An improved authenticated key agreement protocol for telecare medicine information system.

Science.gov (United States)

Liu, Wenhao; Xie, Qi; Wang, Shengbao; Hu, Bin

2016-01-01

In telecare medicine information systems (TMIS), identity authentication of patients plays an important role and has been widely studied in the research field. Generally, it is realized by an authenticated key agreement protocol, and many such protocols were proposed in the literature. Recently, Zhang et al. pointed out that Islam et al.'s protocol suffers from the following security weaknesses: (1) Any legal but malicious patient can reveal other user's identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if the patient's identity is compromised. Zhang et al. also proposed an improved authenticated key agreement scheme with privacy protection for TMIS. However, in this paper, we point out that Zhang et al.'s scheme cannot resist off-line password guessing attack, and it fails to provide the revocation of lost/stolen smartcard. In order to overcome these weaknesses, we propose an improved protocol, the security and authentication of which can be proven using applied pi calculus based formal verification tool ProVerif.

Authentication over Noisy Channels

OpenAIRE

Lai, Lifeng; Gamal, Hesham El; Poor, H. Vincent

2008-01-01

In this work, message authentication over noisy channels is studied. The model developed in this paper is the authentication theory counterpart of Wyner's wiretap channel model. Two types of opponent attacks, namely impersonation attacks and substitution attacks, are investigated for both single message and multiple message authentication scenarios. For each scenario, information theoretic lower and upper bounds on the opponent's success probability are derived. Remarkably, in both scenarios,...

Impersonation attack on a quantum secure direct communication and authentication protocol with improvement

Science.gov (United States)

Amerimehr, Ali; Hadain Dehkordi, Massoud

2018-03-01

We analyze the security of a quantum secure direct communication and authentication protocol based on single photons. We first give an impersonation attack on the protocol. The cryptanalysis shows that there is a gap in the authentication procedure of the protocol so that an opponent can reveal the secret information by an undetectable attempt. We then propose an improvement for the protocol and show it closes the gap by applying a mutual authentication procedure. In the improved protocol single photons are transmitted once in a session, so it is easy to implement as the primary protocol. Furthermore, we use a novel technique for secret order rearrangement of photons by which not only quantum storage is eliminated also a secret key can be reused securely. So the new protocol is applicable in practical approaches like embedded system devices.

A Lightweight Anonymous Authentication Protocol with Perfect Forward Secrecy for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Ling Xiong

2017-11-01

Full Text Available Due to their frequent use in unattended and hostile deployment environments, the security in wireless sensor networks (WSNs has attracted much interest in the past two decades. However, it remains a challenge to design a lightweight authentication protocol for WSNs because the designers are confronted with a series of desirable security requirements, e.g., user anonymity, perfect forward secrecy, resistance to de-synchronization attack. Recently, the authors presented two authentication schemes that attempt to provide user anonymity and to resist various known attacks. Unfortunately, in this work we shall show that user anonymity of the two schemes is achieved at the price of an impractical search operation—the gateway node may search for every possible value. Besides this defect, they are also prone to smart card loss attacks and have no provision for perfect forward secrecy. As our main contribution, a lightweight anonymous authentication scheme with perfect forward secrecy is designed, and what we believe the most interesting feature is that user anonymity, perfect forward secrecy, and resistance to de-synchronization attack can be achieved at the same time. As far as we know, it is extremely difficult to meet these security features simultaneously only using the lightweight operations, such as symmetric encryption/decryption and hash functions.

A Lightweight Anonymous Authentication Protocol with Perfect Forward Secrecy for Wireless Sensor Networks.

Science.gov (United States)

Xiong, Ling; Peng, Daiyuan; Peng, Tu; Liang, Hongbin; Liu, Zhicai

2017-11-21

Due to their frequent use in unattended and hostile deployment environments, the security in wireless sensor networks (WSNs) has attracted much interest in the past two decades. However, it remains a challenge to design a lightweight authentication protocol for WSNs because the designers are confronted with a series of desirable security requirements, e.g., user anonymity, perfect forward secrecy, resistance to de-synchronization attack. Recently, the authors presented two authentication schemes that attempt to provide user anonymity and to resist various known attacks. Unfortunately, in this work we shall show that user anonymity of the two schemes is achieved at the price of an impractical search operation-the gateway node may search for every possible value. Besides this defect, they are also prone to smart card loss attacks and have no provision for perfect forward secrecy. As our main contribution, a lightweight anonymous authentication scheme with perfect forward secrecy is designed, and what we believe the most interesting feature is that user anonymity, perfect forward secrecy, and resistance to de-synchronization attack can be achieved at the same time. As far as we know, it is extremely difficult to meet these security features simultaneously only using the lightweight operations, such as symmetric encryption/decryption and hash functions.

Using Physical Context-Based Authentication against External Attacks: Models and Protocols

Directory of Open Access Journals (Sweden)

Wilson S. Melo

2018-01-01

Full Text Available Modern systems are increasingly dependent on the integration of physical processes and information technologies. This trend is remarkable in applications involving sensor networks, cyberphysical systems, and Internet of Things. Despite its complexity, such integration results in physical context information that can be used to improve security, especially authentication. In this paper, we show that entities sharing the same physical context can use it for establishing a secure communication channel and protecting each other against external attacks. We present such approach proposing a theoretical model for generating unique bitstreams. Two different protocols are suggested. Each one is evaluated using probabilistic analysis and simulation. In the end, we implement the authentication mechanism in a case study using networks radio signal as physical event generator. The results demonstrate the performance of each of the protocols and their suitability for applications in real world.

Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards.

Science.gov (United States)

Lu, Yanrong; Li, Lixiang; Yang, Xing; Yang, Yixian

2015-01-01

Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.

Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards.

Directory of Open Access Journals (Sweden)

Yanrong Lu

Full Text Available Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.

A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol

OpenAIRE

Avoine , Gildas; Bultel , Xavier; Gambs , Sébastien; Gerault , David; Lafourcade , Pascal; Onete , Cristina; Robert , Jean-Marc

2017-01-01

International audience; Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, veri-fiers have to authenticate the credentials of untrusted provers. Unfortunately , these protocols are themselves subject to complex threats such as terrorist-fraud attacks, in which a malicious prover helps an accomplice to authenticate. Provably guaranteeing the resistance of distance-bounding protocols to these attacks is a compl...

Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack

Science.gov (United States)

Nikolopoulos, Georgios M.

2018-01-01

We consider a recently proposed entity authentication protocol in which a physical unclonable key is interrogated by random coherent states of light, and the quadratures of the scattered light are analyzed by means of a coarse-grained homodyne detection. We derive a sufficient condition for the protocol to be secure against an emulation attack in which an adversary knows the challenge-response properties of the key and moreover, he can access the challenges during the verification. The security analysis relies on Holevo's bound and Fano's inequality, and suggests that the protocol is secure against the emulation attack for a broad range of physical parameters that are within reach of today's technology.

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Secure Data Aggregation in Wireless Sensor Network-Fujisaki Okamoto(FO) Authentication Scheme against Sybil Attack.

Science.gov (United States)

Nirmal Raja, K; Maraline Beno, M

2017-07-01

In the wireless sensor network(WSN) security is a major issue. There are several network security schemes proposed in research. In the network, malicious nodes obstruct the performance of the network. The network can be vulnerable by Sybil attack. When a node illicitly assertions multiple identities or claims fake IDs, the WSN grieves from an attack named Sybil attack. This attack threatens wireless sensor network in data aggregation, synchronizing system, routing, fair resource allocation and misbehavior detection. Henceforth, the research is carried out to prevent the Sybil attack and increase the performance of the network. This paper presents the novel security mechanism and Fujisaki Okamoto algorithm and also application of the work. The Fujisaki-Okamoto (FO) algorithm is ID based cryptographic scheme and gives strong authentication against Sybil attack. By using Network simulator2 (NS2) the scheme is simulated. In this proposed scheme broadcasting key, time taken for different key sizes, energy consumption, Packet delivery ratio, Throughput were analyzed.

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method.

Science.gov (United States)

Dhamodharan, Udaya Suriya Raj Kumar; Vayanaperumal, Rajamani

2015-01-01

Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method

Directory of Open Access Journals (Sweden)

Udaya Suriya Raj Kumar Dhamodharan

2015-01-01

Full Text Available Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method with MAP (message authentication and passing for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

Authentication and consensus overhead in vehicular ad hoc networks

NARCIS (Netherlands)

Petit, Jonathan; Mammeri, Zoubir

Vehicular ad hoc networks aim at increasing passenger safety by exchanging warning messages between vehicles wirelessly. A main challenge is to resist to various malicious abuses and security attacks. However, any security mechanism comes with overhead. We analyze how the authentication algorithm

Definition of Entity Authentication

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2010-01-01

Authentication is considered a pre-requisite for communication security, but the definition of authentication is generally not agreed upon. Many attacks on authentication protocols are the result of misunderstanding of the goals of authentication. This state of affairs indicate limitations in the...

An improved biometrics-based authentication scheme for telecare medical information systems.

Science.gov (United States)

Guo, Dianli; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2015-03-01

Telecare medical information system (TMIS) offers healthcare delivery services and patients can acquire their desired medical services conveniently through public networks. The protection of patients' privacy and data confidentiality are significant. Very recently, Mishra et al. proposed a biometrics-based authentication scheme for telecare medical information system. Their scheme can protect user privacy and is believed to resist a range of network attacks. In this paper, we analyze Mishra et al.'s scheme and identify that their scheme is insecure to against known session key attack and impersonation attack. Thereby, we present a modified biometrics-based authentication scheme for TMIS to eliminate the aforementioned faults. Besides, we demonstrate the completeness of the proposed scheme through BAN-logic. Compared to the related schemes, our protocol can provide stronger security and it is more practical.

Prototype Centralized Managing Permissions System Based on the Election Multibiometric Authentication

Directory of Open Access Journals (Sweden)

Alexey Nikolaevich Ruchay

2013-02-01

Full Text Available This work aims to develop a prototype system of centralized managing permissions based on the election multibiometric authentication. The novelty of this work is to develop the principles of distinction and multi-factor authentication, because at the moment there is no such development. Depending on various conditions and factors, including the availability of electronic means and convenience, resistance to attacks and exploits, disease or injury of users the biometric authentication can be selected on the basis of any such biometrics as rhythm password, voice, dynamic signatures and graphics recognition.

An enhanced dynamic ID-based authentication scheme for telecare medical information systems

Directory of Open Access Journals (Sweden)

Ankita Chaturvedi

2017-01-01

Full Text Available The authentication schemes for telecare medical information systems (TMIS try to ensure secure and authorized access. ID-based authentication schemes address secure communication, but privacy is not properly addressed. In recent times, dynamic ID-based remote user authentication schemes for TMIS have been presented to protect user’s privacy. The dynamic ID-based authentication schemes efficiently protect the user’s privacy. Unfortunately, most of the existing dynamic ID-based authentication schemes for TMIS ignore the input verifying condition. This makes login and password change phases inefficient. Inefficiency of the password change phase may lead to denial of service attack in the case of incorrect input in the password change phase. To overcome these weaknesses, we proposed a new dynamic ID-based authentication scheme using a smart card. The proposed scheme can quickly detect incorrect inputs which makes the login and password change phase efficient. We adopt the approach with the aim to protect privacy, and efficient login and password change phases. The proposed scheme also resists off-line password guessing attack and denial of service attack. We also demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham logic. In addition, our scheme is comparable in terms of the communication and computational overheads with relevant schemes for TMIS.

Simulation-Based Performance Evaluation of Predictive-Hashing Based Multicast Authentication Protocol

Directory of Open Access Journals (Sweden)

Seonho Choi

2012-12-01

Full Text Available A predictive-hashing based Denial-of-Service (DoS resistant multicast authentication protocol was proposed based upon predictive-hashing, one-way key chain, erasure codes, and distillation codes techniques [4, 5]. It was claimed that this new scheme should be more resistant to various types of DoS attacks, and its worst-case resource requirements were derived in terms of coarse-level system parameters including CPU times for signature verification and erasure/distillation decoding operations, attack levels, etc. To show the effectiveness of our approach and to analyze exact resource requirements in various attack scenarios with different parameter settings, we designed and implemented an attack simulator which is platformindependent. Various attack scenarios may be created with different attack types and parameters against a receiver equipped with the predictive-hashing based protocol. The design of the simulator is explained, and the simulation results are presented with detailed resource usage statistics. In addition, resistance level to various types of DoS attacks is formulated with a newly defined resistance metric. By comparing these results to those from another approach, PRABS [8], we show that the resistance level of our protocol is greatly enhanced even in the presence of many attack streams.

Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments.

Science.gov (United States)

Yang, Li; Zheng, Zhiming

2018-01-01

According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.

Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments

Science.gov (United States)

Zheng, Zhiming

2018-01-01

According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks. PMID:29534085

Quantum Dialogue with Authentication Based on Bell States

Science.gov (United States)

Shen, Dongsu; Ma, Wenping; Yin, Xunru; Li, Xiaoping

2013-06-01

We propose an authenticated quantum dialogue protocol, which is based on a shared private quantum entangled channel. In this protocol, the EPR pairs are randomly prepared in one of the four Bell states for communication. By performing four Pauli operations on the shared EPR pairs to encode their shared authentication key and secret message, two legitimate users can implement mutual identity authentication and quantum dialogue without the help from the third party authenticator. Furthermore, due to the EPR pairs which are used for secure communication are utilized to implement authentication and the whole authentication process is included in the direct secure communication process, it does not require additional particles to realize authentication in this protocol. The updated authentication key provides the counterparts with a new authentication key for the next authentication and direct communication. Compared with other secure communication with authentication protocols, this one is more secure and efficient owing to the combination of authentication and direct communication. Security analysis shows that it is secure against the eavesdropping attack, the impersonation attack and the man-in-the-middle (MITM) attack.

Applying Semigroup Property of Enhanced Chebyshev Polynomials to Anonymous Authentication Protocol

Directory of Open Access Journals (Sweden)

Hong Lai

2012-01-01

Full Text Available We apply semigroup property of enhanced Chebyshev polynomials to present an anonymous authentication protocol. This paper aims at improving security and reducing computational and storage overhead. The proposed scheme not only has much lower computational complexity and cost in the initialization phase but also allows the users to choose their passwords freely. Moreover, it can provide revocation of lost or stolen smart card, which can resist man-in-the-middle attack and off-line dictionary attack together with various known attacks.

Efficient and side-channel resistant authenticated encryption of FPGA bitstreams

DEFF Research Database (Denmark)

Bogdanov, Andrey; Moradi, Amir; Yalcin, Tolga

2013-01-01

AE modes of operation with the same countermeasure. We conclude that the deployment of dedicated AE schemes such as ALE significantly facilitates the real-world efficiency and security of FPGA bitstream protection in practice: Not only our solution enables authenticated encryption for bitstream...... on low-cost FPGAs but it also aims to mitigate physical attacks which have been lately shown to undermine the security of the bitstream protection mechanisms in the field.......State-of-the-art solutions for FPGA bitstream protection rely on encryption and authentication of the bitstream to both ensure its confidentiality, thwarting unauthorized copying and reverse engineering, and prevent its unauthorized modification, maintaining a root of trust in the field. Adequate...

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks.

Science.gov (United States)

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-12-08

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie-Hellman problem.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks

Science.gov (United States)

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-01-01

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie–Hellman problem. PMID:29292792

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks

Directory of Open Access Journals (Sweden)

Yousheng Zhou

2017-12-01

Full Text Available Vehicle sensor networks (VSNs are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie–Hellman problem.

On securing wireless sensor network--novel authentication scheme against DOS attacks.

Science.gov (United States)

Raja, K Nirmal; Beno, M Marsaline

2014-10-01

Wireless sensor networks are generally deployed for collecting data from various environments. Several applications specific sensor network cryptography algorithms have been proposed in research. However WSN's has many constrictions, including low computation capability, less memory, limited energy resources, vulnerability to physical capture, which enforce unique security challenges needs to make a lot of improvements. This paper presents a novel security mechanism and algorithm for wireless sensor network security and also an application of this algorithm. The proposed scheme is given to strong authentication against Denial of Service Attacks (DOS). The scheme is simulated using network simulator2 (NS2). Then this scheme is analyzed based on the network packet delivery ratio and found that throughput has improved.

Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

DEFF Research Database (Denmark)

Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

2013-01-01

In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...

Password Authenticated Key Exchange and Protected Password Change Protocols

Directory of Open Access Journals (Sweden)

Ting-Yi Chang

2017-07-01

Full Text Available In this paper, we propose new password authenticated key exchange (PAKE and protected password change (PPC protocols without any symmetric or public-key cryptosystems. The security of the proposed protocols is based on the computational Diffie-Hellman assumption in the random oracle model. The proposed scheme can resist both forgery server and denial of service attacks.

Optical identity authentication technique based on compressive ghost imaging with QR code

Science.gov (United States)

Wenjie, Zhan; Leihong, Zhang; Xi, Zeng; Yi, Kang

2018-04-01

With the rapid development of computer technology, information security has attracted more and more attention. It is not only related to the information and property security of individuals and enterprises, but also to the security and social stability of a country. Identity authentication is the first line of defense in information security. In authentication systems, response time and security are the most important factors. An optical authentication technology based on compressive ghost imaging with QR codes is proposed in this paper. The scheme can be authenticated with a small number of samples. Therefore, the response time of the algorithm is short. At the same time, the algorithm can resist certain noise attacks, so it offers good security.

Robust and Efficient Authentication Scheme for Session Initiation Protocol

Directory of Open Access Journals (Sweden)

Yanrong Lu

2015-01-01

Full Text Available The session initiation protocol (SIP is a powerful application-layer protocol which is used as a signaling one for establishing, modifying, and terminating sessions among participants. Authentication is becoming an increasingly crucial issue when a user asks to access SIP services. Hitherto, many authentication schemes have been proposed to enhance the security of SIP. In 2014, Arshad and Nikooghadam proposed an enhanced authentication and key agreement scheme for SIP and claimed that their scheme could withstand various attacks. However, in this paper, we show that Arshad and Nikooghadam’s authentication scheme is still susceptible to key-compromise impersonation and trace attacks and does not provide proper mutual authentication. To conquer the flaws, we propose a secure and efficient ECC-based authentication scheme for SIP. Through the informal and formal security analyses, we demonstrate that our scheme is resilient to possible known attacks including the attacks found in Arshad et al.’s scheme. In addition, the performance analysis shows that our scheme has similar or better efficiency in comparison with other existing ECC-based authentication schemes for SIP.

An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Chenyu Wang

2017-12-01

Full Text Available As an essential part of Internet of Things (IoT, wireless sensor networks (WSNs have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows–Abadi–Needham (BAN logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme.

An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks.

Science.gov (United States)

Wang, Chenyu; Xu, Guoai; Sun, Jing

2017-12-19

As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows-Abadi-Needham (BAN) logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme.

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

Science.gov (United States)

Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

2016-01-01

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

Proposal and Its Evaluation of a Shoulder-Surfing Attack Resistant Authentication Method:Secret Tap with Double Shift

OpenAIRE

Yoshihiro Kita; Fumio Sugai; MiRang Park; Naonobu Okazaki

2015-01-01

Recently, mobile terminals such as smartphones have come into widespread use. Most of such mobile terminals store several types of important data, such as personal information. Therefore, it is necessary to lock and unlock terminals using a personal authentication method such as personal identification numbers (PINs) in order to prevent data theft. However, most existing authentication methods have a common problem referred to here as “shoulder-surfing”, in which authentication information is...

Facelock: familiarity-based graphical authentication

Directory of Open Access Journals (Sweden)

Rob Jenkins

2014-06-01

Full Text Available Authentication codes such as passwords and PIN numbers are widely used to control access to resources. One major drawback of these codes is that they are difficult to remember. Account holders are often faced with a choice between forgetting a code, which can be inconvenient, or writing it down, which compromises security. In two studies, we test a new knowledge-based authentication method that does not impose memory load on the user. Psychological research on face recognition has revealed an important distinction between familiar and unfamiliar face perception: When a face is familiar to the observer, it can be identified across a wide range of images. However, when the face is unfamiliar, generalisation across images is poor. This contrast can be used as the basis for a personalised ‘facelock’, in which authentication succeeds or fails based on image-invariant recognition of faces that are familiar to the account holder. In Study 1, account holders authenticated easily by detecting familiar targets among other faces (97.5% success rate, even after a one-year delay (86.1% success rate. Zero-acquaintance attackers were reduced to guessing (<1% success rate. Even personal attackers who knew the account holder well were rarely able to authenticate (6.6% success rate. In Study 2, we found that shoulder-surfing attacks by strangers could be defeated by presenting different photos of the same target faces in observed and attacked grids (1.9% success rate. Our findings suggest that the contrast between familiar and unfamiliar face recognition may be useful for developers of graphical authentication systems.

Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.

Science.gov (United States)

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

Science.gov (United States)

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way

Science.gov (United States)

Cui, Yank; Kobara, Kazukuni; Matsuura, Kanta; Imai, Hideki

As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

Directory of Open Access Journals (Sweden)

Younghwa An

2012-01-01

Full Text Available Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das’s authentication scheme, and we have shown that Das’s authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das’s authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy.

Science.gov (United States)

Qiu, Shuming; Xu, Guoai; Ahmad, Haseeb; Guo, Yanhui

2018-01-01

The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash's scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe some accountable flaws in Farash's protocol. We point out that Farash's protocol is prone to key-compromise impersonation attack and is unable to provide pre-verification in the smart card, efficient password change and perfect forward secrecy. To overcome these limitations, in this paper we present an enhanced authentication mechanism based on Kumari et al.'s scheme. We prove that the proposed protocol not only overcomes the issues in Farash's scheme, but it can also resist against all known attacks. We also provide the security analysis of the proposed scheme with the help of widespread AVISPA (Automated Validation of Internet Security Protocols and Applications) software. At last, comparing with the earlier proposals in terms of security and efficiency, we conclude that the proposed protocol is efficient and more secure.

An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy

Science.gov (United States)

2018-01-01

The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash’s scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe some accountable flaws in Farash’s protocol. We point out that Farash’s protocol is prone to key-compromise impersonation attack and is unable to provide pre-verification in the smart card, efficient password change and perfect forward secrecy. To overcome these limitations, in this paper we present an enhanced authentication mechanism based on Kumari et al.’s scheme. We prove that the proposed protocol not only overcomes the issues in Farash’s scheme, but it can also resist against all known attacks. We also provide the security analysis of the proposed scheme with the help of widespread AVISPA (Automated Validation of Internet Security Protocols and Applications) software. At last, comparing with the earlier proposals in terms of security and efficiency, we conclude that the proposed protocol is efficient and more secure. PMID:29547619

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography

Science.gov (United States)

Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

2016-01-01

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols. PMID:27163786

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

Directory of Open Access Journals (Sweden)

Alavalapati Goutham Reddy

Full Text Available Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors

Directory of Open Access Journals (Sweden)

Ali A. Yassin

2016-07-01

Full Text Available In 2009, Xu et al. presented a safe, dynamic, id-based on remote user authentication method that has several advantages such as freely chosen passwords and mutual authentication. In this paper, we review the Xu–Zhu–Feng scheme and indicate many shortcomings in their scheme. Impersonation attacks and insider attacks could be effective. To overcome these drawbacks, we propose a secure biometric-based remote authentication scheme using biometric characteristics of hand-geometry, which is aimed at withstanding well-known attacks and achieving good performance. Furthermore, our work contains many crucial merits such as mutual authentication, user anonymity, freely chosen passwords, secure password changes, session key agreements, revocation by using personal biometrics, and does not need extra device or software for hand geometry in the login phase. Additionally, our scheme is highly efficient and withstands existing known attacks like password guessing, server impersonation, insider attacks, denial of service (DOS attacks, replay attacks, and parallel-session attacks. Compared with the other related schemes, our work is powerful both in communications and computation costs.

Towards distortion-free robust image authentication

International Nuclear Information System (INIS)

Coltuc, D

2007-01-01

This paper investigates a general framework for distortion-free robust image authentication by multiple marking. First, by robust watermarking a subsampled version of image edges is embedded. Then, by reversible watermarking the information needed to recover the original image is inserted, too. The hiding capacity of the reversible watermarking is the essential requirement for this approach. Thus in case of no attacks not only image is authenticated but also the original is exactly recovered. In case of attacks, reversibility is lost, but image can still be authenticated. Preliminary results providing very good robustness against JPEG compression are presented

Facelock: familiarity-based graphical authentication.

Science.gov (United States)

Jenkins, Rob; McLachlan, Jane L; Renaud, Karen

2014-01-01

Authentication codes such as passwords and PIN numbers are widely used to control access to resources. One major drawback of these codes is that they are difficult to remember. Account holders are often faced with a choice between forgetting a code, which can be inconvenient, or writing it down, which compromises security. In two studies, we test a new knowledge-based authentication method that does not impose memory load on the user. Psychological research on face recognition has revealed an important distinction between familiar and unfamiliar face perception: When a face is familiar to the observer, it can be identified across a wide range of images. However, when the face is unfamiliar, generalisation across images is poor. This contrast can be used as the basis for a personalised 'facelock', in which authentication succeeds or fails based on image-invariant recognition of faces that are familiar to the account holder. In Study 1, account holders authenticated easily by detecting familiar targets among other faces (97.5% success rate), even after a one-year delay (86.1% success rate). Zero-acquaintance attackers were reduced to guessing (authenticate (6.6% success rate). In Study 2, we found that shoulder-surfing attacks by strangers could be defeated by presenting different photos of the same target faces in observed and attacked grids (1.9% success rate). Our findings suggest that the contrast between familiar and unfamiliar face recognition may be useful for developers of graphical authentication systems.

On the security of two remote user authentication schemes for telecare medical information systems.

Science.gov (United States)

Kim, Kee-Won; Lee, Jae-Dong

2014-05-01

The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

Science.gov (United States)

Wu, Fan; Xu, Lili

2013-08-01

Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

Directory of Open Access Journals (Sweden)

Younsung Choi

Full Text Available With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

Science.gov (United States)

Choi, Younsung; Lee, Youngsook; Moon, Jongho; Won, Dongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Security enhanced multi-factor biometric authentication scheme using bio-hash function

Science.gov (United States)

Lee, Youngsook; Moon, Jongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An’s scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user’s ID during login. Cao and Ge improved upon Younghwa An’s scheme, but various security problems remained. This study demonstrates that Cao and Ge’s scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge’s scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost. PMID:28459867

Further attacks on Yeung-Mintzer fragile watermarking scheme

Science.gov (United States)

Fridrich, Jessica; Goljan, Miroslav; Memon, Nasir D.

2000-05-01

In this paper, we describe new and improved attacks on the authentication scheme previously proposed by Yeung and Mintzer. Previous attacks assumed that the binary watermark logo inserted in an image for the purposes of authentication was known. Here we remove that assumption and show how the scheme is still vulnerable, even if the binary logo is not known but the attacker has access to multiple images that have been watermarked with the same secret key and contain the same (but unknown) logo. We present two attacks. The first attack infers the secret watermark insertion function and the binary logo, given multiple images authenticated with the same key and containing the same logo. We show that a very good approximation to the logo and watermark insertion function can be constructed using as few as two images. With color images, one needs many more images, nevertheless the attack is still feasible. The second attack we present, which we call the 'collage-attack' is a variation of the Holliman-Memon counterfeiting attack. The proposed variation does not require knowledge of the watermark logo and produces counterfeits of superior quality by means of a suitable dithering process that we develop.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Science.gov (United States)

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Directory of Open Access Journals (Sweden)

Jaewook Jung

Full Text Available Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

Science.gov (United States)

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

International Nuclear Information System (INIS)

Xie Qi; Hu Bin; Chen Ke-Fei; Liu Wen-Hao; Tan Xiao

2015-01-01

In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency. (paper)

An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks.

Science.gov (United States)

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2013-07-24

Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged.

Anonymous Authentication Systems Based on Private Information Retrieval

OpenAIRE

Nakamura, Toru; Inenaga, Shunsuke; Ikeda, Daisuke; Baba, Kensuke; Yasuura, Hiroto

2009-01-01

This paper focuses on authentication with three types of entities: a user who sends an authentication request, an authentication-server who receives and verifies the request, and a database who supplies the authentication-server with information for verifying the request. This paper presents novel authentication protocols that satisfy the following important properties: (1) secure against replay attacks, (2) the database(s) cannot identify which user is authenticating and (3) the authenticati...

A robust anonymous biometric-based remote user authentication scheme using smart cards

Directory of Open Access Journals (Sweden)

Ashok Kumar Das

2015-04-01

Full Text Available Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user authentication scheme using smart cards. It was claimed that the proposed scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. In this paper, we first analyze the security of An’s scheme and we show that this scheme has three serious security flaws in the design of the scheme: (i flaw in user’s biometric verification during the login phase, (ii flaw in user’s password verification during the login and authentication phases, and (iii flaw in user’s password change locally at any time by the user. Due to these security flaws, An’s scheme cannot support mutual authentication between the user and the server. Further, we show that An’s scheme cannot prevent insider attack. In order to remedy the security weaknesses found in An’s scheme, we propose a new robust and secure anonymous biometric-based remote user authentication scheme using smart cards. Through the informal and formal security analysis, we show that our scheme is secure against all possible known attacks including the attacks found in An’s scheme. The simulation results of our scheme using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool ensure that our scheme is secure against passive and active attacks. In addition, our scheme is also comparable in terms of the communication and computational overheads with An’s scheme and other related existing schemes. As a result, our scheme is more appropriate for practical applications compared to other approaches.

An Improvement on Remote User Authentication Schemes Using Smart Cards

Directory of Open Access Journals (Sweden)

Chin-Ling Chen

2018-01-01

Full Text Available In 2010, Yeh et al. proposed two robust remote user authentication schemes using smart cards; their claims were such that their schemes defended against ID-theft attacks, reply attacks, undetectable on-line password guessing attacks, off-line password guessing attacks, user impersonation attack, server counterfeit attack and man-in-the-middle attack. In this paper, we show that Yeh et al.’s schemes are still vulnerable to ID-theft attack, off-line password guessing attacks, undetectable on-line password guessing attacks and user impersonation attack. Notably, problems remain in situations where the user lost a smart card or the malicious legal user. To remedy these flaws, this paper proposes an improvement on Yeh et al.’s remote user authentication schemes using smart cards.

