An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity

PubMed Central

Lu, Yanrong; Li, Lixiang; Zhang, Hao; Yang, Yixian

2016-01-01

User anonymity is one of the key security features of an authenticated key agreement especially for communicating messages via an insecure network. Owing to the better properties and higher performance of chaotic theory, the chaotic maps have been introduced into the security schemes, and hence numerous key agreement schemes have been put forward under chaotic-maps. Recently, Xie et al. released an enhanced scheme under Farash et al.’s scheme and claimed their improvements could withstand the security loopholes pointed out in the scheme of Farash et al., i.e., resistance to the off-line password guessing and user impersonation attacks. Nevertheless, through our careful analysis, the improvements were released by Xie et al. still could not solve the problems troubled in Farash et al‥ Besides, Xie et al.’s improvements failed to achieve the user anonymity and the session key security. With the purpose of eliminating the security risks of the scheme of Xie et al., we design an anonymous password-based three-party authenticated key agreement under chaotic maps. Both the formal analysis and the formal security verification using AVISPA are presented. Also, BAN logic is used to show the correctness of the enhancements. Furthermore, we also demonstrate that the design thwarts most of the common attacks. We also make a comparison between the recent chaotic-maps based schemes and our enhancements in terms of performance. PMID:27101305

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

An improved authenticated key agreement protocol for telecare medicine information system.

PubMed

Liu, Wenhao; Xie, Qi; Wang, Shengbao; Hu, Bin

2016-01-01

In telecare medicine information systems (TMIS), identity authentication of patients plays an important role and has been widely studied in the research field. Generally, it is realized by an authenticated key agreement protocol, and many such protocols were proposed in the literature. Recently, Zhang et al. pointed out that Islam et al.'s protocol suffers from the following security weaknesses: (1) Any legal but malicious patient can reveal other user's identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if the patient's identity is compromised. Zhang et al. also proposed an improved authenticated key agreement scheme with privacy protection for TMIS. However, in this paper, we point out that Zhang et al.'s scheme cannot resist off-line password guessing attack, and it fails to provide the revocation of lost/stolen smartcard. In order to overcome these weaknesses, we propose an improved protocol, the security and authentication of which can be proven using applied pi calculus based formal verification tool ProVerif.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

PubMed

Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

PubMed Central

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

PubMed

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Exploring the Use of Discrete Gestures for Authentication

NASA Astrophysics Data System (ADS)

Chong, Ming Ki; Marsden, Gary

Research in user authentication has been a growing field in HCI. Previous studies have shown that peoples’ graphical memory can be used to increase password memorability. On the other hand, with the increasing number of devices with built-in motion sensors, kinesthetic memory (or muscle memory) can also be exploited for authentication. This paper presents a novel knowledge-based authentication scheme, called gesture password, which uses discrete gestures as password elements. The research presents a study of multiple password retention using PINs and gesture passwords. The study reports that although participants could use kinesthetic memory to remember gesture passwords, retention of PINs is far superior to retention of gesture passwords.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

PubMed Central

Lee, Tian-Fu; Wang, Zeng-Bo

2017-01-01

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions. PMID:29207509

Password-free network security through joint use of audio and video

NASA Astrophysics Data System (ADS)

Civanlar, Mehmet R.; Chen, Tsuhan

1997-01-01

REmote authentication is vital for many network based applications. As the number of such applications increases, user friendliness of the authentication process, particularly as it relates to password management, becomes as important as its reliability. The multimedia capabilities of the modern terminal equipment can provide the basis for a dependable and easy to use authentication system which does not require the user to memorize passwords. This paper outlines our implementation of an authentication system based on the joint use of the speech and facial video of a user. Our implementation shows that the voice and the video of the associated lip movements, when used together, can be very effective for password free authentication.

Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems.

PubMed

Lou, Der-Chyuan; Lee, Tian-Fu; Lin, Tsung-Hung

2015-05-01

Authenticated key agreements for telecare medicine information systems provide patients, doctors, nurses and health visitors with accessing medical information systems and getting remote services efficiently and conveniently through an open network. In order to have higher security, many authenticated key agreement schemes appended biometric keys to realize identification except for using passwords and smartcards. Due to too many transmissions and computational costs, these authenticated key agreement schemes are inefficient in communication and computation. This investigation develops two secure and efficient authenticated key agreement schemes for telecare medicine information systems by using biometric key and extended chaotic maps. One scheme is synchronization-based, while the other nonce-based. Compared to related approaches, the proposed schemes not only retain the same security properties with previous schemes, but also provide users with privacy protection and have fewer transmissions and lower computational cost.

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

PubMed

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Secure Biometric Multi-Logon System Based on Current Authentication Technologies

NASA Astrophysics Data System (ADS)

Tait, Bobby L.

The need for accurate authentication in the current IT world is of utmost importance. Users rely on current IT technologies to facilitate in day to day interactions with nearly all environments. Strong authentication technologies like the various biometric technologies have been in existence for many years. Many of these technologies, for instance fingerprint biometrics, have reached maturity. However, passwords and pins are still the most commonly used authentication mechanisms at this stage. An average user has to be authenticated in various situations during daily interaction with his or her environment, by means of a pin or a password. This results in many different passwords and pins that the user has to remember. The user will eventually either start documenting these passwords and pins, or often, simply use the same password and pin for all authentication situations.

RUASN: a robust user authentication framework for wireless sensor networks.

PubMed

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

Strong Password-Based Authentication in TLS Using the Three-PartyGroup Diffie-Hellman Protocol

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abdalla, Michel; Bresson, Emmanuel; Chevassut, Olivier

2006-08-26

The Internet has evolved into a very hostile ecosystem where"phishing'' attacks are common practice. This paper shows that thethree-party group Diffie-Hellman key exchange can help protect againstthese attacks. We have developed a suite of password-based cipher suitesfor the Transport Layer Security (TLS) protocol that are not onlyprovably secure but also assumed to be free from patent and licensingrestrictions based on an analysis of relevant patents in thearea.

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

PubMed Central

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme. PMID:25276847

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

PubMed

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.

PubMed

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Xie, Dong; Yang, Yixian

2015-06-01

The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.

A digital memories based user authentication scheme with privacy preservation.

PubMed

Liu, JunLiang; Lyu, Qiuyun; Wang, Qiuhua; Yu, Xiangxiang

2017-01-01

The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key), which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users' privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results.

A digital memories based user authentication scheme with privacy preservation

PubMed Central

Liu, JunLiang; Lyu, Qiuyun; Wang, Qiuhua; Yu, Xiangxiang

2017-01-01

The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key), which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users’ privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results. PMID:29190659

A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks

PubMed Central

Zhang, Ruisheng; Liu, Qidong

2017-01-01

Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research. PMID:28135288

A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks.

