In network security, firewall is a security system that observes and controls the network traffic based on some predefined rules. A firewall sets up a barrier between internal network and another outside unsecured network, such as the Internet. A number of signcryption schemes for firewall are proposed over the years, many of them are proved to have security flaws. In this paper, an elliptic curve based signcryption scheme for firewalls is analyzed. It is observed that the scheme is not secure and has many security flaws. Anyone who knows the public parameters, can modify the message without the knowledge of sender and receiver. The claimed security attributes of non-repudiation, unforgeability, integrity and authentication are compromised. After successful cryptanalysis of this scheme, we proposed a modified version of the scheme.
Blind signcryption schemes are the extension of signcryption schemes. They are used to protect the privacy and identity of the sender from other users, especially in electronic voting and electronic cash payment systems. A number of blind signcryption schemes are introduced over the years and some of them are proved to be insecure. In this Letter, the authors analysed a recently proposed blind signcryption scheme based on elliptic curves and proved it is insecure. Their analysis showed that the proposed scheme is unable to provide the claimed security attributes of message integrity, authentication, unforgeability, and signer non-repudiation. After successful cryptanalysis, they introduced a modified version of this scheme to overcome the security flaws and weakness. E k and D k symmetric encryption and decryption algorithm with private key k Key generation: Signer † Chooses an integer x s randomly as his secret key such that x s , n. † Calculates his public key as elliptic curve point Y s = x s G. Alice † Chooses an integer x r randomly as her secret key such that x r , n. † Calculates her public key as elliptic curve point Y r = x r G. Bob † Chooses an integer x v randomly as his secret key such that x b , n. † Calculates his public key as elliptic curve point Y b = x b G. Blind signcryption: Suppose Alice (sender) wants to transmit a message m to Bob over a public network. First Alice blinds the message m and sends it to signer for signing a message. After receiving the signed message from signer, Alice unblinds the blind signature and sends a signcrypted text to Bob (receiver). Following steps are required to generate the blind signcrypted text.
In this paper, we cryptanalyzed a recently proposed encryption scheme that uses elliptic curves over a finite field. The security of the proposed scheme depends upon the elliptic curve discrete logarithm problem. Two secret keys are used to increase the security strength of the scheme as compared to traditionally used schemes that are based on one secret key. In this scheme, if an adversary gets one secret key then he is unable to get the contents of the original message without the second secret key. Our analysis shows that the proposed scheme is not secure and unable to provide the basic security requirements of the encryption scheme. Due to our successful cryptanalysis, an adversary can get the contents of the original message without the knowledge of the secret keys of the receiver. To mount the attack, Mallory first gets the transmitted ciphertext and then uses public keys of the receiver and global parameters of the scheme to recover the associated plaintext message. To overcome the security flaws, we introduced an improved version of the scheme.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.