Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Durgesh Kumar Mishra,Samiksha Shukla

DOI: https://doi.org/10.48550/arXiv.0912.3984

2009-12-20

Abstract:Information management and retrieval of all the citizen occurs in almost all the public service functions. Electronic Government system is an emerging trend in India through which efforts are made to strive maximum safety and security. Various solutions for this have been proposed like Shibboleth, Public Key Infrastructure, Smart Cards and Light Weight Directory Access Protocols. Still, none of these guarantee 100 percent security. Efforts are being made to provide common national identity solution to various diverse Government identity cards. In this paper, we discuss issues related to these solutions.

Multiagent Systems

Animesh Agarwal,Vaibhav Shrimali,Manik Lal Das

DOI: https://doi.org/10.48550/arXiv.0911.0727

2009-11-04

Cryptography and Security

Abstract:Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

Anisha Ghosh,Aditya Mitra,Sibi Chakkaravarthy Sethuraman,Aswani Kumar Cherukuri

2024-08-09

Abstract:With challenges and limitations associated with security in the fintech industry, the rise to the need for data protection increases. However, the current existing passwordless and password-based peer to peer transactions in online banking systems are vulnerable to advanced forms of digital attacks. The influx of modern data protection methods keeps better records of the transactions, but it still does not address the issue of authentication and account takeovers during transactions. To the address the mentioned issue, this paper proposes a novel and robust peer to peer transaction system which employs best cloud security practices, proper use of cryptography and trusted computing to mitigate common vulnerabilities. We will be implementing FIDO2 compatible Smart Card to securely authenticate the user using physical smart cards and store the records in the cloud which enables access control by allowing access only when an access is requested. The standard incorporates multiple layers of security on cloud computing models to ensure secrecy of the said data. Services of the standard adhere to regulations provides by the government and assures privacy to the information of the payee or the end-user. The whole system has been implemented in the Internet of Things scenario.

Cryptography and Security,Emerging Technologies

Sanjay Majumder,Sanjay Chakraborty,Suman Das

DOI: https://doi.org/10.5120/16257-5904

2014-06-18

Abstract:Network & internet security is the burning question of today's world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services. In this paper, a new system of network security service is implemented which is more secure than conventional network security services. This technique is mainly deals with two essential network security services, one is user authentication and other is data confidentiality. For user authentication this paper introduces Graphical Username & Voice Password approaches which provides better security than conventional username & password authentication process. In data confidentiality section this paper introduces two layer private key for both message encryption & decryption which is mainly applicable on 8 bit plain text data. This paper also provides the hints of introducing other two network security services (integrity and non-repudiation) as a future work.

Cryptography and Security

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security

A. Damodaram,H. Jayasri

DOI: https://doi.org/10.48550/arXiv.0908.0979

2009-08-07

Abstract:Privacy and security are often intertwined. For example, identity theft is rampant because we have become accustomed to authentication by identification. To obtain some service, we provide enough information about our identity for an unscrupulous person to steal it (for example, we give our credit card number to <a class="link-external link-http" href="http://Amazon.com" rel="external noopener nofollow">this http URL</a>). One of the consequences is that many people avoid e-commerce entirely due to privacy and security concerns. The solution is to perform authentication without identification. In fact, all on-line actions should be as anonymous as possible, for this is the only way to guarantee security for the overall system. A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance because it is the best means of providing privacy for users.

Cryptography and Security

Musa Midila Ahmed,Aishatu Musa Ahmed

DOI: https://doi.org/10.11113/ijic.v13n2.389

2023-11-24

International Journal of Innovative Computing

Abstract:E-government is the use of information and communication technology for public service provision in governance. Nowadays, E-government facilitates transparent, accountable, efficient and all-inclusive governing process for improved service delivery to citizens. However, the emergence of this novel innovation opened up new security vulnerabilities to citizens’ data. Comprehensive security plan for secure linkage of people, process and technology is crucial to ensure that data and network channel is protected from potential security threats. The purpose of this study is to provide a security model for protection of citizens’ data in E-government system. This paper propose information security stack, a data protection model for efficient data protection in E-government system. The information security stack comprised of citizens’ identification, authentication of identities, data confidentiality and data integrity in E-government system. First, this paper classified citizens’ identification into international, national and purposive identification. Second, acceptable form of identification for authentication of identities in E-government system depends on the security restriction imposed on the requested information. Consequently, user authentication is classified into single factor authentication, two-factor authentication and multifactor authentication depending on the use case in the E-government system. Third, data confidentiality implemented by data encryption is an information security goal for preserving the privacy of information in E-government system. The authors categorised data encryption in E-government into symmetric encryption and asymmetric encryption. Finally, ensuring the accuracy and completeness of citizens’ data is crucial for preserving data integrity in E-government system. This can be achieved by digital signature, an electronic version of handwritten signature.

Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2207.10353

2022-07-21

Abstract:The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows Abadi Needham (BAN) logic tools and an information security assessment with the Delev Yao channel. We use publish subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well known cryptographic threats.

Cryptography and Security

Udit Gupta

DOI: https://doi.org/10.5120/ijca2015905221

2015-06-20

Abstract:Authentication forms the gateway to any secure system. Together with integrity, confidentiality and authorization it helps in preventing any sort of intrusions into the system. Up until a few years back password based authentication was the most common form of authentication to any secure network. But with the advent of more sophisticated technologies this form of authentication although still widely used has become insecure. Furthermore, with the rise of 'Internet of Things' where the number of devices would grow manifold it would be infeasible for user to remember innumerable passwords. Therefore, it's important to address this concern by devising ways in which multiple forms of authentication would be required to gain access to any smart devices and at the same time its usability would be high. In this paper, a methodology is discussed as to what kind of authentication mechanisms could be deployed in internet of things (IOT).

Cryptography and Security

Chintan Patel,M.P. Aryan,Prosanta Gope,John Clark

DOI: https://doi.org/10.1016/j.cose.2024.103793

IF: 5.105

2024-03-06

Computers & Security

Abstract:Digital Twin (DT) is a revolutionary technology changing how a smart manufacturing industry carries out its day-to-day activities. DT can provide numerous advantages such as real-time synchronised functioning, monitoring and data analysis. However, security and privacy issues in DT have not been thoroughly investigated. This article proposes a user-empowerment-based privacy-preserving authentication protocol for a cloud-based Digital Twin using a Decentralised Identifier (DID) and Verifiable Credential (VC). Here, user empowerment provides full control to users over their identities, and with the help of VC, users can prove their authenticity and preserve their privacy. Although DID has emerged as a promising technology for introducing user empowerment, it suffers from some fundamental problems such as usability and auditability . Here we address all these issues and propose a user-revocation-enabled security solution for the DT. A security analysis of the proposed scheme shows that it is secured against significant security threats. With the help of performance analysis, we prove that the proposed work effectively ensures security and privacy in DT.

computer science, information systems

Sri Sai Abhishake Gopal Dasari

DOI: https://doi.org/10.48550/arXiv.2101.10085

2021-01-17

Computers and Society

Abstract:The citizenship identities of a nation's occupants enable the state to identify and authenticate them unquestionably. These documents help individuals in recognizing themselves and to profit from the rights and advantages given to them by the legislature or the constitution of the land. There are problems in the traditional way of issuance f these identities and many hurdles that impede people from getting their benefits or exercising their rights. These paper-based identities can be forged easily and are hard to authenticate at various civil end points. There are reports of identity thefts. In this paper, we are discussing how Blockchain can be employed to overcome these problems and makes these identities confidential, immutable, and secured. Blockchain technology can help the governing bodies in maintaining and verifying these identities in a quick manner with less chance for human errors, meaning more reach for government plans and aid

Nikhil Ghadge

DOI: https://doi.org/10.5121/ijci.2024.130401

2024-07-13

International Journal on Cybernetics & Informatics

Abstract:Ensuring the security of digital identities has become increasingly critical in today's interconnected world. This research investigates the intricate difficulties around securing digital identities, spanning technological, human, legal, and regulatory aspects. Key technological hurdles include vulnerabilities in authentication mechanisms, risks associated with biometric data, issues with multi-factor authentication, and challenges in implementing secure hardware. Human factors like social engineering threats, lack of awareness and education, insider threats, and psychological impacts of identity theft further complicate the landscape. Working though legal requirements and adhering to regulations, such as with data protection laws, cross-border data security issues, establishing digital identity standards, and balancing privacy and security concerns pose additional obstacles. The paper highlights the severe implications of unsecured digital identities and provides recommendations for enhancing security through a multi-pronged approach involving technological advancements, educational initiatives, and ethical considerations. The appeal underscores the pressing necessity for continued research. and collaborative efforts to bolster encryption, authentication protocols, and policy enforcement mechanisms in the digital domain.

