Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Pramod M. Bachiphale,Nitish S. Zulpe

DOI: https://doi.org/10.1007/s11042-024-20426-1

IF: 2.577

2024-11-06

Multimedia Tools and Applications

Abstract:In today's digital era, safeguarding sensitive information is critical. Visual cryptography offers a promising solution for enhancing security in online banking, web account management, and online shopping. This paper reviews visual cryptography and its potential to address high-security challenges. Visual cryptography works by dividing a secret image into shares, which can be decrypted by stacking them together. Various schemes have been developed to meet diverse security needs. The review begins with an overview of visual cryptography and its applications, followed by an in-depth analysis of different schemes and their characteristics. A novel method for managing transaction keys in online banking is introduced, where the key is embedded in an image and split into two parts: one stored in the bank's database and the other held by the client or a photo server. During transactions, the client provides their share, which is combined with the bank's share to retrieve the original key. This method ensures key validity and client verification. Finally, the paper discusses the challenges and limitations of visual cryptography and suggests future research directions, concluding that visual cryptography is a robust technique for addressing security issues in various applications.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Songhua Xu,Wenxia Yang,Francis C. M. Lau

DOI: https://doi.org/10.1111/j.1467-8659.2009.01455.x

IF: 2.5

2009-01-01

Computer Graphics Forum

Abstract:We propose a visualization based approach for digital signature authentication. Using our method, the speed and pressure aspects of a digital signature process can be clearly and intuitively conveyed to the user for digital signature authentication. Our design takes into account both the expressiveness and aesthetics of the derived visual patterns. With the visual aid provided by our method, digital signatures can be authenticated with better accuracy than using existing methods-even novices can examine the authenticity of a digital signature in most situations using our method. To validate the effectiveness of our method, we conducted a comprehensive user study which confirms positively the advantages of our approach. Our method can be employed as a new security enhancement measure for a range of business and legal applications in reality which involve digital signature authorization and authentication.

Pranathi Rayavaram,Sreekriti Sista,Ashwin Jagadeesha,Justin Marwad,Nathan Percival,Sashank Narain,Claire Seungeun Lee

DOI: https://doi.org/10.48550/arXiv.2302.11655

2023-02-22

Cryptography and Security

Abstract:We have designed and developed a simple, visual, and narrative K-12 cybersecurity curriculum leveraging the Scratch programming platform to demonstrate and teach fundamental cybersecurity concepts such as confidentiality, integrity protection, and authentication. The visual curriculum simulates a real-world scenario of a user and a bank performing a bank transaction and an adversary attempting to attack the transaction.We have designed six visual scenarios, the curriculum first introduces students to three visual scenarios demonstrating attacks that exist when systems do not integrate concepts such as confidentiality, integrity protection, and authentication. Then, it introduces them to three visual scenarios that build on the attacks to demonstrate and teach how these fundamental concepts can be used to defend against them. We conducted an evaluation of our curriculum through a study with 18 middle and high school students. To evaluate the student's comprehension of these concepts we distributed a technical survey, where overall average of students answering these questions related to the demonstrated concepts is 9.28 out of 10. Furthermore, the survey results revealed that 66.7% found the system extremely easy and the remaining 27.8% found it easy to use and understand.

Kangfeng Ye,Roberto Metere,Poonam Yadav

2024-10-01

Abstract:Current formal verification of security protocols relies on specialized researchers and complex tools, inaccessible to protocol designers who informally evaluate their work with emulators. This paper addresses this gap by embedding symbolic analysis into the design process. Our approach implements the Dolev-Yao attack model using a variant of CSP based on Interaction Trees (ITrees) to compile protocols into animators -- executable programs that designers can use for debugging and inspection. To guarantee the soundness of our compilation, we mechanised our approach in the theorem prover Isabelle/HOL. As traditionally done with symbolic tools, we refer to the Diffie-Hellman key exchange and the Needham-Schroeder public-key protocol (and Lowe's patched variant). We demonstrate how our animator can easily reveal the mechanics of attacks and verify corrections. This work facilitates security integration at the design level and supports further security property analysis and software-engineered integrations.