CUE: counterfeit-resistant usable eye movement-based authentication via oculomotor plant characteristics and complex eye movement patterns

Science.gov (United States)

Komogortsev, Oleg V.; Karpov, Alexey; Holland, Corey D.

2012-06-01

The widespread use of computers throughout modern society introduces the necessity for usable and counterfeit-resistant authentication methods to ensure secure access to personal resources such as bank accounts, e-mail, and social media. Current authentication methods require tedious memorization of lengthy pass phrases, are often prone to shouldersurfing, and may be easily replicated (either by counterfeiting parts of the human body or by guessing an authentication token based on readily available information). This paper describes preliminary work toward a counterfeit-resistant usable eye movement-based (CUE) authentication method. CUE does not require any passwords (improving the memorability aspect of the authentication system), and aims to provide high resistance to spoofing and shoulder-surfing by employing the combined biometric capabilities of two behavioral biometric traits: 1) oculomotor plant characteristics (OPC) which represent the internal, non-visible, anatomical structure of the eye; 2) complex eye movement patterns (CEM) which represent the strategies employed by the brain to guide visual attention. Both OPC and CEM are extracted from the eye movement signal provided by an eye tracking system. Preliminary results indicate that the fusion of OPC and CEM traits is capable of providing a 30% reduction in authentication error when compared to the authentication accuracy of individual traits.

Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2011-01-01

suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications...

An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Chun-Ta Li

2013-07-01

Full Text Available Wireless sensor networks (WSNs can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs. Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.’s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users’ attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.’s authentication scheme are left unchanged.

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

Science.gov (United States)

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

Directory of Open Access Journals (Sweden)

Younsung Choi

2014-01-01

Full Text Available An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Two-Factor User Authentication with Key Agreement Scheme Based on Elliptic Curve Cryptosystem

Directory of Open Access Journals (Sweden)

Juan Qu

2014-01-01

Full Text Available A password authentication scheme using smart card is called two-factor authentication scheme. Two-factor authentication scheme is the most accepted and commonly used mechanism that provides the authorized users a secure and efficient method for accessing resources over insecure communication channel. Up to now, various two-factor user authentication schemes have been proposed. However, most of them are vulnerable to smart card loss attack, offline password guessing attack, impersonation attack, and so on. In this paper, we design a password remote user authentication with key agreement scheme using elliptic curve cryptosystem. Security analysis shows that the proposed scheme has high level of security. Moreover, the proposed scheme is more practical and secure in contrast to some related schemes.

Quantum authentication based on the randomness of measurement bases in BB84

International Nuclear Information System (INIS)

Dang Minh Dung; Bellot, P.; Alleaume, R.

2005-01-01

Full text: The establishment of a secret key between two legitimate end points of a communication link, let us name them Alice and Bob, using Quantum key distribution (QKD) is unconditionally secure thanks to Quantum Physics laws.However, the various QKD protocols do not intend to provide the authentication of the end points: Alice cannot be sure that she is communicating with Bob and reciprocally. Therefore, these protocols are subjects to various attacks. The most obvious attack is the man-in-the-middle attack in which an eavesdropper, let us name her Eve, stands in the middle of the communication link. Alice communicates with Eve meanwhile she thinks she communicate with Bob. And Bob communicates with Eve meanwhile he thinks he is communicating with Alice. Eve, acting as a relay, can read all the communications between Alice and Bob and retransmit them. To prevent this kind of attack, the solution is to authenticate the two end points of the communication link. One solution is that Alice and Bob share an authentication key prior to the communication. In order to improve the security, Alice and Bob must share a set of authentication one-time keys. One-time key means that the key has to be used only once because each time a key is used, the eavesdropper Eve can gain a few information on the key. Re-using the same key many times would finally reveal the key to Eve. However, Eve can simulate many times the authentication process with Alice. Each time Eve simulates the authentication process, one of the pre-positioned keys is depleted leading to the exhaustion of the set of pre-positioned keys. This type of attack is named Denial of Service attack. In this work, we propose to use the randomness of the measurement bases in BB84 to build an authentication scheme based on the existence of a prepositioned authentication key. This authentication scheme can be used with BB84 but also with any other Quantum Key Distribution protocols. It is protected against the Denial of

Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication

Science.gov (United States)

2017-05-22

In this research, we explore a novel approach to measuring the susceptibility of smarthphone unlock authentication to shoulder surfing attacks. We...have created a series of video recordings where researchers enter authentication sequences into mobile devices (e.g. PINs, graphical patterns with...and played the role of attackers, viewing video-recorded footage of PIN and graphical pattern authentication input with various camera angles, hand

1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks.

Science.gov (United States)

Liu, Jingwei; Zhang, Lihuan; Sun, Rong

2016-05-19

Thanks to the rapid technological convergence of wireless communications, medical sensors and cloud computing, Wireless Body Area Networks (WBANs) have emerged as a novel networking paradigm enabling ubiquitous Internet services, allowing people to receive medical care, monitor health status in real-time, analyze sports data and even enjoy online entertainment remotely. However, because of the mobility and openness of wireless communications, WBANs are inevitably exposed to a large set of potential attacks, significantly undermining their utility and impeding their widespread deployment. To prevent attackers from threatening legitimate WBAN users or abusing WBAN services, an efficient and secure authentication protocol termed 1-Round Anonymous Authentication Protocol (1-RAAP) is proposed in this paper. In particular, 1-RAAP preserves anonymity, mutual authentication, non-repudiation and some other desirable security properties, while only requiring users to perform several low cost computational operations. More importantly, 1-RAAP is provably secure thanks to its design basis, which is resistant to the anonymous in the random oracle model. To validate the computational efficiency of 1-RAAP, a set of comprehensive comparative studies between 1-RAAP and other authentication protocols is conducted, and the results clearly show that 1-RAAP achieves the best performance in terms of computational overhead.

1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks

Directory of Open Access Journals (Sweden)

Jingwei Liu

2016-05-01

Full Text Available Thanks to the rapid technological convergence of wireless communications, medical sensors and cloud computing, Wireless Body Area Networks (WBANs have emerged as a novel networking paradigm enabling ubiquitous Internet services, allowing people to receive medical care, monitor health status in real-time, analyze sports data and even enjoy online entertainment remotely. However, because of the mobility and openness of wireless communications, WBANs are inevitably exposed to a large set of potential attacks, significantly undermining their utility and impeding their widespread deployment. To prevent attackers from threatening legitimate WBAN users or abusing WBAN services, an efficient and secure authentication protocol termed 1-Round Anonymous Authentication Protocol (1-RAAP is proposed in this paper. In particular, 1-RAAP preserves anonymity, mutual authentication, non-repudiation and some other desirable security properties, while only requiring users to perform several low cost computational operations. More importantly, 1-RAAP is provably secure thanks to its design basis, which is resistant to the anonymous in the random oracle model. To validate the computational efficiency of 1-RAAP, a set of comprehensive comparative studies between 1-RAAP and other authentication protocols is conducted, and the results clearly show that 1-RAAP achieves the best performance in terms of computational overhead.

Blocking of Brute Force Attack

OpenAIRE

M.Venkata Krishna Reddy

2012-01-01

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

Biometrics based authentication scheme for session initiation protocol

OpenAIRE

Xie, Qi; Tang, Zhixiong

2016-01-01

Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when co...

Quantum identity authentication based on ping-pong technique for photons

Energy Technology Data Exchange (ETDEWEB)

Zhang Zheshen [State Key Laboratory of Advanced Optical Communication Systems and Networks, Department of Electronic Engineering, Shanghai Jiao Tong University, Shanghai 200030 (China)]. E-mail: zheshenzhang@hotmail.com; Zeng Guihua [State Key Laboratory of Advanced Optical Communication Systems and Networks, Department of Electronic Engineering, Shanghai Jiao Tong University, Shanghai 200030 (China)]. E-mail: ghzeng@sjtu.edu.cn; Zhou Nanrun [Department of Electronics Information Engineering, Nanchang University, Nanchang 330029 (China); Xiong Jin [State Key Laboratory of Advanced Optical Communication Systems and Networks, Department of Electronic Engineering, Shanghai Jiao Tong University, Shanghai 200030 (China)

2006-08-07

To prevent active attack, an one-way quantum identity authentication scheme is proposed by employing mechanism of ping-pong protocol and property of quantum controlled-NOT gate. It can verify the user's identity as well as distribute an updated key as the authentication key. Analytical results show the proposed scheme is secure under general individual attack.

Quantum identity authentication based on ping-pong technique for photons

International Nuclear Information System (INIS)

Zhang Zheshen; Zeng Guihua; Zhou Nanrun; Xiong Jin

2006-01-01

To prevent active attack, an one-way quantum identity authentication scheme is proposed by employing mechanism of ping-pong protocol and property of quantum controlled-NOT gate. It can verify the user's identity as well as distribute an updated key as the authentication key. Analytical results show the proposed scheme is secure under general individual attack

CLAS: A Novel Communications Latency Based Authentication Scheme

Directory of Open Access Journals (Sweden)

Zuochao Dou

2017-01-01

Full Text Available We design and implement a novel communications latency based authentication scheme, dubbed CLAS, that strengthens the security of state-of-the-art web authentication approaches by leveraging the round trip network communications latency (RTL between clients and authenticators. In addition to the traditional credentials, CLAS profiles RTL values of clients and uses them to defend against password compromise. The key challenges are (i to prevent RTL manipulation, (ii to alleviate network instabilities, and (iii to address mobile clients. CLAS addresses the first challenge by introducing a novel network architecture, which makes it extremely difficult for attackers to simulate legitimate RTL values. The second challenge is addressed by outlier removal and multiple temporal profiling, while the last challenge is addressed by augmenting CLAS with out-of-band-channels or other authentication schemes. CLAS restricts login to profiled locations while demanding additional information for nonprofiled ones, which highly reduces the attack surface even when the legitimate credentials are compromised. Additionally, unlike many state-of-the-art authentication mechanisms, CLAS is resilient to phishing, pharming, man-in-the-middle, and social engineering attacks. Furthermore, CLAS is transparent to users and incurs negligible overhead. The experimental results show that CLAS can achieve very low false positive and false negative rates.

A Scenario-Based Protocol Checker for Public-Key Authentication Scheme

Science.gov (United States)

Saito, Takamichi

Security protocol provides communication security for the internet. One of the important features of it is authentication with key exchange. Its correctness is a requirement of the whole of the communication security. In this paper, we introduce three attack models realized as their attack scenarios, and provide an authentication-protocol checker for applying three attack-scenarios based on the models. We also utilize it to check two popular security protocols: Secure SHell (SSH) and Secure Socket Layer/Transport Layer Security (SSL/TLS).

Twisted Polynomials and Forgery Attacks on GCM

DEFF Research Database (Denmark)

Abdelraheem, Mohamed Ahmed A. M. A.; Beelen, Peter; Bogdanov, Andrey

2015-01-01

Polynomial hashing as an instantiation of universal hashing is a widely employed method for the construction of MACs and authenticated encryption (AE) schemes, the ubiquitous GCM being a prominent example. It is also used in recent AE proposals within the CAESAR competition which aim at providing...... in an improved key recovery algorithm. As cryptanalytic applications of our twisted polynomials, we develop the first universal forgery attacks on GCM in the weak-key model that do not require nonce reuse. Moreover, we present universal weak-key forgeries for the nonce-misuse resistant AE scheme POET, which...

A Color Image Watermarking Scheme Resistant against Geometrical Attacks

Directory of Open Access Journals (Sweden)

Y. Xing

2010-04-01

Full Text Available The geometrical attacks are still a problem for many digital watermarking algorithms at present. In this paper, we propose a watermarking algorithm for color images resistant to geometrical distortions (rotation and scaling. The singular value decomposition is used for watermark embedding and extraction. The log-polar map- ping (LPM and phase correlation method are used to register the position of geometrical distortion suffered by the watermarked image. Experiments with different kinds of color images and watermarks demonstrate that the watermarking algorithm is robust to common image processing attacks, especially geometrical attacks.

Biometrics based authentication scheme for session initiation protocol.

Science.gov (United States)

Xie, Qi; Tang, Zhixiong

2016-01-01

Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.

A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments

Directory of Open Access Journals (Sweden)

Ruhul Amin

2017-01-01

Full Text Available The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a two-factor (password and smart-card user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.

Chaotic maps-based password-authenticated key agreement using smart cards

Science.gov (United States)

Guo, Cheng; Chang, Chin-Chen

2013-06-01

Password-based authenticated key agreement using smart cards has been widely and intensively researched. Inspired by the semi-group property of Chebyshev maps and key agreement protocols based on chaotic maps, we proposed a novel chaotic maps-based password-authenticated key agreement protocol with smart cards. In our protocol, we avoid modular exponential computing or scalar multiplication on elliptic curve used in traditional authenticated key agreement protocols using smart cards. Our analysis shows that our protocol has comprehensive characteristics and can withstand attacks, including the insider attack, replay attack, and others, satisfying essential security requirements. Performance analysis shows that our protocol can refrain from consuming modular exponential computing and scalar multiplication on an elliptic curve. The computational cost of our protocol compared with related protocols is acceptable.

Diffie-Hellman Key Based Authentication in Proxy Mobile IPv6

Directory of Open Access Journals (Sweden)

HyunGon Kim

2010-01-01

Full Text Available Wireless communication service providers have been showing strong interest in Proxy Mobile IPv6 for providing network-based IP mobility management. This could be a prominent way to support IP mobility to mobile nodes, because Proxy Mobile IPv6 requires minimal functionalities on the mobile node. While several extensions for Proxy Mobile IPv6 are being developed in the Internet Engineering Task Force, there has been little attentions paid to developing efficient authentication mechanisms. An authentication scheme for a mobility protocol must protect signaling messages against various security threats, e.g., session stealing attack, intercept attack by redirection, replay attack, and key exposure, while minimizing authentication latency. In this paper, we propose a Diffie-Hellman key based authentication scheme that utilizes the low layer signaling to exchange Diffie-Hellman variables and allows mobility service provisioning entities to exchange mobile node's profile and ongoing sessions securely. By utilizing the low layer signaling and context transfer between relevant nodes, the proposed authentication scheme minimizes authentication latency when the mobile node moves across different networks. In addition, thanks to the use of the Diffie-Hellman key agreement, pre-established security associations between mobility service provisioning entities are not required in the proposed authentication scheme so that network scalability in an operationally efficient manner is ensured. To ascertain its feasibility, security analysis and performance analysis are presented.

Authenticated Quantum Key Distribution with Collective Detection using Single Photons

Science.gov (United States)

Huang, Wei; Xu, Bing-Jie; Duan, Ji-Tong; Liu, Bin; Su, Qi; He, Yuan-Hang; Jia, Heng-Yue

2016-10-01

We present two authenticated quantum key distribution (AQKD) protocols by utilizing the idea of collective (eavesdropping) detection. One is a two-party AQKD protocol, the other is a multiparty AQKD protocol with star network topology. In these protocols, the classical channels need not be assumed to be authenticated and the single photons are used as the quantum information carriers. To achieve mutual identity authentication and establish a random key in each of the proposed protocols, only one participant should be capable of preparing and measuring single photons, and the main quantum ability that the rest of the participants should have is just performing certain unitary operations. Security analysis shows that these protocols are free from various kinds of attacks, especially the impersonation attack and the man-in-the-middle (MITM) attack.

Secure and Efficient Anonymous Authentication Scheme in Global Mobility Networks

Directory of Open Access Journals (Sweden)

Jun-Sub Kim

2013-01-01

Full Text Available In 2012, Mun et al. pointed out that Wu et al.’s scheme failed to achieve user anonymity and perfect forward secrecy and disclosed the passwords of legitimate users. And they proposed a new enhancement for anonymous authentication scheme. However, their proposed scheme has vulnerabilities that are susceptible to replay attack and man-in-the-middle attack. It also incurs a high overhead in the database. In this paper, we examine the vulnerabilities in the existing schemes and the computational overhead incurred in the database. We then propose a secure and efficient anonymous authentication scheme for roaming service in global mobility network. Our proposed scheme is secure against various attacks, provides mutual authentication and session key establishment, and incurs less computational overhead in the database than Mun et al.'s scheme.

A Secure and Efficient Handover Authentication Protocol for Wireless Networks

Directory of Open Access Journals (Sweden)

Weijia Wang

2014-06-01

Full Text Available Handover authentication protocol is a promising access control technology in the fields of WLANs and mobile wireless sensor networks. In this paper, we firstly review an effcient handover authentication protocol, named PairHand, and its existing security attacks and improvements. Then, we present an improved key recovery attack by using the linearly combining method and reanalyze its feasibility on the improved PairHand protocol. Finally, we present a new handover authentication protocol, which not only achieves the same desirable effciency features of PairHand, but enjoys the provable security in the random oracle model.

Multifactor Authentication: Its Time Has Come

Directory of Open Access Journals (Sweden)

Jim Reno

2013-08-01

Full Text Available Transactions of any value must be authenticated to help prevent online crime. Even seemingly innocent interactions, such as social media postings, can have serious consequences if used fraudulently. A key problem in modern online interactions is establishing the identity of the user without alienating the user. Historically, almost all online authentications have been implemented using simple passwords, but increasingly these methods are under attack. Multifactor authentication requires the presentation of two or more of the three authentication factor types: “What you know”, “What you have”, and “What you are”. After presentation, each factor must be validated by the other party for authentication to occur. Multifactor authentication is a potential solution to the authentication problem, and it is beginning to be implemented at websites operated by well-known companies. This article surveys the different mechanisms used to implement multifactor authentication. How a site chooses to implement multifactor authentication affects security as well as the overall user experience.

Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce.

Science.gov (United States)

Mishra, Dheerendra; Mukhopadhyay, Sourav; Kumari, Saru; Khan, Muhammad Khurram; Chaturvedi, Ankita

2014-05-01

Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services which increase the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interacting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions.pagebreak Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava's scheme does not achieve efficient password change phase. Moreover, their scheme does not resist off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava's scheme with the aim to remove the drawbacks of their scheme.

Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems.

Science.gov (United States)

Yau, Wei-Chuen; Phan, Raphael C-W

2013-12-01

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

User Authentication in Smartphones for Telehealth.

Science.gov (United States)

Smith, Katherine A; Zhou, Leming; Watzlaf, Valerie J M

2017-01-01

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity. When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed.

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

Science.gov (United States)

Li, Chun-Ta; Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-06-23

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

User Authentication in Smartphones for Telehealth

Directory of Open Access Journals (Sweden)

Katherine A. Smith

2017-11-01

Full Text Available Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity.  When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed.  Keywords: Authentication, Biometrics, HIPAA, Mobile security, Telehealth

Privacy Leaks through Data Hijacking Attack on Mobile Systems

Directory of Open Access Journals (Sweden)

Zhang Daojuan

2017-01-01

Full Text Available To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices. In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack.

Enhanced Security and Pairing-free Handover Authentication Scheme for Mobile Wireless Networks

Science.gov (United States)

Chen, Rui; Shu, Guangqiang; Chen, Peng; Zhang, Lijun

2017-10-01

With the widely deployment of mobile wireless networks, we aim to propose a secure and seamless handover authentication scheme that allows users to roam freely in wireless networks without worrying about security and privacy issues. Given the open characteristic of wireless networks, safety and efficiency should be considered seriously. Several previous protocols are designed based on a bilinear pairing mapping, which is time-consuming and inefficient work, as well as unsuitable for practical situations. To address these issues, we designed a new pairing-free handover authentication scheme for mobile wireless networks. This scheme is an effective improvement of the protocol by Xu et al., which is suffer from the mobile node impersonation attack. Security analysis and simulation experiment indicate that the proposed protocol has many excellent security properties when compared with other recent similar handover schemes, such as mutual authentication and resistance to known network threats, as well as requiring lower computation and communication cost.

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

Science.gov (United States)

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-03-21

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Directory of Open Access Journals (Sweden)

Jongho Moon

2017-01-01

Full Text Available Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

Photon-counting multifactor optical encryption and authentication

International Nuclear Information System (INIS)

Pérez-Cabré, E; Millán, M S; Mohammed, E A; Saadon, H L

2015-01-01

The multifactor optical encryption authentication method [Opt. Lett., 31 721-3 (2006)] reinforces optical security by allowing the simultaneous authentication of up to four factors. In this work, the photon-counting imaging technique is applied to the multifactor encrypted function so that a sparse phase-only distribution is generated for the encrypted data. The integration of both techniques permits an increased capacity for signal hiding with simultaneous data reduction for better fulfilling the general requirements of protection, storage and transmission. Cryptanalysis of the proposed method is carried out in terms of chosen-plaintext and chosen-ciphertext attacks. Although the multifactor authentication process is not substantially altered by those attacks, its integration with the photon-counting imaging technique prevents from possible partial disclosure of any encrypted factor, thus increasing the security level of the overall process. Numerical experiments and results are provided and discussed. (paper)

A Data-origin Authentication Protocol Based on ONOS Cluster

Directory of Open Access Journals (Sweden)

Qin Hua

2016-01-01

Full Text Available This paper is aim to propose a data-origin authentication protocol based on ONOS cluster. ONOS is a SDN controller which can work under a distributed environment. However, the security of an ONOS cluster is seldom considered, and the communication in an ONOS cluster may suffer from lots of security threats. In this paper, we used a two-tier self-renewable hash chain for identity authentication and data-origin authentication. We analyse the security and overhead of our proposal and made a comparison with current security measure. It showed that with the help of our proposal, communication in an ONOS cluster could be protected from identity forging, replay attacks, data tampering, MITM attacks and repudiation, also the computational overhead would decrease apparently.

Cryptanalysis of Quantum Secure Direct Communication and Authentication Scheme via Bell States

International Nuclear Information System (INIS)

Gao Fei; Qin Su-Juan; Guo Fen-Zhuo; Wen Qiao-Yan

2011-01-01

The security of the quantum secure direct communication (QSDC) and authentication protocol based on Bell states is analyzed. It is shown that an eavesdropper can invalidate the authentication function, and implement a successful man-in-the-middle attack, where he/she can obtain or even modify the transmitted secret without introducing any error. The particular attack strategy is demonstrated and an improved protocol is presented. (general)

Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

Directory of Open Access Journals (Sweden)

Younsung Choi

2014-06-01

Full Text Available Wireless sensor networks (WSNs consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC for WSNs. However, it turned out that Yeh et al.’s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.’s protocol. However, Shi et al.’s improvement introduces other security weaknesses. In this paper, we show that Shi et al.’s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

Science.gov (United States)

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-06-10

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

Efficient Protection of Android Applications through User Authentication Using Peripheral Devices

OpenAIRE

Jinseong Kim; Im Y. Jung

2018-01-01

Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, ...

Authenticated quantum secret sharing with quantum dialogue based on Bell states

International Nuclear Information System (INIS)

Abulkasim, Hussein; Hamad, Safwat; El Bahnasy, Khalid; Rida, Saad Z

2016-01-01

This work proposes a scheme that combines the advantages of a quantum secret sharing procedure and quantum dialogue. The proposed scheme enables the participants to simultaneously make mutual identity authentications, in a simulated scenario where the boss, Alice, shares a secret with her two agents Bob and Charlie. The secret is protected by checking photons to keep untrustworthy agents and outer attacks from getting useful information. Before the two agents cooperate to recover Alice’s secret, they must authenticate their identity using parts of a pre-shared key. In addition, the whole pre-shared key is reused as part of recovering the secret data to avoid any leaks of information. In comparison with previous schemes, the proposed method can efficiently detect eavesdropping and it is free from information leaks. Furthermore, the proposed scheme proved to be secure against man-in-the-middle attacks, impersonation attacks, entangled-and-measure attacks, participant attacks, modification attacks and Trojan-horse attacks. (paper)

An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks

Directory of Open Access Journals (Sweden)

Chien-Ming Chen

2018-07-01

Full Text Available The advancement of Wireless Body Area Networks (WBAN have led to significant progress in medical and health care systems. However, such networks still suffer from major security and privacy threats, especially for the data collected in medical or health care applications. Lack of security and existence of anonymous communication in WBAN brings about the operation failure of these networks. Recently, Li et al. proposed a lightweight protocol for wearable sensors in wireless body area networks. In their paper, the authors claimed that the protocol may provide anonymous mutual authentication and resist against various types of attacks. This study shows that such a protocol is still vulnerable to three types of attacks, i.e., the offline identity guessing attack, the sensor node impersonation attack and the hub node spoofing attack. We then present a secure scheme that addresses these problems, and retains similar efficiency in wireless sensors nodes and mobile phones.

Press touch code: A finger press based screen size independent authentication scheme for smart devices.

Science.gov (United States)

Ranak, M S A Noman; Azad, Saiful; Nor, Nur Nadiah Hanim Binti Mohd; Zamli, Kamal Z

2017-01-01

Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT)-a.k.a., Force Touch in Apple's MacBook, Apple Watch, ZTE's Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on-is transformed into a new type of code, named Press Touch Code (PTC). We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme.

Press touch code: A finger press based screen size independent authentication scheme for smart devices

Science.gov (United States)

Ranak, M. S. A. Noman; Nor, Nur Nadiah Hanim Binti Mohd; Zamli, Kamal Z.

2017-01-01

Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT)—a.k.a., Force Touch in Apple’s MacBook, Apple Watch, ZTE’s Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on—is transformed into a new type of code, named Press Touch Code (PTC). We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme. PMID:29084262

Press touch code: A finger press based screen size independent authentication scheme for smart devices.

Directory of Open Access Journals (Sweden)

M S A Noman Ranak

Full Text Available Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT-a.k.a., Force Touch in Apple's MacBook, Apple Watch, ZTE's Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on-is transformed into a new type of code, named Press Touch Code (PTC. We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme.

DMP: Detouring Using Multiple Paths against Jamming Attack for Ubiquitous Networking System

Directory of Open Access Journals (Sweden)

Mihui Kim

2010-04-01

Full Text Available To successfully realize the ubiquitous network environment including home automation or industrial control systems, it is important to be able to resist a jamming attack. This has recently been considered as an extremely threatening attack because it can collapse the entire network, despite the existence of basic security protocols such as encryption and authentication. In this paper, we present a method of jamming attack tolerant routing using multiple paths based on zones. The proposed scheme divides the network into zones, and manages the candidate forward nodes of neighbor zones. After detecting an attack, detour nodes decide zones for rerouting, and detour packets destined for victim nodes through forward nodes in the decided zones. Simulation results show that our scheme increases the PDR (Packet Delivery Ratio and decreases the delay significantly in comparison with rerouting by a general routing protocol on sensor networks, AODV (Ad hoc On Demand Distance Vector, and a conventional JAM (Jammed Area Mapping service with one reroute.

DMP: detouring using multiple paths against jamming attack for ubiquitous networking system.

Science.gov (United States)

Kim, Mihui; Chae, Kijoon

2010-01-01

To successfully realize the ubiquitous network environment including home automation or industrial control systems, it is important to be able to resist a jamming attack. This has recently been considered as an extremely threatening attack because it can collapse the entire network, despite the existence of basic security protocols such as encryption and authentication. In this paper, we present a method of jamming attack tolerant routing using multiple paths based on zones. The proposed scheme divides the network into zones, and manages the candidate forward nodes of neighbor zones. After detecting an attack, detour nodes decide zones for rerouting, and detour packets destined for victim nodes through forward nodes in the decided zones. Simulation results show that our scheme increases the PDR (Packet Delivery Ratio) and decreases the delay significantly in comparison with rerouting by a general routing protocol on sensor networks, AODV (Ad hoc On Demand Distance Vector), and a conventional JAM (Jammed Area Mapping) service with one reroute.

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

Science.gov (United States)

Xie, Qi; Hu, Bin; Chen, Ke-Fei; Liu, Wen-Hao; Tan, Xiao

2015-11-01

In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency. Project supported by the Natural Science Foundation of Zhejiang Province, China (Grant No. LZ12F02005), the Major State Basic Research Development Program of China (Grant No. 2013CB834205), and the National Natural Science Foundation of China (Grant No. 61070153).

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

Science.gov (United States)

Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-01-01

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP. PMID:28644381

Cryptanalysis of quantum broadcast communication and authentication protocol with a one-time pad

International Nuclear Information System (INIS)

Cao Ya; Gao Fei

2016-01-01

Chang et al . [ Chin. Phys. B 23 010305 (2014)] have proposed a quantum broadcast communication and authentication protocol. However, we find that an intercept-resend attack can be preformed successfully by a potential eavesdropper, who will be able to destroy the authentication function. Afterwards, he or she can acquire the secret transmitted message or even modify it while escaping detection, by implementing an efficient man-in-the-middle attack. Furthermore, we show a simple scheme to defend this attack, that is, applying non-reusable identity strings. (paper)

An Approach for Prevention of MitM Attack Based on Rogue AP in Wireless Network

Directory of Open Access Journals (Sweden)

Zhendong Wu

2014-12-01

Full Text Available With the rapid development of WLAN, more and more schools and businesses have begun to provide the WLAN for users. However, WLAN is considerably more susceptible to MitM (man- in-the-middle attack. To overcome it, we propose a dynamic password technology named Two-way Dynamic Authentication Technology (TDAT. It uses two-factor during the initial authentication, and uses a two-way hash chain during the cross-domain authentication. TDAT effectively protects users' authentication credentials and improves users' experience. In an actual wireless network environment, we implement a MitM attack framework based on Rogue AP. Then we effectively prevent this MitM attack by using TDAT. Moreover we analyze the security of TDAT by using BAN logic.

Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning

OpenAIRE

Lee, Wei-Han; Lee, Ruby B.

2017-01-01

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the...

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

Directory of Open Access Journals (Sweden)

Chenyu Wang

2018-01-01

Full Text Available With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that (1 their description of the adversary’s abilities is inaccurate; (2 their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.

A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

Science.gov (United States)

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2014-09-01

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.

