Informatica

Verifiable encryption is a primitive that can be used to build extremely efficient fair exchange protocols where the items exchanged represent digital signatures. Such protocols may be used to digitally sign contracts on the Internet. This paper presents an efficient protocol for verifiable encryption of digital signatures that improves the security and efficiency of the verifiable encryption scheme of Ateniese. Our protocol can be applied to group signatures, key escrow and publicly verifiable secret and signature sharing to prove the fairness.

The paper presents a secure and usable variant of the Game Changer Password System, first proposed by McLennan, Manning, and Tuft. Unlike the initial proposal based on inadequately secure Monopoly and Chess, we propose an improved version based on a layered “Battleship” game resilient against brute force and dictionary attacks. Since the initially proposed scheme did not check for the memorability and usability of a layered version, we conducted an experiment on the usability and memorability aspects. Surprisingly, layered passwords are just as memorable as single ones and, with an 80% recall rate, comparable to other graphical password systems. The claim that memorability is the most vital aspect of game-based password systems cannot be disproved. However, the experiment revealed that the usability decreased to such a low level that users felt less inclined to use such a system daily or recommend it to others.

After Morris and Thompson wrote the first paper on password security in 1979, strict password policies have been enforced to make sure users follow the rules on passwords. Many such policies require users to select and use a system-generated password. The objective of this paper is to analyse the effectiveness of strict password management policies with respect to how users remember system-generated passwords of different textual types – plaintext strings, passphrases, and hybrid graphical-textual PsychoPass passwords. In an experiment, participants were assigned a random string, passphrase, and PsychoPass passwords and had to memorize them. Surprisingly, no one has remembered either the random string or the passphrase, whereas only 10% of the participants remembered their PsychoPass password. The policies where administrators let systems assign passwords to users are not appropriate. Although PsychoPass passwords are easier to remember, the recall rate of any system-assigned password is below the acceptable level. The findings of this study explain that system-assigned strong passwords are inappropriate and put unacceptable memory burden on users.

User anonymity is very important security technique in distributed computing environments that an illegal entity cannot determine any information concerning the user's identity. In 2006, Kumar–Rajendra proposed a Secure Identification and Key agreement protocol with user Anonymity (SIKA). This paper demonstrates the vulnerability of the SIKA protocol and then presents an improvement to repair the security flaws of the SIKA protocol.

This paper presents an entire chaos-based biometric remote user authentication scheme on tokens without using passwords. The proposed scheme is based on the chaotic hash function and chaotic pseudo-random number generator to provide secure mutual authentication over an insecure channel between the user and remote server. Compared with the related biometric authentication schemes, the proposed scheme does not require the user password to provide convenience to users. It also does not require time synchronization or delay-time limitations between the user and remote server to resolve time synchronization problems.

Combinatorial problems serve as an important resource for developing practical public key cryptosystems and several combinatorial cryptosystems have been proposed in the cryptographic community. In this paper, a combinatorial public key cryptosystem is proposed. The security of the proposed cryptosystem is dependent on a combinatorial problem involving matrices. The system features fast encryption and decryption. However, the system also suffers from some drawbacks. The ciphertext expansion is relatively large and the key sizes are somewhat larger than that of RSA. The security of the system is carefully examined by illustrating the computational infeasibilities of some attacks on the system.

The invention of public-key cryptography makes many new network applications, such as electronic commerce (CE), possible. However, the widely used Internet is open and unprotected. Therefore, verifying the legitimacy of an individual's public key is very important. Most of the key authentication schemes require one or more trustworthy authorities to authenticate the key of a user. Consequently, the system security is mainly dependent on the honesty of these third parties. Unfortunately, a security solution in wide area networks (for example, the Internet) often cannot be applied to local area networks directly without any modification. Sometimes, a complete rebuild is necessary, especially for performance criteria consideration. In this paper, we propose two simple key authentication schemes that require no certification authorities for computer systems in local area networks, in which a host is responsible for user authentication and it uses a designated password authentication mechanism.

A key exchange (or agreement) protocol is designed to allow two entities establishing a session key to encrypt the communication data over an open network. In 1990, Gunther proposed an identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. Afterwards, several improved protocols were proposed to reduce the number of communication steps and the communicational cost required by Gunther's protocol. This paper presents an efficient identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. As compared with the previously proposed protocols, it has better performance in terms of the computational cost and the communication steps. The proposed key exchange protocol provides implicit key authentication as well as the desired security attributes of an authenticated key exchange protocol.

A generalized group-oriented cryptosystem (GGOC) based on ElGamal cryptosystem was proposed by Yang et al. in 2003. This study shows that if the authorized decryption sets of users are not properly predetermined in Yang et al.'s GGOC, an unauthorized decryption set of users can recover the encrypted message without difficulty. This study also presents an improved protocol to resist such an attack.

Yamaguchi, Okayama, and Miyahara proposed a simple but efficient authentication system, SPLICE/AS. In this article, we show that their method is vulnerable to the guessing attack. An attacker can obtain the password, private-key, and public-key of the user. To overcome the vulnerability of SPLICE/AS to the guessing attack, we propose an improvement of their system. In our scheme, we not only prevent the guessing attack to obtain secret messages but also enhance the security of the SPLICE/AS authentication system in WIDE.