Cryptography and Security,Logic in Computer Science

Noam Tractinsky,Denis Klimov

DOI: https://doi.org/10.48550/arXiv.2204.05623

IF: 6.4588

2022-04-12

Human-Computer Interaction

Abstract:We propose and evaluate an authentication scheme that improves usability and user experience issues in the authentication process due to its reliance on people's aesthetic tastes and preferences. The scheme uses aesthetic images to verify the identity of computer users. It relies on three major premises regarding visual aesthetics: (i) that an individual has different preferences for different aesthetic stimuli; (ii) that these preferences are relatively consistent; and (iii) that aesthetic tastes are subjective and, therefore, there are considerable individual differences in aesthetic preferences. Following a review of the scientific basis for these premises, we describe the concept of the aesthetic evaluation-based authentication (AEbA) method and illustrate an implementation of it. We address AEbA's advantages and disadvantages relative to other related methods and conclude that it is adequate for low-to-medium security domains. It cannot serve as a compulsory method because we suspect that a certain portion of the user population lacks the degree of aesthetic sensitivity required to use the system effectively. On the plus side, the method offers a positive experience. It alleviates the burden of memorizing passwords to a minimum, and relative to other usability-oriented schemes provides better security in terms of shoulder-surfing, phishing, and password space. Finally, we report on a pilot evaluation of the concept and its feasibility that supports the method's main tenets, provides insights about implementation challenges and suggestions for improvements.

Mónica P. Arenas,Georgios Fotiadis,Gabriele Lenzini,Mohammadamin Rakeei

DOI: https://doi.org/10.1016/j.cose.2024.104131

IF: 5.105

2024-09-29

Computers & Security

Abstract:Coating objects with microscopic droplets of liquid crystals makes it possible to identify and authenticate objects as if they had biometric-like features: this is extremely valuable as an anti-counterfeiting measure. How to extract features from images has been studied elsewhere, but exchanging data about features is not enough if we wish to build secure cryptographic authentication protocols. What we need are authentication tokens (i.e., bitstrings), strategies to cope with noise, always present when processing images, and solutions to protect the original features so that it is impossible to reproduce them from the tokens. Secure sketches and fuzzy extractors are the cryptographic toolkits that offer these functionalities, but they must be instantiated to work with the peculiar specific features extracted from images of liquid crystals. We show how this can work and how we can obtain uniform, error-tolerant, and random strings, and how they are used to authenticate liquid crystal coated objects. Our protocol reminds an existing biometric-based protocol, but only apparently. Using the original protocol as-it-is would make the process vulnerable to an attack that exploits certain physical peculiarities of our liquid crystal coatings. Instead, our protocol is robust against the attack. We prove all our security claims formally, by modeling and verifying in Proverif, our protocol and its cryptographic schemes. We implement and benchmark our solution, measuring both the performance and the quality of authentication.

computer science, information systems

Muath Obaidat,Joseph Brown,Suhaib Obeidat,Majdi Rawashdeh

DOI: https://doi.org/10.3390/s20154212

2020-07-29

Abstract:A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client-server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client-server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

Tao Liu,Shubhangi Vairagar,Sushadevi Adagale,T Karthick,Catherine Esther Karunya,John Blesswin A,Selva Mary G,T. Karthick

DOI: https://doi.org/10.3934/mbe.2024209

2024-01-01

Mathematical Biosciences and Engineering

Abstract:The secure authentication of user data is crucial in various sectors, including digital banking, medical applications and e-governance, especially for images. Secure communication protects against data tampering and forgery, thereby bolstering the foundation for informed decision-making, whether managing traffic, enhancing public safety, or monitoring environmental conditions. Conventional visual cryptographic protocols offer solutions, particularly for color images, though they grapple with challenges such as high computational demands and reliance on multiple cover images. Additionally, they often require third-party authorization to verify the image integrity. On the other hand, visual cryptography offers a streamlined approach. It divides images into shares, where each pixel represented uniquely, thus allowing visual decryption without complex computations. The optimized multi-tiered authentication protocol (OMTAP), which is integrated with the visual sharing scheme (VSS), takes secure image sharing to the next level. It reduces share count, prioritizes image fidelity and transmission security, and introduces the self-verification of decrypted image integrity through asymmetric key matrix generators, thus eliminating external validation. Rigorous testing has confirmed OMTAP's robustness and broad applicability, thereby ensuring that decrypted images maintain their quality with a peak signal-to-noise ratio (PSNR) of 40 dB and full integrity at the receiver's end.

