The authentication and key generation functions play a significant role to guarantee security and privacy in cellular mobile communications. MILENAGE is a set of authentication and key generation functions proposed by the 3 Generation Partnership Project (3GPP). Most recently, the 3GPP Task Force proposed a new set of authentication and key generation functions, called TUAK, as an alternative f...

We implement and demonstrate a passive attack on the Bluetooth authentication protocol used to connect two devices to each other. Using a protocol analyzer and a brute-force attack on the PIN, we recover the link key shared by two devices. With this secret we can then decrypt any encrypted traffic between the devices as well as, potentially, impersonate the devices to each other. We then implem...

This memo describes an Extensible Authentication Protocol (EAP) method, EAP-pwd, which uses a shared password for authentication. The password may be a low-entropy one and may be drawn from some set of possible passwords, like a dictionary, which is available to an attacker. The underlying key exchange is resistant to active attack, passive attack, and dictionary attack. Status of This Memo Thi...

With the popularity of group-oriented applications, secure group communication has recently received much attention from cryptographic researchers. A group key exchange (GKE) protocol allows that participants cooperatively establish a group key that is used to encrypt and decrypt transmitted messages. Hence, GKE protocols can be used to provide secure group communication over a public network c...

Binary Decision Diagram (in short BDD) is an efficient data structure which has been used widely in computer science and engineering. BDD-based attack in key stream cryptanalysis is one of the best forms of attack in its category. In this paper, we propose a new key stream attack which is based on ZDD(Zero-suppressed BDD). We show how a ZDD-based key stream attack is more efficient in time and ...

Fengjiao Wang and Yuqing Zhang (National Computer Network Intrusion Protection Center, GSCAS, Beijing, China) Abstract—Recently, Byun et al. proposed an efficient client-to-client password-authenticated key agreement protocol (EC2C-PAKA), which was provably secure in a formally defined security model. This letter shows that EC2C-PAKA protocol is vulnerable to password compromise impersonate att...

The paper considers the problem of distributed key generation for shared-control RSA schemes. In particular: how can two parties generate a shared RSA key in such a way that neither party can cheat? The answer to this question would have signi cant applications to, for example, key escrow systems. Cocks has recently proposed protocols to solve this problem in the case when both parties act hone...

We present a model consisting of a swarm of unmanned, autonomous flying munitions to conduct a synchronized multi-point attack on a target. The Unpiloted Air Vehicles (UAVs) lack global communication or extensive battlefield intelligence, instead, relying on passive short-range sensors and simple, inter-agent communication. The multi-point synchronized attack is successfully demonstrated in a s...

The multiparty key exchange introduced in Steiner et al. and presented in more general form by the authors is known to be secure against passive attacks. In this paper, an active attack is presented assuming malicious control of the communications of the last two users for the duration of only the key exchange.