PubMed

Liu, Xin; Zhang, Ruisheng; Liu, Qidong

2017-01-01

Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research.

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

PubMed Central

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost. PMID:22163888

Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems.

PubMed

Yau, Wei-Chuen; Phan, Raphael C-W

2013-12-01

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

RSA-Based Password-Authenticated Key Exchange, Revisited

NASA Astrophysics Data System (ADS)

Shin, Seonghan; Kobara, Kazukuni; Imai, Hideki

The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the. RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

PubMed

Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick; Won, Dongho

2017-01-01

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

PubMed

Choi, Younsung; Lee, Youngsook; Moon, Jongho; Won, Dongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

31 CFR 363.19 - What should I do if I become aware that my password or other form of authentication has become...

Code of Federal Regulations, 2010 CFR

2010-07-01

... that my password or other form of authentication has become compromised? 363.19 Section 363.19 Money... that my password or other form of authentication has become compromised? If you become aware that your password has become compromised, that any other form of authentication has been compromised, lost, stolen...

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Biometrics based authentication scheme for session initiation protocol.

PubMed

Xie, Qi; Tang, Zhixiong

2016-01-01

Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.

Security enhanced multi-factor biometric authentication scheme using bio-hash function

PubMed Central

Lee, Youngsook; Moon, Jongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An’s scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user’s ID during login. Cao and Ge improved upon Younghwa An’s scheme, but various security problems remained. This study demonstrates that Cao and Ge’s scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge’s scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost. PMID:28459867

J-PAKE: Authenticated Key Exchange without PKI

NASA Astrophysics Data System (ADS)

Hao, Feng; Ryan, Peter

Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

PubMed

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks

PubMed Central

Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick

2017-01-01

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN’s identity, password and session key. In this paper, we analyze Alizadeh et al.’s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key. PMID:28719621

An authentication scheme for secure access to healthcare services.

PubMed

Khan, Muhammad Khurram; Kumari, Saru

2013-08-01

Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi; Wang, Chun-Cheng

2015-11-01

To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das's authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy.

PubMed

Qiu, Shuming; Xu, Guoai; Ahmad, Haseeb; Guo, Yanhui

2018-01-01

The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash's scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe some accountable flaws in Farash's protocol. We point out that Farash's protocol is prone to key-compromise impersonation attack and is unable to provide pre-verification in the smart card, efficient password change and perfect forward secrecy. To overcome these limitations, in this paper we present an enhanced authentication mechanism based on Kumari et al.'s scheme. We prove that the proposed protocol not only overcomes the issues in Farash's scheme, but it can also resist against all known attacks. We also provide the security analysis of the proposed scheme with the help of widespread AVISPA (Automated Validation of Internet Security Protocols and Applications) software. At last, comparing with the earlier proposals in terms of security and efficiency, we conclude that the proposed protocol is efficient and more secure.

Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards.

PubMed

Lu, Yanrong; Li, Lixiang; Yang, Xing; Yang, Yixian

2015-01-01

Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.

Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

PubMed Central

Lu, Yanrong; Li, Lixiang; Yang, Xing; Yang, Yixian

2015-01-01

Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.’s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes. PMID:25978373

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards.

PubMed

Moon, Jongho; Choi, Younsung; Jung, Jaewook; Won, Dongho

2015-01-01

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user's management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.'s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.'s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.'s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.

An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2013-07-24

Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged.

An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

PubMed Central

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2013-01-01

Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged. PMID:23887085

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

PubMed

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing

PubMed Central

Fujiwara, M.; Waseda, A.; Nojima, R.; Moriai, S.; Ogata, W.; Sasaki, M.

2016-01-01

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km). PMID:27363566

Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing.

PubMed

Fujiwara, M; Waseda, A; Nojima, R; Moriai, S; Ogata, W; Sasaki, M

2016-07-01

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km).

Strengthening Authentication

ERIC Educational Resources Information Center

Gale, Doug

2007-01-01

The basics of authentication are straightforward. One can prove his or her identity in three ways: (1) something one "has" (for example, a key or a birth certificate); (2) something one "knows" (such as a password); or (3) something one "is" (such as one's fingerprints, used in biometric technologies). In the world of computers and networks, the…

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

NASA Astrophysics Data System (ADS)

Sasaki, Yu; Wang, Lei; Ohta, Kazuo; Kunihiro, Noboru

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy

PubMed Central

2018-01-01

The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash’s scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe some accountable flaws in Farash’s protocol. We point out that Farash’s protocol is prone to key-compromise impersonation attack and is unable to provide pre-verification in the smart card, efficient password change and perfect forward secrecy. To overcome these limitations, in this paper we present an enhanced authentication mechanism based on Kumari et al.’s scheme. We prove that the proposed protocol not only overcomes the issues in Farash’s scheme, but it can also resist against all known attacks. We also provide the security analysis of the proposed scheme with the help of widespread AVISPA (Automated Validation of Internet Security Protocols and Applications) software. At last, comparing with the earlier proposals in terms of security and efficiency, we conclude that the proposed protocol is efficient and more secure. PMID:29547619

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications.

PubMed

Li, Xiong; Niu, Jianwei; Karuppiah, Marimuthu; Kumari, Saru; Wu, Fan

2016-12-01

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

PubMed Central

Moon, Jongho; Choi, Younsung; Jung, Jaewook; Won, Dongho

2015-01-01

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties. PMID:26709702

The Effect of Password Management Procedures on the Entropy of User Selected Passwords

ERIC Educational Resources Information Center

Enamait, John D.

2012-01-01

Maintaining the security of information contained within computer systems poses challenges for users and administrators. Attacks on information systems continue to rise. Specifically, attacks that target user authentication are increasingly popular. These attacks are based on the common perception that traditional alphanumeric passwords are weak…

A user authentication scheme using physiological and behavioral biometrics for multitouch devices.

PubMed

Koong, Chorng-Shiuh; Yang, Tzu-I; Tseng, Chien-Chao

2014-01-01

With the rapid growth of mobile network, tablets and smart phones have become sorts of keys to access personal secured services in our daily life. People use these devices to manage personal finances, shop on the Internet, and even pay at vending machines. Besides, it also helps us get connected with friends and business partners through social network applications, which were widely used as personal identifications in both real and virtual societies. However, these devices use inherently weak authentication mechanism, based upon passwords and PINs that is not changed all the time. Although forcing users to change password periodically can enhance the security level, it may also be considered annoyances for users. Biometric technologies are straightforward because of the simple authentication process. However, most of the traditional biometrics methodologies require diverse equipment to acquire biometric information, which may be expensive and not portable. This paper proposes a multibiometric user authentication scheme with both physiological and behavioral biometrics. Only simple rotations with fingers on multitouch devices are required to enhance the security level without annoyances for users. In addition, the user credential is replaceable to prevent from the privacy leakage.