Jangirala Srinivas,Ashok Kumar Das,Mohammad Wazid,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/jiot.2020.3040938

IF: 10.6

2021-05-01

IEEE Internet of Things Journal

Abstract:Secure access of the real-time data from the Internet-of-Things (IoT) smart devices (e.g., vehicles) by a legitimate external party (user) is an important security service for big data collection in the IoT-based intelligent transportation system (ITS). To deal with this important issue, we design a new three-factor user authentication scheme, called UAP-BCIoT, which relies on elliptic-curve cryptography (ECC). The mutual authentication between the user and an IoT device happens via the semitrusted cloud-gateway (CG) node in UAP-BCIoT. UAP-BCIoT supports several functionality features needed for IoT-based ITS environment including IoT smart device credential validation and big data analytics. A detailed security analysis is conducted based on the defined threat model to show that UAP-BCIoT is resilient against many known attacks. A thorough comparative study reveals that UAP-BCIoT supports better security, offers various functionality attributes, and also provides similar costs in communication as well computation as compared to other relevant schemes Finally, the practical demonstration of the proposed UAP-BCIoT is also provided to measure its impact on the network performance parameters.

computer science, information systems,telecommunications,engineering, electrical & electronic

Soumit Chowdhury,Ritesh Mukherjee,Nabin Ghoshal

DOI: https://doi.org/10.1007/s11277-017-4066-x

IF: 2.017

2017-03-11

Wireless Personal Communications

Abstract:The work highlights a secure and trusted data transmission protocol focusing on dynamic cum multi-phase authentication scenarios suitable for defense sector applications under wireless environments. Initially the user communicates a proprietary logo image chosen dynamically and marked visibly on a selected region of the authentic digital document. Receiver identifies two secret codes against this logo and its respective region number after sensing the logo from the document. In the second phase invisible fabrication of multiple ownership digitized signature shares on the document is governed by the generated secret data which dynamically decides the bit fabrication sequences, locations of fabrications and the proper ordering of the fabricated shares. This data is actually produced through the separate encryption of the user secret key with those tracked hidden codes and the underneath code of the acknowledgment message at the client side. Similarly the same data casting places and the exact share orientations are dynamically computed by the receiver using all those unexposed information for detecting the fabricated shares from the authenticated document. Finally the copyright signatures are constructed by merging those detected shares with their respective private shares only by the receiver. Random threshold reference point based distinctly separate bit coding policy on each transformed coefficients of the sub image block pixel bytes ensuring high security and robustness against attacks under wireless platform. Significantly the experimental results have fully confirmed the strong excellence and superiority of this scheme over existing approaches in various aspects with better handling of authentication, confidentiality, and non-repudiation issues.

telecommunications

Chun Chen,Daojing He,samuel y c chan,Jiajun Bu,Yi Gao,Rong Fan

DOI: https://doi.org/10.1002/dac.1158

2011-01-01

International Journal of Communication Systems

Abstract:Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one-time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd. (In this paper, we propose a lightweight and provably secure user authentication scheme with anonymity for the global mobility network. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity and user friendly. Furthermore, it can defend smart card security breaches.)

Manik Lal Das,Ashutosh Saxena,Ved P. Gulati

DOI: https://doi.org/10.1109/TCE.2004.1309441

2007-12-14

Abstract:Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Cryptography and Security

Niranchana Radhakrishnan,Amutha Prabakar Muniyandi

DOI: https://doi.org/10.1155/2022/9273662

2022-02-14

Journal of Healthcare Engineering

Abstract:With the recent tremendous growth in technology, the Internet of Things (IoT) Telecare Medicine Information System (TMIS) is the most widely used medical information system with prominent achievements. Authentication schemes, which use Smart cards, offer the best solution for TMIS applications that in turn provide efficiency and security. Furthermore, authentication schemes that combine passwords and smart cards are considered to be an effective solution for the two-factor authentication scheme. Such schemes contribute to high security along with the public-key cryptosystem. In this research work, a two-factor authentication technique that is both efficient and secure, which makes use of Elliptic Curve Cryptography (ECC) with smart cards, has been proposed. Here, we have used the fundamental assumptions of strong and collision free cryptographic Hash function and Elliptic Curve arithmetic. The proposed authentication technique protects user privacy by allowing registered users to change their passwords without revealing their identity to the server. The proposed authentication scheme has been subjected to formal and informal security investigations. In terms of efficiency and performance, the proposed two-factor authentication technique was compared with the existing relevant two-factor authentication schemes based on ECC. This scheme satisfies the two-factor authentication scheme’s basic security standards.

health care sciences & services