Muhammad Bilal,Can Wang,Zhi Yu,Abid Bashir

DOI: https://doi.org/10.1109/icsess49938.2020.9237635

2020-01-01

Abstract:Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Shravan Bhat,Nithin R,Pranav S

2023-07-08

Abstract:With the rapid advancements in technology, automation has emerged as the future of human endeavors. From simple tasks like attendance management to complex security systems, automation has the potential to revolutionize various aspects of our lives. This research paper explores the implementation of a method aimed at enhancing room security in hostels and automating class attendance using ID cards. In this study, we propose a system that utilizes the unique identity information stored in ID cards for various security and check-in tasks. By integrating RFID (Radio-Frequency Identification) reader technology, GSM modules, Node MCU, and Arduino, we create a comprehensive solution. The RFID reader scans the ID card, extracting the relevant information and verifying the user's identity. The data is then transmitted via the GSM module to a central database, ensuring real-time monitoring and security measures. Moreover, the system also enables the automation of class attendance. By utilizing the same ID cards, students can simply tap their cards on a reader placed in the classroom. This information is recorded automatically, eliminating the need for manual attendance taking and reducing errors and time consumption. This research project highlights the practical implementation of ID card technology to enhance room security in hostels and automate class attendance processes. By leveraging the power of automation, we aim to streamline administrative tasks, improve security measures, and optimize efficiency in educational institutions and other relevant settings.

Cryptography and Security,Human-Computer Interaction

Lalitha Sravanti Dasu,Mannav Dhamija,Gurram Dishitha,Ajith Vivekanandan,V. Sarasvathi

DOI: https://doi.org/10.2478/cait-2023-0016

2023-06-01

Cybernetics and Information Technologies

Abstract:Abstract Defending against identity-based threats, which have predominantly increased in the era of remote access and working, requires non-conventional, dynamic, intelligent, and strategic means of authenticating and authorizing. This paper aims at devising detailed risk-scoring algorithms for five real-time use cases to make identity security adaptive and risk-based. Zero-trust principles are incorporated by collecting sign-in logs and analyzing them continually to check for any anomalies, making it a dynamic approach. Users are categorized as risky and non-risky based on the calculated risk scores. While many adaptive security mechanisms have been proposed, they confine identities only to users. This paper also considers devices as having an identity and categorizes them as safe or unsafe devices. Further, results are displayed on a dashboard, making it easy for security administrators to analyze and make wise decisions like multifactor authentication, mitigation, or any other access control decisions as such.

Abdul Qadeer Rasooli,Khan Mohammad Habibi,Sahnosh Rahguzar

DOI: https://doi.org/10.31849/zn.v4i1.8668

2022-04-09

Abstract:Nowadays it is very important to have an authenticated and secure network. hackers are always one step further and try to steal credentials or doing malicious actions. Many organizations implement strong authentication systems for taking drastic security measures to prevent threats and vulnerabilities. This paper describes integration of application layer services with central authentication server called Lightweight Directory Access Protocol(LDAP), it covers detailed mechanism to control and restrict any software application or network services which may implement and require central authentication protocols including web (eg: HTTP protocol) and file transfer protocol (eg: FTP protocol). This will enable authenticated web and ftp webpage for reliability and security. The authentication services also provide Ubuntu client domain join and network authentication to enable integrity and authentication across the network. This paper is conducted through deep library research and practical implementation of the services.The goal of this paper is to introduce a unified secure centralized authentication system to authenticate and grant the authorized users to have access to the restricted Kerberized services in a period of time which is granted. It provides more trust, secure environment, but less traffic and others` interference