mathematical & computational biology

Brain Glass,Graeme Jenkinson,Yuqi Liu,M. Angela Sasse,Frank Stajano

DOI: https://doi.org/10.48550/arXiv.1607.03417

IF: 6.4588

2016-07-12

Human-Computer Interaction

Abstract:Over the past 15 years, researchers have identified an increasing number of security mechanisms that are so unusable that the intended users either circumvent them or give up on a service rather than suffer the security. With hindsight, the reasons can be identified easily enough: either the security task itself is too cumbersome and/or time-consuming, or it creates high friction with the users` primary task. The aim of the research presented here is to equip designers who select and implement security mechanisms with a method for identifying the ``best fit`` security mechanism at the design stage. Since many usability problems have been identified with authentication, we focus on ``best fit`` authentication, and present a framework that allows security designers not only to model the workload associated with a particular authentication method, but more importantly to model it in the context of the user`s primary task. We draw on results from cognitive psychology to create a method that allows a designer to understand the impact of a particular authentication method on user productivity and satisfaction. In a validation study using a physical mockup of an airline check-in kiosk, we demonstrate that the model can predict user performance and satisfaction. Furthermore, design experts suggested personalized order recommendations which were similar to our model`s predictions. Our model is the first that supports identification of a holistic fit between the task of user authentication and the context in which it is performed. When applied to new systems, we believe it will help designers understand the usability impact of their security choices and thus develop solutions that maximize both.

Chengxue Qian,Xingwei Song,Yun Huang,Xuejia Lai

DOI: https://doi.org/10.2991/icacsei.2013.146

2013-01-01

Abstract:In this paper, we present a novel user-friendly graphical password scheme resistant against "watching" attacks. Snapshot, remote monitoring, and shoulder-surfing have in common that all these attacks act as if one could directly watch the users' behavior on the screen, resulting in an insecure use of alphanumeric passwords ("watching" attacks). New technology based on graphical passwords uses graphs as authentication media where the user identifies, reproduces, or interacts with graphs to prove his identity, which partly blocks the danger. However, current graphical passwords such as D-A-S, PassPoints, Passfaces TM, and the algorithms D. Hong and Sobrado, etc. proposed are either too complicated or ineffective against "watching" attacks. In our proposal, the authentication process uses familiar images that only true users can recognize. It is hard to fabricate even many previous authentication processes are totally exposed. Furthermore a detailed application in OTP, which basically establishes an extra OTP input encryption, is discussed and its security analysis is presented.

Michael Burrows,Martin Abadi,Roger Needham

DOI: https://doi.org/10.1145/77648.77649

1990-02-01

ACM Transactions on Computer Systems

Abstract:Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly. Unfortunately, their design has been extremely error prone. Most of the protocols found in the literature contain redundancies or security flaws. A simple logic has allowed us to describe the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication. We have been able to explain a variety of authentication protocols formally, to discover subtleties and errors in them, and to suggest improvements. In this paper we present the logic and then give the results of our analysis of four published protocols, chosen either because of their practical importance or because they serve to illustrate our method.

computer science, theory & methods

Qibin Sun,Zhi Li,Xudong Jiang,Alex Kot

DOI: https://doi.org/10.1109/iscas.2008.4542082

2008-01-01

Abstract:Graphical password (i.e., image based authentication) is considered as a promising alternative to traditional textual password for mobile devices, to achieve better tradeoff between usability and security. However, previous proposals of graphical password have the limitation of limited entropy. In this paper, we propose a new scheme incorporating user face based authentication into the association-based graphical password solution we proposed before, aiming at achieving higher security without compromising user-friendliness for mobile application scenarios. System performance analysis and comparisons with other schemes are presented to validate our scheme.

Zheng Yang,Chao Yin,Chenglu Jin,Jianting Ning,Jianying Zhou

DOI: https://doi.org/10.1145/3457339.3457984

2021-01-01

Abstract:Delegated authentication is a very popular and effective paradigm to deal with entity authentication problems for resource-constrained clients in cyber-physical systems; namely, the authentication between two clients is proxied by a trusted authentication server. However, an attacker may compromise the authentication server to impersonate the clients for sabotaging the cyber-physical systems. To detect the identity fraud attacks caused by an authentication server compromise, we propose two mutual authentication protocols by using a pseudo-random function family and a one-time signature (OTS) scheme. Our idea is to leverage the continuously evolving OTS signing and verifying keys at the signer and the verifier sides respectively for identity fraud detection because an identity fraud attack would violate the victim's honest OTS key update procedure. The proposed protocols are proven secure under a new mutual authentication security model that formulates the identity fraud detection.