A User Authentication Scheme Using Physiological and Behavioral Biometrics for Multitouch Devices

PubMed Central

Koong, Chorng-Shiuh; Tseng, Chien-Chao

2014-01-01

With the rapid growth of mobile network, tablets and smart phones have become sorts of keys to access personal secured services in our daily life. People use these devices to manage personal finances, shop on the Internet, and even pay at vending machines. Besides, it also helps us get connected with friends and business partners through social network applications, which were widely used as personal identifications in both real and virtual societies. However, these devices use inherently weak authentication mechanism, based upon passwords and PINs that is not changed all the time. Although forcing users to change password periodically can enhance the security level, it may also be considered annoyances for users. Biometric technologies are straightforward because of the simple authentication process. However, most of the traditional biometrics methodologies require diverse equipment to acquire biometric information, which may be expensive and not portable. This paper proposes a multibiometric user authentication scheme with both physiological and behavioral biometrics. Only simple rotations with fingers on multitouch devices are required to enhance the security level without annoyances for users. In addition, the user credential is replaceable to prevent from the privacy leakage. PMID:25147864

Smartphone-based secure authenticated session sharing in Internet of Personal Things

NASA Astrophysics Data System (ADS)

Krishnan, Ram; Ninglekhu, Jiwan

2015-03-01

In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user's account login (username) and password associated with websites domain name is saved into the mobile device's database using a mobile application. We develop a custom browser extension application for client and use it to import user's credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

Cryptanalysis and improvement of Yan et al.'s biometric-based authentication scheme for telecare medicine information systems.

PubMed

Mishra, Dheerendra; Mukhopadhyay, Sourav; Chaturvedi, Ankita; Kumari, Saru; Khan, Muhammad Khurram

2014-06-01

Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan's scheme and proposed an improved scheme to erase the drawbacks of Tan's scheme. We analyze Yan et al.'s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.'s scheme.

Assessment of Web-Based Authentication Methods in the U.S.: Comparing E-Learning Systems to Internet Healthcare Information Systems

ERIC Educational Resources Information Center

Mattord, Herbert J.

2012-01-01

Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). It developed an Authentication Method System Index (AMSI) to analyze collected data from…

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

2015-08-01

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

Privacy Enhancements for Inexact Biometric Templates

NASA Astrophysics Data System (ADS)

Ratha, Nalini; Chikkerur, Sharat; Connell, Jonathan; Bolle, Ruud

Traditional authentication schemes utilize tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. Although these techniques are widely used, they have several limitations. Both tokenand knowledge-based approaches cannot differentiate between an authorized user and an impersonator having access to the tokens or passwords. Biometrics-based authentication schemes overcome these limitations while offering usability advantages in the area of password management. However, despite its obvious advantages, the use of biometrics raises several security and privacy concerns.

Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication.

PubMed

Juang, Kevin; Greenstein, Joel

2018-04-01

We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases.

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Kumar, Neeraj

2015-11-01

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks

PubMed Central

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-01-01

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al’s method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration. PMID:28335572

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

PubMed

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-03-21

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem.

PubMed

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

2015-03-01

The telecare medical information systems (TMISs) enable patients to conveniently enjoy telecare services at home. The protection of patient's privacy is a key issue due to the openness of communication environment. Authentication as a typical approach is adopted to guarantee confidential and authorized interaction between the patient and remote server. In order to achieve the goals, numerous remote authentication schemes based on cryptography have been presented. Recently, Arshad et al. (J Med Syst 38(12): 2014) presented a secure and efficient three-factor authenticated key exchange scheme to remedy the weaknesses of Tan et al.'s scheme (J Med Syst 38(3): 2014). In this paper, we found that once a successful off-line password attack that results in an adversary could impersonate any user of the system in Arshad et al.'s scheme. In order to thwart these security attacks, an enhanced biometric and smart card based remote authentication scheme for TMISs is proposed. In addition, the BAN logic is applied to demonstrate the completeness of the enhanced scheme. Security and performance analyses show that our enhanced scheme satisfies more security properties and less computational cost compared with previously proposed schemes.

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

PubMed

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

A Secure Mobile-Based Authentication System for e-Banking

NASA Astrophysics Data System (ADS)

Rifà-Pous, Helena

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

DOEpatents

Kent, Alexander Dale [Los Alamos, NM

2008-09-02

Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

PubMed Central

Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme. PMID:24892078

A robust and effective smart-card-based remote user authentication mechanism using hash function.

PubMed

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

Keystroke Dynamics-Based Credential Hardening Systems

NASA Astrophysics Data System (ADS)

Bartlow, Nick; Cukic, Bojan

abstract Keystroke dynamics are becoming a well-known method for strengthening username- and password-based credential sets. The familiarity and ease of use of these traditional authentication schemes combined with the increased trustworthiness associated with biometrics makes them prime candidates for application in many web-based scenarios. Our keystroke dynamics system uses Breiman’s random forests algorithm to classify keystroke input sequences as genuine or imposter. The system is capable of operating at various points on a traditional ROC curve depending on application-specific security needs. As a username/password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords up to 99.15%. Beyond presenting results demonstrating the credential hardening effect of our scheme, we look into the notion that a user’s familiarity to components of a credential set can non-trivially impact error rates.

A provably-secure ECC-based authentication scheme for wireless sensor networks.

PubMed

Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

2014-11-06

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

PubMed Central

Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

2014-01-01

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes. PMID:25384009

Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials

NASA Astrophysics Data System (ADS)

Park, Jun-Cheol

User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.

Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems.

PubMed

Zhang, Liping; Zhu, Shaohui

2015-05-01

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol. PMID:25309956

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

2016-11-01

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

Secure Server Login by Using Third Party and Chaotic System

NASA Astrophysics Data System (ADS)

Abdulatif, Firas A.; zuhiar, Maan

2018-05-01

Server is popular among all companies and it used by most of them but due to the security threat on the server make this companies are concerned when using it so that in this paper we will design a secure system based on one time password and third parity authentication (smart phone). The proposed system make security to the login process of server by using one time password to authenticate person how have permission to login and third parity device (smart phone) as other level of security.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks".

PubMed

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroaki; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

PubMed Central

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic. PMID:26580963

E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks

PubMed Central

Kumar, Pardeep; Lee, Sang-Gon; Lee, Hoon-Jae

2012-01-01

A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs. PMID:22438729

E-SAP: efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks.

PubMed

Kumar, Pardeep; Lee, Sang-Gon; Lee, Hoon-Jae

2012-01-01

A wireless medical sensor network (WMSN) can sense humans' physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals' hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients' medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.