Maha K. Kabier,Ali A. Yassin,Zaid Ameen Abduljabbar,Songfeng Lu

DOI: https://doi.org/10.56714/bjrs.49.1.8

2023-01-01

Abstract:The purpose of a secure e-learning system based on cloud computing is to allow instructors and students to access their accounts at any time and from anywhere. These types of systems work to ensure that their users (instructors and students) are truly enrolled in the school or institute to prevent unauthorized users from accessing the resources and components of the system. Furthermore, the traditional authentication techniques used in the majority of educational systems suffer from several issues, such as cyber security attacks and weak management of resources. So, some students could be eager to take advantage of such a system's flaw in an effort to cheat. User authentication and end-user monitoring are more difficult in this situation. Multifactor adaptive authentication techniques are used to implement a system with simultaneous authentication. The proposed scheme system offers an effective, affordable, and human intervention-adaptive authentication and monitoring solution for e-learning environments. Additionally, our work can resist cyber security and contains some good metrics like mutual authentication, user anomalies, and others. In this paper, the proposed scheme system uses a two-factor authentication system based on Asymmetric Scalar Product Preserving Encryption (APSE) and fingerprint biometrics for managing and generating a user's account in a secure way. Our work also achieves a good balance between performance and security complexity compared to the state-of-the-art. So, we achieve good results for 1.69 ms for computation and 1280 bits for communication.

Neville Palmer

DOI: https://doi.org/10.1109/iccece46942.2019.8941804

2019-08-01

Abstract:Security is an essential aspect of the subject of computer networking in which students must understand the concepts and be confident in configuring security mechanisms on a range of network devices and systems as part of a Defence in Depth approach to IT security. Challenges are faced in assessing practical security exercises in a laboratory environment involving multivariate devices and operating systems that involve real equipment or simulation and real or virtualized environments. The working environment for a practical exercise must be pre-configured and once an exercise is completed the results extracted to enable formative or summative assessment of the outcomes of the exercise. Using manual methods this process can be time consuming and it would therefore be beneficial to implement some form of automation. To facilitate this a new application has been developed that automates the configuration management and assessment processes within a computer networking laboratory. The new application has been successfully used to assess the extent to which students have been able to configure a secure network utilizing a Defence in Depth approach within a case-study based exercise. The development challenges of the application and rationale for the implementation of the prototype application are discussed. A test methodology is presented and the results of applying this to the outcomes of a network security exercise are analysed. This demonstrates that the prototype application is able to assess the configuration of network security, in the context of defined parameters, to a high degree of accuracy. Further work might look at using the system to assess the security of business and industrial network in contrast to educational usage.

Aditya Gaikwad,Vaishanavi Bundele,Diksha Borade,Sayali Nannaware

DOI: https://doi.org/10.22214/ijraset.2024.58159

2024-01-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: The project, introduces an innovative approach to enhance the security and accessibility of Automated Teller Machines (ATMs). In an era where financial transactions are increasingly digital and essential, safeguarding ATM access is of paramount importance. This project leverages the power of biometric authentication, combining fingerprint and face recognition technologies to create a robust and reliable access control system. The proposed system allows ATM users to authenticate their identity with a seamless and secure process. Fingerprint recognition provides a high-precision, individualized identification method, while face recognition adds an additional layer of security, ensuring the users identity matches the stored biometric data. This dual-biometric approach significantly reduces the risk of unauthorized access and fraudulent activities at ATMs. Beyond enhancing security, the project contributes to user convenience by streamlining the authentication process, eliminating the need for traditional ATM cards or PINs. Users can access their accounts swiftly and securely, thereby improving the overall ATM experience. Furthermore, the project’s incorporation of state-of-the-art biometric technologies underscores its potential to set a standard for secure ATM access not only in the financial sector but also in various other domains where access control is critical.

Manik Lal Das,Ashutosh Saxena,Ved P. Gulati

DOI: https://doi.org/10.1109/TCE.2004.1309441

2007-12-14

Abstract:Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Cryptography and Security

Muath Obaidat,Joseph Brown,Suhaib Obeidat,Majdi Rawashdeh

DOI: https://doi.org/10.3390/s20154212

2020-07-29

Abstract:A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client-server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client-server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

Udit Gupta

DOI: https://doi.org/10.5120/ijca2015905221

2015-06-20

Abstract:Authentication forms the gateway to any secure system. Together with integrity, confidentiality and authorization it helps in preventing any sort of intrusions into the system. Up until a few years back password based authentication was the most common form of authentication to any secure network. But with the advent of more sophisticated technologies this form of authentication although still widely used has become insecure. Furthermore, with the rise of 'Internet of Things' where the number of devices would grow manifold it would be infeasible for user to remember innumerable passwords. Therefore, it's important to address this concern by devising ways in which multiple forms of authentication would be required to gain access to any smart devices and at the same time its usability would be high. In this paper, a methodology is discussed as to what kind of authentication mechanisms could be deployed in internet of things (IOT).

