Provably insecure group authentication: Not all security proofs are what they claim to be
Abstract
A paper presented at the ICICS 2019 conference describes what is claimed to be a `provably secure group authentication [protocol] in the asynchronous communication model'. We show here that this is far from being the case, as the protocol is subject to serious attacks. To try to explain this troubling case, an earlier (2013) scheme on which the ICICS 2019 protocol is based was also examined and found to possess even more severe flaws - this latter scheme was previously known to be subject to attack, but not in quite as fundamental a way as is shown here. Examination of the security theorems provided in both the 2013 and 2019 papers reveals that in neither case are they exactly what they seem to be at first sight; the issues raised by this are also briefly discussed.
- Publication:
-
arXiv e-prints
- Pub Date:
- May 2020
- DOI:
- 10.48550/arXiv.2005.05376
- arXiv:
- arXiv:2005.05376
- Bibcode:
- 2020arXiv200505376M
- Keywords:
-
- Computer Science - Cryptography and Security
- E-Print:
- The previous versions of the paper contained an incorrect description of the ICICS 2019 scheme. This has been corrected. The attack has also been changed so that it applies to the correct version of the scheme. The main conclusions are unchanged