Maelstrom-0 is the second member of a family of AES-based hash functions whose designs are pioneered by Paulo Baretto and Vincent Rijmen. According to its designers, the function is designed to be an evolutionary lightweight alternative to the ISO standard Whirlpool. In this paper, we study the preimage resistance of the Maelstrom-0 hash function using its proposed 3CM chaining construction. Mo...

Key issuing protocols deal with overcoming the two inherent problems: key escrow and secure channel requirement of the identity based cryptosystems. An efficient key issuing protocol enables the identity based cryptosystems to be more acceptable and applicable in the real world. We present a secure and efficient threshold key issuing protocol. In our protocol, neither KGC nor KPA can impersonat...

Increased focus on the Universal Serial Bus (USB) attack surface of devices has recently resulted in a number of new vulnerabilities. Much of this advance has been aided by the advent of hardware-based USB emulation techniques. However, existing tools and methods are far from ideal, requiring a significant investment of time, money, and effort. In this work, we present a USB testing framework t...

Video chat systems such as Chatroulette have become increasingly popular as a way to meet and converse one-onone via video and audio with other users online in an open and interactive manner. At the same time, security and privacy concerns inherent in such communication have been little explored. This paper presents one of the first investigations of the privacy threats found in such video chat...

Open Shortest Path First (OSPF) is the most widely deployed interior gateway routing protocol on the Internet. We present two new attacks on OSPF that expose design vulnerabilities in the protocol specification. These new attacks can affect routing advertisements of routers not controlled by the attacker while evading the OSPF self-defense “fight-back” mechanism. By exploiting these vulnerabili...

The Man-In-The-Middle (MITM) attack is one of the most common attacks employed in the network hacking. MITM attackers can successfully invoke attacks such as denial of service (DoS) and port stealing, and lead to surprisingly harmful consequences for users in terms of both financial loss and security issues. The conventional defense approaches mainly consider how to detect and eliminate those a...

This paper investigates cyber attacks on ICS which rely on IEC 60870-5-104 for telecontrol communications. The main focus of the paper is on man-in-the-middle attacks, covering modification and injection of commands, it also details capture and replay attacks. An initial set of attacks are preformed on a local software simulated laboratory. Final experiments and validation of a man-in-the-middl...

Man-in-the-Middle (MM) is not only a ubiquitous attack pattern in security, but also an important paradigm of network computation and economics. Recognizing ongoing MM-attacks is an important security task; modeling MM-interactions is an interesting task for semantics of computation. Traced monoidal categories are a natural framework for MM-modelling, as the trace structure provides a tool to h...

In 2003, Novikov and Kislev proposed a scheme for an authentication of the user from the remote autonomous object. Recently Yang et al. pointed out an evidence of man-in-middle attack. In this paper we show another evidence of man-in-middle-attack. We also pointed out that reflection attack can also be framed successfully on the scheme.