Search results for: Password Authentication
208 Password Cracking on Graphics Processing Unit Based Systems
Authors: N. Gopalakrishna Kini, Ranjana Paleppady, Akshata K. Naik
Abstract:
Password authentication is one of the widely used methods to achieve authentication for legal users of computers and defense against attackers. There are many different ways to authenticate users of a system and there are many password cracking methods also developed. This paper proposes how best password cracking can be performed on a CPU-GPGPU based system. The main objective of this work is to project how quickly a password can be cracked with some knowledge about the computer security and password cracking if sufficient security is not incorporated to the system.Keywords: GPGPU, password cracking, secret key, user authentication.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2624207 A Study on User Authentication Method Using Haptic Actuator and Security Evaluation
Authors: YoHan Choi, HeeSuk Seo, SeungHwan Ju, SungHyu Han
Abstract:
As currently various portable devices were launched, smart business conducted using them became common. Since smart business can use company-internal resources in an exlternal remote place, user authentication that can identify authentic users is an important factor. Commonly used user authentication is a method of using user ID and Password. In the user authentication using ID and Password, the user should see and enter authentication information him or her. In this user authentication system depending on the user’s vision, there is the threat of password leaks through snooping in the process which the user enters his or her authentication information. This study designed and produced a user authentication module using an actuator to respond to the snooping threat.
Keywords: Actuator, User Authentication, Security Evaluation.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1750206 Graphical Password Security Evaluation by Fuzzy AHP
Authors: Arash Habibi Lashkari, Azizah Abdul Manaf, Maslin Masrom
Abstract:
In today's day and age, one of the important topics in information security is authentication. There are several alternatives to text-based authentication of which includes Graphical Password (GP) or Graphical User Authentication (GUA). These methods stems from the fact that humans recognized and remembers images better than alphanumerical text characters. This paper will focus on the security aspect of GP algorithms and what most researchers have been working on trying to define these security features and attributes. The goal of this study is to develop a fuzzy decision model that allows automatic selection of available GP algorithms by taking into considerations the subjective judgments of the decision makers who are more than 50 postgraduate students of computer science. The approach that is being proposed is based on the Fuzzy Analytic Hierarchy Process (FAHP) which determines the criteria weight as a linear formula.Keywords: Graphical Password, Authentication Security, Attack Patterns, Brute force attack, Dictionary attack, Guessing Attack, Spyware attack, Shoulder surfing attack, Social engineering Attack, Password Entropy, Password Space.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1936205 Providing a Secure Hybrid Method for Graphical Password Authentication to Prevent Shoulder Surfing, Smudge and Brute Force Attack
Authors: Faraji Sepideh
Abstract:
Nowadays, purchase rate of the smart device is increasing and user authentication is one of the important issues in information security. Alphanumeric strong passwords are difficult to memorize and also owners write them down on papers or save them in a computer file. In addition, text password has its own flaws and is vulnerable to attacks. Graphical password can be used as an alternative to alphanumeric password that users choose images as a password. This type of password is easier to use and memorize and also more secure from pervious password types. In this paper we have designed a more secure graphical password system to prevent shoulder surfing, smudge and brute force attack. This scheme is a combination of two types of graphical passwords recognition based and Cued recall based. Evaluation the usability and security of our proposed scheme have been explained in conclusion part.
Keywords: Brute force attack, graphical password, shoulder surfing attack, smudge attack.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 913204 A New Graphical Password: Combination of Recall & Recognition Based Approach
Authors: Md. Asraful Haque, Babbar Imam
Abstract:
Information Security is the most describing problem in present times. To cop up with the security of the information, the passwords were introduced. The alphanumeric passwords are the most popular authentication method and still used up to now. However, text based passwords suffer from various drawbacks such as they are easy to crack through dictionary attacks, brute force attacks, keylogger, social engineering etc. Graphical Password is a good replacement for text password. Psychological studies say that human can remember pictures better than text. So this is the fact that graphical passwords are easy to remember. But at the same time due to this reason most of the graphical passwords are prone to shoulder surfing. In this paper, we have suggested a shoulder-surfing resistant graphical password authentication method. The system is a combination of recognition and pure recall based techniques. Proposed scheme can be useful for smart hand held devices (like smart phones i.e. PDAs, iPod, iPhone, etc) which are more handy and convenient to use than traditional desktop computer systems.
