YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

朱建新,杨小虎

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.12.004

2001-01-01

Abstract:Network security is an important research area in the application of information system now,How to implement effective access control based on user's identity is very important. This paper briefly introduces the concept and technology of authentication first,and analyze the technology of biometric identification,then points out that fingerprint-based biometric identification in networking environment combining data transfer encrypt is a reliable method for control user's access and protect information system,and describes the design and implementation of fingerprint-based authentication system in networking environment.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Muhammad Bilal,Can Wang,Zhi Yu,Abid Bashir

DOI: https://doi.org/10.1109/icsess49938.2020.9237635

2020-01-01

Abstract:Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.

Hao Kong,Li Lu,Jiadi Yu,Yingying Chen,Xiangyu Xu,Feng Lyu

DOI: https://doi.org/10.1109/tnet.2023.3237686

2023-01-01

Abstract:User authentication nowadays has become an important support for not only security guarantees but also emerging novel applications. Although WiFi signal-based user authentication has achieved initial success, it works in single-user scenarios while multi-user authentication remains a challenging task. In this paper, we present MultiAuth, a multi-user authentication system that can authenticate multiple users with a single pair of commodity WiFi devices. The basic idea is to profile multipath components of WiFi signals, and leverage the multipath components to characterize each user individually for multi-user authentication. MultiAuth first profiles multipath components of WiFi signals through a proposed MUltipath Time-of-Arrival estimation algorithm (MUTA). Then, after matching corresponding multipath components to each user in complex multi-user scenarios, MultiAuth constructs individual CSI based on the multipath components to characterize each user individually. An AoA-based approach is exploited to further separate individual CSI constructed by the users with same ToA. To identify users through their activities, MultiAuth extracts user behavior profiles based on the individual CSI, and leverages a dual-task neural network for robust user authentication. Extensive experiments involving 3 simultaneously present users demonstrate that MultiAuth is effective in multi-user authentication with 86.2% average accuracy and 9.5% average false accept rate.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Edoardo Milotti,Alessio Del Fabbro,Chiara Dalla Pellegrina,Roberto Chignola

DOI: https://doi.org/10.48550/arXiv.physics/0702094

2007-02-12

Abstract:Multisite protein modification is a ubiquitous mechanism utilized by cells to control protein functions. We have recently proposed a dynamical description of multisite protein modification which embodies all the essential features of the process (E. Milotti, A. Del Fabbro, C. Dalla Pellegrina, and R. Chignola, Physica A, in press), and we have used this model to analyze the stability and the time-scales of this mechanism. The same model can be used to understand how the system responds to stimuli: here we show that it displays frequency-dependent dynamical hysteresis. This behavior closely parallels -- with the due differences -- what is observed in magnetic systems. By selecting model parameters that span the known biological ranges, we find that the frequency-dependent features cover the band of the observed oscillations of molecular intracellular signals, and this suggests that this mechanism may have an important role in cellular information processing.

Biological Physics,Molecular Networks

Minghui Shi,Humphrey Rutagemwa,Xuemin (Sherman) Shen,Jon W. Mark,Yixin Jiang,Chuang Lin

DOI: https://doi.org/10.1007/978-0-387-33112-6_11

2007-01-01

Abstract:A wireless LAN service integration architecture based on current wireless LAN hotspots is proposed to make migrating to new service cost effective. The AAA (Authentication, Authorization and Accounting) based mobile terminal registration signaling process is discussed. An application layer end-to-end authentication and key negotiation protocol is proposed to overcome the open air connection problem existing in wireless LAN deployment. The protocol provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign networks. A functional demonstration of the protocol is also given. The research results should contribute to rapid deployment of wireless LANs hotspot service.

Peng Zhao,Xuewu Cao,Ping Luo

2003-01-01

Abstract:The RADIUS protocol has a set of vulnerabilities that are either caused by the protocol, or caused by poor client implementation and exacerbated by the protocol. For security reasons, it would be advantageous to push for at least minimal revisions of the widely used RADIUS protocol. This paper mainly deals with some of the characteristics of the base RADIUS protocol and of the User-Password attribute.

Sanjay Majumder,Sanjay Chakraborty,Suman Das

DOI: https://doi.org/10.5120/16257-5904

2014-06-18

Abstract:Network & internet security is the burning question of today's world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services. In this paper, a new system of network security service is implemented which is more secure than conventional network security services. This technique is mainly deals with two essential network security services, one is user authentication and other is data confidentiality. For user authentication this paper introduces Graphical Username & Voice Password approaches which provides better security than conventional username & password authentication process. In data confidentiality section this paper introduces two layer private key for both message encryption & decryption which is mainly applicable on 8 bit plain text data. This paper also provides the hints of introducing other two network security services (integrity and non-repudiation) as a future work.