Cryptography and Security

Rajesh Kumar Verma,Praveen Singh,Chhabi Rani Panigrahi,Bibudhendu Pati

DOI: https://doi.org/10.1007/978-981-15-6584-7_10

2020-10-30

Abstract:Security is mandatory and of utmost importance for all organizations. While the legitimate people should be allowed inside enterprises, the illegal ones should be barred from entering and this can be achieved using face recognition techniques. In this work, we have come up with a robust architecture using artificial intelligence and Internet of things that can be used across different enterprises. We have also derived the methodology and solution for implementing a more advanced security system. For proper demonstration, we have also considered one of the business use cases along with proposed processing work flow.

Rakshitha S M,Shravana,Riya Biswas,Sushmita Shetty

DOI: https://doi.org/10.48175/ijarsct-2866

2022-03-21

Abstract:The Internet of Things (IoT) connects many of the world's home appliances, from intelligent thermostats to intelligent cars. We had 9 billion connected things by the end of 2015. According to Gartner, the total number of networked devices will approach 50 billion by 2020. The majority of linked devices in the existing network use outdated security technology and encryption, and many do not allow for remote device updates. Given the vast number of IoT devices available, ranging from off-the-shelf motion monitoring to machine tools, it is impossible to determine which functions are associated with any given service or product. In a nutshell, this is the issue: you can't trust the device's security and integrity. K-times anonymous authentication (k-TAA) is an important access control approach used in ecoupon and e-bill. It allows a user to authenticate himself anonymously to a distant server a set number of times. However, most known k-TAA techniques need a lot of processing, which makes them difficult to use on devices with low resources. In 2018, Tian and colleagues published Tian et al presented a remote user authentication system that protects users' privacy. Considering untraceability of k-times In contrast to the typical k-TAA,Tian et almethod .'s is better suited to mobile devices.as a result of avoiding costly pairing operations They're also claim that their system ensures user trust and authenticity. Untraceability k times Unfortunately, we are unable to do so in this paper Analyzing their scheme reveals that it is insecure. Their Neither scheme can stop a rogue user from sending information neither the authentication.

Miss. Shweta Kamble,Miss. Pooja Kendre,Miss. Ayesha Siddiqua,Mr. Deshpande G. R

DOI: https://doi.org/10.48175/ijarsct-14204

2023-12-11

Abstract:This paper proposes an authentication system that combines One-Time Password (OTP) and Quick Response (QR) code technologies to enhance security and user experience. The system generates an OTP and a unique QR code for each authentication attempt, which can be scanned using a mobile device to complete the authentication process. The QR code contains encrypted information about the user's identity and the OTP, which is verified by the server. The proposed system provides a secure, convenient, and efficient method for user authentication, which is crucial in today's digital world. An e-authentication system that uses OTP and QR code technology is a secure and efficient method for authenticating users in online transactions. This system combines the benefits of OTP and QR code technology to provide a two-factor authentication mechanism that is convenient for users and effective in preventing unauthorized access. This system aims to address the vulnerabilities of traditional username and password authentication by providing an additional layer of security through two-factor authentication. the system aims to prevent unauthorized access to online services and transactions. The system aims to provide a userfriendly and convenient authentication method that can be easily integrated into existing online platforms. It protect sensitive information and ensure that only authorized users can access online services and transactions