Science.gov (United States)

Khan, Muhammad Khurram; Alghathbar, Khaled

2010-01-01

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

Study of Wireless Authentication Center with Mixed Encryption in WSN

Directory of Open Access Journals (Sweden)

Yiqin Lu

2016-01-01

Full Text Available WSN (wireless sensor network has been used in a wide range of applications nowadays. Sensor networks may often relay critical data; thus, security must be a high priority. However, due to their limited computational, energy, and storage resources, sensor nodes are vulnerable to attack. So how to protect sensor nodes from attacks without raising computational capability and energy consumption is a worthwhile issue. A WAC (wireless authentication center with mixed encryption named “MEWAC” is proposed. MEWAC is based on MCU (Microcontroller Unit and WiFi (Wireless Fidelity module and uses RSA, AES (Advanced Encryption Standard, and SHA-1 (Secure Hash Algorithm 1 to provide high performance authentication and data encryption services for sensor nodes. The experimental results show that MEWAC has the advantages of low cost, low power consumption, good performance, and stability; moreover, the authentication protocol improves the security of WSN and reduces the overhead in node authentication.

Robust anonymous authentication scheme for telecare medical information systems.

Science.gov (United States)

Xie, Qi; Zhang, Jun; Dong, Na

2013-04-01

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.'s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.'s scheme also has some weaknesses. In particular, Chen et al.'s scheme does not provide user's privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user's smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

A User Authentication Scheme Based on Elliptic Curves Cryptography for Wireless Ad Hoc Networks.

Science.gov (United States)

Chen, Huifang; Ge, Linlin; Xie, Lei

2015-07-14

The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes.

Comment on 'Quantum direct communication with authentication'

International Nuclear Information System (INIS)

Zhang, Zhan-jun; Liu, Jun; Wang, Dong; Shi, Shou-hua

2007-01-01

Two protocols of quantum direct communication with authentication [Phys. Rev. A 73, 042305 (2006)] were recently proposed by Lee, Lim, and Yang. In this paper we will show that in the two protocols the authenticator Trent should be prevented from knowing the secret message. The first protocol can be eavesdropped on by Trent using the intercept-measure-resend attack, while the second protocol can be eavesdropped on by Trent using a simple single-qubit measurement. To fix these leaks, we revise the original versions of the protocols by using the Pauli Z operation σ z instead of the original bit-flip operation X. As a consequence, the attacks we present can be prevented and accordingly the protocol securities are improved

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

Directory of Open Access Journals (Sweden)

Pardeep Kumar

2014-02-01

Full Text Available Robust security is highly coveted in real wireless sensor network (WSN applications since wireless sensors’ sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring. The proposed framework offers: (i key initialization; (ii secure network (cluster formation (i.e., mutual authentication and dynamic key establishment; (iii key revocation; and (iv new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

Science.gov (United States)

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

Science.gov (United States)

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

Robust general N user authentication scheme in a centralized quantum communication network via generalized GHZ states

Science.gov (United States)

Farouk, Ahmed; Batle, J.; Elhoseny, M.; Naseri, Mosayeb; Lone, Muzaffar; Fedorov, Alex; Alkhambashi, Majid; Ahmed, Syed Hassan; Abdel-Aty, M.

2018-04-01

Quantum communication provides an enormous advantage over its classical counterpart: security of communications based on the very principles of quantum mechanics. Researchers have proposed several approaches for user identity authentication via entanglement. Unfortunately, these protocols fail because an attacker can capture some of the particles in a transmitted sequence and send what is left to the receiver through a quantum channel. Subsequently, the attacker can restore some of the confidential messages, giving rise to the possibility of information leakage. Here we present a new robust General N user authentication protocol based on N-particle Greenberger-Horne-Zeilinger (GHZ) states, which makes eavesdropping detection more effective and secure, as compared to some current authentication protocols. The security analysis of our protocol for various kinds of attacks verifies that it is unconditionally secure, and that an attacker will not obtain any information about the transmitted key. Moreover, as the number of transferred key bits N becomes larger, while the number of users for transmitting the information is increased, the probability of effectively obtaining the transmitted authentication keys is reduced to zero.

Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’

Directory of Open Access Journals (Sweden)

Muhammad Khurram Khan

2010-03-01

Full Text Available User authentication in wireless sensor networks (WSN is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

OpenAIRE

Pathan, Al-Sakib Khan; Hong, Choong Seon

2007-01-01

With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication; however, some of them have been proved to be insecure. In this paper, we propose an efficient timestamp-based password authentication scheme using smart cards. We show various types of forgery attacks against a previously proposed timestamp-based password authenti...

A Survey of Authentication Schemes in Telecare Medicine Information Systems.

Science.gov (United States)

Aslam, Muhammad Umair; Derhab, Abdelouahid; Saleem, Kashif; Abbas, Haider; Orgun, Mehmet; Iqbal, Waseem; Aslam, Baber

2017-01-01

E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.

MULTIMODAL BIOMETRIC AUTHENTICATION USING PARTICLE SWARM OPTIMIZATION ALGORITHM WITH FINGERPRINT AND IRIS

Directory of Open Access Journals (Sweden)

A. Muthukumar

2012-02-01

Full Text Available In general, the identification and verification are done by passwords, pin number, etc., which is easily cracked by others. In order to overcome this issue biometrics is a unique tool for authenticate an individual person. Nevertheless, unimodal biometric is suffered due to noise, intra class variations, spoof attacks, non-universality and some other attacks. In order to avoid these attacks, the multimodal biometrics i.e. combining of more modalities is adapted. In a biometric authentication system, the acceptance or rejection of an entity is dependent on the similarity score falling above or below the threshold. Hence this paper has focused on the security of the biometric system, because compromised biometric templates cannot be revoked or reissued and also this paper has proposed a multimodal system based on an evolutionary algorithm, Particle Swarm Optimization that adapts for varying security environments. With these two concerns, this paper had developed a design incorporating adaptability, authenticity and security.

Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle.

Science.gov (United States)

Park, Namje; Kang, Namhi

2015-12-24

The Internet of Things (IoT), which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, "things" are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks.

Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle

Directory of Open Access Journals (Sweden)

Namje Park

2015-12-01

Full Text Available The Internet of Things (IoT, which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, “things” are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks.

Weaknesses of a dynamic identity based authentication protocol for multi-server architecture

OpenAIRE

Han, Weiwei

2012-01-01

Recently, Li et al. proposed a dynamic identity based authentication protocol for multi-server architecture. They claimed their protocol is secure and can withstand various attacks. But we found some security loopholes in the protocol. Accordingly, the current paper demonstrates that Li et al.'s protocol is vulnerable to the replay attack, the password guessing attack and the masquerade attack.

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

Directory of Open Access Journals (Sweden)

Liping Zhang

Full Text Available In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

Science.gov (United States)

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

Extended KCI attack against two-party key establishment protocols

NARCIS (Netherlands)

Tang, Qiang; Chen, Liqun

2011-01-01

We introduce an extended Key Compromise Impersonation (KCI) attack against two-party key establishment protocols, where an adversary has access to both long-term and ephemeral secrets of a victim. Such an attack poses serious threats to both key authentication and key confirmation properties of a

Key Based Mutual Authentication (KBMA Mechanism for Secured Access in MobiCloud Environment

Directory of Open Access Journals (Sweden)

Donald A. Cecil

2016-01-01

Full Text Available Mobile Cloud Computing (MCC fuels innovation in Mobile Computing and opens new pathways between mobile devices and infrastructures. There are several issues in MCC environment as it integrates various technologies. Among all issues, security lies on the top where many users are not willing to adopt the cloud services. This paper focuses on the authentication. The objective of this paper is to provide a mechanism for authenticating all the entities involved in accessing the cloud services. A mechanism called Key Based Mutual Authentication (KBMA is proposed which is divided into two processes namely registration and authentication. Registration is a one-time process where the users are registered for accessing the cloud services by giving the desired unique information. Authentication process is carried out mutually to verify the identities of Device and Cloud Service Provider (CSP. Scyther tool is used for analysing the vulnerability in terms of attacks. The result claims show that the proposed mechanism is resilient against various attacks.

A Novel Mobile Communications Authentication Scheme with Roaming Service and User Anonymity

Directory of Open Access Journals (Sweden)

Kai Chain

2016-11-01

Full Text Available Many novel, effective, and efficient applications and networking services are being developed for the Social Internet of Things. Recently, Li proposed a more secure and efficient authentication scheme with roaming service and user anonymity for mobile communications. The security analysis and discussion of the agreement phase is sufficiently safe; however, an attacker can intercept the identity of a mobile user’s home agent in the authentication phase. By using this information, the attacker can mount distributed denial-of-service attacks in the roaming phase through replay attacks targeting the network’s foreign agent and mobile user’s home agent by using their corresponding session keys. Li’s method also has some shortcomings regarding anonymity that we aim to address. To overcome these issues, this study proposes an elliptic curve–based wireless roaming anonymous login method for the authentication phase. The problems faced in the roaming phase are resolved, and this approach provides balanced session key computation between senders and receivers. Burrows-Abadi-Needham logic (BAN-logic is used to verify the security of the proposed scheme. The proposed scheme affords good security, efficiency, and integrity and maintains anonymity.

Efficient Protection of Android Applications through User Authentication Using Peripheral Devices

Directory of Open Access Journals (Sweden)

Jinseong Kim

2018-04-01

Full Text Available Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme—User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications’ execution significantly. We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.

Three-factor anonymous authentication and key agreement scheme for Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Nikooghadam, Morteza

2014-12-01

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan's scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

A robust ECC based mutual authentication protocol with anonymity for session initiation protocol.

Science.gov (United States)

Mehmood, Zahid; Chen, Gongliang; Li, Jianhua; Li, Linsen; Alzahrani, Bander

2017-01-01

Over the past few years, Session Initiation Protocol (SIP) is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

A robust ECC based mutual authentication protocol with anonymity for session initiation protocol.

Directory of Open Access Journals (Sweden)

Zahid Mehmood

Full Text Available Over the past few years, Session Initiation Protocol (SIP is found as a substantial application-layer protocol for the multimedia services. It is extensively used for managing, altering, terminating and distributing the multimedia sessions. Authentication plays a pivotal role in SIP environment. Currently, Lu et al. presented an authentication protocol for SIP and profess that newly proposed protocol is protected against all the familiar attacks. However, the detailed analysis describes that the Lu et al.'s protocol is exposed against server masquerading attack and user's masquerading attack. Moreover, it also fails to protect the user's identity as well as it possesses incorrect login and authentication phase. In order to establish a suitable and efficient protocol, having ability to overcome all these discrepancies, a robust ECC-based novel mutual authentication mechanism with anonymity for SIP is presented in this manuscript. The improved protocol contains an explicit parameter for user to cope the issues of security and correctness and is found to be more secure and relatively effective to protect the user's privacy, user's masquerading and server masquerading as it is verified through the comprehensive formal and informal security analysis.

A blind video watermarking scheme resistant to rotation and collusion attacks

Directory of Open Access Journals (Sweden)

Amlan Karmakar

2016-04-01

Full Text Available In this paper, Discrete Cosine Transform (DCT based blind video watermarking algorithm is proposed, which is perceptually invisible and robust against rotation and collusion attacks. To make the scheme resistant against rotation, watermark is embedded within the square blocks, placed on the middle position of every luminance channel. Then Zernike moments of those square blocks are calculated. The rotation invariance property of the Complex Zernike moments is exploited to predict the rotation angle of the video at the time of extraction of watermark bits. To make the scheme robust against collusion, design of the scheme is done in such a way that the embedding blocks will vary for the successive frames of the video. A Pseudo Random Number (PRN generator and a permutation vector are used to achieve the goal. The experimental results show that the scheme is robust against conventional video attacks, rotation attack and collusion attacks.

Context-Aware Multimodal FIDO Authenticator for Sustainable IT Services

Directory of Open Access Journals (Sweden)

Seung-Hyun Kim

2018-05-01

Full Text Available Existing sustainable IT services have several problems related to user authentication such as the inefficiency of managing the system security, low security, and low usability. In this paper, we propose a Fast IDentity Online (FIDO authenticator that performs continuous authentication with implicit authentication based on user context and multimodal authentication. The proposed FIDO authenticator, a context-aware multimodal FIDO authentication (CAMFA method, combines information such as the user context, state of the mobile device, and user biometrics, then applies implicit and explicit authentication methods to meet the level of authentication required by the service provider. This reduces the user’s explicit authentication burden and continually authenticates users at risk during the session. Moreover, it is able to respond to attacks such as the theft of the authentication method or session hijacking. To study the effectiveness of CAMFA, we ran a user study by collecting data from 22 participants over 42 days of activity on a practical Android platform. The result of the user study demonstrates that the number of explicit authentication requests could be reduced by half. Based on the results of this study, an advanced user authentication that provides multimodal and continuous authentication could be applied to sustainable IT services.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

Science.gov (United States)

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care.

Science.gov (United States)

Xie, Qi; Liu, Wenhao; Wang, Shengbao; Han, Lidong; Hu, Bin; Wu, Ting

2014-09-01

Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

Heuristic attacks against graphical password generators

CSIR Research Space (South Africa)

Peach, S

2010-05-01

Full Text Available In this paper the authors explore heuristic attacks against graphical password generators. A new trend is emerging to use user clickable pictures to generate passwords. This technique of authentication can be successfully used for - for example...

A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems.

Science.gov (United States)

Wang, Zhiheng; Huo, Zhanqiang; Shi, Wenbo

2015-01-01

With rapid development of computer technology and wide use of mobile devices, the telecare medicine information system has become universal in the field of medical care. To protect patients' privacy and medial data's security, many authentication schemes for the telecare medicine information system have been proposed. Due to its better performance, chaotic maps have been used in the design of authentication schemes for the telecare medicine information system. However, most of them cannot provide user's anonymity. Recently, Lin proposed a dynamic identity based authentication scheme using chaotic maps for the telecare medicine information system and claimed that their scheme was secure against existential active attacks. In this paper, we will demonstrate that their scheme cannot provide user anonymity and is vulnerable to the impersonation attack. Further, we propose an improved scheme to fix security flaws in Lin's scheme and demonstrate the proposed scheme could withstand various attacks.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

Science.gov (United States)

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Low Complexity Signed Response Based Sybil Attack Detection Mechanism in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

M. Saud Khan

2016-01-01

Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Identity based attacks such as spoofing and sybil not only compromise the network but also slow down its performance. This paper proposes a low complexity sybil attack detection scheme, that is, based on signed response (SRES authentication mechanism developed for Global System for Mobile (GSM communications. A probabilistic model is presented which analyzes the proposed authentication mechanism for its probability of sybil attack. The paper also presents a simulation based comparative analysis of the existing sybil attack schemes with respect to the proposed scheme. It is observed that the proposed sybil detection scheme exhibits lesser computational cost and power consumption as compared to the existing schemes for the same sybil detection performance.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

Science.gov (United States)

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

Multi-factor challenge/response approach for remote biometric authentication

Science.gov (United States)

Al-Assam, Hisham; Jassim, Sabah A.

2011-06-01

Although biometric authentication is perceived to be more reliable than traditional authentication schemes, it becomes vulnerable to many attacks when it comes to remote authentication over open networks and raises serious privacy concerns. This paper proposes a biometric-based challenge-response approach to be used for remote authentication between two parties A and B over open networks. In the proposed approach, a remote authenticator system B (e.g. a bank) challenges its client A who wants to authenticate his/her self to the system by sending a one-time public random challenge. The client A responds by employing the random challenge along with secret information obtained from a password and a token to produce a one-time cancellable representation of his freshly captured biometric sample. The one-time biometric representation, which is based on multi-factor, is then sent back to B for matching. Here, we argue that eavesdropping of the one-time random challenge and/or the resulting one-time biometric representation does not compromise the security of the system, and no information about the original biometric data is leaked. In addition to securing biometric templates, the proposed protocol offers a practical solution for the replay attack on biometric systems. Moreover, we propose a new scheme for generating a password-based pseudo random numbers/permutation to be used as a building block in the proposed approach. The proposed scheme is also designed to provide protection against repudiation. We illustrate the viability and effectiveness of the proposed approach by experimental results based on two biometric modalities: fingerprint and face biometrics.

Group Authentication Scheme for Neighbourhood Area Networks (NANs in Smart Grids

Directory of Open Access Journals (Sweden)

Bashar Alohali

2016-05-01

Full Text Available A Neighbourhood Area Network is a functional component of the Smart Grid that interconnects the end user domain with the Energy Services Provider (ESP domain. It forms the “edge” of the provider network, interconnecting homes instrumented with Smart Meters (SM with the ESP. The SM is a dual interface, wireless communication device through which information is transacted across the user (a home and ESP domains. The security risk to the ESP increases since the components within the home, interconnected to the ESP via the SM, are not managed by the ESP. Secure operation of the SM is a necessary requirement. The SM should be resilient to attacks, which might be targeted either directly or via the network in the home. This paper presents and discusses a security scheme for groups of SMs in a Neighbourhood Area Network that enable entire groups to authenticate themselves, rather than one at a time. The results show that a significant improvement in terms of resilience against node capture attacks, replay attacks, confidentiality, authentication for groups of SMs in a NAN that enable entire groups to authenticate themselves, rather than one at a time.

A provably-secure ECC-based authentication scheme for wireless sensor networks.

Science.gov (United States)

Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

2014-11-06

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

Science.gov (United States)

Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

2014-01-01

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes. PMID:25384009

A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-11-01

Full Text Available A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000. Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC, and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure schemes.

LMIP/AAA: Local Authentication, Authorization and Accounting (AAA) Protocol for Mobile IP

Science.gov (United States)

Chenait, Manel

Mobile IP represents a simple and scalable global mobility solution. However, it inhibits various vulnerabilities to malicious attacks and, therefore, requires the integration of appropriate security services. In this paper, we discuss two authentication schemes suggested for Mobile IP: standard authentication and Mobile IP/AAA authentication. In order to provide Mobile IP roaming services including identity verication, we propose an improvement to Mobile/AAA authentication scheme by applying a local politic key management in each domain, hence we reduce hando latency by avoiding the involvement of AAA infrastructure during mobile node roaming.

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Hoon-Jae Lee

2011-05-01

Full Text Available In recent years, wireless sensor networks (WSNs have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

Directory of Open Access Journals (Sweden)

Tsung-Hung Lin

2017-12-01

Full Text Available The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA. PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.

Science.gov (United States)

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Xie, Dong; Yang, Yixian

2015-06-01

The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

Directory of Open Access Journals (Sweden)

Youngsook Lee

2014-01-01

Full Text Available An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1 it fails to provide user anonymity against any third party as well as the foreign agent, (2 it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3 it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

A Protocol for Provably Secure Authentication of a Tiny Entity to a High Performance Computing One

Directory of Open Access Journals (Sweden)

Siniša Tomović

2016-01-01

Full Text Available The problem of developing authentication protocols dedicated to a specific scenario where an entity with limited computational capabilities should prove the identity to a computationally powerful Verifier is addressed. An authentication protocol suitable for the considered scenario which jointly employs the learning parity with noise (LPN problem and a paradigm of random selection is proposed. It is shown that the proposed protocol is secure against active attacking scenarios and so called GRS man-in-the-middle (MIM attacking scenarios. In comparison with the related previously reported authentication protocols the proposed one provides reduction of the implementation complexity and at least the same level of the cryptographic security.

Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things

Directory of Open Access Journals (Sweden)

Anup Kumar Maurya

2017-10-01

Full Text Available To improve the quality of service and reduce the possibility of security attacks, a secure and efficient user authentication mechanism is required for Wireless Sensor Networks (WSNs and the Internet of Things (IoT. Session key establishment between the sensor node and the user is also required for secure communication. In this paper, we perform the security analysis of A.K.Das’s user authentication scheme (given in 2015, Choi et al.’s scheme (given in 2016, and Park et al.’s scheme (given in 2016. The security analysis shows that their schemes are vulnerable to various attacks like user impersonation attack, sensor node impersonation attack and attacks based on legitimate users. Based on the cryptanalysis of these existing protocols, we propose a secure and efficient authenticated session key establishment protocol which ensures various security features and overcomes the drawbacks of existing protocols. The formal and informal security analysis indicates that the proposed protocol withstands the various security vulnerabilities involved in WSNs. The automated validation using AVISPA and Scyther tool ensures the absence of security attacks in our scheme. The logical verification using the Burrows-Abadi-Needham (BAN logic confirms the correctness of the proposed protocol. Finally, the comparative analysis based on computational overhead and security features of other existing protocol indicate that the proposed user authentication system is secure and efficient. In future, we intend to implement the proposed protocol in real-world applications of WSNs and IoT.

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

Science.gov (United States)

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

2015-11-01

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

Science.gov (United States)

Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme. PMID:24892078

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

Directory of Open Access Journals (Sweden)

Ashok Kumar Das

2014-01-01

Full Text Available In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

A robust and effective smart-card-based remote user authentication mechanism using hash function.

Science.gov (United States)

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

Practical quantum private query with better performance in resisting joint-measurement attack

Science.gov (United States)

Wei, Chun-Yan; Wang, Tian-Yin; Gao, Fei

2016-04-01

As a kind of practical protocol, quantum-key-distribution (QKD)-based quantum private queries (QPQs) have drawn lots of attention. However, joint-measurement (JM) attack poses a noticeable threat to the database security in such protocols. That is, by JM attack a malicious user can illegally elicit many more items from the database than the average amount an honest one can obtain. Taking Jacobi et al.'s protocol as an example, by JM attack a malicious user can obtain as many as 500 bits, instead of the expected 2.44 bits, from a 104-bit database in one query. It is a noticeable security flaw in theory, and would also arise in application with the development of quantum memories. To solve this problem, we propose a QPQ protocol based on a two-way QKD scheme, which behaves much better in resisting JM attack. Concretely, the user Alice cannot get more database items by conducting JM attack on the qubits because she has to send them back to Bob (the database holder) before knowing which of them should be jointly measured. Furthermore, JM attack by both Alice and Bob would be detected with certain probability, which is quite different from previous protocols. Moreover, our protocol retains the good characters of QKD-based QPQs, e.g., it is loss tolerant and robust against quantum memory attack.

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

Science.gov (United States)

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

Science.gov (United States)

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

An Optimal Non-Interactive Message Authentication Protocol

OpenAIRE

Pasini, Sylvain; Vaudenay, Serge

2006-01-01

Vaudenay recently proposed a message authentication protocol which is interactive and based on short authenticated strings (SAS). We study here SAS-based non-interactive message authentication protocols (NIMAP). We start by the analysis of two popular non-interactive message authentication protocols. The first one is based on a collision-resistant hash function and was presented by Balfanz et al. The second protocol is based on a universal hash function family and was proposed by Gehrmann, Mi...

Quantum attack-resistent certificateless multi-receiver signcryption scheme.

Directory of Open Access Journals (Sweden)

Huixian Li

Full Text Available The existing certificateless signcryption schemes were designed mainly based on the traditional public key cryptography, in which the security relies on the hard problems, such as factor decomposition and discrete logarithm. However, these problems will be easily solved by the quantum computing. So the existing certificateless signcryption schemes are vulnerable to the quantum attack. Multivariate public key cryptography (MPKC, which can resist the quantum attack, is one of the alternative solutions to guarantee the security of communications in the post-quantum age. Motivated by these concerns, we proposed a new construction of the certificateless multi-receiver signcryption scheme (CLMSC based on MPKC. The new scheme inherits the security of MPKC, which can withstand the quantum attack. Multivariate quadratic polynomial operations, which have lower computation complexity than bilinear pairing operations, are employed in signcrypting a message for a certain number of receivers in our scheme. Security analysis shows that our scheme is a secure MPKC-based scheme. We proved its security under the hardness of the Multivariate Quadratic (MQ problem and its unforgeability under the Isomorphism of Polynomials (IP assumption in the random oracle model. The analysis results show that our scheme also has the security properties of non-repudiation, perfect forward secrecy, perfect backward secrecy and public verifiability. Compared with the existing schemes in terms of computation complexity and ciphertext length, our scheme is more efficient, which makes it suitable for terminals with low computation capacity like smart cards.

Comparative Study on Various Authentication Protocols in Wireless Sensor Networks.

Science.gov (United States)

Rajeswari, S Raja; Seenivasagam, V

2016-01-01

Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated.

Comparative Study on Various Authentication Protocols in Wireless Sensor Networks

Science.gov (United States)

Rajeswari, S. Raja; Seenivasagam, V.

2016-01-01

Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated. PMID:26881272

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks.

Science.gov (United States)

Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

2016-08-16

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.'s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.'s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks".

Science.gov (United States)

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroaki; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Practical security and privacy attacks against biometric hashing using sparse recovery

Science.gov (United States)

Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdogan, Hakan

2016-12-01

Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user's password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

An Approach for Prevention of MitM Attack Based on Rogue AP in Wireless Network

OpenAIRE

Zhendong Wu; Mengru Cai; Siyu Liang

2014-01-01

With the rapid development of WLAN, more and more schools and businesses have begun to provide the WLAN for users. However, WLAN is considerably more susceptible to MitM (man- in-the-middle) attack. To overcome it, we propose a dynamic password technology named Two-way Dynamic Authentication Technology (TDAT). It uses two-factor during the initial authentication, and uses a two-way hash chain during the cross-domain authentication. TDAT effectively protects users' authentication credentials a...

Secure and Efficient User Authentication Scheme Based on Password and Smart Card for Multiserver Environment

Directory of Open Access Journals (Sweden)

Yan Zhao

2018-01-01

Full Text Available The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, cloud computing, and edge computing. This also enables more and more network enterprises to provide multiple different services simultaneously. To ensure these services can only be accessed conveniently by authorized users, many password and smart card based authentication schemes for multiserver architecture have been proposed. Recently, Truong et al. introduced an identity based user authentication scheme on elliptic curve cryptography in multiserver environment and claimed that their scheme is secure against popular attacks. However, in this paper, we point out that their scheme suffers from offline password guessing and impersonation attack and fails to achieve security requirements of this kind of authentication scheme. Moreover, we put forward a new scheme to conquer security pitfalls in the above scheme. Security analysis indicates that the proposed scheme can be free from well-known attacks. Performance discussion demonstrates that our scheme has advantages in terms of both security property and computation efficiency and thus is more desirable for practical applications in multiserver environment.

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards.

Science.gov (United States)

Moon, Jongho; Choi, Younsung; Jung, Jaewook; Won, Dongho

2015-01-01

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user's management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.'s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.'s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.'s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

Science.gov (United States)

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

Science.gov (United States)

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

Science.gov (United States)

Das, Ashok Kumar

2015-03-01

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

User-Authentication on Wearable Devices Based on Punch Gesture Biometrics

Directory of Open Access Journals (Sweden)

Liang Guan-Cheng

2017-01-01

Full Text Available Due to commoditization and convenience, wearable technology are interwoven with our daily life. However, privacy sensitive data stored on those devices such as personal email, message can be easily stolen. Most devices require a PIN input to unlock. However, this mechanism is vulnerable to shoulder surfing attack. Thus many novel authentication approaches have been proposed to solve this problem. And biometric-based methods have been adopted by many researchers because of the efficiency and excellent performance. In this paper, we propose a new biometric-based authentication system. We focus on how the user performs a straight punch gesture subconsciously. By analysis the acceleration data from the smartwatch when user performing the gesture, we are able to profile the user. And we authenticate the user according to the biometrics of this action. This mechanism is light-weighted and do not require user to remember any secret code. We develop an authentication system on Samsung Gear Fit 2 and conducted a real-world experiment on 20 volunteers. And we collected 13000 gesture samples to evaluate our system. Results show that our system can achieve a classification accuracy of at least 95.45%. In attacking scenario, our system can achieve an equal error rate lower than 4%. The maximum number of samples required by a well-trained classifier is 25.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

Science.gov (United States)

Chaudhry, Shehzad Ashraf; Khan, Muhammad Tawab; Khan, Muhammad Khurram; Shon, Taeshik

2016-11-01

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

An authentication scheme for secure access to healthcare services.

Science.gov (United States)

Khan, Muhammad Khurram; Kumari, Saru

2013-08-01

Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System.

Science.gov (United States)

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Obaidat, Mohammad S

2015-11-01

In order to access remote medical server, generally the patients utilize smart card to login to the server. It has been observed that most of the user (patient) authentication protocols suffer from smart card stolen attack that means the attacker can mount several common attacks after extracting smart card information. Recently, Lu et al.'s proposes a session key agreement protocol between the patient and remote medical server and claims that the same protocol is secure against relevant security attacks. However, this paper presents several security attacks on Lu et al.'s protocol such as identity trace attack, new smart card issue attack, patient impersonation attack and medical server impersonation attack. In order to fix the mentioned security pitfalls including smart card stolen attack, this paper proposes an efficient remote mutual authentication protocol using smart card. We have then simulated the proposed protocol using widely-accepted AVISPA simulation tool whose results make certain that the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. Moreover, the rigorous security analysis proves that the proposed protocol provides strong security protection on the relevant security attacks including smart card stolen attack. We compare the proposed scheme with several related schemes in terms of computation cost and communication cost as well as security functionalities. It has been observed that the proposed scheme is comparatively better than related existing schemes.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

Science.gov (United States)

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic. PMID:26580963

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks".

Directory of Open Access Journals (Sweden)

Mojtaba Alizadeh

Full Text Available Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Attack strategies on quantum cryptographic protocols

International Nuclear Information System (INIS)

Schauer, S.; Suda, M.