Cryptography and Security

V. C. K. P. Arul Oli,Elayaraja Ponram,V.C.K.P. Arul Oli

DOI: https://doi.org/10.48550/arXiv.1405.1019

2014-03-26

Networking and Internet Architecture

Abstract:This paper describes about how you can secure your Wireless Network from hackers about various threats to wireless networks, How hackers makes most use of it and what are the security steps one should take to avoid becoming victim of such attacks. There are plenty of opportunities to connect to public Wi-Fi hotspots when you're on the go these days. Coffee shops, hotels, restaurants and airports are just some of the places where you can jump online, but often these networks are open and not secure. Whether you're using a laptop, tablet or smartphone, you'll want to connect your device securely to protect your data as much as possible. Otherwise an unsecured Wi-Fi connection makes it easier for hackers to access your private files and information, and it allows strangers to use your internet connection. Here are some simple steps you can take to help make sure your data is safe on open public Wi-Fi.

Novi Aryani Fitri

DOI: https://doi.org/10.31763/iota.v4i3.805

2024-08-15

Abstract:This study explores network security within a simulated environment built using VirtualBox, focusing on comparing the HTTP and HTTPS protocols in protecting data from eavesdropping. The research follows the PPDIOO model (Prepare, Plan, Design, Implement, Operate, and Optimize), including system requirements mapping and the setup of a virtual network environment that supports VLAN and data security. Two main scenarios were tested: an authorized user securely accesses a server using HTTPS, and another where an attacker attempts to intercept communication between the client and server using HTTP. The results indicate that HTTPS effectively protects data from eavesdropping attempts by attackers, while HTTP leaves security vulnerabilities that can be exploited to steal sensitive information. This study underscores the importance of using secure protocols like HTTPS in VLAN-based networks to protect data from eavesdropping and other threats. Additionally, the research paves the way for developing further security measures in network management, such as firewalls, intrusion detection systems (IDS), and more advanced encryption.

Ramesh Mandali,B. Tirapathi Reddy,Mandali, Ramesh,Tirapathi Reddy, B.

DOI: https://doi.org/10.1007/s42979-023-02047-x

2023-09-10

SN Computer Science

Abstract:In the current period, the number of mobile users is rapidly expanding with a complicated network setup with a large amount of network traffic, which results in data overload. Insufficient network bandwidth causes data overloading. Data overloading can be mitigated by implementing a potential solution to deal with the massive network traffic. Despite the fact that the capabilities of mobile networks are rapidly expanding, the aforementioned issue persists as we move from cellular to advanced wireless networks. To keep up with the ever-increasing number of internet users, offloading techniques have become increasingly popular in mobile computing. As the number of users and the volume of data they generate grows, the network's capacity is taxed, and this is where offloading techniques come in to help. However, in many situations, authentication is absolutely necessary for the formation of a connection. As a result, the study presents a data offloading method for mobile computing that is both safe and cost-effective, as well as successful in managing network traffic. Individuals' personal information might also constitute a severe privacy risk to users. Anticipating the legitimacy of the nodes and secret key negotiation helps avoid these dangers. Developing a mutual authentication and secret key exchange system for resource-constrained networks that is secure and private in all ways is a difficult challenge. Integrate key exchange authentication with an efficient data offloading approach to maintain data confidentiality and integrity in the whole network during transmission is the primary goal of the research. This research presents a Unique Tokenized Authentication Technique based Data Offloading approach using Key Exchange (UTAT-DO-KE) model is proposed in this research for maintaining data integrity in heterogeneous networks during data communication. In this case, performance analysis can be done to lower the time it takes to authenticate and run the application. When compared to the current procedures, the proposed model will improve network performance while simultaneously reducing data traffic.

Dwi Ely Kurniawan,Mohd Iqbal,John Friadi,Fendi Hidayat,Ririt Dwiputri Permatasari

DOI: https://doi.org/10.1088/1742-6596/1783/1/012041

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract During the Covid-19 pandemic, almost all jobs and activities to be limited, relying on the internet network. Data security in an internet network is most important and needs to be a concern for internet users. The internet network is a public network, which is vulnerable to security attacks. Attacks may occur to retrieve user data in the form of a username and password. This study conducts system design to improve the security of the username and password data when logging into web applications. Login using One-Time Password (OTP) verification by implementing the AES algorithm and Blowfish to encrypt the verification code. The verification code uses an SMS gateway. Testing is done by looking at security performances and comparing the performance of the Blowfish and AES algorithm. The results of the design research show that OTP is running well where the AES algorithm performance has advantages in terms of encryption and decryption speed compared to the Blowfish algorithm with a difference of ± 0.015 milliseconds for encryption and ± 0.04 milliseconds for decryption.

English Else

Manik Lal Das,Ashutosh Saxena,Ved P. Gulati

DOI: https://doi.org/10.1109/TCE.2004.1309441

2007-12-14

Abstract:Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Cryptography and Security

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.