Provably insecure group authentication: Not all security proofs are what they claim to be
share
A paper presented at the ICICS 2019 conference describes what is claimed to be a `provably secure group authentication [protocol] in the asynchronous communication model'. We show here that this is far from being the case, as the protocol is subject to attacks breaking the security model. To try to explain this troubling case, an earlier (2013) scheme on which the ICICS 2019 protocol is based was also examined and found to possess even more severe flaws – this latter scheme was previously known to be subject to attack, but not in quite as fundamental a way as is shown here. Examination of the `proofs' of the security `theorems' provided in both the 2013 and 2019 papers reveals that in neither case are the proofs rigorous; the issues raised by this are also briefly discussed.
READ FULL TEXT