2006-01-01

Full text: Quantum key distribution (QKD) and quantum authentication (QA) have been a topic of extensive research in the last 20 years. In course of that many attacks on QKD and QA protocols have been studied. Among these, Zhang, Lee and Guo presented an attack on a QKD protocol using entanglement swapping. Based on that strategy we take a look at other protocols to inspect how much information an adversary may get if he shares entanglement with either one or both parties. We will present some protocols where an adversary can even get full information about the key using entanglement. (author)

Location-assured, multifactor authentication on smartphones via LTE communication

Science.gov (United States)

Kuseler, Torben; Lami, Ihsan A.; Al-Assam, Hisham

2013-05-01

With the added security provided by LTE, geographical location has become an important factor for authentication to enhance the security of remote client authentication during mCommerce applications using Smartphones. Tight combination of geographical location with classic authentication factors like PINs/Biometrics in a real-time, remote verification scheme over the LTE layer connection assures the authenticator about the client itself (via PIN/biometric) as well as the client's current location, thus defines the important aspects of "who", "when", and "where" of the authentication attempt without eaves dropping or man on the middle attacks. To securely integrate location as an authentication factor into the remote authentication scheme, client's location must be verified independently, i.e. the authenticator should not solely rely on the location determined on and reported by the client's Smartphone. The latest wireless data communication technology for mobile phones (4G LTE, Long-Term Evolution), recently being rolled out in various networks, can be employed to enhance this location-factor requirement of independent location verification. LTE's Control Plane LBS provisions, when integrated with user-based authentication and independent source of localisation factors ensures secure efficient, continuous location tracking of the Smartphone. This feature can be performed during normal operation of the LTE-based communication between client and network operator resulting in the authenticator being able to verify the client's claimed location more securely and accurately. Trials and experiments show that such algorithm implementation is viable for nowadays Smartphone-based banking via LTE communication.

A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

Science.gov (United States)

Das, Ashok Kumar; Goswami, Adrijit

2013-06-01

Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user's personal biometrics along with his/her password with the help of the smart card. The user's biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.'s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.'s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

An efficient deterministic secure quantum communication scheme based on cluster states and identity authentication

International Nuclear Information System (INIS)

Wen-Jie, Liu; Han-Wu, Chen; Zhi-Qiang, Li; Zhi-Hao, Liu; Wen-Bo, Hu; Ting-Huai, Ma

2009-01-01

A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer. (general)

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks

Science.gov (United States)

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. PMID:29702675

The role of a positive trigger event in actioning authentic leadership development

Directory of Open Access Journals (Sweden)

S. Puente

2007-11-01

Full Text Available Authenticity can best be understood in context, and context implies action (Payne, 1996. For the purpose of this study, leadership in general, and authentic leadership in particular, were explored in terms of the actions of former mayor of New York City, Rudolph Giuliani, who displayed authentic leadership in action during the tragic aftermath of the World Trade Centre attacks. Authentic leadership development tends to be triggered by a negative event (as in the case of 9/11 for Giuliani, for example. Since there is limited knowledge of how a positive event may trigger authentic leadership development, the aim of this study was to explore the potential of Appreciative Inquiry (AI - an affirmative mode of action research - as a positive trigger event for authentic leadership development. The results indicated that this positive approach to change could indeed be implemented for this purpose.

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jaewook Jung

2016-08-01

Full Text Available In wireless sensor networks (WSNs, a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.’s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.’s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

E-SAP: efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks.

Science.gov (United States)

Kumar, Pardeep; Lee, Sang-Gon; Lee, Hoon-Jae

2012-01-01

A wireless medical sensor network (WMSN) can sense humans' physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals' hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients' medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.

E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks

Directory of Open Access Journals (Sweden)

Hoon-Jae Lee

2012-02-01

Full Text Available A wireless medical sensor network (WMSN can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1 a two-factor (i.e., password and smartcard professional authentication; (2 mutual authentication between the professional and the medical sensor; (3 symmetric encryption/decryption for providing message confidentiality; (4 establishment of a secure session key at the end of authentication; and (5 professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost. Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.

An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

Science.gov (United States)

Das, Ashok Kumar; Goswami, Adrijit

2014-06-01

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

A Remote User Authentication Scheme with Anonymity for Mobile Devices

Directory of Open Access Journals (Sweden)

Soobok Shin

2012-04-01

Full Text Available With the rapid growth of information technologies, mobile devices have been utilized in a variety of services such as e-commerce. When a remote server provides such e-commerce services to a user, it must verify the legitimacy of the user over an insecure communication channel. Therefore, remote user authentication has been widely deployed to verify the legitimacy of remote user login requests using mobile devices like smart cards. In this paper we propose a smart card-based authentication scheme that provides both user anonymity and mutual authentication between a remote server and a user. The proposed authentication scheme is a simple and efficient system applicable to the limited resource and low computing performance of the smart card. The proposed scheme provides not only resilience to potential attacks in the smart card-based authentication scheme, but also secure authentication functions. A smart card performs a simple one-way hash function, the operations of exclusive-or and concatenation in the authentication phase of the proposed scheme. The proposed scheme also provides user anonymity using a dynamic identity and key agreement, and secure password change.

Security strategy of powered-off SRAM for resisting physical attack to data remanence

International Nuclear Information System (INIS)

Yu Kai; Zou Xuecheng; Yu Guoyi; Wang Weixu

2009-01-01

This paper presents a security strategy for resisting a physical attack utilizing data remanence in powered-off static random access memory (SRAM). Based on the mechanism of physical attack to data remanence, the strategy intends to erase data remanence in memory cells once the power supply is removed, which disturbs attackers trying to steal the right information. Novel on-chip secure circuits including secure power supply and erase transistor are integrated into conventional SRAM to realize erase operation. Implemented in 0.25 μm Huahong-NEC CMOS technology, an SRAM exploiting the proposed security strategy shows the erase operation is accomplished within 0.2 μs and data remanence is successfully eliminated. Compared with conventional SRAM, the retentive time of data remanence is reduced by 82% while the operation power consumption only increases by 7%.

Anonymous authentication and location privacy preserving schemes for LTE-A networks

Directory of Open Access Journals (Sweden)

Zaher Jabr Haddad

2017-11-01

Full Text Available Long Term Evaluation Advanced (LTE-A is the third generation partnership project for cellular network that allows subscribers to roam into networks (i.e., the Internet and wireless connections using spacial purpose base-stations, such as wireless access points and home node B. In such LTE-A based networks, neither base-stations, nor the Internet and wireless connections are trusted because base-stations are operated by un-trusted subscribers. Attackers may exploit these vulnerabilities to violate the privacy of the LTE-A subscribers. On the other hand, the tradeoff between privacy and authentication is another challenge in such networks. Therefore, in this paper, we propose two anonymous authentication schemes based on one-time pseudonymes and Schnorr Zero Knowledge Protocols. Instead of the international mobile subscriber identity, these schemes enable the user equipment, base-stations and mobility management entity to mutually authenticate each others and update the location of the user equipment without evolving the home subscriber server. The security analysis demonstrate that the proposed schemes thwart security and privacy attacks, such as malicious, international mobile subscriber identity catching, and tracking attacks. Additionally, our proposed schemes preserve the location privacy of user equipment since no entity except the mobility management entity and Gate-Way Mobile Location Center can link between the pseudonymes and the international mobile subscriber identity. Also attackers have no knowledge about international mobile subscriber identity. Hence, the proposed schemes achieve backward/forward secrecy. Furthermore, the performance evaluation shows that the proposed handover schemes impose a small overhead on the mobile nodes and it has smaller computation and communication overheads than those in other schemes.

Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer

Science.gov (United States)

Mannan, Mohammad; van Oorschot, P. C.

Keylogging and phishing attacks can extract user identity and sensitive account information for unauthorized access to users' financial accounts. Most existing or proposed solutions are vulnerable to session hijacking attacks. We propose a simple approach to counter these attacks, which cryptographically separates a user's long-term secret input from (typically untrusted) client PCs; a client PC performs most computations but has access only to temporary secrets. The user's long-term secret (typically short and low-entropy) is input through an independent personal trusted device such as a cellphone. The personal device provides a user's long-term secrets to a client PC only after encrypting the secrets using a pre-installed, "correct" public key of a remote service (the intended recipient of the secrets). The proposed protocol (MP-Auth) realizes such an approach, and is intended to safeguard passwords from keyloggers, other malware (including rootkits), phishing attacks and pharming, as well as to provide transaction security to foil session hijacking. We report on a prototype implementation of MP-Auth, and provide a comparison of web authentication techniques that use an additional factor of authentication (e.g. a cellphone, PDA or hardware token).

A New Key-lock Method for User Authentication and Access Control

Institute of Scientific and Technical Information of China (English)

JI Dongyao; ZHANG Futai; WANG Yumin

2001-01-01

We propose a new key-lock methodfor user authentication and access control based onChinese remainder theorem, the concepts of the ac-cess control matrix, key-lock-pair, time stamp, and the NS public key protocol. Our method is dynamicand needs a minimum amount of computation in thesense that it only updates at most one key/lock foreach access request. We also demonstrate how an au-thentication protocol can be integrated into the ac-cess control method. By applying a time stamp, themethod can not only withstand replay attack, butalso strengthen the authenticating mechanism, whichcould not be achieved simultaneously in previous key-lock methods.

Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware

DEFF Research Database (Denmark)

Bilgin, Begul; Bogdanov, Andrey; Knezevic, Miroslav

2013-01-01

In this paper, we present a novel lightweight authenticated cipher optimized for hardware implementations called Fides. It is an online nonce-based authenticated encryption scheme with authenticated data whose area requirements are as low as 793 GE and 1001 GE for 80-bit and 96-bit security...

Estimation of terrorist attack resistibility of dual-purpose cask TP-117 with DU (depleted uranium) gamma shield

International Nuclear Information System (INIS)

Alekseev, O.G.; Matveev, V.Z.; Morenko, A.I.; Il'kaev, R.I.; Shapovalov, V.I.

2004-01-01

Report is devoted to numerical research of dual-purpose unified cask (used for SFA transportation and storage) resistance to terrorist attacks. High resistance of dual-purpose unified cask has been achieved due to the unique design-technological solutions and implementation of depleted uranium in cask construction. In suggested variant of construction depleted uranium fulfils functions of shielding and constructional material. It is used both in metallic and cermet form (basing on steel and depleted uranium dioxide). Implementation of depleted uranium in cask construction allows maximal load in existing overall dimensions of the cask. At the same time: 1) all safety requirements (IAEA) are met, 2) dual-purpose cask with SFA has high resistance to terrorist attacks

Estimation of terrorist attack resistibility of dual-purpose cask TP-117 with DU (depleted uranium) gamma shield

Energy Technology Data Exchange (ETDEWEB)

Alekseev, O.G.; Matveev, V.Z.; Morenko, A.I.; Il' kaev, R.I.; Shapovalov, V.I. [Russian Federal Nuclear Center - All-Russian Research Inst. of Experimental Physics, Sarov (Russian Federation)

2004-07-01

Report is devoted to numerical research of dual-purpose unified cask (used for SFA transportation and storage) resistance to terrorist attacks. High resistance of dual-purpose unified cask has been achieved due to the unique design-technological solutions and implementation of depleted uranium in cask construction. In suggested variant of construction depleted uranium fulfils functions of shielding and constructional material. It is used both in metallic and cermet form (basing on steel and depleted uranium dioxide). Implementation of depleted uranium in cask construction allows maximal load in existing overall dimensions of the cask. At the same time: 1) all safety requirements (IAEA) are met, 2) dual-purpose cask with SFA has high resistance to terrorist attacks.

Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems.

Science.gov (United States)

Li, Chun-Ta; Shih, Dong-Her; Wang, Chun-Cheng

2018-04-01

 With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated.  Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks.  The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS.  We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features

Physiological Biometric Authentication Systems Advantages Disadvantages And Future Development A Review

Directory of Open Access Journals (Sweden)

Israa M. Alsaadi

2015-08-01

Full Text Available Abstract With the fast increasing of the electronic crimes and their related issues deploying a reliable user authentication system became a significant task for both of access control and securing users private data. Human biometric characteristics such as face finger iris scanning voice signature and other features provide a dependable security level for both of the personal and the public use. Many biometric authentication systems have been approached for long time. Due to the uniqueness of human biometrics witch played a master role in degrading imposters attacks. Such authentication models have overcome other traditional security methods like passwords and PIN. This paper aims to briefly address the psychological biometric authentication techniques. Also a brief summary to the advantages disadvantages and future developments of each method is provided in this paper.

Acidic Attack Resistance of Cement Mortar Treated with Alkaline

Directory of Open Access Journals (Sweden)

Nadia Nazhat Sabeeh

2017-12-01

Full Text Available The negative effect of acidic attack on the properties of concrete and cement mortar is a topic of increasing significance in the recent years. Many attempts has occurred to mitigate this negative impact by improving the properties of concrete and increase resistance to acids by using additives. The present study includes treatment of sand by alkaline material and examine the effect of treatment on cement mortar resistance towards hydrochloric and sulfuric acid. Results show that sand treatment by alkaline material significantly enhance mortar ability to resist acids. In terms of loss weight, the maximum weight rate gain was 25.54% for specimens immersed in Hydrochloric acid with water cement ratio 40%. For specimens immersed in HCl, the average gain in compressive strength is (20.15-19.433% for w/c (40-45% respectively. The average gain in modulus of rupture toward the influence of H2SO4 is (18.37–17.99% for w/c (40-45%, respectively.

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

Science.gov (United States)

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

Science.gov (United States)

Moon, Jongho; Choi, Younsung; Jung, Jaewook; Won, Dongho

2015-01-01

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties. PMID:26709702

A Framework for Federated Two-Factor Authentication Enabling Cost-Effective Secure Access to Distributed Cyberinfrastructure

Energy Technology Data Exchange (ETDEWEB)

Ezell, Matthew A [ORNL; Rogers, Gary L [University of Tennessee, Knoxville (UTK); Peterson, Gregory D. [University of Tennessee, Knoxville (UTK)

2012-01-01

As cyber attacks become increasingly sophisticated, the security measures used to mitigate the risks must also increase in sophistication. One time password (OTP) systems provide strong authentication because security credentials are not reusable, thus thwarting credential replay attacks. The credential changes regularly, making brute-force attacks significantly more difficult. In high performance computing, end users may require access to resources housed at several different service provider locations. The ability to share a strong token between multiple computing resources reduces cost and complexity. The National Science Foundation (NSF) Extreme Science and Engineering Discovery Environment (XSEDE) provides access to digital resources, including supercomputers, data resources, and software tools. XSEDE will offer centralized strong authentication for services amongst service providers that leverage their own user databases and security profiles. This work implements a scalable framework built on standards to provide federated secure access to distributed cyberinfrastructure.

Attacks on IEEE 802.11 wireless networks

Directory of Open Access Journals (Sweden)

Dejan Milan Tepšić

2013-06-01

Full Text Available Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity. Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key. WPA2 (802.11i later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption. Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated. Introduction In the entire history of

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

Science.gov (United States)

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

A digital memories based user authentication scheme with privacy preservation.

Directory of Open Access Journals (Sweden)

JunLiang Liu

Full Text Available The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key, which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users' privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results.

A generalized architecture of quantum secure direct communication for N disjointed users with authentication

Science.gov (United States)

Farouk, Ahmed; Zakaria, Magdy; Megahed, Adel; Omara, Fatma A.

2015-11-01

In this paper, we generalize a secured direct communication process between N users with partial and full cooperation of quantum server. So, N - 1 disjointed users u1, u2, …, uN-1 can transmit a secret message of classical bits to a remote user uN by utilizing the property of dense coding and Pauli unitary transformations. The authentication process between the quantum server and the users are validated by EPR entangled pair and CNOT gate. Afterwards, the remained EPR will generate shared GHZ states which are used for directly transmitting the secret message. The partial cooperation process indicates that N - 1 users can transmit a secret message directly to a remote user uN through a quantum channel. Furthermore, N - 1 users and a remote user uN can communicate without an established quantum channel among them by a full cooperation process. The security analysis of authentication and communication processes against many types of attacks proved that the attacker cannot gain any information during intercepting either authentication or communication processes. Hence, the security of transmitted message among N users is ensured as the attacker introduces an error probability irrespective of the sequence of measurement.

An authenticated encrypted routing protocol against attacks in mobile ad-hoc networks

Directory of Open Access Journals (Sweden)

C.C. Suma

2017-01-01

Full Text Available Mobile Ad hoc Network is stated as a cluster that contains Digital data terminals and they are furnished with the wireless transceivers which are able to communicate with each other with no need of any fixed architecture or concentrated authority. Security is one of the major issues in MANETs because of vast applications such as Military Battlefields, emergency and rescue operations[10]. In order to provide anonymous communications and to identify the malicious nodes in MANETs, many authors have proposed different secure routing protocols but each protocol have their own advantages and disadvantages. In MANTE’s each and every node in the communicating network functions like router and transmits the packets among the networking nodes for the purpose of communication[11]. Sometimes nodes may be attacked by the malicious nodes or the legitimate node will be caught by foemen there by controlling and preventing the nodes to perform the assigned task or nodes may be corrupted due to loss of energy. So, due to these drawbacks securing the network under the presence of adversaries is an important thing. The existing protocols were designed with keeping anonymity and the identification of vicious nodes in the network as the main goal. For providing better security, the anonymity factors such as Unidentifiability and Unlinkability must be fully satisfied[1]. Many anonymous routing schemes that concentrate on achieving anonymity are proposed in the past decade and they provides the security at different levels and also provides the privacy protection that is of different cost. In this paper we consider a protocol called Authenticated Secure Routing Protocol proposed which provides both security & anonymity. Anonymity is achieved in this protocol using Group signature. Over all by using this protocol performance in terms of throughput as well as the packet dropping rate is good compared to the other living protocols.

An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks.

Science.gov (United States)

Zhu, Hongfei; Tan, Yu-An; Zhu, Liehuang; Wang, Xianmin; Zhang, Quanxin; Li, Yuanzhang

2018-05-22

With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people's lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size.

An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Hongfei Zhu

2018-05-01

Full Text Available With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people’s lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size.

Authentication via wavefront-shaped optical responses

Science.gov (United States)

Eilers, Hergen; Anderson, Benjamin R.; Gunawidjaja, Ray

2018-02-01

Authentication/tamper-indication is required in a wide range of applications, including nuclear materials management and product counterfeit detection. State-of-the-art techniques include reflective particle tags, laser speckle authentication, and birefringent seals. Each of these passive techniques has its own advantages and disadvantages, including the need for complex image comparisons, limited flexibility, sensitivity to environmental conditions, limited functionality, etc. We have developed a new active approach to address some of these short-comings. The use of an active characterization technique adds more flexibility and additional layers of security over current techniques. Our approach uses randomly-distributed nanoparticles embedded in a polymer matrix (tag/seal) which is attached to the item to be secured. A spatial light modulator is used to adjust the wavefront of a laser which interacts with the tag/seal, and a detector is used to monitor this interaction. The interaction can occur in various ways, including transmittance, reflectance, fluorescence, random lasing, etc. For example, at the time of origination, the wavefront-shaped reflectance from a tag/seal can be adjusted to result in a specific pattern (symbol, words, etc.) Any tampering with the tag/seal would results in a disturbance of the random orientation of the nanoparticles and thus distort the reflectance pattern. A holographic waveplate could be inserted into the laser beam for verification. The absence/distortion of the original pattern would then indicate that tampering has occurred. We have tested the tag/seal's and authentication method's tamper-indicating ability using various attack methods, including mechanical, thermal, and chemical attacks, and have verified our material/method's robust tamper-indicating ability.

A Compact and Low Power RO PUF with High Resilience to the EM Side-Channel Attack and the SVM Modelling Attack of Wireless Sensor Networks.

Science.gov (United States)

Cao, Yuan; Zhao, Xiaojin; Ye, Wenbin; Han, Qingbang; Pan, Xiaofang

2018-01-23

Authentication is a crucial security service for the wireless sensor networks (WSNs) in versatile domains. The deployment of WSN devices in the untrusted open environment and the resource-constrained nature make the on-chip authentication an open challenge. The strong physical unclonable function (PUF) came in handy as light-weight authentication security primitive. In this paper, we present the first ring oscillator (RO) based strong physical unclonable function (PUF) with high resilience to both the electromagnetic (EM) side-channel attack and the support vector machine (SVM) modelling attack. By employing an RO based PUF architecture with the current starved inverter as the delay cell, the oscillation power is significantly reduced to minimize the emitted EM signal, leading to greatly enhanced immunity to the EM side-channel analysis attack. In addition, featuring superior reconfigurability due to the conspicuously simplified circuitries, the proposed implementation is capable of withstanding the SVM modelling attack by generating and comparing a large number of RO frequency pairs. The reported experimental results validate the prototype of a 9-stage RO PUF fabricated using standard 65 nm complementary-metal-oxide-semiconductor (CMOS) process. Operating at the supply voltage of 1.2 V and the frequency of 100 KHz, the fabricated RO PUF occupies a compact silicon area of 250 μ m 2 and consumes a power as low as 5.16 μ W per challenge-response pair (CRP). Furthermore, the uniqueness and the worst-case reliability are measured to be 50.17% and 98.30% for the working temperature range of -40∼120 ∘ C and the supply voltage variation of ±2%, respectively. Thus, the proposed PUF is applicable for the low power, low cost and secure WSN communications.

Multimodal Authentication - Biometric Password And Steganography

Directory of Open Access Journals (Sweden)

Alvin Prasad

2017-06-01

Full Text Available Security is a major concern for everyone be it individuals or organizations. As the nature of information systems is becoming distributed securing them is becoming difficult as well. New applications are developed by researchers and developers to counter security issues but as soon as the application is released new attacks are formed to bypass the application. Kerberos is an authentication protocol which helps in to verify and validate a user to a server. As it is a widely used protocol minimizing or preventing the password attack is important. In this research we have analyzed the Kerberos protocol and suggested some ideas which can be considered while updating Kerberos to prevent the password attack. In the proposed solution we are suggesting to use password and biometric technique while registering on the network to enjoy the services and a combination of cryptography and steganography technique while communicating back to the user.

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem.

Science.gov (United States)

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

2015-03-01

The telecare medical information systems (TMISs) enable patients to conveniently enjoy telecare services at home. The protection of patient's privacy is a key issue due to the openness of communication environment. Authentication as a typical approach is adopted to guarantee confidential and authorized interaction between the patient and remote server. In order to achieve the goals, numerous remote authentication schemes based on cryptography have been presented. Recently, Arshad et al. (J Med Syst 38(12): 2014) presented a secure and efficient three-factor authenticated key exchange scheme to remedy the weaknesses of Tan et al.'s scheme (J Med Syst 38(3): 2014). In this paper, we found that once a successful off-line password attack that results in an adversary could impersonate any user of the system in Arshad et al.'s scheme. In order to thwart these security attacks, an enhanced biometric and smart card based remote authentication scheme for TMISs is proposed. In addition, the BAN logic is applied to demonstrate the completeness of the enhanced scheme. Security and performance analyses show that our enhanced scheme satisfies more security properties and less computational cost compared with previously proposed schemes.

Increasing Trustworthiness of Face Authentication in Mobile Devices by Modeling Gesture Behavior and Location Using Neural Networks

Directory of Open Access Journals (Sweden)

Blerim Rexha

2018-02-01

Full Text Available Personal mobile devices currently have access to a significant portion of their user’s private sensitive data and are increasingly used for processing mobile payments. Consequently, securing access to these mobile devices is a requirement for securing access to the sensitive data and potentially costly services. Face authentication is one of the promising biometrics-based user authentication mechanisms that has been widely available in this era of mobile computing. With a built-in camera capability on smartphones, tablets, and laptops, face authentication provides an attractive alternative of legacy passwords for its memory-less authentication process, which is so sophisticated that it can unlock the device faster than a fingerprint. Nevertheless, face authentication in the context of smartphones has proven to be vulnerable to attacks. In most current implementations, a sufficiently high-resolution face image displayed on another mobile device will be enough to circumvent security measures and bypass the authentication process. In order to prevent such bypass attacks, gesture recognition together with location is proposed to be additionally modeled. Gestures provide a faster and more convenient method of authentication compared to a complex password. The focus of this paper is to build a secure authentication system with face, location and gesture recognition as components. User gestures and location data are a sequence of time series; therefore, in this paper we propose to use unsupervised learning in the long short-term memory recurrent neural network to actively learn to recognize, group and discriminate user gestures and location. Moreover, a clustering-based technique is also implemented for recognizing gestures and location.

Password-only authenticated three-party key exchange with provable security in the standard model.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

A Novel Video Data-Source Authentication Model Based on Digital Watermarking and MAC in Multicast

Institute of Scientific and Technical Information of China (English)

ZHAO Anjun; LU Xiangli; GUO Lei

2006-01-01

A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper. The digital watermarking which composes of the MAC of the significant video content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA(timed efficient stream loss-tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.

Multicast Delayed Authentication For Streaming Synchrophasor Data in the Smart Grid.

Science.gov (United States)

Câmara, Sérgio; Anand, Dhananjay; Pillitteri, Victoria; Carmo, Luiz

2016-01-01

Multicast authentication of synchrophasor data is challenging due to the design requirements of Smart Grid monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf -TESLA, Infinite Timed Efficient Stream Loss-tolerant Authentication, a multicast delayed authentication protocol for communication links used to stream synchrophasor data for wide area control of electric power networks. Our approach is based on the authentication protocol TESLA but is augmented to accommodate high frequency transmissions of unbounded length. inf TESLA protocol utilizes the Dual Offset Key Chains mechanism to reduce authentication delay and computational cost associated with key chain commitment. We provide a description of the mechanism using two different modes for disclosing keys and demonstrate its security against a man-in-the-middle attack attempt. We compare our approach against the TESLA protocol in a 2-day simulation scenario, showing a reduction of 15.82% and 47.29% in computational cost, sender and receiver respectively, and a cumulative reduction in the communication overhead.

Secure authentication system that generates seed from biometric information.

Science.gov (United States)

Kim, Yeojin; Ahn, Jung-Ho; Byun, Hyeran

2005-02-10

As biometric recognition techniques are gradually improved, the stability of biometric authentication systems are enhanced. Although bioinformation has properties that make it resistant to fraud, biometric authentication systems are not immune to hacking. We show a secure biometric authentication system (1) to guarantee the integrity of biometric information by mixing data by use of a biometric key and (2) to raise recognition rates by use of bimodal biometrics.

Security for 4G and 5G Cellular Networks: A Survey of Existing Authentication and Privacy-preserving Schemes

OpenAIRE

Ferrag, Mohamed Amine; Maglaras, Leandros; Argyriou, Antonios; Kosmanos, Dimitrios; Janicke, Helge

2017-01-01

This paper presents a comprehensive survey of existing authentication and privacy-preserving schemes for 4G and 5G cellular networks. We start by providing an overview of existing surveys that deal with 4G and 5G communications, applications, standardization, and security. Then, we give a classification of threat models in 4G and 5G cellular networks in four categories, including, attacks against privacy, attacks against integrity, attacks against availability, and attacks against authenticat...

IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen-Migration in Cloud Computing

Directory of Open Access Journals (Sweden)

Aymen Abdullah Alsaffar

2015-01-01

Full Text Available These days, the advancing of smart devices (e.g. smart phones, tablets, PC, etc. capabilities and the increase of internet bandwidth enables IPTV service provider to extend their services to smart mobile devices. User can just receive their IPTV service using any smart devices by accessing the internet via wireless network from anywhere anytime in the world which is convenience for users. However, wireless network communication has well a known critical security threats and vulnerabilities to user smart devices and IPTV service such as user identity theft, reply attack, MIM attack, and so forth. A secure authentication for user devices and multimedia protection mechanism is necessary to protect both user devices and IPTV services. As result, we proposed framework of IPTV service based on secure authentication mechanism and lightweight content encryption method for screen-migration in Cloud computing. We used cryptographic nonce combined with user ID and password to authenticate user device in any mobile terminal they passes by. In addition we used Lightweight content encryption to protect and reduce the content decode overload at mobile terminals. Our proposed authentication mechanism reduces the computational processing by 30% comparing to other authentication mechanism and our lightweight content encryption reduces encryption delay to 0.259 second.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jiye Kim

2014-04-01

Full Text Available User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks. In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker’s own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

dLocAuth: a dynamic multifactor authentication scheme for mCommerce applications using independent location-based obfuscation

Science.gov (United States)

Kuseler, Torben; Lami, Ihsan A.

2012-06-01

This paper proposes a new technique to obfuscate an authentication-challenge program (named LocProg) using randomly generated data together with a client's current location in real-time. LocProg can be used to enable any handsetapplication on mobile-devices (e.g. mCommerce on Smartphones) that requires authentication with a remote authenticator (e.g. bank). The motivation of this novel technique is to a) enhance the security against replay attacks, which is currently based on using real-time nonce(s), and b) add a new security factor, which is location verified by two independent sources, to challenge / response methods for authentication. To assure a secure-live transaction, thus reducing the possibility of replay and other remote attacks, the authors have devised a novel technique to obtain the client's location from two independent sources of GPS on the client's side and the cellular network on authenticator's side. The algorithm of LocProg is based on obfuscating "random elements plus a client's data" with a location-based key, generated on the bank side. LocProg is then sent to the client and is designed so it will automatically integrate into the target application on the client's handset. The client can then de-obfuscate LocProg if s/he is within a certain range around the location calculated by the bank and if the correct personal data is supplied. LocProg also has features to protect against trial/error attacks. Analysis of LocAuth's security (trust, threat and system models) and trials based on a prototype implementation (on Android platform) prove the viability and novelty of LocAuth.

Biometric Authentication System using Non-Linear Chaos

OpenAIRE

Dr.N.Krishnan; A.Senthil Arumugam,

2010-01-01

A major concern nowadays for any Biometric Credential Management System is its potential vulnerability to protect its information sources; i.e. protecting a genuine user’s template from both internal and external threats. These days’ biometric authentication systems face various risks. One of the most serious threats is the ulnerability of the template's database. An attacker with access to a reference template could try to impersonate a legitimate user by reconstructing the biometric sample...

A Forward Authentication Key Management Scheme for Heterogeneous Sensor Networks

Directory of Open Access Journals (Sweden)

Huang Jen-Yan

2011-01-01

Full Text Available Key encryption technology is a basic technique for protecting the secrecy of transmitted data among sensor nodes in wireless sensor networks. However, sensor nodes are inherently limited by insufficient hardware resources such as memory capacity and battery lifetime. As a result, few current key management schemes are appropriate for wireless sensor networks. This paper proposes a new key management method that uses dynamic key management schemes for heterogeneous sensor networks. The proposed scheme loads a hash function into the base station, cluster heads, and sensor nodes. The cluster heads and sensor nodes then generate their own keychains to provide forward authentication in case of key changes, security breaches, key changes due to security breaches. The cluster heads and sensor nodes establish pairwise keys to ensure transmission secrecy. The proposed scheme decreases the number of keys required for sensor nodes and cluster heads and is robust to the following attacks: guessing attacks, replay attacks, man-in-the-middle attacks, node capture attacks, and denial-of-service attacks.