Are Password Management Applications Viable? An Analysis of User Training and Reactions

ERIC Educational Resources Information Center

Ciampa, Mark

2011-01-01

Passwords have the distinction of being the most widely-used form of authentication--and the most vulnerable. With the dramatic increase today in the number of accounts that require passwords, overwhelmed users usually resort to creating weak passwords or reusing the same password for multiple accounts, thus making passwords the weakest link in…

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks.

PubMed

Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

2016-08-16

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.'s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.'s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

From Legion to Avaki: The Persistence of Vision

DTIC Science & Technology

2006-01-01

person, but what component, is requesting an action. 5.3.1 Authentication Users authenticate themselves to a Legion grid with the login paradigm...password supplied during login is compared to the password in the state of the authentication object in order to permit or deny subsequent access to...In either case, the credential is protected by the security of the underlying operating system. Although login is the most commonly used method

Practical security and privacy attacks against biometric hashing using sparse recovery

NASA Astrophysics Data System (ADS)

Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdogan, Hakan

2016-12-01

Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user's password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones

NASA Astrophysics Data System (ADS)

Nauman, Mohammad; Ali, Tamleek

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device - such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services.

Authentication systems for securing clinical documentation workflows. A systematic literature review.

PubMed

Schwartze, J; Haarbrandt, B; Fortmeier, D; Haux, R; Seidel, C

2014-01-01

Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear. To create a summary of usable user authentication systems suitable for clinical workflows. A Systematic literature review based on nine online bibliographic databases. Search keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done. Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently. DATA EXTRACTION AND ASSESSMENT: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau. Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of applicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes. Suitability strongly depends on national or institutional requirements. Four authentication systems seem to fulfill requirements of authentication procedures for clinical workflows. Research is needed in the area of continuous authentication with biometric methods. A proper authentication system should combine all factors of authentication implementing and connecting secure individual measures.

Fulfillment of HTTP Authentication Based on Alcatel OmniSwitch 9700

NASA Astrophysics Data System (ADS)

Liu, Hefu

This paper provides a way of HTTP authentication On Alcatel OmniSwitch 9700. Authenticated VLANs control user access to network resources based on VLAN assignment and user authentication. The user can be authenticated through the switch via any standard Web browser software. Web browser client displays the username and password prompts. Then a way for HTML forms can be given to pass HTTP authentication data when it's submitted. A radius server will provide a database of user information that the switch checks whenever it tries to authenticate through the switch. Before or after authentication, the client can get an address from a Dhcp server.

A more secure anonymous user authentication scheme for the integrated EPR information system.

PubMed

Wen, Fengtong

2014-05-01

Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.'s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

PubMed Central

Lee, Youngsook; Paik, Juryon

2014-01-01

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme. PMID:25302330

Security analysis and improvement of an anonymous authentication scheme for roaming services.

PubMed

Lee, Youngsook; Paik, Juryon

2014-01-01

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme.

Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects' Information

PubMed Central

Ho, Peng Foong; Kam, Yvonne Hwei-Syn; Wee, Mee Chin

2014-01-01

Traditionally, picture-based password systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user's actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set's input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user's actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack. PMID:24991649

A user anonymity preserving three-factor authentication scheme for telecare medicine information systems.

PubMed

Tan, Zuowen

2014-03-01

The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.

A Survey of Authentication Schemes in Telecare Medicine Information Systems.

PubMed

Aslam, Muhammad Umair; Derhab, Abdelouahid; Saleem, Kashif; Abbas, Haider; Orgun, Mehmet; Iqbal, Waseem; Aslam, Baber

2017-01-01

E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.

Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care.

PubMed

Xie, Qi; Liu, Wenhao; Wang, Shengbao; Han, Lidong; Hu, Bin; Wu, Ting

2014-09-01

Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2014-09-01

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks

PubMed Central

Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

2016-01-01

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.’s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.’s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes. PMID:27537890

Vein matching using artificial neural network in vein authentication systems

NASA Astrophysics Data System (ADS)

Noori Hoshyar, Azadeh; Sulaiman, Riza

2011-10-01

Personal identification technology as security systems is developing rapidly. Traditional authentication modes like key; password; card are not safe enough because they could be stolen or easily forgotten. Biometric as developed technology has been applied to a wide range of systems. According to different researchers, vein biometric is a good candidate among other biometric traits such as fingerprint, hand geometry, voice, DNA and etc for authentication systems. Vein authentication systems can be designed by different methodologies. All the methodologies consist of matching stage which is too important for final verification of the system. Neural Network is an effective methodology for matching and recognizing individuals in authentication systems. Therefore, this paper explains and implements the Neural Network methodology for finger vein authentication system. Neural Network is trained in Matlab to match the vein features of authentication system. The Network simulation shows the quality of matching as 95% which is a good performance for authentication system matching.

The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers

DTIC Science & Technology

2014-07-07

POST re- quest, LastPass will store h’ as authenticating Alice. Mallory can then use otp’ to log-in to LastPass us- ing otp’. Of course , decrypting the...everywhere. [36] M. Rochkind. Security, forms, and error handling. In Expert PHP and MySQL , pages 191–247. Springer, 2013. [37] D. Silver, S. Jana, E

21 CFR 1311.55 - Requirements for systems used to process digitally signed orders.

Code of Federal Regulations, 2012 CFR

2012-04-01

... identification and password combination or biometric authentication to access the private key. Activation data... source. (9) The system must archive the digitally signed orders and any other records required in part... linked records for orders signed with a CSOS digital certificate must meet the following requirements: (1...

21 CFR 1311.55 - Requirements for systems used to process digitally signed orders.

Code of Federal Regulations, 2013 CFR

2013-04-01

... identification and password combination or biometric authentication to access the private key. Activation data... source. (9) The system must archive the digitally signed orders and any other records required in part... linked records for orders signed with a CSOS digital certificate must meet the following requirements: (1...

21 CFR 1311.55 - Requirements for systems used to process digitally signed orders.

Code of Federal Regulations, 2011 CFR

2011-04-01

... identification and password combination or biometric authentication to access the private key. Activation data... source. (9) The system must archive the digitally signed orders and any other records required in part... linked records for orders signed with a CSOS digital certificate must meet the following requirements: (1...

21 CFR 1311.55 - Requirements for systems used to process digitally signed orders.

Code of Federal Regulations, 2014 CFR

2014-04-01

... identification and password combination or biometric authentication to access the private key. Activation data... source. (9) The system must archive the digitally signed orders and any other records required in part... linked records for orders signed with a CSOS digital certificate must meet the following requirements: (1...

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

PubMed

Li, Chun-Ta; Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-06-23

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Improving computer security for authentication of users: influence of proactive password restrictions.

