The Experts below are selected from a list of 120 Experts worldwide ranked by ideXlab platform
Zhang Wen-zhong - One of the best experts on this subject based on the ideXlab platform.
-
SVD Based Anti-Protocol Attacks Digital Watermarking
Computers & Security, 2012Co-Authors: Zhang Wen-zhongAbstract:Digital watermark during application may suffer from different Attacks,in which the Protocol Attack is hard to defeat.An image watermarking algorithm is proposed based on SVD.Instead of using randomly Gaussian sequence,a meaningful text message modulated by media hash sequence is used.In order to enhance embedding strength and reduce possible replace Attack,the multiple copies of modulated watermark are embedded into singular values of blocks that randomly selected.Theoretical analysis results show that the proposed algorithm solves the problem of Protocol Attack.Experimental results show that the proposed algorithm is robust.
Al-sakib Khan Pathan - One of the best experts on this subject based on the ideXlab platform.
-
Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification
Complex Adaptive Systems Modeling, 2019Co-Authors: Shaik Shakeel Ahamad, Al-sakib Khan PathanAbstract:Mobile contactless payment (MCP) is the future technology that is used for mobile payments, mobile wallet, transportation, and for mobile coupons. Existing solutions in this realm do not ensure end-to-end communication, information privacy, and the client’s anonymity. In order to overcome these flaws, we propose a secure and privacy preserving mobile commerce (SPPMC) framework for near-field communication (NFC) based proximity payments. SPPMC framework achieves both communication and information privacy. It ensures the client’s anonymity by making use of traceable anonymous certificates (TAC). Grid of secure elements (GSE) is used at the banking servers. The cost of computation and communication is very less. SPPMC ensures end-to-end security and withstands any type of known Attack including multi-Protocol Attack. SPPMC is successfully verified using Burrows–Abadi–Needham (BAN) logic and Scyther tool. It ensures all the security properties.
-
trusted service manager tsm based privacy preserving and secure mobile commerce framework with formal verification
Complex Adaptive Systems Modeling, 2019Co-Authors: Shaik Shakeel Ahamad, Al-sakib Khan PathanAbstract:Mobile contactless payment (MCP) is the future technology that is used for mobile payments, mobile wallet, transportation, and for mobile coupons. Existing solutions in this realm do not ensure end-to-end communication, information privacy, and the client’s anonymity. In order to overcome these flaws, we propose a secure and privacy preserving mobile commerce (SPPMC) framework for near-field communication (NFC) based proximity payments. SPPMC framework achieves both communication and information privacy. It ensures the client’s anonymity by making use of traceable anonymous certificates (TAC). Grid of secure elements (GSE) is used at the banking servers. The cost of computation and communication is very less. SPPMC ensures end-to-end security and withstands any type of known Attack including multi-Protocol Attack. SPPMC is successfully verified using Burrows–Abadi–Needham (BAN) logic and Scyther tool. It ensures all the security properties. Open image in new window
David Wagner - One of the best experts on this subject based on the ideXlab platform.
-
Protocol interactions and the chosen Protocol Attack
Lecture Notes in Computer Science, 1998Co-Authors: John Kelsey, Bruce Schneier, David WagnerAbstract:There are many cases in the literature in which reuse of the same key material for different functions can open up security holes. In this paper, we discuss such interactions between Protocols. and present a new Attack, called the chosen Protocol Attack, in which an Attacker may write a new Protocol using the same key material as a target Protocol, which is individually very strong, but which interacts with the target Protocol in a security-relevant way. We finish with a brief discussion of design principles to resist this class of Attack.
-
Security Protocols Workshop - Protocol Interactions and the Chosen Protocol Attack
Security Protocols, 1998Co-Authors: John Kelsey, Bruce Schneier, David WagnerAbstract:There are many cases in the literature in which reuse of the same key material for different functions can open up security holes. In this paper, we discuss such interactions between Protocols, and present a new Attack, called the chosen Protocol Attack, in which an Attacker may write a new Protocol using the same key material as a target Protocol, which is individually very strong, but which interacts with the target Protocol in a security-relevant way. We finish with a brief discussion of design principles to resist this class of Attack.
Shaik Shakeel Ahamad - One of the best experts on this subject based on the ideXlab platform.