Keywords: Authentication, Graphical Password, Text Password, Information Security, Shoulder-surfing.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4145203 Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol
Authors: Hyoungseob Lee, Donghyun Choi, Yunho Lee, Dongho Won, Seungjoo Kim
Abstract:
Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.-s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.-s protocol.Keywords: Message Alteration Attack, Impersonation Attack
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1773202 Hybrid Authentication Scheme for Graphical Password Using QR Code and Integrated Sound Signature
Authors: Salim Istyaq, Mohammad Sarosh Umar
Abstract:
Today, the mankind is in the stage of development, every day comes with new proposal of technology, in order to secure these types of technology, we also prepare high yielding security modules to conserve these resources. The capacity of human brain to recognize anything is far more than any species; this is all due to our developing cycle of curiosity. In this paper, we proposed a scheme based on graphical password using QR Code which provides more security to the recent online system. It also contains a supportive sound signature. In this system, authentication is done using sequence of images in QR code form. Users select one click-point per image with the help of QR scanner or recognizer. The encoded phrase in a QR code emphasizes the minimum probability of attacking via shoulder surfing or other attacks.
Keywords: Graphical password, QR code, sound signature, image authentication, cued click point.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 772201 Three Attacks on Jia et al.'s Remote User Authentication Scheme using Bilinear Pairings and ECC
Authors: Eun-Jun Yoon, Kee-Young Yoo
Abstract:
Recently, Jia et al. proposed a remote user authentication scheme using bilinear pairings and an Elliptic Curve Cryptosystem (ECC). However, the scheme is vulnerable to privileged insider attack at their proposed registration phase and to forgery attack at their proposed authentication phase. In addition, the scheme can be vulnerable to server spoofing attack because it does not provide mutual authentication between the user and the remote server. Therefore, this paper points out that the Jia et al. scheme is vulnerable to the above three attacks.
Keywords: Cryptography, authentication, smart card, password, cryptanalysis, bilinear pairings.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1846200 Security Analysis of Password Hardened Multimodal Biometric Fuzzy Vault
Authors: V. S. Meenakshi, G. Padmavathi
Abstract:
Biometric techniques are gaining importance for personal authentication and identification as compared to the traditional authentication methods. Biometric templates are vulnerable to variety of attacks due to their inherent nature. When a person-s biometric is compromised his identity is lost. In contrast to password, biometric is not revocable. Therefore, providing security to the stored biometric template is very crucial. Crypto biometric systems are authentication systems, which blends the idea of cryptography and biometrics. Fuzzy vault is a proven crypto biometric construct which is used to secure the biometric templates. However fuzzy vault suffer from certain limitations like nonrevocability, cross matching. Security of the fuzzy vault is affected by the non-uniform nature of the biometric data. Fuzzy vault when hardened with password overcomes these limitations. Password provides an additional layer of security and enhances user privacy. Retina has certain advantages over other biometric traits. Retinal scans are used in high-end security applications like access control to areas or rooms in military installations, power plants, and other high risk security areas. This work applies the idea of fuzzy vault for retinal biometric template. Multimodal biometric system performance is well compared to single modal biometric systems. The proposed multi modal biometric fuzzy vault includes combined feature points from retina and fingerprint. The combined vault is hardened with user password for achieving high level of security. The security of the combined vault is measured using min-entropy. The proposed password hardened multi biometric fuzzy vault is robust towards stored biometric template attacks.Keywords: Biometric Template Security, Crypto Biometric Systems, Hardening Fuzzy Vault, Min-Entropy.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2159199 Cryptanalysis of Chang-Chang-s EC-PAKA Protocol for Wireless Mobile Networks
Authors: Hae-Soon Ahn, Eun-Jun Yoon
Abstract:
With the rapid development of wireless mobile communication, applications for mobile devices must focus on network security. In 2008, Chang-Chang proposed security improvements on the Lu et al.-s elliptic curve authentication key agreement protocol for wireless mobile networks. However, this paper shows that Chang- Chang-s improved protocol is still vulnerable to off-line password guessing attacks unlike their claims.
Keywords: Authentication, key agreement, wireless mobile networks, elliptic curve, password guessing attacks.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1511198 Cryptanalysis of Yang-Li-Liao’s Simple Three-Party Key Exchange (S-3PAKE) Protocol
Authors: Hae-Soon Ahn, Eun-Jun Yoon
Abstract:
Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity authentication to individual data was proposed by some researchers. However, this paper points out that the improved 3PAKE protocol is still vulnerable to undetectable on-line dictionary attack and off-line dictionary attack.
