On the security of two improved authenticated encryption schemes
by Mohamed Rasslan; Heba K. Aslan
International Journal of Security and Networks (IJSN), Vol. 8, No. 4, 2013

Abstract: Authenticated encryption schemes are cryptographic primitives that are used to simultaneously protect the confidentiality and authenticity of communications. In 2003, Tseng et al. proposed two efficient authenticated encryption schemes with message linkages for message flows. Two years later, Zhang et al. pointed out that these two schemes lack the non-repudiation property and presented a new authenticated encryption scheme to surmount these weaknesses. Besides, in 2006, Hwang et al. presented another forgery attack against the original schemes and proposed some modified schemes to repair these flaws. In this paper, we show that the new authenticated encryption scheme proposed by Zhang et al. does not satisfy its claimed non-repudiation and authentication properties. We also present an attack against Hwang et al.'s scheme that allows a dishonest referee to decrypt all the future and past authenticated ciphertext between the contending parties. Furthermore, we present a simple fix to prevent these attacks.

Online publication date: Sun, 08-Dec-2013

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com