication networks. The HB protocol by Juels and Weis provides device authentication based on the learning parity with noise (LPN) problem and is appropriate for resource-constrained devices, but it has been shown to be vulnerable to a simple man-in-the-middle attack. Subsequent work ha...

In this paper, we present a privacy-preserving architecture for a public transport system. The Transport Authority (TA) is prevented from learning e-ticket IDs and operates only on pseudonyms created by a trusted third party (TTP). Furthermore, the widely distributed terminals are prevented from tracking valid e-tickets during validation. Mutual authentication between terminals and e-tickets is...

The deficient of a good authentication protocol in a ubiquitous application environment has made it a good target for adversaries. As a result, all the devices which are participating in such environment are said to be exposed to attacks such as identity impostor, man-in-the-middle attacks and also unauthorized attacks. Thus, this has created skeptical among the users and has resulted them of k...

T he Secure Sockets Layer (SSL) protocol and its standards-track successor, the Transport Layer Security (TLS) protocol, 1 were developed more than a decade ago and have generally withstood scrutiny in that the protocols themselves haven't been found to have security flaws. Until now. In August 2009, Marsh Ray and Steve Dispensa discovered a design flaw in the TLS protocol (and published it in ...

We report on work-in-progress on a new semantics for analyzing security protocols that combines complementary features of security logics and inductive methods. We use awareness to model the agents’ resource-bounded reasoning and, in doing so, capture a more appropriate notion of belief than those usually considered in security logics. We also address the problem of modeling interleaved protoco...

Secure Pairing enables two devices, which share no prior context with each other, to agree upon a security association that they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping or to a man-in-the-middle attack. We propose a user friendly solution to this problem. Keys extracted fr...