Frank Nielsen

DOI: https://doi.org/10.48550/arXiv.1304.6499

2013-04-24

Abstract:Nowadays, we are increasingly logging on many different Internet sites to access private data like emails or photos remotely stored in the clouds. This makes us all the more concerned with digital identity theft and passwords being stolen either by key loggers or shoulder-surfing attacks. Quite surprisingly, the current bottleneck of computer security when logging for authentication is the User Interface (UI): How can we enter safely secret passwords when concealed spy cameras or key loggers may be recording the login session? Logging safely requires to design a secure Human Computer Interface (HCI) robust to those attacks. We describe a novel method and system based on entering secret ID passwords by means of associative secret UI passwords that provides zero-knowledge to observers. We demonstrate the principles using a color Personal Identification Numbers (PINs) login system and describes its various extensions.

Human-Computer Interaction,Cryptography and Security

Lijing Ren,Denghui Zhang

DOI: https://doi.org/10.1016/j.micpro.2022.104540

IF: 3.503

2022-01-01

Microprocessors and Microsystems

Abstract:The popularity of more powerful and smarter digital devices has improved the quality of life and poses new challenges to the privacy protection of personal information. Although traditional encryption algorithms are effective in most application scenarios, they may not be suitable in integrated sensing and communication environments due to their low processing capabilities. In this paper, we develop a novel extended visual cryptography scheme to store private information in separate databases, which eliminates the complex operations in privacy-preserving schemes based on cryptography and watermarking. Since shares do not reveal any feature about private sensed information, we can transmit sensitive information among sensors and smart home servers in plain. To abate the influence of noise due to the use of visual cryptography, we leverage the generalization ability of transfer learning to train a visual cryptography-based recognition network. Experimental results show that our proposed method keeps the high accuracy of the feature recognition system when providing security.

Gloriya Mathew,Shiney Thomas

DOI: https://doi.org/10.48550/arXiv.1311.4037

2013-11-16

Abstract:User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authentication is Graphical User Authentication based on the fact that humans tends to remember images better than text. Graphical password authentication systems provide passwords which are easy to be created and remembered by the user. However, the main issues of simple graphical password techniques are shoulder surfing attack and image gallery attack. Studies reveals that most of the graphical passwords are either secure but not usable or usable but not secure. In this paper, a new technique that uses cued click point graphical password method along with the one-time session key is proposed. The goal is to propose a new authentication mechanism using graphical password to achieve higher security and better usability levels. The result of the system testing is evaluated and it reveals that the proposed system ensures security and usability to a great extent.

Cryptography and Security

Yan Xiong,Cheng Su,Wenchao Huang,Fuyou Miao,Wansen Wang,Hengyi Ouyang

DOI: https://doi.org/10.48550/arxiv.1807.00669

2018-01-01

Abstract:Current formal approaches have been successfully used to find design flaws in many security protocols. However, it is still challenging to automatically analyze protocols due to their large or infinite state spaces. In this paper, we propose a novel framework that can automatically verifying security protocols without any human intervention. Experimental results show that SmartVerif automatically verifies security protocols that cannot be automatically verified by existing approaches. The case study also validates the effectiveness of our dynamic strategy.

Donald Beaver

DOI: https://doi.org/10.48550/arXiv.2006.03725

2020-06-06

Abstract:Graphical user interface testing is significantly challenging, and automating it even more so. Test-driven development is impractical: it generally requires an initial implementation of the GUI to generate golden images or to construct interactive test scenarios, and subsequent maintenance is costly. While computer vision has been applied to several aspects of GUI testing, we demonstrate a novel and immediately applicable approach of interpreting GUI presentation in terms of backend communications, modeling "awareness" in the fashion employed by cryptographic proofs of security. This focus on backend communication circumvents deficiencies in typical testing methodologies that rely on platform-dependent UI affordances or accessibility features. Our interdisciplinary work is ready for off-the-shelf practice: we report self-contained, practical implementation with both online and offline validation, using simple designer specifications at the outset and specifically avoiding any requirements for a bootstrap implementation or golden images. In addition to practical implementation, ties to formal verification methods in cryptography are explored and explained, providing fertile perspectives on assurance in UI and interpretability in AI.

Software Engineering,Computer Vision and Pattern Recognition