Abstract: In Public Wireless LANs(PWLANs), user anonymity
is an essential issue. Recently, Juang et al. proposed an anonymous
authentication and key exchange protocol using smart cards in
PWLANs. They claimed that their proposed scheme provided identity
privacy, mutual authentication, and half-forward secrecy. In this paper,
we point out that Juang et al.'s protocol is vulnerable to the
stolen-verifier attack and does not satisfy user anonymity.
Abstract: The online office is one of web application. We can
easily use the online office through a web browser with internet
connected PC. The online office has the advantage of using
environment regardless of location or time. When users want to use the
online office, they access the online office server and use their content.
However, recently developed and launched online office has the
weakness of insufficient consideration. In this paper, we analyze the
security vulnerabilities of the online office. In addition, we propose
the evaluation criteria to make secure online office using Common
Criteria. This evaluation criteria can be used to establish trust between
the online office server and the user. The online office market will be
more active than before.
Abstract: Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.