I Sensed It Was You: Authenticating Mobile Users with Sensor-enhanced Keystroke Dynamics

NARCIS (Netherlands)

Giuffrida, C.; Majdanik, K.; Conti, M.; Bos, H.J.

2014-01-01

Mobile devices have become an important part of our everyday life, harvesting more and more confidential user information. Their portable nature and the great exposure to security attacks, however, call out for stronger authentication mechanisms than simple password-based identification. Biometric

Design of a mutual authentication based on NTRUsign with a perturbation and inherent multipoint control protocol frames in an Ethernet-based passive optical network

Science.gov (United States)

Yin, Aihan; Ding, Yisheng

2014-11-01

Identity-related security issues inherently present in passive optical networks (PON) still exist in the current (1G) and next-generation (10G) Ethernet-based passive optical network (EPON) systems. We propose a mutual authentication scheme that integrates an NTRUsign digital signature algorithm with inherent multipoint control protocol (MPCP) frames over an EPON system between the optical line terminal (OLT) and optical network unit (ONU). Here, a primitive NTRUsign algorithm is significantly modified through the use of a new perturbation so that it can be effectively used for simultaneously completing signature and authentication functions on the OLT and the ONU sides. Also, in order to transmit their individual sensitive messages, which include public key, signature, and random value and so forth, to each other, we redefine three unique frames according to MPCP format frame. These generated messages can be added into the frames and delivered to each other, allowing the OLT and the ONU to go ahead with a mutual identity authentication process to verify their legal identities. Our simulation results show that this proposed scheme performs very well in resisting security attacks and has low influence on the registration efficiency to to-be-registered ONUs. A performance comparison with traditional authentication algorithms is also presented. To the best of our knowledge, no detailed design of mutual authentication in EPON can be found in the literature up to now.

Authentic Teachers: Student Criteria Perceiving Authenticity of Teachers

Science.gov (United States)

De Bruyckere, Pedro; Kirschner, Paul A.

2016-01-01

Authenticity is seen by many as a key for good learning and education. There is talk of authentic instruction, authentic learning, authentic problems, authentic assessment, authentic tools and authentic teachers. The problem is that while authenticity is an often-used adjective describing almost all aspects of teaching and learning, the concept…

Trace Attack against Biometric Mobile Applications

Directory of Open Access Journals (Sweden)

Sanaa Ghouzali

2016-01-01

Full Text Available With the exponential increase in the dependence on mobile devices in everyday life, there is a growing concern related to privacy and security issues in the Gulf countries; therefore, it is imperative that security threats should be analyzed in detail. Mobile devices store enormous amounts of personal and financial information, unfortunately without any security. In order to secure mobile devices against different threats, biometrics has been applied and shown to be effective. However, biometric mobile applications are also vulnerable to several types of attacks that can decrease their security. Biometric information itself is considered sensitive data; for example, fingerprints can leave traces in touched objects and facial images can be captured everywhere or accessed by the attacker if the facial image is stored in the mobile device (lost or stolen. Hence, an attacker can easily forge the identity of a legitimate user and access data on a device. In this paper, the effects of a trace attack on the sensitivity of biometric mobile applications are investigated in terms of security and user privacy. Experimental results carried out on facial and fingerprint mobile authentication applications using different databases have shown that these mobile applications are vulnerable to the proposed attack, which poses a serious threat to the overall system security and user privacy.

The Switching Generator: New Clock-Controlled Generator with Resistance against the Algebraic and Side Channel Attacks

Directory of Open Access Journals (Sweden)

Jun Choi

2015-06-01

Full Text Available Since Advanced Encryption Standard (AES in stream modes, such as counter (CTR, output feedback (OFB and cipher feedback (CFB, can meet most industrial requirements, the range of applications for dedicated stream ciphers is decreasing. There are many attack results using algebraic properties and side channel information against stream ciphers for hardware applications. Al-Hinai et al. presented an algebraic attack approach to a family of irregularly clock-controlled linear feedback shift register systems: the stop and go generator, self-decimated generator and alternating step generator. Other clock-controlled systems, such as shrinking and cascade generators, are indeed vulnerable against side channel attacks. To overcome these threats, new clock-controlled systems were presented, e.g., the generalized alternating step generator, cascade jump-controlled generator and mutual clock-controlled generator. However, the algebraic attack could be applied directly on these new systems. In this paper, we propose a new clock-controlled generator: the switching generator, which has resistance to algebraic and side channel attacks. This generator also preserves both security properties and the efficiency of existing clock-controlled generators.

ULMAP: Ultralightweight NFC Mutual Authentication Protocol with Pseudonyms in the Tag for IoT in 5G

Directory of Open Access Journals (Sweden)

Kai Fan

2017-01-01

Full Text Available As one of the core techniques in 5G, the Internet of Things (IoT is increasingly attracting people’s attention. Meanwhile, as an important part of IoT, the Near Field Communication (NFC is widely used on mobile devices and makes it possible to take advantage of NFC system to complete mobile payment and merchandise information reading. But with the development of NFC, its problems are increasingly exposed, especially the security and privacy of authentication. Many NFC authentication protocols have been proposed for that, some of them only improve the function and performance without considering the security and privacy, and most of the protocols are heavyweight. In order to overcome these problems, this paper proposes an ultralightweight mutual authentication protocol, named ULMAP. ULMAP only uses Bit and XOR operations to complete the mutual authentication and prevent the denial of service (DoS attack. In addition, it uses subkey and subindex number into its key update process to achieve the forward security. The most important thing is that the computation and storage overhead of ULMAP are few. Compared with some traditional schemes, our scheme is lightweight, economical, practical, and easy to protect against synchronization attack.

Using SIM for strong end-to-end Application Authentication

OpenAIRE

Lunde, Lars; Wangensteen, Audun

2006-01-01

Today the Internet is mostly used for services that require low or none security. The commercial and governmental applications have started to emerge but met problems since they require strong authentication, which is both difficult and costly to realize. The SIM card used in mobile phones is a tamper resistant device that contains strong authentication mechanisms. It would be very convenient and cost-efficient if Internet services could use authentication methods based on the SIM. This mast...

A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem.

Science.gov (United States)

Zhao, Zhenguo

2014-05-01

With the fast advancement of the wireless communication technology and the widespread use of medical systems, the radio frequency identification (RFID) technology has been widely used in healthcare environments. As the first important protocol for ensuring secure communication in healthcare environment, the RFID authentication protocols derive more and more attentions. Most of RFID authentication protocols are based on hash function or symmetric cryptography. To get more security properties, elliptic curve cryptosystem (ECC) has been used in the design of RFID authentication protocol. Recently, Liao and Hsiao proposed a new RFID authentication protocol using ECC and claimed their protocol could withstand various attacks. In this paper, we will show that their protocol suffers from the key compromise problem, i.e. an adversary could get the private key stored in the tag. To enhance the security, we propose a new RFID authentication protocol using ECC. Detailed analysis shows the proposed protocol not only could overcome weaknesses in Liao and Hsiao's protocol but also has the same performance. Therefore, it is more suitable for healthcare environments.

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

Science.gov (United States)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Towards the Security Evaluation of Biometric Authentication Systems

OpenAIRE

El-Abed , Mohamad; Giot , Romain; Hemery , Baptiste; Rosenberger , Christophe; Schwartzmann , Jean-Jacques

2011-01-01

International audience; Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and th...

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

Directory of Open Access Journals (Sweden)

Zahid Mahmood

2017-10-01

Full Text Available Internet-of-Things (IoT include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS. Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

Routing Data Authentication in Wireless Networks; TOPICAL

International Nuclear Information System (INIS)

TORGERSON, MARK D.; VAN LEEUWEN, BRIAN P.

2001-01-01

In this paper, we discuss several specific threats directed at the routing data of an ad hoc network. We address security issues that arise from wrapping authentication mechanisms around ad hoc routing data. We show that this bolt-on approach to security may make certain attacks more difficult, but still leaves the network routing data vulnerable. We also show that under a certain adversarial model, most existing routing protocols cannot be secured with the aid of digital signatures

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

Science.gov (United States)

Mohit, Prerna; Amin, Ruhul; Karati, Arijit; Biswas, G P; Khan, Muhammad Khurram

2017-04-01

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing

Science.gov (United States)

Ehatisham-ul-Haq, Muhammad; Azam, Muhammad Awais; Loo, Jonathan; Shuang, Kai; Islam, Syed; Naeem, Usman; Amin, Yasar

2017-01-01

Smartphones are context-aware devices that provide a compelling platform for ubiquitous computing and assist users in accomplishing many of their routine tasks anytime and anywhere, such as sending and receiving emails. The nature of tasks conducted with these devices has evolved with the exponential increase in the sensing and computing capabilities of a smartphone. Due to the ease of use and convenience, many users tend to store their private data, such as personal identifiers and bank account details, on their smartphone. However, this sensitive data can be vulnerable if the device gets stolen or lost. A traditional approach for protecting this type of data on mobile devices is to authenticate users with mechanisms such as PINs, passwords, and fingerprint recognition. However, these techniques are vulnerable to user compliance and a plethora of attacks, such as smudge attacks. The work in this paper addresses these challenges by proposing a novel authentication framework, which is based on recognizing the behavioral traits of smartphone users using the embedded sensors of smartphone, such as Accelerometer, Gyroscope and Magnetometer. The proposed framework also provides a platform for carrying out multi-class smart user authentication, which provides different levels of access to a wide range of smartphone users. This work has been validated with a series of experiments, which demonstrate the effectiveness of the proposed framework. PMID:28878177

Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing.

Science.gov (United States)

Ehatisham-Ul-Haq, Muhammad; Azam, Muhammad Awais; Loo, Jonathan; Shuang, Kai; Islam, Syed; Naeem, Usman; Amin, Yasar

2017-09-06

Smartphones are context-aware devices that provide a compelling platform for ubiquitous computing and assist users in accomplishing many of their routine tasks anytime and anywhere, such as sending and receiving emails. The nature of tasks conducted with these devices has evolved with the exponential increase in the sensing and computing capabilities of a smartphone. Due to the ease of use and convenience, many users tend to store their private data, such as personal identifiers and bank account details, on their smartphone. However, this sensitive data can be vulnerable if the device gets stolen or lost. A traditional approach for protecting this type of data on mobile devices is to authenticate users with mechanisms such as PINs, passwords, and fingerprint recognition. However, these techniques are vulnerable to user compliance and a plethora of attacks, such as smudge attacks. The work in this paper addresses these challenges by proposing a novel authentication framework, which is based on recognizing the behavioral traits of smartphone users using the embedded sensors of smartphone, such as Accelerometer, Gyroscope and Magnetometer. The proposed framework also provides a platform for carrying out multi-class smart user authentication, which provides different levels of access to a wide range of smartphone users. This work has been validated with a series of experiments, which demonstrate the effectiveness of the proposed framework.

Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

Science.gov (United States)

Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

2017-04-25

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.

Science.gov (United States)

Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

2011-01-01

User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das' protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

Directory of Open Access Journals (Sweden)

Dongwoo Kang

Full Text Available The Proxy Mobile IPv6 (PMIPv6 is a network-based mobility management protocol that allows a Mobile Node(MN connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG. As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

Science.gov (United States)

Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick; Won, Dongho

2017-01-01

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

A Lightweight Authentication and Key Management Scheme for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Danyang Qin

2016-01-01

Full Text Available Security problem is one of the most popular research fields in wireless sensor networks for both the application requirement and the resource-constrained essence. An effective and lightweight Authentication and Key Management Scheme (AKMS is proposed in this paper to solve the problem of malicious nodes occurring in the process of networking and to offer a high level of security with low cost. For the condition that the mobile sensor nodes need to be authenticated, the keys in AKMS will be dynamically generated and adopted for security protection. Even when the keys are being compromised or captured, the attackers can neither use the previous keys nor misuse the authenticated nodes to cheat. Simulation results show that the proposed scheme provides more efficient security with less energy consumption for wireless sensor networks especially with mobile sensors.

LDPC and SHA based iris recognition for image authentication

Directory of Open Access Journals (Sweden)

K. Seetharaman

2012-11-01

Full Text Available We introduce a novel way to authenticate an image using Low Density Parity Check (LDPC and Secure Hash Algorithm (SHA based iris recognition method with reversible watermarking scheme, which is based on Integer Wavelet Transform (IWT and threshold embedding technique. The parity checks and parity matrix of LDPC encoding and cancellable biometrics i.e., hash string of unique iris code from SHA-512 are embedded into an image for authentication purpose using reversible watermarking scheme based on IWT and threshold embedding technique. Simply by reversing the embedding process, the original image, parity checks, parity matrix and SHA-512 hash are extracted back from watermarked-image. For authentication, the new hash string produced by employing SHA-512 on error corrected iris code from live person is compared with hash string extracted from watermarked-image. The LDPC code reduces the hamming distance for genuine comparisons by a larger amount than for the impostor comparisons. This results in better separation between genuine and impostor users which improves the authentication performance. Security of this scheme is very high due to the security complexity of SHA-512, which is 2256 under birthday attack. Experimental results show that this approach can assure more accurate authentication with a low false rejection or false acceptance rate and outperforms the prior arts in terms of PSNR.

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.

Science.gov (United States)

Moon, Jongho; Choi, Younsung; Kim, Jiye; Won, Dongho

2016-03-01

Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

Distributed authentication for randomly compromised networks

International Nuclear Information System (INIS)

Beals, Travis R; Hynes, Kevin P; Sanders, Barry C

2009-01-01

We introduce a simple, practical approach with probabilistic information-theoretic security to solve one of quantum key distribution's major security weaknesses: the requirement of an authenticated classical channel to prevent man-in-the-middle attacks. Our scheme employs classical secret sharing and partially trusted intermediaries to provide arbitrarily high confidence in the security of the protocol. Although certain failures elude detection, we discuss preemptive strategies to reduce the probability of failure to an arbitrarily small level: the probability of such failures is exponentially suppressed with increases in connectivity (i.e. connections per node).

A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

Science.gov (United States)

Mishra, Raghavendra; Barnwal, Amit Kumar

2015-05-01

The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

Secure biometric image sensor and authentication scheme based on compressed sensing.

Science.gov (United States)

Suzuki, Hiroyuki; Suzuki, Masamichi; Urabe, Takuya; Obi, Takashi; Yamaguchi, Masahiro; Ohyama, Nagaaki

2013-11-20

It is important to ensure the security of biometric authentication information, because its leakage causes serious risks, such as replay attacks using the stolen biometric data, and also because it is almost impossible to replace raw biometric information. In this paper, we propose a secure biometric authentication scheme that protects such information by employing an optical data ciphering technique based on compressed sensing. The proposed scheme is based on two-factor authentication, the biometric information being supplemented by secret information that is used as a random seed for a cipher key. In this scheme, a biometric image is optically encrypted at the time of image capture, and a pair of restored biometric images for enrollment and verification are verified in the authentication server. If any of the biometric information is exposed to risk, it can be reenrolled by changing the secret information. Through numerical experiments, we confirm that finger vein images can be restored from the compressed sensing measurement data. We also present results that verify the accuracy of the scheme.

Blind quantum computation with identity authentication

Science.gov (United States)

Li, Qin; Li, Zhulin; Chan, Wai Hong; Zhang, Shengyu; Liu, Chengdong

2018-04-01

Blind quantum computation (BQC) allows a client with relatively few quantum resources or poor quantum technologies to delegate his computational problem to a quantum server such that the client's input, output, and algorithm are kept private. However, all existing BQC protocols focus on correctness verification of quantum computation but neglect authentication of participants' identity which probably leads to man-in-the-middle attacks or denial-of-service attacks. In this work, we use quantum identification to overcome such two kinds of attack for BQC, which will be called QI-BQC. We propose two QI-BQC protocols based on a typical single-server BQC protocol and a double-server BQC protocol. The two protocols can ensure both data integrity and mutual identification between participants with the help of a third trusted party (TTP). In addition, an unjammable public channel between a client and a server which is indispensable in previous BQC protocols is unnecessary, although it is required between TTP and each participant at some instant. Furthermore, the method to achieve identity verification in the presented protocols is general and it can be applied to other similar BQC protocols.

DMAC-AN INTEGRATED ENCRYPTION SCHEME WITH RSA FOR AC TO OBSTRUCT INFERENCE ATTACKS

Directory of Open Access Journals (Sweden)

R. Jeeva

2012-12-01

Full Text Available The proposal of indistinguishable encryption in Randomized Arithmetic Coding(RAC doesn’t make the system efficient because it was not encrypting the messages it sends. It recomputes the cipher form of every messages it sends that increases not only the computational cost but also increases the response time.Floating point representation in cipher increases the difficulty in decryption side because of loss in precison.RAC doesn’t handle the inference attacks like Man-in-Middle attack,Third party attack etc. In our system, Dynamic Matrix Arithmetic Coding(DMAC using dynamic session matrix to encrypt the messages. The size of the matrix is deduced from the session key that contains ID of end users which proves the server authentication.Nonce values is represented as the public key of the opponents encrypted by the session key will be exchanged between the end users to provide mutual authentication. If the adversary try to compromise either server or end users,the other system won’t respond and the intrusion will be easily detected. we have increased the hacking complexity of AC by integrating with RSA upto 99%.

Authentication Method for Privacy Protection in Smart Grid Environment

Directory of Open Access Journals (Sweden)

Do-Eun Cho

2014-01-01

Full Text Available Recently, the interest in green energy is increasing as a means to resolve problems including the exhaustion of the energy source and, effective management of energy through the convergence of various fields. Therefore, the projects of smart grid which is called intelligent electrical grid for the accomplishment of low carbon green growth are being carried out in a rush. However, as the IT is centered upon the electrical grid, the shortage of IT also appears in smart grid and the complexity of convergence is aggravating the problem. Also, various personal information and payment information within the smart grid are gradually becoming big data and target for external invasion and attack; thus, there is increase in concerns for this matter. The purpose of this study is to analyze the security vulnerabilities and security requirement within smart grid and the authentication and access control method for privacy protection within home network. Therefore, we propose a secure access authentication and remote control method for user’s home device within home network environment, and we present their security analysis. The proposed access authentication method blocks the unauthorized external access and enables secure remote access to home network and its devices with a secure message authentication protocol.

A Secure ECC-based RFID Mutual Authentication Protocol to Enhance Patient Medication Safety.

Science.gov (United States)

Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Li, Fagen

2016-01-01

Patient medication safety is an important issue in patient medication systems. In order to prevent medication errors, integrating Radio Frequency Identification (RFID) technology into automated patient medication systems is required in hospitals. Based on RFID technology, such systems can provide medical evidence for patients' prescriptions and medicine doses, etc. Due to the mutual authentication between the medication server and the tag, RFID authentication scheme is the best choice for automated patient medication systems. In this paper, we present a RFID mutual authentication scheme based on elliptic curve cryptography (ECC) to enhance patient medication safety. Our scheme can achieve security requirements and overcome various attacks existing in other schemes. In addition, our scheme has better performance in terms of computational cost and communication overhead. Therefore, the proposed scheme is well suitable for patient medication systems.

A Novel Physical Layer Assisted Authentication Scheme for Mobile Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Qiuhua Wang

2017-02-01

Full Text Available Physical-layer authentication can address physical layer vulnerabilities and security threats in wireless sensor networks, and has been considered as an effective complementary enhancement to existing upper-layer authentication mechanisms. In this paper, to advance the existing research and improve the authentication performance, we propose a novel physical layer assisted authentication scheme for mobile wireless sensor networks. In our proposed scheme, we explore the reciprocity and spatial uncorrelation of the wireless channel to verify the identities of involved transmitting users and decide whether all data frames are from the same sender. In our proposed scheme, a new method is developed for the legitimate users to compare their received signal strength (RSS records, which avoids the information from being disclosed to the adversary. Our proposed scheme can detect the spoofing attack even in a high dynamic environment. We evaluate our scheme through experiments under indoor and outdoor environments. Experiment results show that our proposed scheme is more efficient and achieves a higher detection rate as well as keeping a lower false alarm rate.

A Novel Physical Layer Assisted Authentication Scheme for Mobile Wireless Sensor Networks.

Science.gov (United States)

Wang, Qiuhua

2017-02-04

Physical-layer authentication can address physical layer vulnerabilities and security threats in wireless sensor networks, and has been considered as an effective complementary enhancement to existing upper-layer authentication mechanisms. In this paper, to advance the existing research and improve the authentication performance, we propose a novel physical layer assisted authentication scheme for mobile wireless sensor networks. In our proposed scheme, we explore the reciprocity and spatial uncorrelation of the wireless channel to verify the identities of involved transmitting users and decide whether all data frames are from the same sender. In our proposed scheme, a new method is developed for the legitimate users to compare their received signal strength (RSS) records, which avoids the information from being disclosed to the adversary. Our proposed scheme can detect the spoofing attack even in a high dynamic environment. We evaluate our scheme through experiments under indoor and outdoor environments. Experiment results show that our proposed scheme is more efficient and achieves a higher detection rate as well as keeping a lower false alarm rate.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

Directory of Open Access Journals (Sweden)

S K Hafizul Islam

Full Text Available Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1 the correctness of identity and password are not verified during the login and password change phases; (2 it is vulnerable to impersonation attack and privileged-insider attack; (3 it is designed without the revocation of lost/stolen smart card; (4 the explicit key confirmation and the no key control properties are absent, and (5 user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Provable Secure and Efficient Digital Rights Management Authentication Scheme Using Smart Card Based on Elliptic Curve Cryptography

Directory of Open Access Journals (Sweden)

Yuanyuan Zhang

2015-01-01

Full Text Available Since the concept of ubiquitous computing is firstly proposed by Mark Weiser, its connotation has been extending and expanding by many scholars. In pervasive computing application environment, many kinds of small devices containing smart cart are used to communicate with others. In 2013, Yang et al. proposed an enhanced authentication scheme using smart card for digital rights management. They demonstrated that their scheme is secure enough. However, Mishra et al. pointed out that Yang et al.’s scheme suffers from the password guessing attack and the denial of service attack. Moreover, they also demonstrated that Yang et al.’s scheme is not efficient enough when the user inputs an incorrect password. In this paper, we analyze Yang et al.’s scheme again, and find that their scheme is vulnerable to the session key attack. And, there are some mistakes in their scheme. To surmount the weakness of Yang et al.’s scheme, we propose a more efficient and provable secure digital rights management authentication scheme using smart card based on elliptic curve cryptography.

Vulnerabilities in GSM technology and feasibility of selected attacks

Science.gov (United States)

Voznak, M.; Prokes, M.; Sevcik, L.; Frnda, J.; Toral-Cruz, Homer; Jakovlev, Sergej; Fazio, Peppino; Mehic, M.; Mikulec, M.

2015-05-01

Global System for Mobile communication (GSM) is the most widespread technology for mobile communications in the world and serving over 7 billion users. Since first publication of system documentation there has been notified a potential safety problem's occurrence. Selected types of attacks, based on the analysis of the technical feasibility and the degree of risk of these weaknesses, were implemented and demonstrated in laboratory of the VSB-Technical University of Ostrava, Czech Republic. These vulnerabilities were analyzed and afterwards possible attacks were described. These attacks were implemented using open-source tools, software programmable radio USRP (Universal Software RadioPeripheral) and DVB-T (Digital Video Broadcasting - Terrestrial) receiver. GSM security architecture is being scrutinized since first public releases of its specification mainly pointing out weaknesses in authentication and ciphering mechanisms. This contribution also summarizes practically proofed and used scenarios that are performed using opensource software tools and variety of scripts mostly written in Python. Main goal of this paper is in analyzing security issues in GSM network and practical demonstration of selected attacks.

Security Analysis of a Remote User Authentication Scheme with Smart Cards

OpenAIRE

Kumar, Manoj

2007-01-01

Yoon et al. proposed a new efficient remote user authentication scheme using smart cards to solve the security problems of W. C. Ku and S. M. Chen scheme. This paper reviews Yoon et al. scheme and then proves that the password change phase of Yoon et al. scheme is still insecure. This paper also proves that the Yoon et al. is still vulnerable to parallel session attack.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

Science.gov (United States)

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

Influence of recycled fine aggregates on the resistance of mortars to magnesium sulfate attack

International Nuclear Information System (INIS)

Lee, Seung-Tae

2009-01-01

The influence of recycled fine aggregates, which had been reclaimed from field-demolished concretes, on the resistance of mortar specimens to magnesium sulfate attack was investigated. Mortar specimens were prepared with recycled fine aggregates at different replacement levels (0%, 25%, 50%, 75% and 100% of natural fine aggregate by mass). The mortar specimens were exposed to 4.24% magnesium sulfate solution for about 1 year at ambient temperature, and regularly monitored for visual appearance, compressive strength loss and expansion. Additionally, in order to identify products of magnesium sulfate attack, mortar samples incorporating 0%, 25% and 100% replacement levels of the recycled fine aggregates were examined by X-ray diffraction (XRD) technique. Experimental results confirmed that the use of recycled fine aggregates up to a maximum 50% replacement level is effective under severe magnesium sulfate environment, irrespective of type of recycled fine aggregates. However, the worse performance was observed in mortar specimens incorporating 100% replacement level. It was found that the water absorption of recycled fine aggregates affected deterioration of mortar specimens, especially at a higher replacement level. XRD results indicated that the main cause of deterioration of the mortar specimens was primarily due to the formation of gypsum and thaumasite by magnesium sulfate attack. In addition, it appeared that the conversion of C-S-H into M-S-H by the attack probably influenced mechanical deterioration of mortar specimens with recycled fine aggregates.

Resistance to acid attack of portland cement mortars produced with red mud as a pozzolanic additive

International Nuclear Information System (INIS)

Balbino, Thiago Gabriel Ferreira; Fortes, Gustavo Mattos; Lourenco, Rafaela Roberta; Rodrigues, Jose de Anchieta

2011-01-01

Portland cement structures are usually exposed to aggressive environments, which requires the knowledge of the performance of these materials under deleterious conditions. In this study, it was evaluated the resistance to acid attack of mortars that contain ordinary (CPI) and compost (CPII-Z) Portland cements, adding to the first red mud (RB) as a pozzolanic additive in different conditions: without calcination, calcined at 400 ° C and at 600 ° C. The specimens were subjected to HCl and H 2 SO 4 solutions, both with concentration of 1.0 Mol L -1 for 28 days, monitoring the weight loss and leached material nature by atomic emission inductively coupled plasma (ICP). The hydration products were studied by thermogravimetric analysis (TGA) and X-ray diffraction (XRD) of the hydrated cement pastes. It was observed a reduction of portlandite amount in the RB containing cement pastes, indicating a possible pozzolanic activity of the red mud. The mortars prepared with RB were more resistant to HCl, while that ones with calcined RB present a better performance in H 2 SO 4 attack. (author)

Network Protection Against DDoS Attacks

Directory of Open Access Journals (Sweden)

Petr Dzurenda

2015-03-01

Full Text Available The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS. The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS, especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

Attack-Resistant Trust Metrics

Science.gov (United States)

Levien, Raph

The Internet is an amazingly powerful tool for connecting people together, unmatched in human history. Yet, with that power comes great potential for spam and abuse. Trust metrics are an attempt to compute the set of which people are trustworthy and which are likely attackers. This chapter presents two specific trust metrics developed and deployed on the Advogato Website, which is a community blog for free software developers. This real-world experience demonstrates that the trust metrics fulfilled their goals, but that for good results, it is important to match the assumptions of the abstract trust metric computation to the real-world implementation.

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

2015-08-01

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications.

Science.gov (United States)

Li, Xiong; Niu, Jianwei; Karuppiah, Marimuthu; Kumari, Saru; Wu, Fan

2016-12-01

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

Science.gov (United States)

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Kumar, Neeraj

2015-11-01

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

Improved Message Authentication and Confidentiality Checking

International Nuclear Information System (INIS)

Ismail Jabiullah, M.; Abdullah Al-Shamim, M.; Lutfar Rahman, M.

2005-01-01

The most confusing areas of the secured network communications are the message authentication and confidentiality checking. The attacks and the counter measures have become so convoluted that the users in this area begin to account for all contingencies. Two session-key generation techniques are used here to generate two separate session keys K 1 and K 2 ; and both the sender and the reveiver share these keys for higher degree of authentication and confidentiality. For this, the message is first encrypted by the key K 1 , and then the intermediary message authenticatin code (MAC) is generated by encrypting the encrypted message using the key K 2 . Then, the encrypted message and the intermediary MAC is again encrypted by using the K 2 and concatenated with the encrypted message and sent to the destination. At the receiving end, first, the received ciphertext is encrypted by using key K 2 and compared to the received MAC. The received ciphertext again is decrypted by the key K 2 and compared with the first decrypted MAC twice by the key K 2 . The plaintext is obtained by decrypting the received ciphertext first by K 2 and then by K 1 , using the corresponding decryption techniques respectively. The encryption techniques with key K 2 provides the authentication and with key K 1 provides the confidentiality checking of the transmitted message. The developed technique can be applied to both academic and commercial applications in online or offline electronic transactions for security.(authors)

78 FR 38240 - Authentication of Electronic Signatures on Electronically Filed Statements of Account

Science.gov (United States)

2013-06-26

... system characteristics paired with the standard username and password. Virtual tokens work by sharing the... computer communicates directly with the authenticating Web site, virtual tokens are resistant to ``man-in... LIBRARY OF CONGRESS Copyright Office 37 CFR Part 201 [Docket No. 2013-5] Authentication of...

