Pub. online:5 Aug 2022Type:Research ArticleOpen Access
Journal:Informatica
Volume 16, Issue 1 (2005), pp. 37–44
Abstract
In 1995, Wu proposed a remote login authentication scheme based on geometric approach. However, Chien, Jan and Tseng presented a cryptanalysis of Wu’s scheme to show that it is not secure. Moreover, they proposed a modified version of Wu’s scheme. This paper presents there is a serious weakness in this modified remote login authentication scheme. We show that an illegal user can easily forge a valid login request in the modified version proposed previously.
Pub. online:6 May 2020Type:Research ArticleOpen Access
Journal:Informatica
Volume 31, Issue 2 (2020), pp. 277–298
Abstract
The vulnerable part of communications between user and server is the poor authentication level at the user’s side. For example, in e-banking systems for user authentication are used passwords that can be lost or swindled by a person maliciously impersonating bank.
To increase the security of e-banking system users should be supplied by the elements of public key infrastructure (PKI) but not necessary to the extent of standard requirements which are too complicated for ordinary users.
In this paper, we propose two versions of authenticated key agreement protocol (AKAP) which can be simply realized on the user’s side. AKAP is a collection of cryptographic functions having provable security properties.
It is proved that AKAP1 is secure against active adversary under discrete logarithm assumption when formulated certain conditions hold. AKAP2 provides user’s anonymity against eavesdropping adversary. The partial security of AKAP2 is investigated which relies on the security of asymmetric encryption function.
Journal:Informatica
Volume 21, Issue 4 (2010), pp. 627–637
Abstract
This paper presents an entire chaos-based biometric remote user authentication scheme on tokens without using passwords. The proposed scheme is based on the chaotic hash function and chaotic pseudo-random number generator to provide secure mutual authentication over an insecure channel between the user and remote server. Compared with the related biometric authentication schemes, the proposed scheme does not require the user password to provide convenience to users. It also does not require time synchronization or delay-time limitations between the user and remote server to resolve time synchronization problems.
Journal:Informatica
Volume 20, Issue 4 (2009), pp. 579–590
Abstract
Many electronic cash systems have been proposed with the proliferation of the Internet and the activation of electronic commerce. E-cash enables the exchange of digital coins with value assured by the bank's signature and with concealed user identity. In an electronic cash system, a user can withdraw coins from the bank and then spends each coin anonymously and unlinkably. In this paper, we design an efficient anonymous mobile payment system based on bilinear pairings, in which the anonymity of coins is revocable by a trustee in case of dispute. The message transfer from the customer to the merchant occurs only once during the payment protocol. Also, the amount of communication between customer and merchant is about 800 bits. Therefore, our mobile payment system can be used in the wireless networks with the limited bandwidth. The security of the new system is under the computational Diffie–Hellman problem in the random oracle model.
Journal:Informatica
Volume 18, Issue 1 (2007), pp. 61–66
Abstract
A generalized group-oriented cryptosystem (GGOC) based on ElGamal cryptosystem was proposed by Yang et al. in 2003. This study shows that if the authorized decryption sets of users are not properly predetermined in Yang et al.'s GGOC, an unauthorized decryption set of users can recover the encrypted message without difficulty. This study also presents an improved protocol to resist such an attack.