Keywords: Three-party key exchange, 3PAKE, Passwordauthenticated key exchange, Network security, Dictionary attack
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2122197 Secure Secret Recovery by using Weighted Personal Entropy
Authors: Leau Y. B., Dinna Nina M. N., Habeeb S. A. H., Jetol B.
Abstract:
Authentication plays a vital role in many secure systems. Most of these systems require user to log in with his or her secret password or pass phrase before entering it. This is to ensure all the valuables information is kept confidential guaranteeing also its integrity and availability. However, to achieve this goal, users are required to memorize high entropy passwords or pass phrases. Unfortunately, this sometimes causes difficulty for user to remember meaningless strings of data. This paper presents a new scheme which assigns a weight to each personal question given to the user in revealing the encrypted secrets or password. Concentration of this scheme is to offer fault tolerance to users by allowing them to forget the specific password to a subset of questions and still recover the secret and achieve successful authentication. Comparison on level of security for weight-based and weightless secret recovery scheme is also discussed. The paper concludes with the few areas that requires more investigation in this research.Keywords: Secret Recovery, Personal Entropy, Cryptography, Secret Sharing and Key Management.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1972196 Application of Neural Network in User Authentication for Smart Home System
Authors: A. Joseph, D.B.L. Bong, D.A.A. Mat
Abstract:
Security has been an important issue and concern in the smart home systems. Smart home networks consist of a wide range of wired or wireless devices, there is possibility that illegal access to some restricted data or devices may happen. Password-based authentication is widely used to identify authorize users, because this method is cheap, easy and quite accurate. In this paper, a neural network is trained to store the passwords instead of using verification table. This method is useful in solving security problems that happened in some authentication system. The conventional way to train the network using Backpropagation (BPN) requires a long training time. Hence, a faster training algorithm, Resilient Backpropagation (RPROP) is embedded to the MLPs Neural Network to accelerate the training process. For the Data Part, 200 sets of UserID and Passwords were created and encoded into binary as the input. The simulation had been carried out to evaluate the performance for different number of hidden neurons and combination of transfer functions. Mean Square Error (MSE), training time and number of epochs are used to determine the network performance. From the results obtained, using Tansig and Purelin in hidden and output layer and 250 hidden neurons gave the better performance. As a result, a password-based user authentication system for smart home by using neural network had been developed successfully.Keywords: Neural Network, User Authentication, Smart Home, Security
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2039195 DHCP Message Authentication with an Effective Key Management
Authors: HongIl Ju, JongWook Han
Abstract:
In this paper we describes the authentication for DHCP (Dynamic Host Configuration Protocol) message which provides the efficient key management and reduces the danger replay attack without an additional packet for a replay attack. And the authentication for DHCP message supports mutual authentication and provides both entity authentication and message authentication. We applied the authentication for DHCP message to the home network environments and tested through a home gateway.Keywords: DHCP, authentication, key management, replayattack, home network.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2485194 A Second Look at Gesture-Based Passwords: Usability and Vulnerability to Shoulder-Surfing Attacks
Authors: Lakshmidevi Sreeramareddy, Komalpreet Kaur, Nane Pothier
Abstract:
For security purposes, it is important to detect passwords entered by unauthorized users. With traditional alphanumeric passwords, if the content of a password is acquired and correctly entered by an intruder, it is impossible to differentiate the password entered by the intruder from those entered by the authorized user because the password entries contain precisely the same character set. However, no two entries for the gesture-based passwords, even those entered by the person who created the password, will be identical. There are always variations between entries, such as the shape and length of each stroke, the location of each stroke, and the speed of drawing. It is possible that passwords entered by the unauthorized user contain higher levels of variations when compared with those entered by the authorized user (the creator). The difference in the levels of variations may provide cues to detect unauthorized entries. To test this hypothesis, we designed an empirical study, collected and analyzed the data with the help of machine-learning algorithms. The results of the study are significant.
