• Journal of The Institute of Information and Telecommunication Facilities Engineering
• /
• v.8 no.2
• /
• pp.53-56
• /
• 2009

Kim et al. recently proposed an identity-based aggregate signature scheme to construct a secure routing protocol in ad-hoc networks. In this note, we unfortunately show that the identity-based aggregate signature scheme is universally forgeable, that is, anyone can forge the signature of any messages of its choice. This subsequently means that their secure routing protocol is not secure.

• Journal of Communications and Networks
• /
• v.18 no.6
• /
• pp.948-961
• /
• 2016

Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the anti-spoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal anti-spoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.37-48
• /
• 2010

Designated verifier signatures allow a signer to prove the validity of a signature to a specifically designated verifier. The designated verifier can be convinced but unable to prove the source of the message to a third party. Unlike conventional digital signatures, designated verifier signatures make it possible for a signer to repudiate his/her signature against anyone except the designated verifier. Recently, two designated verifier signature schemes, Zhang et al.'s scheme and Kang et al.'s scheme, have been shown to be insecure by concrete attacks. In this paper, we find the essential reason that the schemes open attacks while those were given with its security proofs, and show that Huang-Chou scheme and Du-Wen scheme have the same problem. Indeed, the security proofs of all the schemes reflect no message attackers only. Next, we show that Huang-Chou scheme is insecure by presenting universal forgery attack. Finally, we show that Du-Wen scheme is, indeed, secure by completing its defective security proof.