Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Rosa Pericàs-Gornals,Macià Mut-Puigserver,M. Magdalena Payeras-Capellá,Miquel Á. Cabot-Nadal,Jaume Ramis-Bibiloni

DOI: https://doi.org/10.1007/s12243-024-01032-6

2024-04-24

Annals of Telecommunications

Abstract:Digital credentials are being issued by authorized entities to facilitate the digital identification of their users. Blockchain offers some inherent features that are highly advantageous for the management of credentials. Non-fungible tokens, or NFTs, might seem to be a perfect fit for the implementation of digital credentials. However, some crucial requirements for credentials are the non-transferability of the credential and that the authorized entity should receive explicit acceptance from the user who will own the new credential, which are features lacking in the current NFTs. This paper introduces a management system focused on issuing digital access credentials, enhancing traditional features by enabling the association of terms and conditions (T &C) during issuance and providing users with non-repudiation of reception evidence upon acceptance. Leveraging an enhanced version of the soulbound tokens (SBTs), called RejSBTs, introduced in our previous work, the new system guarantees non-repudiation of reception and origin proofs. Furthermore, we provide a detailed implementation of the system, including solidity smart contracts, accompanied by a comprehensive cost and security analysis.

telecommunications

Jiahe Wang,Songjie Wei,Haozhe Liu

DOI: https://doi.org/10.1007/978-3-030-23404-1_14

2019-01-01

Abstract:To overcome the difficulties in the traditional password-based identity authentication procedure with high security risk and complexity, and to avoid the privacy leaking problems arising from a series of new techniques such as using biometrics as key, this paper proposes a universal solution for decentralized identity authentication by block chain integrated with a trusted execution environment, through a separate hardware to establish a secure area, enabling identity anonymity and avoiding feature disclosure. Smart contract and consensus mechanism are adopted for building trusted identity nodes between decentralized nodes by constructing a traceable identity data structure in blockchain. We conduct formal theoretical and empirical evaluations to show that the proposed can realize user identity registration, cross-platform authentication, and guarantee security in the whole procedure with efficiency and reliability.

Puneeta Singh,Shrddha Sagar,Sofia Singh,Haya Mesfer Alshahrani,Masresha Getahun,Ben Othman Soufiene

DOI: https://doi.org/10.1038/s41598-024-75708-3

IF: 4.6

2024-10-24

Scientific Reports

Abstract:The Crucial and costly process of verifying medical documents frequently depends on centralized databases. Nevertheless, manual validation of document verification wastes a great deal of time and energy. The application of Blockchain technology could potentially alleviate the problem by reducing fraud and increasing efficiency. Non-transferable Soul-bound tokens (SBTs) can be a safe and unbreakable way to authenticate medical records by generating encrypted code, which allows the user to authenticate a portion of data. Within the paper, we provide a blockchain-based SBT-based automatic mechanism for authentication and verification of records. Soul-bound tokens generate a decentralized, immutable identity or credential system that is tied to a record. Through cloud computing, the system can reduce the verification time by accessing a decentralized database. Blockchain systems can lower platform costs and determine the optimal allocation of resources across a dispersed network by utilizing deep learning algorithms. Two advantages of utilizing blockchain technology are less fraud and increased efficiency. SBTs and cloud computing enable the procedure to be expedited and decentralized databases to be readily available. The suggested system's scalability and potential uses in other industries may be the subject of future research.

multidisciplinary sciences

Xiushu Jin,Kazumasa Omote

DOI: https://doi.org/10.1371/journal.pone.0310094

IF: 3.7

2024-09-13

PLoS ONE

Abstract:In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.

multidisciplinary sciences

Hyun-Woo Kim,Young-Sik Jeong

DOI: https://doi.org/10.1186/s13673-018-0136-7

2018-05-11

Abstract:Abstract The recent advances in information technology for mobile devices have increased the work efficiency of users, the mobility of compact mobile devices, and the convenience of location independence. However, mobile devices have limited computing power and storage capacity, so mobile cloud computing is being researched to overcome these limitations in mobile devices. Mobile cloud computing is divided into two methods: the use of external cloud services and the use of mobile resource management without a cloud server (MRM), which integrates the computing and storage resources of nearby mobile devices. Because mobile devices can freely participate in MRM, it is critical to have authentication technology to determine the correctness of information regarding resources. Conventional technologies require strong authentication techniques because they have vulnerabilities that can easily be tampered with via man-in-the-middle (MITM) attacks. This paper proposes the Secure Authentication Management human-centric Scheme (SAMS) to authenticate mobile devices using blockchain for trusting resource information in the mobile devices that are participating in the MRM resource pool. The SAMS forms a blockchain based on the resource information of the subordinate client nodes around the master node in the MRM. Devices in the MRM that have not been authorized through the SAMS cannot access or falsify data. To verify the SAMS for application with MRM, it was tested for data falsification by a malicious user accessing the SAMS, and the results show that data falsification is impossible.