Keywords: Authentication, gesture-based passwords, machine learning algorithms, shoulder-surfing attacks, usability.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 615193 A Secure Mobile OTP Authentication Scheme for User Mobility Cloud VDI Environment
Authors: Jong-won Lee
Abstract:
Since Cloud environment has appeared as the most powerful keyword in the computing industry, the growth in VDI (Virtual Desktop Infrastructure) became remarkable in domestic market. In recent years, with the trend that mobile devices such as smartphones and pads spread so rapidly, the strengths of VDI that allows people to access and perform business on the move along with companies' office needs expedite more rapid spread of VDI. In this paper, mobile OTP (One-Time Password) authentication method is proposed to secure mobile device portability through rapid and secure authentication using mobile devices such as mobile phones or pads, which does not require additional purchase or possession of OTP tokens of users. To facilitate diverse and wide use of Services in the future, service should be continuous and stable, and above all, security should be considered the most important to meet advanced portability and user accessibility, the strengths of VDI.Keywords: Cloud, VDI, OTP, Mobility
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2049192 Two Undetectable On-line Dictionary Attacks on Debiao et al.’s S-3PAKE Protocol
Authors: Sung-Bae Choi, Sang-Yoon Yoon, Eun-Jun Yoon
Abstract:
In 2011, Debiao et al. pointed out that S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting is vulnerable to an off-line dictionary attack. Then, they proposed some countermeasures to eliminate the security vulnerability of the S-3PAKE. Nevertheless, this paper points out their enhanced S-3PAKE protocol is still vulnerable to undetectable on-line dictionary attacks unlike their claim.
Keywords: Authentication, 3PAKE, password, three-party key exchange, network security, dictionary attacks.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1638191 Dynamic Authenticated Secure Group Communication
Authors: R. Aparna, B. B. Amberker
Abstract:
Providing authentication for the messages exchanged between group members in addition to confidentiality is an important issue in Secure Group communication. We develop a protocol for Secure Authentic Communication where we address authentication for the group communication scheme proposed by Blundo et al. which only provides confidentiality. Authentication scheme used is a multiparty authentication scheme which allows all the users in the system to send and receive messages simultaneously. Our scheme is secure against colluding malicious parties numbering fewer than k.Keywords: Secure Group Communication, Secret key, Authentication, Authentication code, Threshold.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1358190 Hybrid Authentication System Using QR Code with OTP
Authors: Salim Istyaq
Abstract:
As we know, number of Internet users are increasing drastically. Now, people are using different online services provided by banks, colleges/schools, hospitals, online utility, bill payment and online shopping sites. To access online services, text-based authentication system is in use. The text-based authentication scheme faces some drawbacks with usability and security issues that bring troubles to users. The core element of computational trust is identity. The aim of the paper is to make the system more compliable for the imposters and more reliable for the users, by using the graphical authentication approach. In this paper, we are using the more powerful tool of encoding the options in graphical QR format and also there will be the acknowledgment which will send to the user’s mobile for final verification. The main methodology depends upon the encryption option and final verification by confirming a set of pass phrase on the legal users, the outcome of the result is very powerful as it only gives the result at once when the process is successfully done. All processes are cross linked serially as the output of the 1st process, is the input of the 2nd and so on. The system is a combination of recognition and pure recall based technique. Presented scheme is useful for devices like PDAs, iPod, phone etc. which are more handy and convenient to use than traditional desktop computer systems.
