Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment

• URL: http://arxiv.org/abs/2412.18828v1
• Date: Wed, 25 Dec 2024 08:33:43 GMT
• Title: Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment
• Authors: Sundararaju Mugunthan, Venkatasamy Sureshkumar,
• Abstract summary: cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack.<n>Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server.
• Score: 0.06577148087211808
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Recently, in the area of Mobile Edge Computing (MEC) applications, Wu et al. proposed an authentication and key establishment scheme and claimed their protocol is secure. Nevertheless, cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack. Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server provided both parties complete a successful session. This enables any malicious edge servers, who had communicated with the user earlier, to compute current session keys between the user and other legitimate servers. Also, since long term secret is exposed, such malicious servers can impersonate the user. We present a cryptanalysis of the scheme.

Related papers

• Provisioning Time-Based Subscription in NDN: A Secure and Efficient Access Control Scheme [21.55750158120826]
  This paper proposes a novel encryption-based access control mechanism for Named Data Networking (NDN) The scheme allows data producers to share their content in encrypted form before transmitting it to consumers. It incorporates time-based subscription access policies directly into the encrypted content, enabling only consumers with valid subscriptions to decrypt it.
  arXiv  Detail & Related papers  (2025-01-27T11:44:36Z)
• CryptoFormalEval: Integrating LLMs and Formal Verification for Automated Cryptographic Protocol Vulnerability Detection [41.94295877935867]
  We introduce a benchmark to assess the ability of Large Language Models to autonomously identify vulnerabilities in new cryptographic protocols. We created a dataset of novel, flawed, communication protocols and designed a method to automatically verify the vulnerabilities found by the AI agents.
  arXiv  Detail & Related papers  (2024-11-20T14:16:55Z)
• CCA-Secure Key-Aggregate Proxy Re-Encryption for Secure Cloud Storage [1.4610685586329806]
  Data protection in cloud storage is the key to the survival of the cloud industry. Proxy Re-Encryption schemes enable users to convert their ciphertext into others ciphertext by using a re-encryption key. Recently, we lowered the key storage cost of C-PREs to constant size and proposed the first Key-Aggregate Proxy Re-Encryption scheme.
  arXiv  Detail & Related papers  (2024-10-10T17:02:49Z)
• A Passwordless MFA Utlizing Biometrics, Proximity and Contactless Communication [0.3749861135832073]
  This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks.
  arXiv  Detail & Related papers  (2024-06-13T10:58:25Z)
• Trust Driven On-Demand Scheme for Client Deployment in Federated Learning [39.9947471801304]
  "Trusted-On-Demand-FL" establishes a relationship of trust between the server and the pool of eligible clients. Our simulations rely on a continuous user behavior dataset, deploying an optimization model powered by a genetic algorithm.
  arXiv  Detail & Related papers  (2024-05-01T08:50:08Z)
• The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption [43.669192188610964]
  Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated databases to an honest-but-curious server. This paper studies a new and practical security risk to DSSE, namely, secret key compromise. We introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates.
  arXiv  Detail & Related papers  (2024-03-22T09:21:47Z)
• Trustworthy confidential virtual machines for the masses [1.6503985024334136]
  We present Revelio, an approach that allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows tampering even by the service providers. We focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established.
  arXiv  Detail & Related papers  (2024-02-23T11:54:07Z)
• Reducing Usefulness of Stolen Credentials in SSO Contexts [0.0]
  Multi-factor authentication (MFA) helps to thwart attacks that use valid credentials, but attackers still commonly breach systems by tricking users into accepting MFA step up requests. This paper proposes a token-based enrollment architecture that is less invasive to user devices than mobile device management.
  arXiv  Detail & Related papers  (2024-01-21T21:05:32Z)
• Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models [45.398313126020284]
  A typical application is to run machine learning services on facial images collected from different individuals. To prevent identity theft, conventional methods rely on an adversarial game-based approach to shed the identity information from the feature. We propose Crafter, a feature crafting mechanism deployed at the edge, to protect the identity information from adaptive model attacks.
  arXiv  Detail & Related papers  (2024-01-14T05:06:42Z)
• DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
  Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
  arXiv  Detail & Related papers  (2023-12-20T09:40:45Z)
• Conditional Generative Adversarial Network for keystroke presentation attack [0.0]
  We propose to study a new approach aiming to deploy a presentation attack towards a keystroke authentication system. Our idea is to use Conditional Generative Adversarial Networks (cGAN) for generating synthetic keystroke data that can be used for impersonating an authorized user. Results indicate that the cGAN can effectively generate keystroke dynamics patterns that can be used for deceiving keystroke authentication systems.
  arXiv  Detail & Related papers  (2022-12-16T12:45:16Z)
• CrowdGuard: Federated Backdoor Detection in Federated Learning [39.58317527488534]
  This paper presents a novel defense mechanism, CrowdGuard, that effectively mitigates backdoor attacks in Federated Learning. CrowdGuard employs a server-located stacked clustering scheme to enhance its resilience to rogue client feedback. The evaluation results demonstrate that CrowdGuard achieves a 100% True-Positive-Rate and True-Negative-Rate across various scenarios.
  arXiv  Detail & Related papers  (2022-10-14T11:27:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.