Active Detection for Exposing Intelligent Attacks in Control Systems

Energy Technology Data Exchange (ETDEWEB)

Weerakkody, Sean [Carnegie Mellon Univ., Pittsburgh, PA (United States); Ozel, Omur [Carnegie Mellon Univ., Pittsburgh, PA (United States); Griffioen, Paul [Carnegie Mellon Univ., Pittsburgh, PA (United States); Sinopoli, Bruno [Carnegie Mellon Univ., Pittsburgh, PA (United States)

2017-07-01

In this paper, we consider approaches for detecting integrity attacks carried out by intelligent and resourceful adversaries in control systems. Passive detection techniques are often incorporated to identify malicious behavior. Here, the defender utilizes finely-tuned algorithms to process information and make a binary decision, whether the system is healthy or under attack. We demonstrate that passive detection can be ineffective against adversaries with model knowledge and access to a set of input/output channels. We then propose active detection as a tool to detect attacks. In active detection, the defender leverages degrees of freedom he has in the system to detect the adversary. Specifically, the defender will introduce a physical secret kept hidden from the adversary, which can be utilized to authenticate the dynamics. In this regard, we carefully review two approaches for active detection: physical watermarking at the control input, and a moving target approach for generating system dynamics. We examine practical considerations for implementing these technologies and discuss future research directions.

Secured Hash Based Burst Header Authentication Design for Optical Burst Switched Networks

Science.gov (United States)

Balamurugan, A. M.; Sivasubramanian, A.; Parvathavarthini, B.

2017-12-01

The optical burst switching (OBS) is a promising technology that could meet the fast growing network demand. They are featured with the ability to meet the bandwidth requirement of applications that demand intensive bandwidth. OBS proves to be a satisfactory technology to tackle the huge bandwidth constraints, but suffers from security vulnerabilities. The objective of this proposed work is to design a faster and efficient burst header authentication algorithm for core nodes. There are two important key features in this work, viz., header encryption and authentication. Since the burst header is an important in optical burst switched network, it has to be encrypted; otherwise it is be prone to attack. The proposed MD5&RC4-4S based burst header authentication algorithm runs 20.75 ns faster than the conventional algorithms. The modification suggested in the proposed RC4-4S algorithm gives a better security and solves the correlation problems between the publicly known outputs during key generation phase. The modified MD5 recommended in this work provides 7.81 % better avalanche effect than the conventional algorithm. The device utilization result also shows the suitability of the proposed algorithm for header authentication in real time applications.

Post-Session Authentication

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2012-01-01

Entity authentication provides confidence in the claimed identity of a peer entity, but the manner in which this goal is achieved results in different types of authentication. An important factor in this regard is the order between authentication and the execution of the associated session....... In this paper, we consider the case of post-session authentication, where parties authenticate each other at the end of their interactive session. This use of authentication is different from session-less authentication (e.g., in RFID) and pre-session authentication (e.g., for access control.) Post......-session authentication, although a new term, is not a new concept; it is the basis of at least a few practical schemes. We, for the first time, systematically study it and present the underlying authentication model. Further, we show that an important class of problems is solvable using post-session authentication...

Induced resistance: an enhancement of basal resistance?

NARCIS (Netherlands)

Vos, M. de; Robben, C.; Pelt, J.A. van; Loon, L.C. van; Pieterse, C.M.J.

2002-01-01

Upon primary pathogen attack, plants activate resistance mechanisms at the site of infection. Besides this so-called basal resistance, plants have also the ability to enhance their defensive capacity against future pathogen attack. There are at least two types of biologically induced resistance.

"Thick" Authenticity: New Media and Authentic Learning.

Science.gov (United States)

Shaffer, David Williamson; Resnick, Mitchel

1999-01-01

Discusses authenticity as it is applied to educational interventions and argues that the concept should be analyzed more closely. Describes four kinds of authenticity; analyzes how computational media are well-suited to support different aspects of authentic learning; and discusses connectivity, modeling, and pluralism. Contains 75 references.…

High Efficiency of Two Efficient QSDC with Authentication Is at the Cost of Their Security

International Nuclear Information System (INIS)

Su-Juan, Qin; Qiao-Yan, Wen; Luo-Ming, Meng; Fu-Chen, Zhu

2009-01-01

Two efficient protocols of quantum secure direct communication with authentication [Chin. Phys. Lett. 25 (2008) 2354] were recently proposed by Liu et al. to improve the efficiency of two protocols presented in [Phys. Rev. A 75 (2007) 026301] by four Pauli operations. We show that the high efficiency of the two protocols is at the expense of their security. The authenticator Trent can reach half the secret by a particular attack strategy in the first protocol. In the second protocol, not only Trent but also an eavesdropper outside can elicit half-information about the secret from the public declaration

Authentication method for authenticating a first party to a second party

NARCIS (Netherlands)

2014-01-01

An authentication system and method is presented for authenticating a first party to a second party, where an operation is performed on condition that the authentication succeeds. The authentication method verifies whether the first party is authenticated. If the first party is not authenticated,

ReTrust: attack-resistant and lightweight trust management for medical sensor networks.

Science.gov (United States)

He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Vasilakos, Athanasios V

2012-07-01

Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday lives, at health sites, without restricting their freedom. Establishing trust among distributed network entities has been recognized as a powerful tool to improve the security and performance of distributed networks such as mobile ad hoc networks and sensor networks. However, most existing trust systems are not well suited for MSNs due to the unique operational and security requirements of MSNs. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfortunately, this issue is often ignored in existing trust systems. In this paper, we identify the security and performance challenges facing a sensor network for wireless medical monitoring and suggest it should follow a two-tier architecture. Based on such an architecture, we develop an attack-resistant and lightweight trust management scheme named ReTrust. This paper also reports the experimental results of the Collection Tree Protocol using our proposed system in a network of TelosB motes, which show that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice.

Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Han, Sangchul; Kim, Moonseong; Paik, Juryon; Won, Dongho

2015-01-01

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation.

Directory of Open Access Journals (Sweden)

Junghyun Nam

Full Text Available A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000 model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks.

A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system

Directory of Open Access Journals (Sweden)

Vanga Odelu

2016-01-01

Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.

A model to authenticate requests for online banking transactions

Directory of Open Access Journals (Sweden)

Saad M. Darwish

2012-09-01

Full Text Available As the number of clients using online banking increases, online banking systems are becoming more desirable targets for attacks. To maintain the clients trust and confidence in the security of their online banking services; financial institutions must identify how attackers compromise accounts and develop methods to protect them. Towards this purpose, this paper presents a modified model to authenticate clients for online banking transactions through utilizing Identity-Based mediated RSA(IB-mRSA technique in conjunction with the one-time ID concept for the purpose of increasing security, avoiding swallow’s sorties and preventing reply attacks. The introduced system exploits a method for splitting private keys between the client and the Certification Authority (CA server. Neither the client nor the CA can cheat one another since one-time ID can be used only once and each signature must involve both parties. The resulting model seems to be practical from both computational as well as storage point of view. The experimental results show the effectiveness of the proposed model.

Authenticating the Leader

DEFF Research Database (Denmark)

Johnsen, Christian Garmann

As authentic leadership, with its dictum of being true to the self, has become increasingly influential among practitioners and mainstream leadership scholars, critical writers have drawn attention to the negative consequences of this development. Yet, few scholars have investigated the problem...... of authentication within discourse of authentic leadership. If authentic leadership is to make any sense, it is necessary to be able to distinguish the authentic from the inauthentic leader – in other words, it is necessary to authenticate the leader. This paper uses Gilles Deleuze’s reading of Plato as the point...... of departure for discussing the problem of authentication – separating the authentic leader form the inauthentic one – in the leadership guru Bill George’s model of authentic leadership. By doing so, the paper offers a way of conceptualizing the problem of authenticating leaders, as well as challenging...

Privacy-Preserving Authentication Using a Double Pseudonym for Internet of Vehicles.

Science.gov (United States)

Cui, Jie; Xu, Wenyu; Zhong, Hong; Zhang, Jing; Xu, Yan; Liu, Lu

2018-05-07

The Internet of Vehicles (IoV) plays an important role in smart transportation to reduce the drivers’s risk of having an accident and help them manage small emergencies. Therefore, security and privacy issues of the message in the tamper proof device (TPD) broadcasted to other vehicles and roadside units (RSUs) have become an important research subject in the field of smart transportation. Many authentication schemes are proposed to tackle the challenges above and most of them are heavy in computation and communication. In this paper, we propose a novel authentication scheme that utilizes the double pseudonym method to hide the real identity of vehicles and adopts the dynamic update technology to periodically update the information (such as member secret, authentication key, internal pseudo-identity) stored in the tamper-proof device to prevent the side-channel attack. Because of not using bilinear pairing, our scheme yields a better performance in terms of computation overhead and communication overhead, and is more suitable to be applied in the Internet of Vehicles.

Privacy-Preserving Authentication Using a Double Pseudonym for Internet of Vehicles

Directory of Open Access Journals (Sweden)

Jie Cui

2018-05-01

Full Text Available The Internet of Vehicles (IoV plays an important role in smart transportation to reduce the drivers’s risk of having an accident and help them manage small emergencies. Therefore, security and privacy issues of the message in the tamper proof device (TPD broadcasted to other vehicles and roadside units (RSUs have become an important research subject in the field of smart transportation. Many authentication schemes are proposed to tackle the challenges above and most of them are heavy in computation and communication. In this paper, we propose a novel authentication scheme that utilizes the double pseudonym method to hide the real identity of vehicles and adopts the dynamic update technology to periodically update the information (such as member secret, authentication key, internal pseudo-identity stored in the tamper-proof device to prevent the side-channel attack. Because of not using bilinear pairing, our scheme yields a better performance in terms of computation overhead and communication overhead, and is more suitable to be applied in the Internet of Vehicles.

Privacy-Preserving Authentication Using a Double Pseudonym for Internet of Vehicles

Science.gov (United States)

Xu, Wenyu; Zhang, Jing; Xu, Yan; Liu, Lu

2018-01-01

The Internet of Vehicles (IoV) plays an important role in smart transportation to reduce the drivers’s risk of having an accident and help them manage small emergencies. Therefore, security and privacy issues of the message in the tamper proof device (TPD) broadcasted to other vehicles and roadside units (RSUs) have become an important research subject in the field of smart transportation. Many authentication schemes are proposed to tackle the challenges above and most of them are heavy in computation and communication. In this paper, we propose a novel authentication scheme that utilizes the double pseudonym method to hide the real identity of vehicles and adopts the dynamic update technology to periodically update the information (such as member secret, authentication key, internal pseudo-identity) stored in the tamper-proof device to prevent the side-channel attack. Because of not using bilinear pairing, our scheme yields a better performance in terms of computation overhead and communication overhead, and is more suitable to be applied in the Internet of Vehicles. PMID:29735941

Secure Rateless Deluge: Pollution-Resistant Reprogramming and Data Dissemination for Wireless Sensor Networks

NARCIS (Netherlands)

Law, Y.W.; Zhang, Yu; Jin meifang, J.; Palaniswami, Marimuthu; Havinga, Paul J.M.

A network reprogramming protocol is made for updating the firmware of a wireless sensor network (WSN) in situ. For security reasons, every firmware update must be authenticated to prevent an attacker from installing its code in the network. While existing schemes can provide authentication services,

Efficient and Anonymous Authentication Scheme for Wireless Body Area Networks.

Science.gov (United States)

Wu, Libing; Zhang, Yubo; Li, Li; Shen, Jian

2016-06-01

As a significant part of the Internet of Things (IoT), Wireless Body Area Network (WBAN) has attract much attention in this years. In WBANs, sensors placed in or around the human body collect the sensitive data of the body and transmit it through an open wireless channel in which the messages may be intercepted, modified, etc. Recently, Wang et al. presented a new anonymous authentication scheme for WBANs and claimed that their scheme can solve the security problems in the previous schemes. Unfortunately, we demonstrate that their scheme cannot withstand impersonation attack. Either an adversary or a malicious legal client could impersonate another legal client to the application provider. In this paper, we give the detailed weakness analysis of Wang et al.'s scheme at first. Then we present a novel anonymous authentication scheme for WBANs and prove that it's secure under a random oracle model. At last, we demonstrate that our presented anonymous authentication scheme for WBANs is more suitable for practical application than Wang et al.'s scheme due to better security and performance. Compared with Wang et al.'s scheme, the computation cost of our scheme in WBANs has reduced by about 31.58%.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

Science.gov (United States)

2014-02-01

attack is also similar to those that rely on misbehaving receivers and optimistic ACKs to bypass flow control protocol mechanisms [40]–[42]. In particular...thank the anonymous reviewers for their feedback and suggestions, Damon McCoy for discussions about misbehaving receivers and authenticated signals...ping-o-death. html. [40] S. Savage, N. Cardwell, D. Wetherall, and T. Anderson, “TCP Con- gestion Control with a Misbehaving Receiver,” ACM SIGCOMM CCR

Qubit authentication

International Nuclear Information System (INIS)

Curty, Marcos; Santos, David J.; Perez, Esther; Garcia-Fernandez, Priscila

2002-01-01

Secure communication requires message authentication. In this paper we address the problem of how to authenticate quantum information sent through a quantum channel between two communicating parties with the minimum amount of resources. Specifically, our objective is to determine whether one elementary quantum message (a qubit) can be authenticated with a key of minimum length. We show that, unlike the case of classical-message quantum authentication, this is not possible

Authentic feminist? Authenticity and feminist identity in teenage feminists' talk.

Science.gov (United States)

Calder-Dawe, Octavia; Gavey, Nicola

2017-12-01

This article explores how young people's feminist identities take shape in conjunction with a contemporary ideal of personal authenticity: to know and to express the 'real me'. Drawing from interviews with 18 teenagers living in Auckland, New Zealand, we examine a novel convergence of authenticity and feminism in participants' identity talk. For social psychologists interested in identity and politics, this convergence is intriguing: individualizing values such as authenticity are generally associated with disengagement with structural critique and with a repudiation of politicized and activist identities. Rather than seeking to categorize authentic feminism as an instance of either 'good/collective' or 'bad/individualized' feminist politics, we use discourse analysis to examine how the identity position of authentic feminist was constructed and to explore implications for feminist politics. On one hand, interviewees mobilized authentic feminism to affirm their commitment to normative liberal values of authenticity and self-expression. At the same time, the position of authentic feminist appeared to authorize risky feminist identifications and to justify counter-normative feelings, desires, and actions. To conclude, we explore how encountering others' intolerance of authentic feminism exposed interviewees to the limits of authenticity discourse, propelling some towards new understandings of the social world and their space for action within it. © 2017 The British Psychological Society.

A Composed Protocol of Quantum Identity Authentication Plus Quantum Key Distribution Based on Squeezed States

International Nuclear Information System (INIS)

Zhang Sheng; Wang Jian; Tang Chaojing; Zhang Quan

2011-01-01

It is established that a single quantum cryptography protocol usually cooperates with other cryptographic systems, such as an authentication system, in the real world. However, few protocols have been proposed on how to combine two or more quantum protocols. To fill this gap, we propose a composed quantum protocol, containing both quantum identity authentication and quantum key distribution, using squeezed states. Hence, not only the identity can be verified, but also a new private key can be generated by our new protocol. We also analyze the security under an optimal attack, and the efficiency, which is defined by the threshold of the tolerant error rate, using Gaussian error function. (general)

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

Science.gov (United States)

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

Science.gov (United States)

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

A Secure Mobile-Based Authentication System for e-Banking

Science.gov (United States)

Rifà-Pous, Helena

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

Cryptanalysis and improvement of quantum broadcast communication and authentication protocol with a quantum one-time pad

International Nuclear Information System (INIS)

Liu Zhi-Hao; Chen Han-Wu

2016-01-01

The security of quantum broadcast communication (QBC) and authentication protocol based on Greenberger–Horne–Zeilinger (GHZ) state and quantum one-time pad is analyzed. It is shown that there are some security issues in this protocol. Firstly, an external eavesdropper can take the intercept–measure–resend attack strategy to eavesdrop on 0.369 bit of every bit of the identity string of each receiver without being detected. Meanwhile, 0.524 bit of every bit of the secret message can be eavesdropped on without being detected. Secondly, an inner receiver can take the intercept–measure–resend attack strategy to eavesdrop on half of the identity string of the other’s definitely without being checked. In addition, an alternative attack called the CNOT-operation attack is discussed. As for the multi-party QBC protocol, the attack efficiency increases with the increase of the number of users. Finally, the QBC protocol is improved to a secure one. (paper)

Authenticating the Leader

DEFF Research Database (Denmark)

Garmann Johnsen, Christian

2018-01-01

In the wake of a series of corporate scandals, there has been a growing call for authentic leadership in order to ensure ethical conduct in contemporary organizations. Authentic leadership, however, depends upon the ability to draw a distinction between the authentic and inauthentic leader......’s inverted Platonism, the paper challenges the practice by which authentic leaders are distinguished from inauthentic leaders. In conclusion, the paper suggests that an adequate concept of authentic leadership should consider how ethics can occur when the authentic leader is able to critically reflect his...

Analysis Of Default Passwords In Routers Against Brute-Force Attack

OpenAIRE

Mohammed Farik; ABM Shawkat Ali

2015-01-01

Abstract Password authentication is the main means of access control on network routers and router manufacturers provide a default password for initial login to the router. While there has been many publications regarding the minimum requirements of a good password how widely the manufacturers themselves are adhering to the minimum standards and whether these passwords can withstand brute-force attack are not widely known. The novelty of this research is that this is the first time default...

TCPL: A Defense against wormhole attacks in wireless sensor networks

International Nuclear Information System (INIS)

Kumar, K. E. Naresh; Waheed, Mohd. Abdul; Basappa, K. Kari

2010-01-01

Do In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many sensor network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

An Efficient V2I Authentication Scheme for VANETs

Directory of Open Access Journals (Sweden)

Yousheng Zhou

2018-01-01

Full Text Available The advent of intelligent transportation system has a crucial impact on the traffic safety and efficiency. To cope with security issues such as spoofing attack and forgery attack, many authentication schemes for vehicular ad hoc networks (VANETs have been developed, which are based on the hypothesis that secret keys are kept perfectly secure. However, key exposure is inevitable on account of the openness of VANET environment. To address this problem, key insulation is introduced in our proposed scheme. With a helper device, vehicles could periodically update their own secret keys. In this way, the forward and backward secrecy has been achieved. In addition, the elliptic curve operations have been integrated to improve the performance. The random oracle model is adopted to prove the security of the proposed scheme, and the experiment has been conducted to demonstrate the comparison between our scheme and the existing similar schemes.

An improved anonymous authentication scheme for roaming in ubiquitous networks.

Science.gov (United States)

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick; Won, Dongho

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

An improved anonymous authentication scheme for roaming in ubiquitous networks.

Directory of Open Access Journals (Sweden)

Hakjun Lee

Full Text Available With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

AUTHENTICATION ARCHITECTURE USING THRESHOLD CRYPTOGRAPHY IN KERBEROS FOR MOBILE AD HOC NETWORKS

Directory of Open Access Journals (Sweden)

Hadj Gharib

2014-06-01

Full Text Available The use of wireless technologies is gradually increasing and risks related to the use of these technologies are considerable. Due to their dynamically changing topology and open environment without a centralized policy control of a traditional network, a mobile ad hoc network (MANET is vulnerable to the presence of malicious nodes and attacks. The ideal solution to overcome a myriad of security concerns in MANET’s is the use of reliable authentication architecture. In this paper we propose a new key management scheme based on threshold cryptography in kerberos for MANET’s, the proposed scheme uses the elliptic curve cryptography method that consumes fewer resources well adapted to the wireless environment. Our approach shows a strength and effectiveness against attacks.

PKI Layer Cake: New Collision Attacks against the Global X.509 Infrastructure

Science.gov (United States)

Kaminsky, Dan; Patterson, Meredith L.; Sassaman, Len

Research unveiled in December of 2008 [15] showed how MD5's long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary root certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized - first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson [4], EV does not prevent an attacker who can synthesize or acquire a "low assurance" certificate for a given name from acquiring the "green bar" EV experience.

System and method for authentication

Science.gov (United States)

Duerksen, Gary L.; Miller, Seth A.

2015-12-29

Described are methods and systems for determining authenticity. For example, the method may include providing an object of authentication, capturing characteristic data from the object of authentication, deriving authentication data from the characteristic data of the object of authentication, and comparing the authentication data with an electronic database comprising reference authentication data to provide an authenticity score for the object of authentication. The reference authentication data may correspond to one or more reference objects of authentication other than the object of authentication.

Post-Session Authentication

OpenAIRE

Ahmed , Naveed; Jensen , Christian ,

2012-01-01

Part 1: Full Papers; International audience; Entity authentication provides confidence in the claimed identity of a peer entity, but the manner in which this goal is achieved results in different types of authentication. An important factor in this regard is the order between authentication and the execution of the associated session. In this paper, we consider the case of post-session authentication, where parties authenticate each other at the end of their interactive session. This use of a...

Multi-factor authentication

Science.gov (United States)

Hamlet, Jason R; Pierson, Lyndon G

2014-10-21

Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

OPERATION COBRA. Deliberate Attack, Exploitation

Science.gov (United States)

1984-05-25

to attack Sens, then continue to Troyes , on the Seine River. CCA was in the north, crossing the Loing River at Souppes against light resistance and...advanced from Troyes and prepared positions close to Sens. Under strong artillery support, a task force from CCA (TF Oden) attacked the enemy frontally...movement towards the Seine River on 24 August with an advance toward Troyes . Facing the combat command were what remained of the 51st SS Brigade, light

Fault attacks, injection techniques and tools for simulation

NARCIS (Netherlands)

Piscitelli, R.; Bhasin, S.; Regazzoni, F.

2015-01-01

Faults attacks are a serious threat to secure devices, because they are powerful and they can be performed with extremely cheap equipment. Resistance against fault attacks is often evaluated directly on the manufactured devices, as commercial tools supporting fault evaluation do not usually provide

Improving the Authentication Scheme and Access Control Protocol for VANETs

Directory of Open Access Journals (Sweden)

Wei-Chen Wu

2014-11-01

Full Text Available Privacy and security are very important in vehicular ad hoc networks (VANETs. VANETs are negatively affected by any malicious user’s behaviors, such as bogus information and replay attacks on the disseminated messages. Among various security threats, privacy preservation is one of the new challenges of protecting users’ private information. Existing authentication protocols to secure VANETs raise challenges, such as certificate distribution and reduction of the strong reliance on tamper-proof devices. In 2011, Yeh et al. proposed a PAACP: a portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks. However, PAACP in the authorization phase is breakable and cannot maintain privacy in VANETs. In this paper, we present a cryptanalysis of an attachable blind signature and demonstrate that the PAACP’s authorized credential (AC is not secure and private, even if the AC is secretly stored in a tamper-proof device. An eavesdropper can construct an AC from an intercepted blind document. Any eavesdropper can determine who has which access privileges to access which service. For this reason, this paper copes with these challenges and proposes an efficient scheme. We conclude that an improving authentication scheme and access control protocol for VANETs not only resolves the problems that have appeared, but also is more secure and efficient.

Understanding Keystroke Dynamics for Smartphone Users Authentication and Keystroke Dynamics on Smartphones Built-In Motion Sensors

Directory of Open Access Journals (Sweden)

Hyungu Lee

2018-01-01

Full Text Available Personal Identification Numbers (PINs and pattern drawing have been used as common authentication methods especially on smartphones. Such methods, however, are very vulnerable to the shoulder surfing attack. Thus, keystroke dynamics that authenticate legitimate users based on their typing manner have been studied for years. However, many of the studies have focused on PC keyboard keystrokes. More studies on mobile and smartphones keystroke dynamics are warranted; as smartphones make progress in both hardware and software, features from smartphones have been diversified. In this paper, using various features including keystroke data such as time interval and motion data such as accelerometers and rotation values, we evaluate features with motion data and without motion data. We also compare 5 formulas for motion data, respectively. We also demonstrate that opposite gender match between a legitimate user and impostors has influence on authenticating by our experiment results.

Tibetan Interpretations of Authenticity

DEFF Research Database (Denmark)

Sobisch, Jan-Ulrich

2015-01-01

The four means of authentication are arguments for the authentication of Buddhist teachings in a Tibetan tradition. Different traditions emphasize different means of authentication. These reveal interesting facts about the self-image of these traditions.......The four means of authentication are arguments for the authentication of Buddhist teachings in a Tibetan tradition. Different traditions emphasize different means of authentication. These reveal interesting facts about the self-image of these traditions....

Invertible chaotic fragile watermarking for robust image authentication

International Nuclear Information System (INIS)

Sidiropoulos, Panagiotis; Nikolaidis, Nikos; Pitas, Ioannis

2009-01-01

Fragile watermarking is a popular method for image authentication. In such schemes, a fragile signal that is sensitive to manipulations is embedded in the image, so that it becomes undetectable after any modification of the original work. Most algorithms focus either on the ability to retrieve the original work after watermark detection (invertibility) or on detecting which image parts have been altered (localization). Furthermore, the majority of fragile watermarking schemes suffer from robustness flaws. We propose a new technique that combines localization and invertibility. Moreover, watermark dependency on the original image and the non-linear watermark embedding procedure guarantees that no malicious attacks will manage to create information leaks.

Key Management Strategies for Safeguards Authentication and Encryption

International Nuclear Information System (INIS)

Coram, M.; Hymel, R.; McDaniel, M.; Brotz, J.

2015-01-01

Management of cryptographic keys for the authentication and encryption of safeguards data can be the critical weak link in the practical implementation of information security. Within the safeguards community, there is the need to validate that data has not been modified at any point since generation and that it was generated by the monitoring node and not an imposter. In addition, there is the need for that data to be transmitted securely between the monitoring node and the monitoring party such that it cannot be intercepted and read while in transit. Encryption and digital signatures support the required confidentiality and authenticity but challenges exist in managing the cryptographic keys they require. Technologies developed at Sandia National Laboratories have evolved in their use of an associated key management strategy. The first generation system utilized a shared secret key for digital signatures. While fast and efficient, it required that a list of keys be maintained and protected. If control of the key was lost, fraudulent data could be made to look authentic. The second generation changed to support public key / private key cryptography. The key pair is generated by the system, the public key shared, and the private key held internally. This approach eliminated the need to maintain the list of keys. It also allows the public key to be provided to anyone needing to authenticate the data without allowing them to spoof data. A third generation system, currently under development, improves upon the public key / private key approach to address a potential man-in-the-middle attack related to the sharing of the public key. In a planned fourth generation system, secure key exchange protocols will distribute session keys for encryption, eliminating another fixed set of keys utilized by the technology and allowing for periodic renegotiation of keys for enhanced security. (author)

Analysis Of Default Passwords In Routers Against Brute-Force Attack

Directory of Open Access Journals (Sweden)

Mohammed Farik

2015-08-01

Full Text Available Abstract Password authentication is the main means of access control on network routers and router manufacturers provide a default password for initial login to the router. While there has been many publications regarding the minimum requirements of a good password how widely the manufacturers themselves are adhering to the minimum standards and whether these passwords can withstand brute-force attack are not widely known. The novelty of this research is that this is the first time default passwords have been analyzed and documented from such a large variety of router models to reveal password strengths or weaknesses against brute-force attacks. Firstly individual default router password of each model was collected tabulated and tested using password strength meter for entropy. Then descriptive statistical analysis was performed on the tabulated data. The analysis revealed quantitatively how strong or weak default passwords are against brute-force attacks. The results of this research give router security researchers router manufacturers router administrators a useful guide on the strengths and weaknesses of passwords that follow similar patterns.

Resistance of Particleboards Made from Fast-Growing Wood Species to Subterranean Termite Attack.

Science.gov (United States)

Hermawan, Dede; Hadi, Yusuf S; Fajriani, Esi; Massijaya, Muhamad Y; Hadjib, Nurwati

2012-05-29

Laboratory-made particleboards were tested for their resistance to subterranean termite, Coptotermes curvignathus Holmgren (Order Isoptera, Family Termitidae) by Indonesian standard SNI 01.7207-2006, during four weeks and at the end of the test their mass loss percentage and feeding rate were determined. Particleboards consisted of: jabon (Anthocephalus cadamba, Family Rubiacea) with a density of 0.41 g/cm³; sungkai (Peronema canescens, Family Verbenaceae) with a density of 0.46 g/cm³; mangium (Acacia mangium, Family Rhamnaceae) with a density of 0.60 g/cm³ separately and the three species mixture at a rate of 1:1:1. Densities of the boards were targetted at 0.60 g/cm³ and 0.80 g/cm³ by using 12% urea formaldehyde as binder with 2% paraffin as additive based on oven dry wood particle weight. The hand-formed mats and hot-pressing at 130 °C and 2.45 MPa for 10 min were applied. The results showed that particleboards density did not affect mass loss and feeding rate, but the particleboards made from higher density wood resulted in higher resistance to subterranean termite attack. The most resistant particleboards were made of magium, followed by sungkai, mixed species, and jabon.

An improved anonymous authentication scheme for roaming in ubiquitous networks

Science.gov (United States)

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments. PMID:29505575

Quantum tagging: Authenticating location via quantum information and relativistic signaling constraints

Energy Technology Data Exchange (ETDEWEB)

Kent, Adrian; Munro, William J.; Spiller, Timothy P. [Centre for Quantum Information and Foundations, DAMTP, University of Cambridge, Cambridge, United Kingdom and Perimeter Institute for Theoretical Physics, Waterloo, Ontario (Canada); NTT Basic Research Laboratories, NTT Corporation, 3-1 Morinosato-Wakamiya, Atsugi-shi, Kanagawa 243-0198 (Japan); Quantum Information Science, School of Physics and Astronomy, University of Leeds, Leeds LS2 9JT (United Kingdom)

2011-07-15

We define the task of quantum tagging, that is, authenticating the classical location of a classical tagging device by sending and receiving quantum signals from suitably located distant sites, in an environment controlled by an adversary whose quantum information processing and transmitting power is unbounded. We define simple security models for this task and briefly discuss alternatives. We illustrate the pitfalls of naive quantum cryptographic reasoning in this context by describing several protocols which at first sight appear unconditionally secure but which, as we show, can in fact be broken by teleportation-based attacks. We also describe some protocols which cannot be broken by these specific attacks, but do not prove they are unconditionally secure. We review the history of quantum tagging protocols, and show that protocols previously proposed by Malaney and Chandran et al. are provably insecure.