Keywords: Graphical Password, OTP, QR Codes, Recognition based graphical user authentication, usability and security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1661189 Hardware Approach to Solving Password Exposure Problem through Keyboard Sniff
Authors: Kyungroul Lee, Kwangjin Bae, Kangbin Yim
Abstract:
This paper introduces a hardware solution to password exposure problem caused by direct accesses to the keyboard hardware interfaces through which a possible attacker is able to grab user-s password even where existing countermeasures are deployed. Several researches have proposed reasonable software based solutions to the problem for years. However, recently introduced hardware vulnerability problems have neutralized the software approaches and yet proposed any effective software solution to the vulnerability. Hardware approach in this paper is expected as the only solution to the vulnerabilityKeywords: Keyboard sniff, password exposure, hardware vulnerability, privacy problem, insider security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1578188 Secured Session Based Profile Caching for E-Learning Systems Using WiMAX Networks
Authors: R. Chithra, B. Kalaavathi
Abstract:
E-Learning enables the users to learn at anywhere at any time. In E-Learning systems, authenticating the E-Learning user has security issues. The usage of appropriate communication networks for providing the internet connectivity for E-learning is another challenge. WiMAX networks provide Broadband Wireless Access through the Multicast Broadcast Service so these networks can be most suitable for E-Learning applications. The authentication of E-Learning user is vulnerable to session hijacking problems. The repeated authentication of users can be done to overcome these issues. In this paper, session based Profile Caching Authentication is proposed. In this scheme, the credentials of E-Learning users can be cached at authentication server during the initial authentication through the appropriate subscriber station. The proposed cache based authentication scheme performs fast authentication by using cached user profile. Thus, the proposed authentication protocol reduces the delay in repeated authentication to enhance the security in ELearning.Keywords: Authentication, E-Learning, WiMAX, Security, Profile caching.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1566187 How Efficiency of Password Attack Based on a Keyboard
Authors: Hsien-cheng Chou, Fei-pei Lai, Hung-chang Lee
Abstract:
At present, dictionary attack has been the basic tool for recovering key passwords. In order to avoid dictionary attack, users purposely choose another character strings as passwords. According to statistics, about 14% of users choose keys on a keyboard (Kkey, for short) as passwords. This paper develops a framework system to attack the password chosen from Kkeys and analyzes its efficiency. Within this system, we build up keyboard rules using the adjacent and parallel relationship among Kkeys and then use these Kkey rules to generate password databases by depth-first search method. According to the experiment results, we find the key space of databases derived from these Kkey rules that could be far smaller than the password databases generated within brute-force attack, thus effectively narrowing down the scope of attack research. Taking one general Kkey rule, the combinations in all printable characters (94 types) with Kkey adjacent and parallel relationship, as an example, the derived key space is about 240 smaller than those in brute-force attack. In addition, we demonstrate the method's practicality and value by successfully cracking the access password to UNIX and PC using the password databases createdKeywords: Brute-force attack, dictionary attack, depth-firstsearch, password attack.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3474186 A New Group Key Management Protocol for Wireless Ad-Hoc Networks
Authors: Rony H. Rahman, Lutfar Rahman
Abstract:
Ad hoc networks are characterized by multi-hop wireless connectivity and frequently changing network topology. Forming security association among a group of nodes in ad-hoc networks is more challenging than in conventional networks due to the lack of central authority, i.e. fixed infrastructure. With that view in mind, group key management plays an important building block of any secure group communication. The main contribution of this paper is a low complexity key management scheme that is suitable for fully self-organized ad-hoc networks. The protocol is also password authenticated, making it resilient against active attacks. Unlike other existing key agreement protocols, ours make no assumption about the structure of the underlying wireless network, making it suitable for “truly ad-hoc" networks. Finally, we will analyze our protocol to show the computation and communication burden on individual nodes for key establishment.Keywords: Ad-hoc Networks, Group Key Management, Key Management Protocols, Password Authentication
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1762185 A Lossless Watermarking Based Authentication System For Medical Images
Authors: Samia Boucherkha, Mohamed Benmohamed
Abstract:
In this paper we investigate the watermarking authentication when applied to medical imagery field. We first give an overview of watermarking technology by paying attention to fragile watermarking since it is the usual scheme for authentication.We then analyze the requirements for image authentication and integrity in medical imagery, and we show finally that invertible schemes are the best suited for this particular field. A well known authentication method is studied. This technique is then adapted here for interleaving patient information and message authentication code with medical images in a reversible manner, that is using lossless compression. The resulting scheme enables on a side the exact recovery of the original image that can be unambiguously authenticated, and on the other side, the patient information to be saved or transmitted in a confidential way. To ensure greater security the patient information is encrypted before being embedded into images.Keywords: Medical Imaging, Invertible Watermarking, Authentication, Integrity.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2665184 Application of ESA in the CAVE Mode Authentication