English Else

Ayan Chatterjee,Andreas Prinz

DOI: https://doi.org/10.3390/s22051703

2022-02-22

Abstract:In this study, we implemented an integrated security solution with Spring Security and Keycloak open-access platform (SSK) to secure data collection and exchange over microservice architecture application programming interfaces (APIs). The adopted solution implemented the following security features: open authorization, multi-factor authentication, identity brokering, and user management to safeguard microservice APIs. Then, we extended the security solution with a virtual private network (VPN), Blowfish and crypt (Bcrypt) hash, encryption method, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure. To accomplish and describe the adopted SSK solution, we utilized a web engineering security method. As a case study, we designed and developed an electronic health coaching (eCoach) prototype system and hosted the system in the expanded digital secure infrastructure to collect and exchange personal health data over microservice APIs. We further described our adopted security solution's procedural, technical, and practical considerations. We validated our SSK solution implementation by theoretical evaluation and experimental testing. We have compared the test outcomes with related studies qualitatively to determine the efficacy of the hybrid security solution in digital infrastructure. The SSK implementation and configuration in the eCoach prototype system has effectively secured its microservice APIs from an attack in all the considered scenarios with 100% accuracy. The developed digital infrastructure with SSK solution efficiently sustained a load of (≈)300 concurrent users. In addition, we have performed a qualitative comparison among the following security solutions: Spring-based security, Keycloak-based security, and their combination (our utilized hybrid security solution), where SSK showed a promising outcome.

Amrendra Tripathi,Rahul Sharma,Minakshi Memoria,Kapil Joshi,Manoj Diwakar,Prabhishek Singh

DOI: https://doi.org/10.1088/1742-6596/1854/1/012024

2021-04-01

Journal of Physics: Conference Series

Abstract:Abstract Face recognition is the most advanced way of authentication and authorization and it has been developed a lot since the last decade and such systems are now popular in fields such as security and commerce. This work revolves around facial recognition based automated user management system with active learning features the proposed work uses a combination of a couple of technologies to build such a system for user keeping which is foolproof and secure it also adds active learning to counter the problem of changing faces in youngsters. The system is recommended for schools, universities, corporate offices, and prisons.

Vinod Kumar,Musheer Ahmad,Pankaj Kumar

DOI: https://doi.org/10.1007/978-981-13-1217-5_7

2018-09-08

Abstract:Big data raises a robust need for a network structure with the ability to support information retrieval and sharing. Many companies start to supply of big data services for Internet users and at the same time, these services also bring sever all security issues. Presently, the great part of big data set provides digital identity for users to use their services. At the moment, most of these systems use asymmetric and conventional public key cryptography (PKC) to give mutual authentication data security. However, existing authentication schemes trust commonly on the centralized servers to offer record and facilitation facilities for information retrieval. Pairing-free identity-based cryptography has some pull characteristics that gives the idea to healthy requirements in that scenario. The presented scheme is carried out in three phases and are as follows: initialization phase, registration phase and mutual authentication, and session key agreement phase. Detailed security analyzes have been made to authenticate big data server and user. Further, the paper has the resistance to possible attacks in this environment.

Jiang Lifeng,Zhao Baohua

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.18.071

2006-01-01

Abstract:In the face of more and more problems of security of application information system,this paper analyses the disadvantage and shortage of traditional authentication authorization system.It promotes the whole structure of authentication authorization system based on the Java Authentication Authorization Service framework and model of Role-Based Access Control and its realization process are given.Some relative key techniques including the design of authentication module and authorization module are emphasized.

Manika Garg,Anita Goel

DOI: https://doi.org/10.1007/s10207-024-00931-y

2024-10-30

International Journal of Information Security

Abstract:The security of online assessments is a major concern due to widespread cheating. One common form of cheating is impersonation, where students invite unauthorized persons to take assessments on their behalf. Several techniques exist to handle impersonation. Some researchers recommend use of integrity policy, but communicating the policy effectively to the students is a challenge. Others propose authentication methods like, password and fingerprint; they offer initial authentication but are vulnerable thereafter. Face recognition offers post-login authentication but necessitates additional hardware. Keystroke Dynamics (KD) has been used to provide post-login authentication without any additional hardware, but its use is limited to subjective assessment.

computer science, information systems, theory & methods, software engineering

Pinyi Ren

2009-01-01

Abstract:In engineering and emulate environment,administrators often need to unify accounts management and identity authentication within different domain and system.They also need to increase security and reliability of identity authentication.A new method is presented,which uses digital certificate as the way of authentication.Unified identity authentication is designed and implemented in multidomain and multi-system.Application result indicates that using same certificate stored in USBkey users can access resource by local or remote logon which belong to different domain and system.Accordingly not only administrators can uniformly manage all the accounts with several domains but also it improves application security and workability.