King-Hang Wang

Learn More
Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown entities, or provide relatively low probabilistic guarantees of authenticity (95% for realistic settings). This work presents SPATE, a primitive that allows users to establish trust via device(More)
Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches(More)
The man-in-the-middle (MITM) attack is the major threat for handheld devices to agree on a session key in which they do not share any prior secret in advance, even if these devices are physically located in the same place. Apart from insecurely typing passwords into handheld devices or comparing long hexadecimal keys displayed on the devices' screens, many(More)
In 2007, Kim et al. proposed a secure compression code called the secure arithmetic code (SAC). The code was claimed to be secure against chosen plaintext attacks. However, we find that the SAC is not as secure as the authors have claimed. In this paper, we show the code is prone to two attacks. The first attack completely breaks the code using an adaptive(More)
Recently, Bertino et al. proposed a new time-bound key management scheme for broadcasting. The security of their scheme is planted on the hardness breaking of elliptic curve discrete log problem, HMAC, and tamper-resistance devices. They claimed that as long as the three assumptions hold, their scheme is secure. By means of secure, users cannot access(More)
Several security protocols require a human to compare two hash values to ensure successful completion. When the hash values are represented as long sequences of numbers, humans may make a mistake or require significant time and patience to accurately compare the hash values. To improve usability during comparison, a number of researchers have proposed(More)
Digital Rights Management (DRM) is a hot topic in digital content development. Many implementations invade users’ privacy by revealing what contents they have purchased. Preserving user’s privacy during purchasing content is necessary without doubt. Some works address the problem by providing anonymity to the user. Anonymous trade would not allow the(More)
Recently, Tewari and Gupta proposed a ultra-lightweight mutual authentication protocol in IoT environments for RFID tags. Their protocol aims to provide secure communication with least cost in both storage and computation. Unfortunately, in this paper, we exploit the vulnerability of this protocol. In this attack, an attacker can obtain the key shared(More)