PubMed

Proctor, Robert W; Lien, Mei-Ching; Vu, Kim-Phuong L; Schultz, E Eugene; Salvendy, Gavriel

2002-05-01

Entering a username-password combination is a widely used procedure for identification and authentication in computer systems. However, it is a notoriously weak method, in that the passwords adopted by many users are easy to crack. In an attempt to improve security, proactive password checking may be used, in which passwords must meet several criteria to be more resistant to cracking. In two experiments, we examined the influence of proactive password restrictions on the time that it took to generate an acceptable password and to use it subsequently to long in. The required length was a minimum of five characters in Experiment 1 and eight characters in Experiment 2. In both experiments, one condition had only the length restriction, and the other had additional restrictions. The additional restrictions greatly increased the time it took to generate the password but had only a small effect on the time it took to use it subsequently to long in. For the five-character passwords, 75% were cracked when no other restrictions were imposed, and this was reduced to 33% with the additional restrictions. For the eight-character passwords, 17% were cracked with no other restrictions, and 12.5% with restrictions. The results indicate that increasing the minimum character length reduces crackability and increases security, regardless of whether additional restrictions are imposed.

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

PubMed Central

Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-01-01

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP. PMID:28644381

Biometrics Go Mainstream

ERIC Educational Resources Information Center

Gale, Doug

2006-01-01

Authentication is based on something one knows (e.g., a password), something one has (e.g., a driver's license), or something one is (e.g., a fingerprint). The last of these refers to the use of biometrics for authentication. With the blink of an eye, the touch of a finger, or the uttering of a pass-phrase, colleges and schools can now get deadly…

31 CFR 363.17 - Who is liable if someone else accesses my TreasuryDirect ® account using my password?

Code of Federal Regulations, 2010 CFR

2010-07-01

..., password, and any other form(s) of authentication we may require. We will treat any transactions conducted using your password as having been authorized by you. We are not liable for any loss, liability, cost, or expense that you may incur as a result of transactions made using your password. [72 FR 30978...

Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.

PubMed

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

PubMed Central

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. PMID:22899887

Multi-factor challenge/response approach for remote biometric authentication

NASA Astrophysics Data System (ADS)

Al-Assam, Hisham; Jassim, Sabah A.

2011-06-01

Although biometric authentication is perceived to be more reliable than traditional authentication schemes, it becomes vulnerable to many attacks when it comes to remote authentication over open networks and raises serious privacy concerns. This paper proposes a biometric-based challenge-response approach to be used for remote authentication between two parties A and B over open networks. In the proposed approach, a remote authenticator system B (e.g. a bank) challenges its client A who wants to authenticate his/her self to the system by sending a one-time public random challenge. The client A responds by employing the random challenge along with secret information obtained from a password and a token to produce a one-time cancellable representation of his freshly captured biometric sample. The one-time biometric representation, which is based on multi-factor, is then sent back to B for matching. Here, we argue that eavesdropping of the one-time random challenge and/or the resulting one-time biometric representation does not compromise the security of the system, and no information about the original biometric data is leaked. In addition to securing biometric templates, the proposed protocol offers a practical solution for the replay attack on biometric systems. Moreover, we propose a new scheme for generating a password-based pseudo random numbers/permutation to be used as a building block in the proposed approach. The proposed scheme is also designed to provide protection against repudiation. We illustrate the viability and effectiveness of the proposed approach by experimental results based on two biometric modalities: fingerprint and face biometrics.

Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer

NASA Astrophysics Data System (ADS)

Mannan, Mohammad; van Oorschot, P. C.

Keylogging and phishing attacks can extract user identity and sensitive account information for unauthorized access to users' financial accounts. Most existing or proposed solutions are vulnerable to session hijacking attacks. We propose a simple approach to counter these attacks, which cryptographically separates a user's long-term secret input from (typically untrusted) client PCs; a client PC performs most computations but has access only to temporary secrets. The user's long-term secret (typically short and low-entropy) is input through an independent personal trusted device such as a cellphone. The personal device provides a user's long-term secrets to a client PC only after encrypting the secrets using a pre-installed, "correct" public key of a remote service (the intended recipient of the secrets). The proposed protocol (MP-Auth) realizes such an approach, and is intended to safeguard passwords from keyloggers, other malware (including rootkits), phishing attacks and pharming, as well as to provide transaction security to foil session hijacking. We report on a prototype implementation of MP-Auth, and provide a comparison of web authentication techniques that use an additional factor of authentication (e.g. a cellphone, PDA or hardware token).

A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems.

PubMed

Mishra, Dheerendra; Srinivas, Jangirala; Mukhopadhyay, Sourav

2014-10-01

Advancement in network technology provides new ways to utilize telecare medicine information systems (TMIS) for patient care. Although TMIS usually faces various attacks as the services are provided over the public network. Recently, Jiang et al. proposed a chaotic map-based remote user authentication scheme for TMIS. Their scheme has the merits of low cost and session key agreement using Chaos theory. It enhances the security of the system by resisting various attacks. In this paper, we analyze the security of Jiang et al.'s scheme and demonstrate that their scheme is vulnerable to denial of service attack. Moreover, we demonstrate flaws in password change phase of their scheme. Further, our aim is to propose a new chaos map-based anonymous user authentication scheme for TMIS to overcome the weaknesses of Jiang et al.'s scheme, while also retaining the original merits of their scheme. We also show that our scheme is secure against various known attacks including the attacks found in Jiang et al.'s scheme. The proposed scheme is comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other related existing schemes. Moreover, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

National Authentication Framework Implementation Study

DTIC Science & Technology

2009-12-01

Identifiers RA Registration Authority SAML Security Assertion Markup Language SFA Single-factor Authentication SMS Short Messaging System SOA ...written on  paper  disclosed;  passwords stored in electronic file  copied. 1,2,3,4 Eaves‐  dropping The token secret or authenticator is  revealed to...Internet 2.0 and the growing interest in systems developed based upon the Service- Oriented Architecture ( SOA ). While core specifications upon which

A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography

NASA Astrophysics Data System (ADS)

Chen, Tien-Ho; Yeh, Hsiu-Lien; Liu, Pin-Chuan; Hsiang, Han-Chen; Shih, Wei-Kuan

Session initiation protocol (SIP) is a technology regularly performed in Internet Telephony, and Hyper Text Transport Protocol (HTTP) as digest authentication is one of the major methods for SIP authentication mechanism. In 2005, Yang et al. pointed out that HTTP could not resist server spoofing attack and off-line guessing attack and proposed a secret authentication with Diffie-Hellman concept. In 2009, Tsai proposed a nonce based authentication protocol for SIP. In this paper, we demonstrate that their protocol could not resist the password guessing attack and insider attack. Furthermore, we propose an ECC-based authentication mechanism to solve their issues and present security analysis of our protocol to show that ours is suitable for applications with higher security requirement.

Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce.

