Abstract: A SCADA (Supervisory Control And Data
Acquisition) system is an industrial control and monitoring system for
national infrastructures. The SCADA systems were used in a closed
environment without considering about security functionality in the
past. As communication technology develops, they try to connect the
SCADA systems to an open network. Therefore, the security of the
SCADA systems has been an issue. The study of key management for
SCADA system also has been performed. However, existing key
management schemes for SCADA system such as SKE(Key
establishment for SCADA systems) and SKMA(Key management
scheme for SCADA systems) cannot support broadcasting
communication. To solve this problem, an Advanced Key
Management Architecture for Secure SCADA Communication has
been proposed by Choi et al.. Choi et al.-s scheme also has a problem
that it requires lots of computational cost for multicasting
communication. In this paper, we propose an enhanced scheme which
improving computational cost for multicasting communication with
considering the number of keys to be stored in a low power
communication device (RTU).
Abstract: In Public Wireless LANs(PWLANs), user anonymity
is an essential issue. Recently, Juang et al. proposed an anonymous
authentication and key exchange protocol using smart cards in
PWLANs. They claimed that their proposed scheme provided identity
privacy, mutual authentication, and half-forward secrecy. In this paper,
we point out that Juang et al.'s protocol is vulnerable to the
stolen-verifier attack and does not satisfy user anonymity.
Abstract: Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.