In the context of Dolev-Yao style analysis of security protocols, we investigate the security claims of a proposed strong-security RFID authentication protocol. We exhibit a flaw which has gone unnoticed in RFID protocol literature and present the resulting attacks on authentication, untraceability, and desynchronization resistance. We analyze and discuss the authors’ proofs of security. Refere...

Wang et al. recently proposed an improved edition based on Tseng-Jan group signature scheme[1]. In the paper, we show that the scheme is untraceable by a simple attack.

User mobility is a feature that raises many new security-related issues and concerns. One of them is the disclosure of a mobile user's identity during the authentication process, or other procedures speciic to mobile networks. Such disclosure allows an unauthorized third-party to track the mobile user's movements and current whereabouts. Depending on the context, access to any information relat...

A secure non-interactive electronic cash system is presented. The system requires no interaction between users. All transactions in this system consist of sending a message and possibly appending data to a public le. This system improves on the only other non-interactive electronic cash system in the areas of security and untraceability.

In this paper, we present an efficient attack against the traceability of the LRMAP, a recently proposed lightweight RFID mutual authentication protocol. The attack benefits from the variance in elapsed time of the reader responses corresponding to the different tag states. We show that LRMAP does not provide untraceability, which is one of its design objectives.

On Crypto '88, an untraceable payment system with provable security against abuse by individuals was presented by Damgård. We show how to break the untraceability of that system completely. Next, an improved version of the system is presented. We also augment the system by security for the individuals against loss of money, and we introduce the possibility of receipts for payments. Finally, whe...

Untraceability and unreuseability are essential security properties for electronic cash protocols. Many protocols have been proposed to meet these two properties. However, most of them have not been formally proved to be untraceable and unreuseable. In this paper we propose to use the applied pi calculus as a framework for describing and analyzing electronic cash protocols, and we analyze Fergu...

In 2005, Lee et al. proposed a blind signature scheme based on the discrete-logarithm problem to achieve the untraceability or unlinkability property. However, the scheme will be demonstrated as not being secure in this manuscript. We design an attack on the scheme such that a signature requester can obtain more than one valid signatures by performing only one round of the protocol. It violates...