PubMed

Mishra, Dheerendra; Mukhopadhyay, Sourav; Kumari, Saru; Khan, Muhammad Khurram; Chaturvedi, Ankita

2014-05-01

Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services which increase the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interacting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions.pagebreak Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava's scheme does not achieve efficient password change phase. Moreover, their scheme does not resist off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava's scheme with the aim to remove the drawbacks of their scheme.

A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Das, Ashok Kumar

2015-03-01

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients' health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen's scheme has the same security drawbacks as in Lee at al.'s scheme. In order to remedy these security weaknesses found in Lee et al.'s scheme and Wen's scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.'s scheme and Wen's scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

PubMed

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Multi-factor authentication using quantum communication

DOEpatents

Hughes, Richard John; Peterson, Charles Glen; Thrasher, James T.; Nordholt, Jane E.; Yard, Jon T.; Newell, Raymond Thorson; Somma, Rolando D.

2018-02-06

Multi-factor authentication using quantum communication ("QC") includes stages for enrollment and identification. For example, a user enrolls for multi-factor authentication that uses QC with a trusted authority. The trusted authority transmits device factor information associated with a user device (such as a hash function) and user factor information associated with the user (such as an encrypted version of a user password). The user device receives and stores the device factor information and user factor information. For multi-factor authentication that uses QC, the user device retrieves its stored device factor information and user factor information, then transmits the user factor information to the trusted authority, which also retrieves its stored device factor information. The user device and trusted authority use the device factor information and user factor information (more specifically, information such as a user password that is the basis of the user factor information) in multi-factor authentication that uses QC.

Practical and Secure Recovery of Disk Encryption Key Using Smart Cards

NASA Astrophysics Data System (ADS)

Omote, Kazumasa; Kato, Kazuhiko

In key-recovery methods using smart cards, a user can recover the disk encryption key in cooperation with the system administrator, even if the user has lost the smart card including the disk encryption key. However, the disk encryption key is known to the system administrator in advance in most key-recovery methods. Hence user's disk data may be read by the system administrator. Furthermore, if the disk encryption key is not known to the system administrator in advance, it is difficult to achieve a key authentication. In this paper, we propose a scheme which enables to recover the disk encryption key when the user's smart card is lost. In our scheme, the disk encryption key is not preserved anywhere and then the system administrator cannot know the key before key-recovery phase. Only someone who has a user's smart card and knows the user's password can decrypt that user's disk data. Furthermore, we measured the processing time required for user authentication in an experimental environment using a virtual machine monitor. As a result, we found that this processing time is short enough to be practical.

Robust Speaker Authentication Based on Combined Speech and Voiceprint Recognition

NASA Astrophysics Data System (ADS)

Malcangi, Mario

2009-08-01

Personal authentication is becoming increasingly important in many applications that have to protect proprietary data. Passwords and personal identification numbers (PINs) prove not to be robust enough to ensure that unauthorized people do not use them. Biometric authentication technology may offer a secure, convenient, accurate solution but sometimes fails due to its intrinsically fuzzy nature. This research aims to demonstrate that combining two basic speech processing methods, voiceprint identification and speech recognition, can provide a very high degree of robustness, especially if fuzzy decision logic is used.

An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2014-06-01

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

User Authentication and Authorization Challenges in a Networked Library Environment.

ERIC Educational Resources Information Center

Machovec, George S.

1997-01-01

Discusses computer user authentication and authorization issues when libraries need to let valid users access databases and information services without making the process too difficult for either party. Common solutions are explained, including filtering, passwords, and kerberos (cryptographic authentication scheme for secure use over public…

An SSH key management system: easing the pain of managing key/user/account associations

NASA Astrophysics Data System (ADS)

Arkhipkin, D.; Betts, W.; Lauret, J.; Shiryaev, A.

2008-07-01

Cyber security requirements for secure access to computing facilities often call for access controls via gatekeepers and the use of two-factor authentication. Using SSH keys to satisfy the two factor authentication requirement has introduced a potentially challenging task of managing the keys and their associations with individual users and user accounts. Approaches for a facility with the simple model of one remote user corresponding to one local user would not work at facilities that require a many-to-many mapping between users and accounts on multiple systems. We will present an SSH key management system we developed, tested and deployed to address the many-to-many dilemma in the environment of the STAR experiment. We will explain its use in an online computing context and explain how it makes possible the management and tracing of group account access spread over many sub-system components (data acquisition, slow controls, trigger, detector instrumentation, etc.) without the use of shared passwords for remote logins.

SSO - Single-Sign-On Profile: Authentication Mechanisms Version 2.0

NASA Astrophysics Data System (ADS)

Taffoni, Giuliano; Schaaf, André; Rixon, Guy; Major, Brian; Taffoni, Giuliano

2017-05-01

Approved client-server authentication mechanisms are described for the IVOA single-sign-on profile: No Authentication; HTTP Basic Authentication; TLS with passwords; TLS with client certificates; Cookies; Open Authentication; Security Assertion Markup Language; OpenID. Normative rules are given for the implementation of these mechanisms, mainly by reference to pre-existing standards. The Authorization mechanisms are out of the scope of this document.

An improved anonymous authentication scheme for roaming in ubiquitous networks.

PubMed

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick; Won, Dongho

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

An improved anonymous authentication scheme for roaming in ubiquitous networks

PubMed Central

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments. PMID:29505575

A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2013-06-01

Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user's personal biometrics along with his/her password with the help of the smart card. The user's biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.'s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.'s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

Applications of Multi-Channel Safety Authentication Protocols in Wireless Networks.

PubMed

Chen, Young-Long; Liau, Ren-Hau; Chang, Liang-Yu

2016-01-01

People can use their web browser or mobile devices to access web services and applications which are built into these servers. Users have to input their identity and password to login the server. The identity and password may be appropriated by hackers when the network environment is not safe. The multiple secure authentication protocol can improve the security of the network environment. Mobile devices can be used to pass the authentication messages through Wi-Fi or 3G networks to serve as a second communication channel. The content of the message number is not considered in a multiple secure authentication protocol. The more excessive transmission of messages would be easier to collect and decode by hackers. In this paper, we propose two schemes which allow the server to validate the user and reduce the number of messages using the XOR operation. Our schemes can improve the security of the authentication protocol. The experimental results show that our proposed authentication protocols are more secure and effective. In regard to applications of second authentication communication channels for a smart access control system, identity identification and E-wallet, our proposed authentication protocols can ensure the safety of person and property, and achieve more effective security management mechanisms.

A reliable user authentication and key agreement scheme for Web-based Hospital-acquired Infection Surveillance Information System.

PubMed

Wu, Zhen-Yu; Tseng, Yi-Ju; Chung, Yufang; Chen, Yee-Chun; Lai, Feipei

2012-08-01

With the rapid development of the Internet, both digitization and electronic orientation are required on various applications in the daily life. For hospital-acquired infection control, a Web-based Hospital-acquired Infection Surveillance System was implemented. Clinical data from different hospitals and systems were collected and analyzed. The hospital-acquired infection screening rules in this system utilized this information to detect different patterns of defined hospital-acquired infection. Moreover, these data were integrated into the user interface of a signal entry point to assist physicians and healthcare providers in making decisions. Based on Service-Oriented Architecture, web-service techniques which were suitable for integrating heterogeneous platforms, protocols, and applications, were used. In summary, this system simplifies the workflow of hospital infection control and improves the healthcare quality. However, it is probable for attackers to intercept the process of data transmission or access to the user interface. To tackle the illegal access and to prevent the information from being stolen during transmission over the insecure Internet, a password-based user authentication scheme is proposed for information integrity.

Beyond Passwords: Usage and Policy Transformation

DTIC Science & Technology

2007-03-01

case scenario for lost productivity due to users leaving their CAC at work, in their computer, is costing 261 work years per year with an estimated ...one for your CAC) are you currently using? ..................................................................................................... 43...PASSWORDS: USAGE AND POLICY TRANSFORMATION I. Introduction Background Currently , the primary method for network authentication on the

Comparing Intentions to Use University-Provided vs Vendor-Provided Multibiometric Authentication in Online Exams

ERIC Educational Resources Information Center

Levy, Yair; Ramim, Michelle M.; Furnell, Steven M.; Clarke, Nathan L.

2011-01-01

Purpose: Concerns for information security in e-learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students' authentication during online exams beyond passwords. This paper aims to assess e-learners' intention to provide multibiometric data and use of multibiometrics…

A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule.

PubMed

Majumdar, Tapas; Haldar, Basudeb; Mallick, Arabinda

2017-02-20

A simple strategy is proposed to design and develop an intelligent device based on dual channel ion responsive spectral properties of a commercially available molecule, harmine (HM). The system can process different sets of opto-chemical inputs generating different patterns as fluorescence outputs at specific wavelengths which can provide an additional level of protection exploiting both password and pattern recognitions. The proposed system could have the potential to come up with highly secured combinatorial locks at the molecular level that could pose valuable real time and on-site applications for user authentication.

A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule

NASA Astrophysics Data System (ADS)

Majumdar, Tapas; Haldar, Basudeb; Mallick, Arabinda

2017-02-01

A simple strategy is proposed to design and develop an intelligent device based on dual channel ion responsive spectral properties of a commercially available molecule, harmine (HM). The system can process different sets of opto-chemical inputs generating different patterns as fluorescence outputs at specific wavelengths which can provide an additional level of protection exploiting both password and pattern recognitions. The proposed system could have the potential to come up with highly secured combinatorial locks at the molecular level that could pose valuable real time and on-site applications for user authentication.

Secure access to patient's health records using SpeechXRays a mutli-channel biometrics platform for user authentication.

PubMed

Spanakis, Emmanouil G; Spanakis, Marios; Karantanas, Apostolos; Marias, Kostas

2016-08-01

The most commonly used method for user authentication in ICT services or systems is the application of identification tools such as passwords or personal identification numbers (PINs). The rapid development in ICT technology regarding smart devices (laptops, tablets and smartphones) has allowed also the advance of hardware components that capture several biometric traits such as fingerprints and voice. These components are aiming among others to overcome weaknesses and flaws of password usage under the prism of improved user authentication with higher level of security, privacy and usability. To this respect, the potential application of biometrics for secure user authentication regarding access in systems with sensitive data (i.e. patient's data from electronic health records) shows great potentials. SpeechXRays aims to provide a user recognition platform based on biometrics of voice acoustics analysis and audio-visual identity verification. Among others, the platform aims to be applied as an authentication tool for medical personnel in order to gain specific access to patient's electronic health records. In this work a short description of SpeechXrays implementation tool regarding eHealth is provided and analyzed. This study explores security and privacy issues, and offers a comprehensive overview of biometrics technology applications in addressing the e-Health security challenges. We present and describe the necessary requirement for an eHealth platform concerning biometric security.

A biometric authentication model using hand gesture images.

PubMed

Fong, Simon; Zhuang, Yan; Fister, Iztok; Fister, Iztok

2013-10-30

A novel hand biometric authentication method based on measurements of the user's stationary hand gesture of hand sign language is proposed. The measurement of hand gestures could be sequentially acquired by a low-cost video camera. There could possibly be another level of contextual information, associated with these hand signs to be used in biometric authentication. As an analogue, instead of typing a password 'iloveu' in text which is relatively vulnerable over a communication network, a signer can encode a biometric password using a sequence of hand signs, 'i' , 'l' , 'o' , 'v' , 'e' , and 'u'. Subsequently the features from the hand gesture images are extracted which are integrally fuzzy in nature, to be recognized by a classification model for telling if this signer is who he claimed himself to be, by examining over his hand shape and the postures in doing those signs. It is believed that everybody has certain slight but unique behavioral characteristics in sign language, so are the different hand shape compositions. Simple and efficient image processing algorithms are used in hand sign recognition, including intensity profiling, color histogram and dimensionality analysis, coupled with several popular machine learning algorithms. Computer simulation is conducted for investigating the efficacy of this novel biometric authentication model which shows up to 93.75% recognition accuracy.

A Comparison of Password Techniques for Multilevel Authentication Mechanisms

DTIC Science & Technology

1990-06-01

an individual user’s perceptions, personal interests and personal history . This information is unique to the individual and is neither commonly...a user may associative passwords profile around the Beatles . In this case, cues may include "abbey", "john", "yellow" and "george" and have responses

Security analysis and improvements to the PsychoPass method.

PubMed

Brumen, Bostjan; Heričko, Marjan; Rozman, Ivan; Hölbl, Marko

2013-08-13

In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength.

Security Analysis and Improvements to the PsychoPass Method

PubMed Central

2013-01-01

Background In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. Objective To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. Methods We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. Results The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. Conclusions The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength. PMID:23942458

Security Considerations and Recommendations in Computer-Based Testing

PubMed Central

Al-Saleem, Saleh M.

2014-01-01

Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee. PMID:25254250

Security considerations and recommendations in computer-based testing.

PubMed

Al-Saleem, Saleh M; Ullah, Hanif

2014-01-01

Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee.