-
Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification
Complex Adaptive Systems Modeling, 2019Co-Authors: Shaik Shakeel Ahamad, Al-sakib Khan PathanAbstract:Mobile contactless payment (MCP) is the future technology that is used for mobile payments, mobile wallet, transportation, and for mobile coupons. Existing solutions in this realm do not ensure end-to-end communication, information privacy, and the client’s anonymity. In order to overcome these flaws, we propose a secure and privacy preserving mobile commerce (SPPMC) framework for near-field communication (NFC) based proximity payments. SPPMC framework achieves both communication and information privacy. It ensures the client’s anonymity by making use of traceable anonymous certificates (TAC). Grid of secure elements (GSE) is used at the banking servers. The cost of computation and communication is very less. SPPMC ensures end-to-end security and withstands any type of known Attack including multi-Protocol Attack. SPPMC is successfully verified using Burrows–Abadi–Needham (BAN) logic and Scyther tool. It ensures all the security properties.
-
trusted service manager tsm based privacy preserving and secure mobile commerce framework with formal verification
Complex Adaptive Systems Modeling, 2019Co-Authors: Shaik Shakeel Ahamad, Al-sakib Khan PathanAbstract:Mobile contactless payment (MCP) is the future technology that is used for mobile payments, mobile wallet, transportation, and for mobile coupons. Existing solutions in this realm do not ensure end-to-end communication, information privacy, and the client’s anonymity. In order to overcome these flaws, we propose a secure and privacy preserving mobile commerce (SPPMC) framework for near-field communication (NFC) based proximity payments. SPPMC framework achieves both communication and information privacy. It ensures the client’s anonymity by making use of traceable anonymous certificates (TAC). Grid of secure elements (GSE) is used at the banking servers. The cost of computation and communication is very less. SPPMC ensures end-to-end security and withstands any type of known Attack including multi-Protocol Attack. SPPMC is successfully verified using Burrows–Abadi–Needham (BAN) logic and Scyther tool. It ensures all the security properties. Open image in new window
Bart Preneel - One of the best experts on this subject based on the ideXlab platform.
-
a cross Protocol Attack on the tls Protocol
Computer and Communications Security, 2012Co-Authors: Nikos Mavrogiannopoulos, Frederik Vercauteren, Vesselin Velichkov, Bart PreneelAbstract:This paper describes a cross-Protocol Attack on all versions of TLS; it can be seen as an extension of the Wagner and Schneier Attack on SSL 3.0. The Attack presents valid explicit elliptic curve Diffie-Hellman parameters signed by a server to a client that incorrectly interprets these parameters as valid plain Diffie-Hellman parameters. Our Attack enables an adversary to successfully impersonate a server to a random client after obtaining 240 signed elliptic curve keys from the original server. While Attacking a specific client is improbable due to the high number of signed keys required during the lifetime of one TLS handshake, it is not completely unrealistic for a setting where the server has high computational power and the Attacker contents itself with recovering one out of many session keys. We remark that popular open-source server implementations are not susceptible to this Attack, since they typically do not support the explicit curve option. Finally we propose a fix that renders the Protocol immune to this family of cross-Protocol Attacks.
-
ACM Conference on Computer and Communications Security - A cross-Protocol Attack on the TLS Protocol
Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12, 2012Co-Authors: Nikos Mavrogiannopoulos, Frederik Vercauteren, Vesselin Velichkov, Bart PreneelAbstract:This paper describes a cross-Protocol Attack on all versions of TLS; it can be seen as an extension of the Wagner and Schneier Attack on SSL 3.0. The Attack presents valid explicit elliptic curve Diffie-Hellman parameters signed by a server to a client that incorrectly interprets these parameters as valid plain Diffie-Hellman parameters. Our Attack enables an adversary to successfully impersonate a server to a random client after obtaining 240 signed elliptic curve keys from the original server. While Attacking a specific client is improbable due to the high number of signed keys required during the lifetime of one TLS handshake, it is not completely unrealistic for a setting where the server has high computational power and the Attacker contents itself with recovering one out of many session keys. We remark that popular open-source server implementations are not susceptible to this Attack, since they typically do not support the explicit curve option. Finally we propose a fix that renders the Protocol immune to this family of cross-Protocol Attacks.