Staphyloxanthin photobleaching sensitizes methicillin-resistant Staphylococcus aureus to reactive oxygen species attack

Science.gov (United States)

Dong, Pu-Ting; Mohammad, Haroon; Hui, Jie; Wang, Xiaoyu; Li, Junjie; Liang, Lijia; Seleem, Mohamed N.; Cheng, Ji-Xin

2018-02-01

Given that the dearth of new antibiotic development loads an existential burden on successful infectious disease therapy, health organizations are calling for alternative approaches to combat methicillin-resistant Staphylococcus aureus (MRSA) infections. Here, we report a drug-free photonic approach to eliminate MRSA through photobleaching of staphyloxanthin, an indispensable membrane-bound antioxidant of S. aureus. The photobleaching process, uncovered through a transient absorption imaging study and quantitated by absorption spectroscopy and mass spectrometry, decomposes staphyloxanthin, and sensitizes MRSA to reactive oxygen species attack. Consequently, staphyloxanthin bleaching by low-level blue light eradicates MRSA synergistically with external or internal reactive oxygen species. The effectiveness of this synergistic therapy is validated in MRSA culture, MRSAinfected macrophage cells. Collectively, these findings highlight broad applications of staphyloxanthin photobleaching for treatment of MRSA infections.

Faster and timing-attack resistant AES-GCM

NARCIS (Netherlands)

Käsper, E.; Schwabe, P.; Clavier, C.; Gaj, K.

2009-01-01

We present a bitsliced implementation of AES encryption in counter mode for 64-bit Intel processors. Running at 7.59 cycles/byte on a Core 2, it is up to 25% faster than previous implementations, while simultaneously offering protection against timing attacks. In particular, it is the only

eBiometrics: an enhanced multi-biometrics authentication technique for real-time remote applications on mobile devices

Science.gov (United States)

Kuseler, Torben; Lami, Ihsan; Jassim, Sabah; Sellahewa, Harin

2010-04-01

The use of mobile communication devices with advance sensors is growing rapidly. These sensors are enabling functions such as Image capture, Location applications, and Biometric authentication such as Fingerprint verification and Face & Handwritten signature recognition. Such ubiquitous devices are essential tools in today's global economic activities enabling anywhere-anytime financial and business transactions. Cryptographic functions and biometric-based authentication can enhance the security and confidentiality of mobile transactions. Using Biometric template security techniques in real-time biometric-based authentication are key factors for successful identity verification solutions, but are venerable to determined attacks by both fraudulent software and hardware. The EU-funded SecurePhone project has designed and implemented a multimodal biometric user authentication system on a prototype mobile communication device. However, various implementations of this project have resulted in long verification times or reduced accuracy and/or security. This paper proposes to use built-in-self-test techniques to ensure no tampering has taken place on the verification process prior to performing the actual biometric authentication. These techniques utilises the user personal identification number as a seed to generate a unique signature. This signature is then used to test the integrity of the verification process. Also, this study proposes the use of a combination of biometric modalities to provide application specific authentication in a secure environment, thus achieving optimum security level with effective processing time. I.e. to ensure that the necessary authentication steps and algorithms running on the mobile device application processor can not be undermined or modified by an imposter to get unauthorized access to the secure system.

Multi-user quantum key distribution based on Bell states with mutual authentication

International Nuclear Information System (INIS)

Lin Song; Huang Chuan; Liu Xiaofen

2013-01-01

A new multi-user quantum key distribution protocol with mutual authentication is proposed on a star network. Here, two arbitrary users are able to perform key distribution with the assistance of a semi-trusted center. Bell states are used as information carriers and transmitted in a quantum channel between the center and one user. A keyed hash function is utilized to ensure the identities of three parties. Finally, the security of this protocol with respect to various kinds of attacks is discussed. (paper)

An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting Attacks

Directory of Open Access Journals (Sweden)

Zheng Zhao

2017-01-01

Full Text Available Fingerprinting attacks are one of the most severe threats to the security of networks. Fingerprinting attack aims to obtain the operating system information of target hosts to make preparations for future attacks. In this paper, a fingerprint hopping method (FPH is proposed based on software-defined networks to defend against fingerprinting attacks. FPH introduces the idea of moving target defense to show a hopping fingerprint toward the fingerprinting attackers. The interaction of the fingerprinting attack and its defense is modeled as a signal game, and the equilibriums of the game are analyzed to develop an optimal defense strategy. Experiments show that FPH can resist fingerprinting attacks effectively.

An Improved Digital Signature Protocol to Multi-User Broadcast Authentication Based on Elliptic Curve Cryptography in Wireless Sensor Networks (WSNs

Directory of Open Access Journals (Sweden)

Hamed Bashirpour

2018-03-01

Full Text Available In wireless sensor networks (WSNs, users can use broadcast authentication mechanisms to connect to the target network and disseminate their messages within the network. Since data transfer for sensor networks is wireless, as a result, attackers can easily eavesdrop deployed sensor nodes and the data sent between them or modify the content of eavesdropped data and inject false data into the sensor network. Hence, the implementation of the message authentication mechanisms (in order to avoid changes and injecting messages into the network of wireless sensor networks is essential. In this paper, we present an improved protocol based on elliptic curve cryptography (ECC to accelerate authentication of multi-user message broadcasting. In comparison with previous ECC-based schemes, complexity and computational overhead of proposed scheme is significantly decreased. Also, the proposed scheme supports user anonymity, which is an important property in broadcast authentication schemes for WSNs to preserve user privacy and user untracking.

Anti-spoofing for display and print attacks on palmprint verification systems

Science.gov (United States)

Kanhangad, Vivek; Bhilare, Shruti; Garg, Pragalbh; Singh, Pranjalya; Chaudhari, Narendra

2015-05-01

A number of approaches for personal authentication using palmprint features have been proposed in the literature, majority of which focus on improving the matching performance. However, of late, preventing potential attacks on biometric systems has become a major concern as more and more biometric systems get deployed for wide range of applications. Among various types of attacks, sensor level attack, commonly known as spoof attack, has emerged as the most common attack due to simplicity in its execution. In this paper, we present an approach for detection of display and print based spoof attacks on palmprint verifcation systems. The approach is based on the analysis of acquired hand images for estimating surface re ectance. First and higher order statistical features computed from the distributions of pixel intensities and sub-band wavelet coeefficients form the feature set. A trained binary classifier utilizes the discriminating information to determine if the acquired image is of real hand or a fake one. Experiments are performed on a publicly available hand image dataset, containing 1300 images corresponding to 230 subjects. Experimental results show that the real hand biometrics samples can be substituted by the fake digital or print copies with an alarming spoof acceptance rate as high as 79.8%. Experimental results also show that the proposed spoof detection approach is very effective for discriminating between real and fake palmprint images. The proposed approach consistently achieves over 99% average 10-fold cross validation classification accuracy in our experiments.

A prototype TV-link for authentication of video information

International Nuclear Information System (INIS)

Richter, B.; Stein, G.; Neumann, G.; Gartner, K.J.

1987-01-01

In the frame of the Programme of the Federal Republic of Germany in Support of the International Atomic Energy Agency a prototype TV-link with high tamper resistance has been developed. The paper describes the technical realization of the authentication method for the transmission of video information

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

Science.gov (United States)

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Authentication Using Mobile Phones

OpenAIRE

Fusek, Z.

2015-01-01

This project deals with authentication by a mobile device. The mobile device with the operating system Android 5.0 was chosen as authentication device. The user can perform authentication with emulation of contactless chip cards by using Host-based Card Emulation, which runs via Near Field Communication, where cryptographic keys are stored in a secure environment KeyStore. The project continues with implementation of authentication via Bluetooth LE and describes application for authentization...

Resistance of Particleboards Made from Fast-Growing Wood Species to Subterranean Termite Attack

Directory of Open Access Journals (Sweden)

Nurwati Hadjib

2012-05-01

Full Text Available Laboratory-made particleboards were tested for their resistance to subterranean termite, Coptotermes curvignathus Holmgren (Order Isoptera, Family Termitidae by Indonesian standard SNI 01.7207–2006, during four weeks and at the end of the test their mass loss percentage and feeding rate were determined. Particleboards consisted of: jabon (Anthocephalus cadamba, Family Rubiacea with a density of 0.41 g/cm³; sungkai (Peronema canescens, Family Verbenaceae with a density of 0.46 g/cm³; mangium (Acacia mangium, Family Rhamnaceae with a density of 0.60 g/cm³ separately and the three species mixture at a rate of 1:1:1. Densities of the boards were targetted at 0.60 g/cm³ and 0.80 g/cm³ by using 12% urea formaldehyde as binder with 2% paraffin as additive based on oven dry wood particle weight. The hand-formed mats and hot-pressing at 130 °C and 2.45 MPa for 10 min were applied. The results showed that particleboards density did not affect mass loss and feeding rate, but the particleboards made from higher density wood resulted in higher resistance to subterranean termite attack. The most resistant particleboards were made of magium, followed by sungkai, mixed species, and jabon.

A network identity authentication protocol of bank account system based on fingerprint identification and mixed encryption

Science.gov (United States)

Zhu, Lijuan; Liu, Jingao

2013-07-01

This paper describes a network identity authentication protocol of bank account system based on fingerprint identification and mixed encryption. This protocol can provide every bank user a safe and effective way to manage his own bank account, and also can effectively prevent the hacker attacks and bank clerk crime, so that it is absolute to guarantee the legitimate rights and interests of bank users.

Privacy preservation and authentication on secure geographical routing in VANET

Science.gov (United States)

Punitha, A.; Manickam, J. Martin Leo

2017-05-01

Vehicular Ad hoc Networks (VANETs) play an important role in vehicle-to-vehicle communication as it offers a high level of safety and convenience to drivers. In order to increase the level of security and safety in VANETs, in this paper, we propose a Privacy Preservation and Authentication on Secure Geographical Routing Protocol (PPASGR) for VANET. It provides security by detecting and preventing malicious nodes through two directional antennas such as forward (f-antenna) and backward (b-antenna). The malicious nodes are detected by direction detection, consistency detection and conflict detection. The location of the trusted neighbour is identified using TNT-based location verification scheme after the implementation of the Vehicle Tamper Proof Device (VTPD), Trusted Authority (TA) is generated that produces the anonymous credentials. Finally, VTPD generates pseudo-identity using TA which retrieves the real identity of the sender. Through this approach, the authentication, integrity and confidentiality for routing packets can be achieved. The simulation results show that the proposed approach reduces the packet drop due to attack and improves the packet delivery ratio.

GRAS: A Group Reliant Authentication Scheme for V2V Communication in VANET

Directory of Open Access Journals (Sweden)

Auxeeliya Jesudoss

2013-08-01

Full Text Available Unlike fixed or wired networks, mobile ad-hoc networks pose a number of challenges for peer-to-peer communication due to their dynamic nature. This paper presents a novel framework for vehicleto- vehicle communication controlled and facilitated by a group leader within a group of vehicles. A communication model for a pure ad-hoc network is developed with much concern about the privacy and security of the system, for the ease of effective communication between vehicles with a reduced communication and computational overhead when no fixed infrastructure is present in the roadsides. In the proposed protocol, vehicles within a radio frequency form a group. They elect their leader based on some criteria who is then responsible for generating a group public and private key pair. Each vehicle is equipped with a tamper resistant OBU which is capable of generating public/private keys pairs and also self-certifies the generated keys based on one way hash chaining technique. Any vehicle joins the group communicates the group leader, authenticates itself to obtain the group key. Later, the vehicle uses the group key to send traffic related messages to the group leader who is responsible for batch verifying the authenticity of the message from different sources and one hop broadcast them to reduce the computation overhead on message verification in each vehicle. In addition, our scheme adopts the k-anonymity approach to protect user identity privacy, where an attacker cannot associate a message with the sending vehicle. Extensive analysis and simulations show that the proposed architecture provides an efficient and fully self organized system management for car-to-car communication without the need of any external infrastructure.

A QR code based zero-watermarking scheme for authentication of medical images in teleradiology cloud.

Science.gov (United States)

Seenivasagam, V; Velumani, R

2013-01-01

Healthcare institutions adapt cloud based archiving of medical images and patient records to share them efficiently. Controlled access to these records and authentication of images must be enforced to mitigate fraudulent activities and medical errors. This paper presents a zero-watermarking scheme implemented in the composite Contourlet Transform (CT)-Singular Value Decomposition (SVD) domain for unambiguous authentication of medical images. Further, a framework is proposed for accessing patient records based on the watermarking scheme. The patient identification details and a link to patient data encoded into a Quick Response (QR) code serves as the watermark. In the proposed scheme, the medical image is not subjected to degradations due to watermarking. Patient authentication and authorized access to patient data are realized on combining a Secret Share with the Master Share constructed from invariant features of the medical image. The Hu's invariant image moments are exploited in creating the Master Share. The proposed system is evaluated with Checkmark software and is found to be robust to both geometric and non geometric attacks.

A QR Code Based Zero-Watermarking Scheme for Authentication of Medical Images in Teleradiology Cloud

Directory of Open Access Journals (Sweden)

V. Seenivasagam

2013-01-01

Full Text Available Healthcare institutions adapt cloud based archiving of medical images and patient records to share them efficiently. Controlled access to these records and authentication of images must be enforced to mitigate fraudulent activities and medical errors. This paper presents a zero-watermarking scheme implemented in the composite Contourlet Transform (CT—Singular Value Decomposition (SVD domain for unambiguous authentication of medical images. Further, a framework is proposed for accessing patient records based on the watermarking scheme. The patient identification details and a link to patient data encoded into a Quick Response (QR code serves as the watermark. In the proposed scheme, the medical image is not subjected to degradations due to watermarking. Patient authentication and authorized access to patient data are realized on combining a Secret Share with the Master Share constructed from invariant features of the medical image. The Hu’s invariant image moments are exploited in creating the Master Share. The proposed system is evaluated with Checkmark software and is found to be robust to both geometric and non geometric attacks.

k-Times Anonymous Authentication

Science.gov (United States)

Teranishi, Isamu; Furukawa, Jun; Sako, Kazue

We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features: 1) no one, not even an authority, can identify users who have been authenticated within the allowable number, 2) anyone can trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

A study on the integrity and authentication of weather observation data using Identity Based Encryption.

Science.gov (United States)

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Weather information provides a safe working environment by contributing to the economic activity of the nation, and plays role of the prevention of natural disasters, which can cause large scaled casualties and damage of property. Especially during times of war, weather information plays a more important role than strategy, tactics and information about trends of the enemy. Also, it plays an essential role for the taking off and landing of fighter jet and the sailing of warships. If weather information, which plays a major role in national security and economy, gets misused for cyber terrorism resulting false weather information, it could be a huge threat for national security and the economy. We propose a plan to safely transmit the measured value from meteorological sensors through a meteorological telecommunication network in order to guarantee the confidentiality and integrity of the data despite cyber-attacks. Also, such a plan allows one to produce reliable weather forecasts by performing mutual authentication through authentication devices. To make sure of this, one can apply an Identity Based Signature to ensure the integrity of measured data, and transmit the encrypted weather information with mutual authentication about the authentication devices. There are merits of this research: It is not necessary to manage authentication certificates unlike the Public Key Infrastructure methodology, and it provides a powerful security measure with the capability to be realized in a small scale computing environment, such as the meteorological observation system due to the low burden on managing keys.

An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Medical Sensor Networks

Science.gov (United States)

Guo, Rui; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua

2013-01-01

Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient's condition to health professional's hand-held devices in time. The patient's physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient's privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks. PMID:23710147

Multiple Schemes for Mobile Payment Authentication Using QR Code and Visual Cryptography

Directory of Open Access Journals (Sweden)

Jianfeng Lu

2017-01-01

Full Text Available QR code (quick response code is used due to its beneficial properties, especially in the mobile payment field. However, there exists an inevitable risk in the transaction process. It is not easily perceived that the attacker tampers with or replaces the QR code that contains merchant’s beneficiary account. Thus, it is of great urgency to conduct authentication of QR code. In this study, we propose a novel mechanism based on visual cryptography scheme (VCS and aesthetic QR code, which contains three primary schemes for different concealment levels. The main steps of these schemes are as follows. Firstly, one original QR code is split into two shadows using VC multiple rules; secondly, the two shadows are embedded into the same background image, respectively, and the embedded results are fused with the same carrier QR code, respectively, using XOR mechanism of RS and QR code error correction mechanism. Finally, the two aesthetic QR codes can be stacked precisely and the original QR code is restored according to the defined VCS. Experiments corresponding to three proposed schemes are conducted and demonstrate the feasibility and security of the mobile payment authentication, the significant improvement of the concealment for the shadows in QR code, and the diversity of mobile payment authentication.

A Multispectral Photon-Counting Double Random Phase Encoding Scheme for Image Authentication

Directory of Open Access Journals (Sweden)

Faliu Yi

2014-05-01

Full Text Available In this paper, we propose a new method for color image-based authentication that combines multispectral photon-counting imaging (MPCI and double random phase encoding (DRPE schemes. The sparsely distributed information from MPCI and the stationary white noise signal from DRPE make intruder attacks difficult. In this authentication method, the original multispectral RGB color image is down-sampled into a Bayer image. The three types of color samples (red, green and blue color in the Bayer image are encrypted with DRPE and the amplitude part of the resulting image is photon counted. The corresponding phase information that has nonzero amplitude after photon counting is then kept for decryption. Experimental results show that the retrieved images from the proposed method do not visually resemble their original counterparts. Nevertheless, the original color image can be efficiently verified with statistical nonlinear correlations. Our experimental results also show that different interpolation algorithms applied to Bayer images result in different verification effects for multispectral RGB color images.

A multispectral photon-counting double random phase encoding scheme for image authentication.

Science.gov (United States)

Yi, Faliu; Moon, Inkyu; Lee, Yeon H

2014-05-20

In this paper, we propose a new method for color image-based authentication that combines multispectral photon-counting imaging (MPCI) and double random phase encoding (DRPE) schemes. The sparsely distributed information from MPCI and the stationary white noise signal from DRPE make intruder attacks difficult. In this authentication method, the original multispectral RGB color image is down-sampled into a Bayer image. The three types of color samples (red, green and blue color) in the Bayer image are encrypted with DRPE and the amplitude part of the resulting image is photon counted. The corresponding phase information that has nonzero amplitude after photon counting is then kept for decryption. Experimental results show that the retrieved images from the proposed method do not visually resemble their original counterparts. Nevertheless, the original color image can be efficiently verified with statistical nonlinear correlations. Our experimental results also show that different interpolation algorithms applied to Bayer images result in different verification effects for multispectral RGB color images.

Authentication Test-Based the RFID Authentication Protocol with Security Analysis

Directory of Open Access Journals (Sweden)

Minghui Wang

2014-08-01

Full Text Available To the problem of many recently proposed RFID authentication protocol was soon find security holes, we analyzed the main reason, which is that protocol design is not rigorous, and the correctness of the protocol cannot be guaranteed. To this end, authentication test method was adopted in the process of the formal analysis and strict proof to the proposed RFID protocol in this paper. Authentication Test is a new type of analysis and design method of security protocols based on Strand space model, and it can be used for most types of the security protocols. After analysis the security, the proposed protocol can meet the RFID security demand: information confidentiality, data integrity and identity authentication.

Authentication Assurance Levels

International Nuclear Information System (INIS)

Kouzes, Richard T.; Cash, James R.; Devaney, David M.; Geelhood, Bruce D.; Hansen, Randy R.; Melton, Ronald B.; Pitts, W. Karl

2002-01-01

This Common Criteria approach has been applied to create a definition of Authentication Assurance Levels that can quantify the level of assurance reached for a system subject to a set of authentication procedures. The arms-control authentication application of the Common Criteria expands on more typical information security evaluations in that it must contend with information barriers and preclude sophisticated intentional subversion attempts.

Aspects on testing methods for acid attacks on concrete - further experiments

International Nuclear Information System (INIS)

Romben, L.

1980-01-01

The report presents a number of control experiments which have been performed to verify test procedures of the resistance of concrete and concrete products. A more detailed study of the calcium dissolution and the layer dissolution process has been performed. The mechanisms which control the rate of attack in the long term are discussed. The proposed method is intended for use in studying the resistance to attacks by acid water solutions. (G.B.)

Performance analysis of chaotic and white watermarks in the presence of common watermark attacks

Energy Technology Data Exchange (ETDEWEB)

Mooney, Aidan [Department of Computer Science, NUI Maynooth, Co. Kildare (Ireland)], E-mail: amooney@cs.nuim.ie; Keating, John G. [Department of Computer Science, NUI Maynooth, Co. Kildare (Ireland)], E-mail: john.keating@nuim.ie; Heffernan, Daniel M. [Department of Mathematical Physics, NUI Maynooth, Co. Kildare (Ireland); School of Theoretical Physics, Dublin Institute for Advanced Studies, Dublin 4 (Ireland)], E-mail: dmh@thphys.nuim.ie

2009-10-15

Digital watermarking is a technique that aims to embed a piece of information permanently into some digital media, which may be used at a later stage to prove owner authentication and attempt to provide protection to documents. The most common watermark types used to date are pseudorandom number sequences which possess a white spectrum. Chaotic watermark sequences have been receiving increasing interest recently and have been shown to be an alternative to the pseudorandom watermark types. In this paper the performance of pseudorandom watermarks and chaotic watermarks in the presence of common watermark attacks is performed. The chaotic watermarks are generated from the iteration of the skew tent map, the Bernoulli map and the logistic map. The analysis focuses on the watermarked images after they have been subjected to common image distortion attacks. The capacities of each of these images are also calculated. It is shown that signals generated from lowpass chaotic signals have superior performance over the other signal types analysed for the attacks studied.

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

Science.gov (United States)

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2015-09-01

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to

Authentic leadership to the future

Directory of Open Access Journals (Sweden)

Dimovski Vlado

2012-01-01

Full Text Available Authentic leadership is the latest evolutionary stage in leadership development and emphasizes the leader's authenticity. The construct of authenticity was researched by ancient Greek philosophers as 'know thy-self ', and 'thy true self '. Authentic leadership began to develop after 2004. The main reason why the researchers place so much attention to authentic leadership is fact that authentic leadership reaches all of the employees in organizations. Authentic leaders must identify the strengths of their followers and help them with their development and integration towards a common goal, purpose, vision and identity of the organization. Authentic leadership is seen as the final stage in the development of leadership styles, properties of this leadership style, and the consequences of this style have not been fully explored. In our paper we will explore this new style of leadership and its implications.

Performance Evaluation of Public Key Based Authentication in Future Mobile Communication Systems

Directory of Open Access Journals (Sweden)

Kambourakis Georgios

2004-01-01

Full Text Available While mobile hosts are evolving into full-IP enabled devices, there is a greater demand to provide a more flexible, reconfigurable, and scalable security mechanism in mobile communication systems beyond 3G (B3G. Work has already begun on such an “all-IP” end-to-end solution, commonly referred to as 4G systems. Fully fledged integration between heterogeneous networks, such as 2.5G, UMTS, WLAN, Bluetooth, and the Internet, demands fully compatible, time-tested, and reliable mechanisms to depend on. SSL protocol has proved its effectiveness in the wired Internet and it will probably be the most promising candidate for future wireless environments. In this paper, we discuss existing problems related to authentication and key agreement (AKA procedures, such as compromised authentication vectors attacks, as they appear in current 2/2.5G/3G mobile communication systems, and propose how SSL, combined with public key infrastructure (PKI elements, can be used to overcome these vulnerabilities. In this B3G environment, we perceive authentication as a service, which has to be performed at the higher protocol layers irrespective of the underlying network technology. Furthermore, we analyze the effectiveness of such a solution, based on measurements of a “prototype” implementation. Performance measurements indicate that SSL-based authentication can be possible in terms of service time in future wireless systems, while it can simultaneously provide both the necessary flexibility to network operators and a high level of confidence to end users.

Speaker Authentication

CERN Document Server

Li, Qi (Peter)

2012-01-01

This book focuses on use of voice as a biometric measure for personal authentication. In particular, "Speaker Recognition" covers two approaches in speaker authentication: speaker verification (SV) and verbal information verification (VIV). The SV approach attempts to verify a speaker’s identity based on his/her voice characteristics while the VIV approach validates a speaker’s identity through verification of the content of his/her utterance(s). SV and VIV can be combined for new applications. This is still a new research topic with significant potential applications. The book provides with a broad overview of the recent advances in speaker authentication while giving enough attention to advanced and useful algorithms and techniques. It also provides a step by step introduction to the current state of the speaker authentication technology, from the fundamental concepts to advanced algorithms. We will also present major design methodologies and share our experience in developing real and successful speake...

Authentic leadership: becoming and remaining an authentic nurse leader.

Science.gov (United States)

Murphy, Lin G

2012-11-01

This article explores how chief nurse executives became and remained authentic leaders. Using narrative inquiry, this qualitative study focused on the life stories of participants. Results demonstrate the importance of reframing, reflection in alignment with values, and the courage needed as nurse leaders progress to authenticity.

Converse PUF-based authentication

NARCIS (Netherlands)

Kocabas, U.; Peter, Andreas; Katzenbeisser, S.; Sadeghi, A.

Physically Unclonable Functions (PUFs) are key tools in the construction of lightweight authentication and key exchange protocols. So far, all existing PUF-based authentication protocols follow the same paradigm: A resource-constrained prover, holding a PUF, wants to authenticate to a resource-rich

Multi-Factor Authentication: A Survey

Directory of Open Access Journals (Sweden)

Aleksandr Ometov

2018-01-01

Full Text Available Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA starting from Single-Factor Authentication (SFA and through Two-Factor Authentication (2FA. Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.

AUTHENTICITY IN THE BLOGOSPHERE

Directory of Open Access Journals (Sweden)

Waclaw Branicki

2010-01-01

Full Text Available The primary purpose of this article is to answer the question of whether writing a blog defined as a personal diary can help to better understand himself. Self-awareness is a prerequisite for authentic existence. In the first part analyzed the concept of authenticity. Pointed out the relationship of authenticity to the categories of freedom, truth and responsibility. The second part presents the relationship between authentic existence and the process of self-disclosure, which may take place in the blogosphere. In the third part presents the question whether a writing blog affects the level authenticity of existence. It was recognized that a key element of this phenomenon is the sense of responsibility.

The Authentic Personality: A Theoretical and Empirical Conceptualization and the Development of the Authenticity Scale

Science.gov (United States)

Wood, Alex M.; Linley, P. Alex; Maltby, John; Baliousis, Michael; Joseph, Stephen

2008-01-01

This article describes the development of a measure of dispositional authenticity and tests whether authenticity is related to well-being, as predicted by several counseling psychology perspectives. Scales were designed to measure a tripartite conception of authenticity, comprising self-alienation, authentic living, and accepting external…

Authentication Without Secrets

Energy Technology Data Exchange (ETDEWEB)

Pierson, Lyndon G. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Robertson, Perry J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-11-01

This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integrity of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.

Discovering your authentic leadership.

Science.gov (United States)

George, Bill; Sims, Peter; McLean, Andrew N; Mayer, Diana

2007-02-01

The ongoing problems in business leadership over the past five years have underscored the need for a new kind of leader in the twenty-first century: the authentic leader. Author Bill George, a Harvard Business School professor and the former chairman and CEO of Medtronic, and his colleagues, conducted the largest leadership development study ever undertaken. They interviewed 125 business leaders from different racial, religious, national, and socioeconomic backgrounds to understand how leaders become and remain authentic. Their interviews showed that you do not have to be born with any particular characteristics or traits to lead. You also do not have to be at the top of your organization. Anyone can learn to be an authentic leader. The journey begins with leaders understanding their life stories. Authentic leaders frame their stories in ways that allow them to see themselves not as passive observers but as individuals who learn from their experiences. These leaders make time to examine their experiences and to reflect on them, and in doing so they grow as individuals and as leaders. Authentic leaders also work hard at developing self-awareness through persistent and often courageous self-exploration. Denial can be the greatest hurdle that leaders face in becoming self-aware, but authentic leaders ask for, and listen to, honest feedback. They also use formal and informal support networks to help them stay grounded and lead integrated lives. The authors argue that achieving business results over a sustained period of time is the ultimate mark of authentic leadership. It may be possible to drive short-term outcomes without being authentic, but authentic leadership is the only way to create long-term results.

A Review Of Authentication Methods

OpenAIRE

Nilesh A. Lal; Salendra Prasad; Mohammed Farik

2015-01-01

Authentication is process of granting a user access to an information system. There are three main types of authentication mechanisms password entry smart card and biometric. Each authentication mechanism functions differently and has their strengths and weakness. In this paper we review different types of authentication mechanisms their vulnerabilities and recommend novel solutions.

Richard Peters and Valuing Authenticity

Science.gov (United States)

Degenhardt, M. A. B.

2009-01-01

Richard Peters has been praised for the authenticity of his philosophy, and inquiry into aspects of the development of his philosophy reveals a profound authenticity. Yet authenticity is something he seems not to favour. The apparent paradox is resolved by observing historical changes in the understanding of authenticity as an important value.…

STUDENTS’ POTENTIAL FOR AUTHENTIC LEADERSHIP

OpenAIRE

Djurdja Solesa-Grijak; Dragan Solesa; Nedjo Kojic

2015-01-01

To know yourself and to act accordingly has been seen as a moral imperative throughout history. The aim of this research was to determine potential of students for authentic leadership and relation between their authentic personality and potential for authentic leadership. The sample consisted of students (N=133) from Serbia (male – 59% and female – 41%). The average age of students was M=21.9. Instruments used were Authenticity Scale (Wood et al., 2008) and Authentic Leadership Self-Assessme...

Security Enhancement of Knowledge-based User Authentication through Keystroke Dynamics

Directory of Open Access Journals (Sweden)

Roy Soumen

2016-01-01

Full Text Available Keystroke Dynamics is a behavioural biometrics characteristic in Biometric science, which solve the issues in user identification or verification. In Knowledge-based user authentication technique, we compromise with PIN or password which is unsafe due to different type of attacks. It is good to choose password with the combination of upper and lower case letter with some digits and symbols, but which is very hard to remember or generally we forget to distinguish those passwords for different access control systems. Our system not only takes the users’ entered texts but their typing style is also account for. In our experiment, we have not taken hard password type texts, we have chosen some daily used words where users are habituated and comfortable at typing and we obtained the consisting typing pattern. Different distance-based and data mining algorithms we have applied on collected typing pattern and obtained impressive results. As per our experiment, if we use keystroke dynamics in existing knowledge based user authentication system with minimum of five daily used common texts then it increases the security level up to 97.6% to 98.2% (if we remove some of the irrelevant feature sets.

