Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment

• URL: http://arxiv.org/abs/2412.18828v1
• Date: Wed, 25 Dec 2024 08:33:43 GMT
• Title: Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment
• Authors: Sundararaju Mugunthan, Venkatasamy Sureshkumar,
• Abstract summary: cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack. Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server.
• Score: 0.06577148087211808
• License:
• Abstract: Recently, in the area of Mobile Edge Computing (MEC) applications, Wu et al. proposed an authentication and key establishment scheme and claimed their protocol is secure. Nevertheless, cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack. Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server provided both parties complete a successful session. This enables any malicious edge servers, who had communicated with the user earlier, to compute current session keys between the user and other legitimate servers. Also, since long term secret is exposed, such malicious servers can impersonate the user. We present a cryptanalysis of the scheme.

Related papers

• Provisioning Time-Based Subscription in NDN: A Secure and Efficient Access Control Scheme [21.55750158120826]
  This paper proposes a novel encryption-based access control mechanism for Named Data Networking (NDN) The scheme allows data producers to share their content in encrypted form before transmitting it to consumers. It incorporates time-based subscription access policies directly into the encrypted content, enabling only consumers with valid subscriptions to decrypt it.
  arXiv  Detail & Related papers  (2025-01-27T11:44:36Z)
• CryptoFormalEval: Integrating LLMs and Formal Verification for Automated Cryptographic Protocol Vulnerability Detection [41.94295877935867]
  We introduce a benchmark to assess the ability of Large Language Models to autonomously identify vulnerabilities in new cryptographic protocols. We created a dataset of novel, flawed, communication protocols and designed a method to automatically verify the vulnerabilities found by the AI agents.
  arXiv  Detail & Related papers  (2024-11-20T14:16:55Z)
• CCA-Secure Key-Aggregate Proxy Re-Encryption for Secure Cloud Storage [1.4610685586329806]
  Data protection in cloud storage is the key to the survival of the cloud industry. Proxy Re-Encryption schemes enable users to convert their ciphertext into others ciphertext by using a re-encryption key. Recently, we lowered the key storage cost of C-PREs to constant size and proposed the first Key-Aggregate Proxy Re-Encryption scheme.
  arXiv  Detail & Related papers  (2024-10-10T17:02:49Z)
• A Passwordless MFA Utlizing Biometrics, Proximity and Contactless Communication [0.3749861135832073]
  This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks.
  arXiv  Detail & Related papers  (2024-06-13T10:58:25Z)
• The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption [43.669192188610964]
  Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated databases to an honest-but-curious server. This paper studies a new and practical security risk to DSSE, namely, secret key compromise. We introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates.
  arXiv  Detail & Related papers  (2024-03-22T09:21:47Z)
• Reducing Usefulness of Stolen Credentials in SSO Contexts [0.0]
  Multi-factor authentication (MFA) helps to thwart attacks that use valid credentials, but attackers still commonly breach systems by tricking users into accepting MFA step up requests. This paper proposes a token-based enrollment architecture that is less invasive to user devices than mobile device management.
  arXiv  Detail & Related papers  (2024-01-21T21:05:32Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models [45.398313126020284]
  A typical application is to run machine learning services on facial images collected from different individuals. To prevent identity theft, conventional methods rely on an adversarial game-based approach to shed the identity information from the feature. We propose Crafter, a feature crafting mechanism deployed at the edge, to protect the identity information from adaptive model attacks.
  arXiv  Detail & Related papers  (2024-01-14T05:06:42Z)
• DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
  Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
  arXiv  Detail & Related papers  (2023-12-20T09:40:45Z)
• Conditional Generative Adversarial Network for keystroke presentation attack [0.0]
  We propose to study a new approach aiming to deploy a presentation attack towards a keystroke authentication system. Our idea is to use Conditional Generative Adversarial Networks (cGAN) for generating synthetic keystroke data that can be used for impersonating an authorized user. Results indicate that the cGAN can effectively generate keystroke dynamics patterns that can be used for deceiving keystroke authentication systems.
  arXiv  Detail & Related papers  (2022-12-16T12:45:16Z)
• Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
  DP3T provides a technological foundation to help slow the spread of SARS-CoV-2. System aims to minimise privacy and security risks for individuals and communities.
  arXiv  Detail & Related papers  (2020-05-25T12:32:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.