Authors: Keonwoo Kim, Dowon Hong, Kyoil Chung
Abstract:
This paper proposes the authentication method using ESA algorithm instead of using CAVE algorithm in the CDMA mobile communication systems including IS-95 and CDMA2000 1x. And, we analyze to apply ESA mechanism on behalf of CAVE mechanism without the change of message format and air interface in the existing CDMA systems. If ESA algorithm can be used as the substitution of CAVE algorithm, security strength of authentication algorithm is intensified without protocol change. An algorithm replacement proposed in this paper is not to change an authentication mechanism, but to configure input of ESA algorithm and to produce output. Therefore, our proposal can be the compatible to the existing systems.Keywords: ESA, CAVE, CDMA, authentication, mobilecommunication.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1592183 Security Analysis on Anonymous Mutual Authentication Protocol for RFID Tag without Back-End Database and its Improvement
Authors: Songyi Kim, Kwangwoo Lee, Seungjoo Kim, Dongho Won
Abstract:
RFID (Radio Frequency IDentification) system has been widely used in our life, such as transport systems, passports, automotive, animal tracking, human implants, library, and so on. However, the RFID authentication protocols between RF (Radio Frequency) tags and the RF readers have been bring about various privacy problems that anonymity of the tags, tracking, eavesdropping, and so on. Many researchers have proposed the solution of the problems. However, they still have the problem, such as location privacy, mutual authentication. In this paper, we show the problems of the previous protocols, and then we propose a more secure and efficient RFID authentication protocol.Keywords: RFID, mutual authentication, serverless, anonymity.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1934182 A method of Authentication for Quantum Networks
Authors: Stefan Rass
Abstract:
Quantum cryptography offers a way of key agreement, which is unbreakable by any external adversary. Authentication is of crucial importance, as perfect secrecy is worthless if the identity of the addressee cannot be ensured before sending important information. Message authentication has been studied thoroughly, but no approach seems to be able to explicitly counter meet-in-the-middle impersonation attacks. The goal of this paper is the development of an authentication scheme being resistant against active adversaries controlling the communication channel. The scheme is built on top of a key-establishment protocol and is unconditionally secure if built upon quantum cryptographic key exchange. In general, the security is the same as for the key-agreement protocol lying underneath.Keywords: Meet-in-the-middle attack, quantum key distribution, quantum networks, unconditionally secure authentication.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1905181 Evaluation and Analysis of the Secure E-Voting Authentication Preparation Scheme
Authors: Nidal F. Shilbayeh, Reem A. Al-Saidi, Ahmed H. Alsswey
Abstract:
In this paper, we presented an evaluation and analysis of E-Voting Authentication Preparation Scheme (EV-APS). EV-APS applies some modified security aspects that enhance the security measures and adds a strong wall of protection, confidentiality, non-repudiation and authentication requirements. Some of these modified security aspects are Kerberos authentication protocol, PVID scheme, responder certificate validation, and the converted Ferguson e-cash protocol. Authentication and privacy requirements have been evaluated and proved. Authentication guaranteed only eligible and authorized voters were permitted to vote. Also, the privacy guaranteed that all votes will be kept secret. Evaluation and analysis of some of these security requirements have been given. These modified aspects will help in filtering the counter buffer from unauthorized votes by ensuring that only authorized voters are permitted to vote.
Keywords: E-Voting preparation stage, blind signature protocol, nonce based authentication scheme, Kerberos authentication protocol, pseudo voter identity scheme PVID.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1618180 Mutual Authentication for Sensor-to-Sensor Communications in IoT Infrastructure
Authors: Shadi Janbabaei, Hossein Gharaee Garakani, Naser Mohammadzadeh
Abstract:
Internet of things is a new concept that its emergence has caused ubiquity of sensors in human life, so that at any time, all data are collected, processed and transmitted by these sensors. In order to establish a secure connection, the first challenge is authentication between sensors. However, this challenge also requires some features so that the authentication is done properly. Anonymity, untraceability, and being lightweight are among the issues that need to be considered. In this paper, we have evaluated the authentication protocols and have analyzed the security vulnerabilities found in them. Then an improved light weight authentication protocol for sensor-to-sensor communications is presented which uses the hash function and logical operators. The analysis of protocol shows that security requirements have been met and the protocol is resistant against various attacks. In the end, by decreasing the number of computational cost functions, it is argued that the protocol is lighter than before.
Keywords: Anonymity, authentication, Internet of Things, lightweight, untraceablity.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 819179 Deniable Authentication Protocol Resisting Man-in-the-Middle Attack
Authors: Song Han, Wanquan Liu, Elizabeth Chang
Abstract:
Deniable authentication is a new protocol which not only enables a receiver to identify the source of a received message but also prevents a third party from identifying the source of the message. The proposed protocol in this paper makes use of bilinear pairings over elliptic curves, as well as the Diffie-Hellman key exchange protocol. Besides the security properties shared with previous authentication protocols, the proposed protocol provides the same level of security with smaller public key sizes.Keywords: Deniable Authentication, Man-in-the-middleAttack, Cryptography, Elliptic Curves.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1616