Recently, Nenadić et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we

Abstract. Recently, Nenadic ́ et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others

. Schnorr's protocol can also be broken, but a larger number of erroneous executions is needed. Keywords: Hardware faults, Cryptanalysis, RSA, Fiat-Shamir, Schnorr, Public key systems, Identification protocols. 1 Introduction Direct attacks on the famous RSA cryptosystem seem to require that one factor

Abstract. In this paper we present a very practical ciphertext-only cryptanalysis of GSM encrypted communication, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use “unbreakable ” ciphers. We describe a ciphertext-only attack on A5

The research thesis was done under the supervision of Prof. Eli Biham in the Faculty of Computer Science. It is my privilege to thank Eli Biham for his insightful support that made this work possible, and for bringing me up as a scientist and researcher. I especially acknowledge Eli for his respect and trust, and for providing me with a very high degree of independence. Eli found the golden path among education, rigorousness, and care. His unique ability to quickly communicate anything in a personal (and sometimes playful) way always leaves me with a smile on my face. I am thankful to Adi Shamir for our fruitful collaboration, for being highly available around the clock (and around the globe), and for his patience and his wisdom. I acknowledge Nathan Keller for his wonderful and helpful curiosity, and for being an amazing brainmaker. It is a pleasure to thank my colleagues at the Technion, Orr Dunkelman and Rafi Chen, for fruitful discussions and for the wonderful time we had together. I feel that no words can express my deep gratitude to my loving family, which

Authentication protocols have applications in many fields. The security of authentication protocols is commonly based on cryptographic primitives. Constructing secure authentication protocols is not an easy challenge and there is a large number of authentication protocols that prove to be insecure

Abstract — There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found

Abstract approved:

Dragonfly is a password authenticated key exchange protocol that has been submitted to the Internet Engineering Task Force as a candidate standard for general internet use. We analyzed the security of this protocol and devised an attack that is capable of extracting both the session key

our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and therefore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting