Recently, more and more researches have been focused on proposing dynamic identity based remote authentication scheme for multi-server environment. In 2011, Lee, Lin and Chang proposed an improved scheme to remedy the weaknesses of Hsiang-Shih's scheme. However, we observe that Lee-Lin-Chang's scheme is still vulnerable to stolen smart card attack and malicious server attack. Besides, the passw...

A practical key substitution attack on SFLASH is described: Given a valid (message, signature) pair (m,σ) for some public key v0, one can derive another public key v1 (along with matching secret data) such that (m,σ) is also valid for v1. The computational effort needed for finding such a ‘duplicate’ key is comparable to the effort needed for ordinary key generation.

Biometric authentication establishes the identity of an individual based on biometric templates (e.g. fingerprints, retina scans etc.). Although biometric authentication has important advantages and many applications, it also raises serious security and privacy concerns. Here, we investigate a biometric authentication protocol that has been proposed by Bringer et al. and adopts a distributed ar...

The existence of malicious participants is a major threat for authenticated group key exchange (AGKE) protocols. Typically, there are two detecting ways (passive and active) to resist malicious participants in AGKE protocols. In 2012, the revocable identity- (ID-) based public key system (R-IDPKS) was proposed to solve the revocation problem in the ID-based public key system (IDPKS). Afterwards...

If a malicious party can insert a self-issued CA public key into the list of root public keys stored in a PC, then this party could potentially do considerable harm to that PC. In this paper, we present a way to achieve such an attack for the Internet Explorer web browser root key store, which avoids attracting the user’s attention. A realisation of this attack is also described. Finally, count...

An authenticated group key exchange (AGKE) protocol allows participants to construct a common key and provide secure group communications in cooperative and distributed applications. Recently, Choi et al. proposed an identity (ID)-based authenticated group key exchange (IDAGKE) protocol from bilinear pairings. However, their protocol suffered from an insider colluding attack because it didn’t r...

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note I/II and Galaxy Tab 10.1, etc. The malicious application can be distributed and installed on user’s mobile devices through open market after masquerading as a common normal application. An attacker inserts malicious code into an application...

Recently, Islam and Biswas proposed a pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. However, in this letter, we point out that this protocol cannot resist passive attack, and cannot provide forward secrecy for joining operation and backward secrecy for leaving operation.

The digitization trend that prevails nowadays has led to increased vulnerabilities of tools and technologies everyday life. One the many different types software attacks is botnets. Botnets enable attackers gain remote control infected machines, often leading disastrous consequences. Cybersecurity experts engage machine learning (ML) deep (DL) for designing developing smart proactive cybersecur...

Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with condi...