computer science, information systems

Jozef Drga,Ivan Homoliak,Juraj Vančo,Martin Perešíni,Petr Hanáček

DOI: https://doi.org/10.48550/arXiv.2211.03490

2022-11-07

Abstract:This work focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for such a problem based on the blockchain-based two-factor authentication scheme SmartOTPs, which we modify for our purposes and utilize in the setting of two and half-factor authentication against a centralized service provider. Our proposed solution consists of four entities that interact together to ensure authentication: (1) the user, (2) the authenticator, (3) the service provider, and (4) the smart contract. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for one-time passwords (OTPs) and their precursors, where OTPs are obtained from the precursors (a.k.a., pre-images) by cryptographically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. We make the security analysis of our solution, where on top of the main attacker model that steals secrets from the client, we analyze man-in-the-middle attacks and malware tampering with the client. In the case of stolen credentials, we show that our solution enables the user to immediately detect the attack occurrence and proceed to re-initialization with fresh credentials.

Cryptography and Security

Yongyang Lv,Ruitao Feng,Maode Ma,Manqing Zhu,Hanwei Wu,Xiaohong Li

DOI: https://doi.org/10.1109/tifs.2024.3463533

IF: 7.231

2024-10-09

IEEE Transactions on Information Forensics and Security

Abstract:Blockchain systems encompass many distinct and autonomous entities, each utilizing its own self-contained identity authentication algorithm. Unlike identity authentication within a singular blockchain, cross-chain scenarios demand special attention due to their pivotal role in enabling the acknowledgment of users' identities across diverse domains. This capability is the foundational prerequisite for the circulation of resources across different chains. Consequently, the central challenge for cross-chain systems lies in establishing mutual recognition and trust in users' digital identities. This paper proposes a Multi-User Proxy Re-Signature (MU-PRS) algorithm, facilitating the cross-chain conversion of signatures from multiple users. Concurrently, This paper propose the Multi-Notary Signature Conversion (MN-SC) mechanism, designed to address the challenge posed by disparate system mechanisms across blockchains during cross-chain authentication. Leveraging the MU-PRS algorithm and MN-SC mechanism, we present a Multi-User Cross-Chain Authentication Scheme (MU-CCAS) within a heterogeneous blockchain environment. This scheme enables the verification of identities of multiple cross-chain users through a single signature verification. This innovative approach not only addresses the centralization issues inherent in third-party cross-chain authentication but also significantly enhances the efficiency of identity authentication. The evaluation results demonstrate MU-CCAS's superior security over existing solutions in three dimensions: BAN logic, Scyther verification, and security attribute analysis. Additionally, it establishes that MU-PRS and MU-CCAS have low computational overhead, easy implementation, and excel in algorithm, scheme, and cross-chain performance. Overall, our work provides a robust and efficient framework for cross-chain authentication, addressing centralization challenges and enhancing digital security.

computer science, theory & methods,engineering, electrical & electronic

Morgan Reece,Sudip Mittal

DOI: https://doi.org/10.48550/arXiv.2209.11647

2022-09-23

Cryptography and Security

Abstract:Self-Sovereign Identity (SSI) is projected to become part of every person's life in some form. The ability to verify and authenticate that an individual is the actual person they are purported to be along with securing the personal attributes could have wide spread implications when engaging with third party organizations. Utilizing blockchains and other decentralized technologies, SSI is a growing area of research. The aspect of securing personal information within a decentralized structure has possible benefits to the public and private sectors. In this paper, we describe the SSI framework architecture as well as possible use cases across domains like healthcare, finance, retail, and government. The paper also contrasts SSI and its decentralized architecture with the current widely adopted model of Public Key Infrastructure (PKI).

