Abstract
In these days, the privacy of a user in information communication system is more important than ever before. Especially, the property is important for mobile communication systems due to the mobility of underlying mobile devices. Until now, many cryptographic tools have been proposed for achieving users’ privacy. In this paper, we review two privacy-oriented cryptographic protocols, and show their security holes. We also provide some countermeasure to fix the weaknesses. First, we discuss the security of the user identification scheme proposed by Hsu and Chuang which permits a user to anonymously log into a system and establish a secret key shared with the system. We show that the Hsu-Chuang scheme is not secure against known session key attacks, and then we provide a countermeasure which can be used for enhancing the security the Hsu-Chuang scheme. Secondly, we review a deniable authentication proposed by Harn and Ren which protects the privacy of a message sender. Then we show that the protocol has a potential incompleteness and two weaknesses.
Similar content being viewed by others
References
Ateniese, G., & Nita-Rotaru, C. (2002). Stateless-recipient certified e-mail system based on verifiable encryption. In Proceedings of CT-RSA’02, LNCS 2271 (pp 182–199). Berlin: Springer.
Bao, F., Deng, R. H., & Mao, W. (1998). Efficient and practical fair exchange protocols with off-line TTP. In Proceedings of the 1998 IEEE symposium on security and privacy (pp. 77–85).
Dent A. W. (2005) Flaws in an e-mail protocol of Sun, Hsieh, and Hwang. IEEE Communications Letters 9(8): 718–719
Ezhilchelvan P. D., Shrivastava S. K. (2005) A family of trusted third party based fair-exchange protocols. EEE Transactions on Dependable and Secure Computing 2(4): 273–286
Guillou, L. C., & Quisquater, J.-J. (1988). A paradoxical indentity-based signature scheme resulting from zero-knowledge. In Proceedings of Crypto’88, LNCS 403 (pp. 216–231). Berlin: Springer.
Harn, L., Ren, J. (2008). Design of fully deniable authentication service for e-mail applications. IEEE Communications Letters, 12(3), 219–221.
Hsu C.-L., Chuang Y.-H. (2009) A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. Information Sciences 179: 422–429
Kim, B. H., Koo, J. H., Lee, D. H. (2006). Robust e-mail protocols with perfect forward secrecy. IEEE Communication Letters, 10(6), 510–512.
Lee W. B., Chang C. C. (1999) User identification and key distribution maintaining anonymity for distributed computer network. Computer Systems Science and Engineering 15(4): 113–116
Mangipudi K., Katti R. (2006) A secure identification and key agreement protocol with user anonymity (SIKA). Computers and Security 25(6): 420–425
Nymann J. E. (1972) On the probability that positive integers are relatively prime. Journal of Number Theory 4: 469–473
OpenPGP. (2007). An open specification for pretty good privacy. Available at http://www.ietf.org/html.charters/openpgp-charter.html.
PKCS #1 V2.1. (2003). RSA cryptography standard. Available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf.
S/MIME. (2004). Secure multipuepose internet mail extensions. Available at http://www.rsasecurity.com/standards/smime/.
Sun H., Hsieh B., Hwang H. (2005) Secure e-mail protocols providing perfect forward secrecy. IEEE Communication Letters 9(1): 58–60
Wu T. S., Hsu C. L. (2004) Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Computers and Security 23(2): 120–125
Yang Y., Wang S., Bao F., Wang J., Deng R. H. (2004) New efficient user identification and key distribution scheme providing enhanced security. Computers and Security 23(8): 697–704
Yoon E. J., Yoo K. Y. (2007) Cryptanalysis of robust e-mail protocols with perfect forward secrecy. IEEE Communication Letters 11(5): 372–374
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Youn, TY., Kim, J. & Lim, MJ. Study on two privacy-oriented protocols for information communication systems. J Intell Manuf 25, 339–345 (2014). https://doi.org/10.1007/s10845-012-0654-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10845-012-0654-5