A Review Of Authentication Methods

Directory of Open Access Journals (Sweden)

Nilesh A. Lal

2015-08-01

Full Text Available Authentication is process of granting a user access to an information system. There are three main types of authentication mechanisms password entry smart card and biometric. Each authentication mechanism functions differently and has their strengths and weakness. In this paper we review different types of authentication mechanisms their vulnerabilities and recommend novel solutions.

Contesting Racialization: Asian Immigrant Teachers' Critiques and Claims of Teacher Authenticity

Science.gov (United States)

Subedi, Binaya

2008-01-01

Research on how racialization operates in immigrant context, particularly in relation to immigrant teachers, is marginalized as an area of inquiry in US educational research. This paper examines how immigrant teachers negotiated ideological and resistant notions of teacher authenticity in US school settings. In particular, the author examines how…

An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6

Directory of Open Access Journals (Sweden)

Yiqin Lu

2017-01-01

Full Text Available The Neighbor Discovery Protocol (NDP is one of the main protocols in the Internet Protocol version 6 (IPv6 suite, and it provides many basic functions for the normal operation of IPv6 in a local area network (LAN, such as address autoconfiguration and address resolution. However, it has many vulnerabilities that can be used by malicious nodes to launch attacks, because the NDP messages are easily spoofed without protection. Surrounding this problem, many solutions have been proposed for securing NDP, but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes, which is inevitable in the traditional distributed networks. Nevertheless, Software-Defined Networking (SDN provides a new perspective to think about protecting NDP. In this paper, we proposed an SDN-based authentication mechanism to verify the identity of NDP packets transmitted in a LAN. Using the centralized control and programmability of SDN, it can effectively prevent the spoofing attacks and other derived attacks based on spoofing. In addition, this mechanism needs no additional protocol supporting or configuration at hosts and routers and does not introduce any dedicated devices.

Authenticity, Best Interest, and Clinical Nudging.

Science.gov (United States)

Holm, Søren

2017-03-01

In this issue of the Hastings Center Report, Moti Gorin, Steven Joffe, Neal Dickert, and Scott Halpern offer a comprehensive defense of the use of nudging techniques in the clinical context, with the aim of promoting the best interests of patients. Their argument is built on three important claims: Nudging is ubiquitous and inescapable in clinical choice situations, and there is no neutral way of informing patients about their treatment choices; many patients do not have authentic (preexisting) preferences concerning their treatment choices, and those that do can easily resist nudging; and, finally, since many people lack authentic preferences and those that do can still act on their preferences, nudging in the patients' best interest is justified. I agree with the authors that if these three claims stand up to scrutiny, then they will provide a justification for many types of clinical nudging. I am, however, skeptical as to whether the claims can be sustained, despite the valiant efforts of Gorin and colleagues. © 2017 The Hastings Center.

Algorithm To Ensure And Enforce Brute-Force Attack-Resilient Password In Routers

OpenAIRE

Mohammed Farik; ABM Shawkat Ali

2015-01-01

Abstract Issues of weak login passwords arising from default passwords in wired and wireless routers has been a concern for more than a decade. In this research we develop and test an algorithm to ensure and enforce passwords in routers that are resistant to brute-force attack. A comparative analysis is performed to show the improved strengths of passwords derived via this algorithm. Implementation of this algorithm in routers will ensure setup of brute-force attack resistant passwords.

AUTHENTIC LEADERSHIP IN EDUCATIONAL INSTITUTIONS

Directory of Open Access Journals (Sweden)

Nebojsa Pavlovic

2015-06-01

Full Text Available This work investigates authentic leadership models in the organizational culture of a school. The aim of this quantitative research is to define the factors of authentic leadership in educational institutions in order to provide answers to the questions related to the existence of specific authentic leadership in a school. The sample included 227 randomly selected directors of secondary and primary schools in the former Yugoslav republics: Serbia, Montenegro, and the Republic Srpska. The research included the use of an ALQ questionnaire for the estimation of leadership behavior. The components of authentic leadership are defined using factor analysis and other statistics techniques. The findings developed in this research indicated the fact that directors in educational institutions have a specific authentic leadership style. We suggest the concept of authentic leadership based on the four following factors: Communication-conformist, self-consciousness, self-discovery, and self-concept. Supporting these factors provides the directors with the possibility of obtaining a high level of authentic leadership.

Security Gaps In Authentication Factor Credentials

Directory of Open Access Journals (Sweden)

Neeraj A. Sharma

2015-08-01

Full Text Available Authentication factors refer to user login credentials that a user supplies to an authentication process for it to decide whether to grant or deny access. While two-factor and three-factor authentication generally provides better security than one-factor authentication the aim of this paper is to review security in individual authentication factor credentials that are in use nowadays. These credentials will be discussed in factor categories knowledge factor possession factor and inherence factor. The paper details current security gaps and some novel approaches to diminish the gaps in these authentication factors. We believe that our recommendations will inspire development of better authentication credentials and systems.

Security analysis and improvements of authentication and access control in the Internet of Things.

Science.gov (United States)

Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

2014-08-13

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

Effect of sodium sulphate attack on the resistance to flexion, formation of expansive compounds and microcracking in cement paste; Efeito do ataque por sulfato de sodio na resistencia a flexao, formacao de compostos expansivos e microfissuracao de pastas de cimento

Energy Technology Data Exchange (ETDEWEB)

Souza, Rui Barbosa de; John, Vanderlei Moacyr; Cincotto, Maria Alba [Universidade de Sao Paulo (USP), SP (Brazil). Escola Politecnica], e-mail: rui.souza@poli.usp.br, e-mail: vanderley.john@poli.usp.br, e-mail: maria.cincotto@poli.usp.br; Simao, Cristina Aiex [PETROBRAS S.A., Rio de Janeiro, RJ (Brazil). Centro de Pesquisas (CENPES). Gerencia de Tecnologia e Engenharia de Poco], e-mail: caies@petrobras.com.br

2008-06-15

The main objective of this research is to study the common methods for evaluating cement reactivity to sulfate attack. Resistance to sulfate attack was measured by determining the flexural strength in cement paste samples with exposure to Na{sub 2}SO{sub 4} solution (45,426 ppm of SO{sub 4}{sup 2-}), at a high temperature (55 deg C). The results of flexural strength showed that the resistance increases due to the attack because the products fill the pores. (author)

AMC Model for Denial of Sleep Attack Detection

OpenAIRE

Bhattasali, Tapalina; Chaki, Rituparna

2012-01-01

Due to deployment in hostile environment, wireless sensor network is vulnerable to various attacks. Exhausted sensor nodes in sensor network become a challenging issue because it disrupts the normal connectivity of the network. Affected nodes give rise to denial of service that resists to get the objective of sensor network in real life. A mathematical model based on Absorbing Markov Chain (AMC)is proposed for Denial of Sleep attack detection in sensor network. In this mechanism, whether sens...

The confused world of sulfate attack on concrete

International Nuclear Information System (INIS)

Neville, Adam

2004-01-01

External sulfate attack is not completely understood. Part I identifies the issues involved, pointing out disagreements, and distinguishes between the mere occurrence of chemical reactions of sulfates with hydrated cement paste and the damage or deterioration of concrete; only the latter are taken to represent sulfate attack. Furthermore, sulfate attack is defined as deleterious action involving sulfate ions; if the reaction is physical, then, it is physical sulfate attack that takes place. The discussion of the two forms of sulfate attack leads to a recommendation for distinct nomenclature. Sulfate attack on concrete structures in service is not widespread, and the amount of laboratory-based research seems to be disproportionately large. The mechanisms of attack by different sulfates--sodium, calcium, and magnesium--are discussed, including the issue of topochemical and through-solution reactions. The specific aspects of the action of magnesium sulfate are discussed, and the differences between laboratory conditions and field exposure are pointed out. Part II discusses the progress of sulfate attack and its manifestations. This is followed by a discussion of making sulfate-resisting concrete. One of the measures is to use Type V cement, and this topic is extensively discussed. Likewise, the influence of w/c on sulfate resistance is considered. The two parameters are not independent of one another. Moreover, the cation in the sulfate salt has a strong bearing on the efficiency of the Type V cement. Recent interpretations of the Bureau of Reclamation tests, both long term and accelerated, are evaluated, and it appears that they need reworking. Part III reviews the standards and guides for the classification of the severity of exposure of structures to sulfates and points out the lack of calibration of the various classes of exposure. A particular problem is the classification of soils because much depends on the extraction ratio of sulfate in the soil: there is a

Remote Biometrics for Robust Persistent Authentication

DEFF Research Database (Denmark)

Ingwar, Mads Ingerslew; Jensen, Christian D.

2014-01-01

This paper examines the problem of providing a robust non-invasive authentication service for mobile users in a smart environment. We base our work on the persistent authentication model (PAISE), which relies on available sensors to track principals from the location where they authenticate, e.......g., through a smart card based access control system, to the location where the authentication is required by a location-based service. The PAISE model is extended with remote biometrics to prevent the decay of authentication confidence when authenticated users encounter and interact with other users...... in the environment. The result is a calm approach to authentication, where mobile users are transparently authenticated towards the system, which allows the provision of location-based services. The output of the remote biometrics are fused using error-rate-based fusion to solve a common problem that occurs in score...

Algorithm To Ensure And Enforce Brute-Force Attack-Resilient Password In Routers

Directory of Open Access Journals (Sweden)

Mohammed Farik

2015-08-01

Full Text Available Abstract Issues of weak login passwords arising from default passwords in wired and wireless routers has been a concern for more than a decade. In this research we develop and test an algorithm to ensure and enforce passwords in routers that are resistant to brute-force attack. A comparative analysis is performed to show the improved strengths of passwords derived via this algorithm. Implementation of this algorithm in routers will ensure setup of brute-force attack resistant passwords.

REGION OF NON-INTEREST BASED DIGITAL IMAGE WATERMARKING USING NEURAL NETWORKS

Directory of Open Access Journals (Sweden)

Bibi Isac

2011-11-01

Full Text Available Copyrights protection of digital data become inevitable in current world. Digital watermarks have been recently proposed as secured scheme for copyright protection, authentication, source tracking, and broadcast monitoring of video, audio, text data and digital images. In this paper a method to embed a watermark in region of non-interest (RONI and a method for adaptive calculation of strength factor using neural network are proposed. The embedding and extraction processes are carried out in the transform domain by using Discrete Wavelet Transform (DWT. Finally, the algorithm robustness is tested against noise addition attacks and geometric distortion attacks. The results authenticate that the proposed watermarking algorithm does not degrade the quality of cover image as the watermark is inserted only in region of non-interest and is resistive to attacks.

Two-layer fragile watermarking method secured with chaotic map for authentication of digital Holy Quran.

Science.gov (United States)

Khalil, Mohammed S; Kurniawan, Fajri; Khan, Muhammad Khurram; Alginahi, Yasser M

2014-01-01

This paper presents a novel watermarking method to facilitate the authentication and detection of the image forgery on the Quran images. Two layers of embedding scheme on wavelet and spatial domain are introduced to enhance the sensitivity of fragile watermarking and defend the attacks. Discrete wavelet transforms are applied to decompose the host image into wavelet prior to embedding the watermark in the wavelet domain. The watermarked wavelet coefficient is inverted back to spatial domain then the least significant bits is utilized to hide another watermark. A chaotic map is utilized to blur the watermark to make it secure against the local attack. The proposed method allows high watermark payloads, while preserving good image quality. Experiment results confirm that the proposed methods are fragile and have superior tampering detection even though the tampered area is very small.

Authentic leadership, authentic followership, basic need satisfaction, and work role performance: A cross-level study

OpenAIRE

Leroy, Hannes; Anseel, F.; Gardner, W.; Sels, Luc

2015-01-01

Authentic leadership occurs when individuals enact their true selves in their role as a leader. This article examines the role of authentic followership in the previously established relationship between authentic leadership and follower in-role and extrarole performance behaviors. Consideration of followers who enact their true selves is important to understand how authentic leadership fosters follower self-determined work motivation and thus work role performance. Using self-determination t...

Geospatial Authentication

Science.gov (United States)

Lyle, Stacey D.

2009-01-01

A software package that has been designed to allow authentication for determining if the rover(s) is/are within a set of boundaries or a specific area to access critical geospatial information by using GPS signal structures as a means to authenticate mobile devices into a network wirelessly and in real-time. The advantage lies in that the system only allows those with designated geospatial boundaries or areas into the server.

22 CFR 92.36 - Authentication defined.

Science.gov (United States)

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Authentication defined. 92.36 Section 92.36... Notarial Acts § 92.36 Authentication defined. An authentication is a certification of the genuineness of... recognized in another jurisdiction. Documents which may require authentication include legal instruments...

Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

Science.gov (United States)

Hu, Haibin

2017-05-01

Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

The authentic worker's well-being and performance: the relationship between authenticity at work, well-being, and work outcomes.

Science.gov (United States)

van den Bosch, Ralph; Taris, Toon W

2014-01-01

Previous research on authenticity has mainly focused on trait conceptualizations of authenticity (e.g., Wood et al., 2008), whereas in specific environments (e.g., at work) state conceptualizations of authenticity (cf. Van den Bosch & Taris, 2013) are at least as relevant. For example, working conditions are subject to change, and this could well have consequences for employees' perceived level of authenticity at work. The current study employs a work-specific, state-like conceptualization of authenticity to investigate the relations between authenticity at work, well-being, and work outcomes. A series of ten separate hierarchical regression analyses using data from 685 participants indicated that after controlling for selected work characteristics and demographic variables, authenticity at work accounted for on average 11% of the variance of various wellbeing and work outcomes. Of the three subscales of authenticity at work (i.e., authentic living, self-alienation, and accepting influence), self-alienation was the strongest predictor of outcomes, followed by authentic living and accepting external influence, respectively. These findings are discussed in the light of their practical and theoretical implications.

Physical trust-based persistent authentication

DEFF Research Database (Denmark)

Fujita, Masahiro; Jensen, Christian D.; Arimura, Shiori

2015-01-01

propose a new type of persistent authentication, called Persistent Authentication Based On physical Trust (PABOT). PABOT uses a context of “physical trust relationship” that is built by visual contact between users, and thus can offer a persistent authentication mechanism with better usability and higher...

Asynchronous Advanced Encryption Standard Hardware with Random Noise Injection for Improved Side-Channel Attack Resistance

Directory of Open Access Journals (Sweden)

Siva Kotipalli

2014-01-01

(SCA resistance. These designs are based on a delay-insensitive (DI logic paradigm known as null convention logic (NCL, which supports useful properties for resisting SCAs including dual-rail encoding, clock-free operation, and monotonic transitions. Potential benefits include reduced and more uniform switching activities and reduced signal-to-noise (SNR ratio. A novel method to further augment NCL AES hardware with random voltage scaling technique is also presented for additional security. Thereby, the proposed components leak significantly less side-channel information than conventional clocked approaches. To quantitatively verify such improvements, functional verification and WASSO (weighted average simultaneous switching output analysis have been carried out on both conventional synchronous approach and the proposed NCL based approach using Mentor Graphics ModelSim and Xilinx simulation tools. Hardware implementation has been carried out on both designs exploiting a specified side-channel attack standard evaluation FPGA board, called SASEBO-GII, and the corresponding power waveforms for both designs have been collected. Along with the results of software simulations, we have analyzed the collected waveforms to validate the claims related to benefits of the proposed cryptohardware design approach.

Authentication: Hot and cool

OpenAIRE

Cohen, E; Cohen, SA

2012-01-01

Seeking to shift the discussion of the concept of authenticity in tourism scholarship from the dominant concern with tourist experiences to the more sociological problem of the processes of authentication of tourist attractions, we conceptualize two analytically distinct, but practically often intersecting, modes of authentication of attractions, “cool” and “hot”. Through a range of examples, we demonstrate the implications of the two modes for the dynamics of the constitution of tourist attr...

Authenticity at work

NARCIS (Netherlands)

van den Bosch, Ralph

2016-01-01

Authenticity at work, loosely defined as the degree to which an individual stays true to their core self, has impact on workers in the workplace. This thesis shows that authenticity at work can be measured with a reliable and valid instrument: the IAM Work. Furthermore, results of this thesis show

7 CFR 1.22 - Authentication.

Science.gov (United States)

2010-01-01

... 7 Agriculture 1 2010-01-01 2010-01-01 false Authentication. 1.22 Section 1.22 Agriculture Office of the Secretary of Agriculture ADMINISTRATIVE REGULATIONS Official Records § 1.22 Authentication. When a request is received for an authenticated copy of a document that the agency determines to make...

Privacy-Preserving Biometric Authentication: Challenges and Directions

Directory of Open Access Journals (Sweden)

Elena Pagnin

2017-01-01

Full Text Available An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication. The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacy-preserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.

Countermeasures for unintentional and intentional video watermarking attacks

Science.gov (United States)

Deguillaume, Frederic; Csurka, Gabriela; Pun, Thierry

2000-05-01

These last years, the rapidly growing digital multimedia market has revealed an urgent need for effective copyright protection mechanisms. Therefore, digital audio, image and video watermarking has recently become a very active area of research, as a solution to this problem. Many important issues have been pointed out, one of them being the robustness to non-intentional and intentional attacks. This paper studies some attacks and proposes countermeasures applied to videos. General attacks are lossy copying/transcoding such as MPEG compression and digital/analog (D/A) conversion, changes of frame-rate, changes of display format, and geometrical distortions. More specific attacks are sequence edition, and statistical attacks such as averaging or collusion. Averaging attack consists of averaging locally consecutive frames to cancel the watermark. This attack works well for schemes which embed random independent marks into frames. In the collusion attack the watermark is estimated from single frames (based on image denoising), and averaged over different scenes for better accuracy. The estimated watermark is then subtracted from each frame. Collusion requires that the same mark is embedded into all frames. The proposed countermeasures first ensures robustness to general attacks by spread spectrum encoding in the frequency domain and by the use of an additional template. Secondly, a Bayesian criterion, evaluating the probability of a correctly decoded watermark, is used for rejection of outliers, and to implement an algorithm against statistical attacks. The idea is to embed randomly chosen marks among a finite set of marks, into subsequences of videos which are long enough to resist averaging attacks, but short enough to avoid collusion attacks. The Bayesian criterion is needed to select the correct mark at the decoding step. Finally, the paper presents experimental results showing the robustness of the proposed method.

HERMA-Heartbeat Microwave Authentication

Science.gov (United States)

Lux, James Paul (Inventor); Chow, Edward (Inventor); McKee, Michael Ray (Inventor); Haque, Salman-ul Mohammed (Inventor); Tkacenko, Andre (Inventor)

2018-01-01

Systems and methods for identifying and/or authenticating individuals utilizing microwave sensing modules are disclosed. A HEaRtbeat Microwave Authentication (HERMA) system can enable the active identification and/or authentication of a user by analyzing reflected RF signals that contain a person's unique characteristics related to their heartbeats. An illumination signal is transmitted towards a person where a reflected signal captures the motion of the skin and tissue (i.e. displacement) due to the person's heartbeats. The HERMA system can utilize existing transmitters in a mobile device (e.g. Wi-Fi, Bluetooth, Cellphone signals) as the illumination source with at least one external receive antenna. The received reflected signals can be pre-processed and analyzed to identify and/or authenticate a user.

Multi-party quantum key agreement protocol secure against collusion attacks

Science.gov (United States)

Wang, Ping; Sun, Zhiwei; Sun, Xiaoqiang

2017-07-01

The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting N-1 coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants' cooperation. Here, t < N. We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.

Authentic leadership: application to women leaders.

Science.gov (United States)

Hopkins, Margaret M; O'Neil, Deborah A

2015-01-01

The purpose of this perspective article is to present the argument that authentic leadership is a gendered representation of leadership. We first provide a brief history of leadership theories and definitions of authentic leadership. We then critique authentic leadership and offer arguments to support the premise that authentic leadership is not gender-neutral and is especially challenging for women.

Authentic leadership: application to women leaders

OpenAIRE

Hopkins, Margaret M.; O?Neil, Deborah A.

2015-01-01

The purpose of this perspective article is to present the argument that authentic leadership is a gendered representation of leadership. We first provide a brief history of leadership theories and definitions of authentic leadership. We then critique authentic leadership and offer arguments to support the premise that authentic leadership is not gender-neutral and is especially challenging for women.

Authenticity and its Contemporary Challenges

DEFF Research Database (Denmark)

Petersen, Franziska Bork

2013-01-01

' was understood in the Enlightenment and what techniques were used to stage the body when the concept gained currency, for instance in the writings of Rousseau. My analysis makes clear that 'bodily authenticity' on the two TV shows is achieved by strictly following gender-normative codes of beauty...... the 'authentic' ideal in a total of seven pieces. These strategies are hyperbole which exaggerates the beauty code implicit in 'authentic appearance'; multiplicity which undermines 'authenticity's' essentialism and estrangement which denies the notion of individual authorship. In conclusion, I place the staging...

Image authentication using distributed source coding.

Science.gov (United States)

Lin, Yao-Chung; Varodayan, David; Girod, Bernd

2012-01-01

We present a novel approach using distributed source coding for image authentication. The key idea is to provide a Slepian-Wolf encoded quantized image projection as authentication data. This version can be correctly decoded with the help of an authentic image as side information. Distributed source coding provides the desired robustness against legitimate variations while detecting illegitimate modification. The decoder incorporating expectation maximization algorithms can authenticate images which have undergone contrast, brightness, and affine warping adjustments. Our authentication system also offers tampering localization by using the sum-product algorithm.

Medical Image Tamper Detection Based on Passive Image Authentication.

Science.gov (United States)

Ulutas, Guzin; Ustubioglu, Arda; Ustubioglu, Beste; V Nabiyev, Vasif; Ulutas, Mustafa

2017-12-01

Telemedicine has gained popularity in recent years. Medical images can be transferred over the Internet to enable the telediagnosis between medical staffs and to make the patient's history accessible to medical staff from anywhere. Therefore, integrity protection of the medical image is a serious concern due to the broadcast nature of the Internet. Some watermarking techniques are proposed to control the integrity of medical images. However, they require embedding of extra information (watermark) into image before transmission. It decreases visual quality of the medical image and can cause false diagnosis. The proposed method uses passive image authentication mechanism to detect the tampered regions on medical images. Structural texture information is obtained from the medical image by using local binary pattern rotation invariant (LBPROT) to make the keypoint extraction techniques more successful. Keypoints on the texture image are obtained with scale invariant feature transform (SIFT). Tampered regions are detected by the method by matching the keypoints. The method improves the keypoint-based passive image authentication mechanism (they do not detect tampering when the smooth region is used for covering an object) by using LBPROT before keypoint extraction because smooth regions also have texture information. Experimental results show that the method detects tampered regions on the medical images even if the forged image has undergone some attacks (Gaussian blurring/additive white Gaussian noise) or the forged regions are scaled/rotated before pasting.

Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

Science.gov (United States)

Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

2014-01-01

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

Evaluation of biometric data and theire usage in authentication system

OpenAIRE

Peroutka, Tomáš

2009-01-01

The goal of this thesis is to introduce the main aspects of biometry, explain particular methods of biometric analysis and determine suitable methods for using in particular authentication system by multicriterial analysis. Our criteria for method analysis are: uniqueness, universality, public acceptability and policy consideration, resistence of fraud, accuracy, speed of comparison, template storage requirements, constancy of human biometric characters. The thesis deals with the effective us...

Authentication techniques for smart cards

International Nuclear Information System (INIS)

Nelson, R.A.

1994-02-01

Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thorough understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system

Network resilience against intelligent attacks constrained by the degree-dependent node removal cost

International Nuclear Information System (INIS)

Annibale, A; Coolen, A C C; Bianconi, G

2010-01-01

We study the resilience of complex networks against attacks in which nodes are targeted intelligently, but where disabling a node has a cost to the attacker which depends on its degree. Attackers have to meet these costs with limited resources, which constrains their actions. A network's integrity is quantified in terms of the efficacy of the process that it supports. We calculate how the optimal attack strategy and the most attack-resistant network degree statistics depend on the node removal cost function and the attack resources. The resilience of networks against intelligent attacks is found to depend strongly on the node removal cost function faced by the attacker. In particular, if node removal costs increase sufficiently fast with the node degree, power law networks are found to be more resilient than Poissonian ones, even against optimized intelligent attacks. For cost functions increasing quadratically in the node degrees, intelligent attackers cannot damage the network more than random damages would.

Computer Security: Cryptography and authentication (2/4)

CERN Multimedia

CERN. Geneva

2012-01-01

Remi Mollon studied computer security at University and he first worked on Grids, with the EGEE project, for a French Bioinformatics institute. Information security being crucial in that field, he developed an encrypted file management system on top of Grid middleware, and he contributed in integrating legacy applications with Grids. Then, he was hired by CERN as a Grid Data Management developer, and he joined the Grid Operational Security Coordination Team. Remi has now moved to CERN Computer Security Team. Remi is involved in the daily security operations, in addition to be responsible to design Team's computer infrastructure, and to participate to several projects, like multi-factor authentication at CERN. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have s...

Special Issue on Entropy-Based Applied Cryptography and Enhanced Security for Ubiquitous Computing

Directory of Open Access Journals (Sweden)

James (Jong Hyuk Park

2016-09-01

Full Text Available Entropy is a basic and important concept in information theory. It is also often used as a measure of the unpredictability of a cryptographic key in cryptography research areas. Ubiquitous computing (Ubi-comp has emerged rapidly as an exciting new paradigm. In this special issue, we mainly selected and discussed papers related with ore theories based on the graph theory to solve computational problems on cryptography and security, practical technologies; applications and services for Ubi-comp including secure encryption techniques, identity and authentication; credential cloning attacks and countermeasures; switching generator with resistance against the algebraic and side channel attacks; entropy-based network anomaly detection; applied cryptography using chaos function, information hiding and watermark, secret sharing, message authentication, detection and modeling of cyber attacks with Petri Nets, and quantum flows for secret key distribution, etc.

Topic Map for Authentic Travel

OpenAIRE

Wandsvik, Atle; Zare, Mehdi

2007-01-01

E-business is a new trend in Internet use. Authentic travel is an approach to travel and travel business which helps the traveler experience what is authentic in the travel destination. But how can the traveler find those small authentic spots and organize them together to compose a vacation? E-business techniques, combined withTopic Maps, can help.

Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

Science.gov (United States)

Kent, Alexander Dale [Los Alamos, NM

2008-09-02

Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

Puzzolanic cements of greater resistance at the attack of selenitic waters than the high sulfate resistance portland cements, and viceverse

Directory of Open Access Journals (Sweden)

Talero, Rafael

1987-09-01

Full Text Available This work confirms the certainty of the predictions of useful service given by Kaluosek and al. for the sulphate resistant portland cements (type V, USA, subject to severe selenitic attack. Two sulphate resistant portland cements, were tested by means of the Le Chatelier Anstett method. The tarts were destroyed at ages of three years, having detected in them the presence of thaumasite by XRD. Even so, the impossibility and possibility thaumasite formation was confirmed in pozzolanic cements tarts, which either had or did not have adequate amount of pozzolana (diatomite for such purpose.

Este trabajo confirman las predicciones de vida útil dadas por Kalousek y colaboradores, para los cementos portland de elevada resistencia al ataque de los iones sulfato (tipo V, USA, sometidos a un severo ataque selenitoso. Se ensayaron dos cementos portland de elevada resistencia al ataque del yeso, mediante el ensayo de Le Chatelier-Anstett. Sus tortas correspondientes se destruyeron a la edad de tres años, habiéndose detectado en las mismas la presencia de thaumasita por DRX. Asimismo se confirmó la imposibilidad y posibilidad de formación de thaumasita en tortas de cementos puzolánicos, los cuales tenían, o no, respectivamente, una adecuada cantidad de puzolana (diatomita para tales fines.

Authenticity and commoditization at home

DEFF Research Database (Denmark)

Stender, Marie

This paper investigates how interest and affect are entangled in the built environment of new Danish homes. The paper unfolds tensions and conflicts in the process from design through branding to occupancy of the house, and the relationship between authenticity and commoditization is explored....... In Denmark, the concept of authenticity is often associated with old houses. By way of design and branding, though, new neighbourhoods are made authentic, referring to their historical past, architectural uniqueness or sense of community. Based on a fieldwork in three new residential buildings in Copenhagen......, the paper explores the inherent paradox of the staging of authenticity. Rather than viewing the house solely from the perspective of the resident, the study ethnographically traces the entire process from design to occupancy in order to investigate how notions of value and authenticity are negotiated...

Resistance against brute-force attacks on stateless forwarding in information centric networking

OpenAIRE

Alzahrani, Bander A.; Reed, Martin J.; Vassilakis, Vassilios G.

2015-01-01

Line Speed Publish/Subscribe Inter-networking (LIPSIN) is one of the proposed forwarding mechanisms in Information Centric Networking (ICN). It is a stateless source-routing approach based on Bloom filters. However, it has been shown that LIPSIN is vulnerable to brute-force attacks which may lead to distributed denial-of-service (DDoS) attacks and unsolicited messages. In this work, we propose a new forwarding approach that maintains the advantages of Bloom filter based forwarding while allow...

User Authentication based on Continuous Touch Biometrics

Directory of Open Access Journals (Sweden)

Christina J Kroeze

2016-12-01

Full Text Available Mobile devices such as smartphones have until now been protected by traditional authentication methods, including passwords or pattern locks. These authentication mechanisms are difficult to remember and are often disabled, leaving the device vulnerable if stolen. This paper investigates the possibility of unobtrusive, continuous authentication for smartphones based on biometric data collected using a touchscreen. The possibility of authenticating users on a smartphone was evaluated by conducting an experiment simulating real-world touch interaction. Touch data was collected from 30 participants during normal phone use. The touch features were analysed in terms of the information provided for authentication. It was found that features such as finger pressure, location of touch interaction and shape of the finger were important discriminators for authentication. The touch data was also analysed using two classification algorithms to measure the authentication accuracy. The results show that touch data is sufficiently distinct between users to be used in authentication without disrupting normal touch interaction. It is also shown that the raw touch data was more effective in authentication than the aggregated gesture data.