Wenting Li,Yaosheng Shen,Ping Wang

DOI: https://doi.org/10.1007/s11265-017-1305-z

2017-01-01

Abstract:Smart-card-based user authentication is a significant security mechanism that allows remote users to be granted access to services and resources in distributed computing environments. In this paper, we review three password-based authentication schemes with smart cards proposed by Mishra et al., in JISA 2015, Wu et al. in SCN 2015 and Moon et al. in IJNS 2017, respectively. We demonstrate that: (1) Despite being armed with a formal security proof in all schemes, Mishra et al.’s scheme actually cannot achieve the claimed feature of user anonymity and is vulnerable to a new insider attack scenario; and (2) Wu et al.’s scheme remains being susceptible to de-synchronization attack as they stated to overcome the weaknesses of Kumar et al.’s scheme. (3) Moon et al.’s scheme cannot achieve user anonymity and is susceptible to a novel impersonation attack. Furthermore, with the cryptanalysis of these three schemes and our previous protocol design and analysis experience, we figure out two principles to design more robust smart-card-based user authentication schemes. The proposed principles would be helpful to protocol designers for proposing schemes with desirable user friendliness and security.

Gregory Linklater,Christian Smith,Alan Herbert,Barry Irwin

DOI: https://doi.org/10.1145/3278681.3278683

2018-09-26

Abstract:Self-sovereign identity promises prospective users greater control, security, privacy, portability and overall greater convenience; however the immaturity of current distributed key management solutions results in general disregard of security advisories in favour of convenience and accessibility. This research proposes the use of intermediate certificates as a distributed key management solution. Intermediate certificates will be shown to allow multiple keys to authenticate to a single self-sovereign identity. Keys may be freely added to an identity without requiring a distributed ledger, any other third-party service or sharing private keys between devices. This research will also show that key rotation is a superior alternative to existing key recovery and escrow systems in helping users recover when their keys are lost or compromised. These features will allow remote credentials to be used to issuer, present and appraise remote attestations, without relying on a constant Internet connection.

Xiancun Zhou,Yan Xiong,Fuyou Miao,Mingxi Li

DOI: https://doi.org/10.1109/ccieng.2011.6008052

2011-01-01

Abstract:As an essential part of security needs of wireless sensor networks, user authentication is used to make sure only the legal user can access the data from the sensor/gateway node. Recently, several dynamic user authentication schemes for wireless sensor networks were proposed. It can be seen that these schemes have weaknesses because of using timestamps. Implement of strict and safe time synchronization is very difficult and increases network overhead. We propose a new dynamic user authentication based on nonces instead of timestamps. In the scheme, mutual authentication is performed using a challenge-response handshake between user and gateway node in both directions, and it avoids the problem of synchronism between smart card and the gateway node. Analysis shows its robustness to various attacks and requires much less computation. What's more, the scheme provides key agreement between user and gateway node.

Sam Hays,Michael Sandborn,Dr. Jules White

2024-01-22

Abstract:Approximately 61% of cyber attacks involve adversaries in possession of valid credentials. Attackers acquire credentials through various means, including phishing, dark web data drops, password reuse, etc. Multi-factor authentication (MFA) helps to thwart attacks that use valid credentials, but attackers still commonly breach systems by tricking users into accepting MFA step up requests through techniques, such as ``MFA Bombing'', where multiple requests are sent to a user until they accept one. Currently, there are several solutions to this problem, each with varying levels of security and increasing invasiveness on user devices. This paper proposes a token-based enrollment architecture that is less invasive to user devices than mobile device management, but still offers strong protection against use of stolen credentials and MFA attacks.

Cryptography and Security

Suyun Borjigin

2024-05-31

Abstract:Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is useless. If unauthorized inputs are invalidated, remote attacks can be disabled. Thus, credential secrets and account input fields can be controlled. Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. Subsequently, the authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks. Thus, the usability-security tradeoff and password reuse issues are resolved; local authentication password storage is no longer necessary. More importantly, the password converter acts as an open hashing algorithm, meaning that its intermediate elements can be used to define a truly unique identity for the login process to implement a novel dual-identity authentication scheme. In particular, the system-managed elements are concealed, inaccessible, and independent of any personal information and therefore can be used to define a perfect unforgeable process identifier to identify unauthorized inputs.

Cryptography and Security,Emerging Technologies,Systems and Control

Jungwon Seo,Hankyeong Ko,Sooyong Park

DOI: https://doi.org/10.1109/access.2024.3357938

IF: 3.9

2024-02-10

IEEE Access

Abstract:As the metaverse gains attraction, the importance of metaverse security research becomes increasingly evident. While there has been research on authenticating users in the metaverse, there is a notable gap in research concerning the authentication of specific spaces within the metaverse. This paper addresses this gap by proposing a novel user-centric blockchain-based authentication approach that incorporates space authentication. The proposed approach leverages blockchain smart contracts to authenticate users using cosine similarity metrics. A significant advantage of this approach its ability to establish user-centric authentication by seamlessly integrating metaverse and blockchain technologies, all without the need for a centralized authority. In this paper, we not only evaluate the security of our proposed approach but also conduct experiments to determine the cosine similarity threshold and assess its feasibility within a metaverse environment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiong Li,Yongping Xiong,Jian Ma,Wendong Wang

DOI: https://doi.org/10.1016/j.jnca.2011.11.009

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:Generally, if a user wants to use numerous different network services, he/she must register himself/herself to every service providing server. It is extremely hard for users to remember these different identities and passwords. In order to resolve this problem, various multi-server authentication protocols have been proposed. Recently, Sood et al. analyzed Hsiang and Shih's multi-server authentication protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication, the session key agreement and can resist several kinds of attacks. However, through careful analysis, we find that Sood et al.'s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack. Besides, since there is no way for the control server CS to know the real identity of the user, the authentication and session key agreement phase of Sood et al.'s protocol is incorrect. We propose an efficient and security dynamic identity based authentication protocol for multi-server architecture that removes the aforementioned weaknesses. The proposed protocol is extremely suitable for use in distributed multi-server architecture since it provides user's anonymity, mutual authentication, efficient, and security.

Mwrwan Abubakar,Zakwan Jaroucheh,Ahmed Al Dubai,Xiaodong Liu

DOI: https://doi.org/10.1109/smarttech54121.2022.00032

2022-01-01

Abstract:Two-factor authentication (2FA) is commonly used in Internet of Things (IoT) authentication to provide multi-layer protection. Tokens, often known as One-Time Passwords (OTP), are used to offer additional information. While this technique provides flexible verification and an additional layer of security, it still has a number of security issues. This is because it relies on third-party services to produce tokens or OTPs, which leads to serious information leakage issues. Additionally, relying on a third party to provide authentication tokens significantly increases the risk of exposure and attacks, as tokens can be stolen via Man-In-The-Middle (MITM) attacks. In trying to rectify this issue, in this paper, we propose and develop a blockchain-based two-factor authentication method for web-based access to sensor data. The proposed method provides a lightweight and user-centric authentication that makes use of Ethereum blockchain and smart contracts technologies. Then we provided performance and security analysis of our system. Based on the evaluation results, our method has proven to be effective and has the ability to facilitate reliable authentication.

Xiong Li,Jianwei Niu,Muhammad Khurram Khan,Junguo Liao

DOI: https://doi.org/10.1109/ISBAST.2013.27

2013-01-01

Abstract:Remote user authentication is an important and efficient method to ensure security for many network-based application systems. So far, several dynamic identity based authentication schemes have been proposed to protect the user's anonymity. Recently, Sood pointed out the security weaknesses of a dynamic identity based authentication scheme, which was proposed by Wang et al. presented an improved scheme. However, in this paper, we demonstrate that Sood's scheme cannot resist leak of verifier attack, impersonation attack and server spoofing attack. Furthermore, Sood's scheme cannot achieve mutual authentication between the user and the server. Consequently, in this paper, we propose a new dynamic identity based user authentication scheme using elliptic curve cryptosystem to resolve all the aforementioned problems.

Yifu Shi,Chunxiang Xu,Zhao Zhang,Xinyu Liu

DOI: https://doi.org/10.1109/iscipt61983.2024.10672864

2024-01-01

Abstract:Most existing digital twin systems utilize Single Sign- On (SSO) authentication protocols. In SSO authentication, an identity authentication server (IS) issues tokens to legitimate users, allowing them to access one or multiple application servers (AS) as required. However, traditional SSO protocols suffer from two main issues: privacy leakage and single point of failure. It is worth noting that traceability is often a requirement in digital twin systems, which was not adequately addressed by recent works. To address these challenges, we propose TTSSO that achieves traceability while protecting user privacy and preventing single points of failure. By utilizing a threshold number of partial tokens which issued by multiple identity servers, users can construct a blind token that prevents the extraction of private information. We have specifically set up a server called the Tracking Server (TS) to fulfill the tracking functionality and hand public key management. TS retains users' public keys and can reconstruct user identities based on the blind tokens. The effectiveness of our work was verified through experiments.