A Multifactor Secure Authentication System for Wireless Payment

NASA Astrophysics Data System (ADS)

Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

User Authentication: A State-of-the-Art Review

DTIC Science & Technology

1991-09-01

etc/ passwd , is publicly readable. Although the passwords in the file are encrypted, the encryption routine is read:.ly accessible. Encrypting a guess...version 4.0, and AT&T’s System V release 3.2 and System V/MLS, have addressed the problem by moving the passwords from /etc/ passwd into a shadow file that

Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

PubMed

Wu, Fan; Xu, Lili

2013-08-01

Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

Australian DefenceScience. Volume 16, Number 2, Winter

DTIC Science & Technology

2008-01-01

Making Virtual Advisers speedily interactive To provide an authentically interactive experience for humans working with Virtual Advisers, the Virtual...peer trusted and strong authentication for checking of security credentials without recourse to third parties or infrastructure, thus eliminating...multiple passwords, or carry around multiple security tokens.” Each CodeStick device is readied for use with a biometric authentication process. Since

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Khan, Muhammad Tawab; Khan, Muhammad Khurram; Shon, Taeshik

2016-11-01

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

Press touch code: A finger press based screen size independent authentication scheme for smart devices.

PubMed

Ranak, M S A Noman; Azad, Saiful; Nor, Nur Nadiah Hanim Binti Mohd; Zamli, Kamal Z

2017-01-01

Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT)-a.k.a., Force Touch in Apple's MacBook, Apple Watch, ZTE's Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on-is transformed into a new type of code, named Press Touch Code (PTC). We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme.

Press touch code: A finger press based screen size independent authentication scheme for smart devices

PubMed Central

Ranak, M. S. A. Noman; Nor, Nur Nadiah Hanim Binti Mohd; Zamli, Kamal Z.

2017-01-01

Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT)—a.k.a., Force Touch in Apple’s MacBook, Apple Watch, ZTE’s Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on—is transformed into a new type of code, named Press Touch Code (PTC). We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme. PMID:29084262

An efficient biometric and password-based remote user authentication using smart card for Telecare Medical Information Systems in multi-server environment.

PubMed

Maitra, Tanmoy; Giri, Debasis

2014-12-01

The medical organizations have introduced Telecare Medical Information System (TMIS) to provide a reliable facility by which a patient who is unable to go to a doctor in critical or urgent period, can communicate to a doctor through a medical server via internet from home. An authentication mechanism is needed in TMIS to hide the secret information of both parties, namely a server and a patient. Recent research includes patient's biometric information as well as password to design a remote user authentication scheme that enhances the security level. In a single server environment, one server is responsible for providing services to all the authorized remote patients. However, the problem arises if a patient wishes to access several branch servers, he/she needs to register to the branch servers individually. In 2014, Chuang and Chen proposed an remote user authentication scheme for multi-server environment. In this paper, we have shown that in their scheme, an non-register adversary can successfully logged-in into the system as a valid patient. To resist the weaknesses, we have proposed an authentication scheme for TMIS in multi-server environment where the patients can register to a root telecare server called registration center (RC) in one time to get services from all the telecare branch servers through their registered smart card. Security analysis and comparison shows that our proposed scheme provides better security with low computational and communication cost.

The Password Problem

DOE Office of Scientific and Technical Information (OSTI.GOV)

Walkup, Elizabeth

Passwords are an ubiquitous, established part of the Internet today, but they are also a huge security headache. Single sign-on, OAuth, and password managers are some of the solutions to this problem. OAuth is a new, popular method that allows people to use large, common authentication providers for many web applications. However, it comes at the expense of some privacy: OAuth makes users easy to track across websites, applications, and devices. Password managers put the power in the hands of the users, but this vulnerability survey reveals that you have to be extremely careful which program you choose. All inmore » all, password managers are the solution of choice for home users and small organizations, but large companies will probably want to invest in their own SSO solutions.« less

Keystroke dynamics in the pre-touchscreen era

PubMed Central

Ahmad, Nasir; Szymkowiak, Andrea; Campbell, Paul A.

2013-01-01

Biometric authentication seeks to measure an individual’s unique physiological attributes for the purpose of identity verification. Conventionally, this task has been realized via analyses of fingerprints or signature iris patterns. However, whilst such methods effectively offer a superior security protocol compared with password-based approaches for example, their substantial infrastructure costs, and intrusive nature, make them undesirable and indeed impractical for many scenarios. An alternative approach seeks to develop similarly robust screening protocols through analysis of typing patterns, formally known as keystroke dynamics. Here, keystroke analysis methodologies can utilize multiple variables, and a range of mathematical techniques, in order to extract individuals’ typing signatures. Such variables may include measurement of the period between key presses, and/or releases, or even key-strike pressures. Statistical methods, neural networks, and fuzzy logic have often formed the basis for quantitative analysis on the data gathered, typically from conventional computer keyboards. Extension to more recent technologies such as numerical keypads and touch-screen devices is in its infancy, but obviously important as such devices grow in popularity. Here, we review the state of knowledge pertaining to authentication via conventional keyboards with a view toward indicating how this platform of knowledge can be exploited and extended into the newly emergent type-based technological contexts. PMID:24391568

Keystroke dynamics in the pre-touchscreen era.

PubMed

Ahmad, Nasir; Szymkowiak, Andrea; Campbell, Paul A

2013-12-19

Biometric authentication seeks to measure an individual's unique physiological attributes for the purpose of identity verification. Conventionally, this task has been realized via analyses of fingerprints or signature iris patterns. However, whilst such methods effectively offer a superior security protocol compared with password-based approaches for example, their substantial infrastructure costs, and intrusive nature, make them undesirable and indeed impractical for many scenarios. An alternative approach seeks to develop similarly robust screening protocols through analysis of typing patterns, formally known as keystroke dynamics. Here, keystroke analysis methodologies can utilize multiple variables, and a range of mathematical techniques, in order to extract individuals' typing signatures. Such variables may include measurement of the period between key presses, and/or releases, or even key-strike pressures. Statistical methods, neural networks, and fuzzy logic have often formed the basis for quantitative analysis on the data gathered, typically from conventional computer keyboards. Extension to more recent technologies such as numerical keypads and touch-screen devices is in its infancy, but obviously important as such devices grow in popularity. Here, we review the state of knowledge pertaining to authentication via conventional keyboards with a view toward indicating how this platform of knowledge can be exploited and extended into the newly emergent type-based technological contexts.

Fuzzy Commitment

NASA Astrophysics Data System (ADS)

Juels, Ari

The purpose of this chapter is to introduce fuzzy commitment, one of the earliest and simplest constructions geared toward cryptography over noisy data. The chapter also explores applications of fuzzy commitment to two problems in data security: (1) secure management of biometrics, with a focus on iriscodes, and (2) use of knowledge-based authentication (i.e., personal questions) for password recovery.

Verifying Secrets and Relative Secrecy

DTIC Science & Technology

2000-01-01

Systems that authenticate a user based on a shared secret (such as a password or PIN) normally allow anyone to query whether the secret is a given...value. For example, an ATM machine allows one to ask whether a string is the secret PIN of a (lost or stolen) ATM card. Yet such queries are prohibited

A biometric authentication model using hand gesture images

PubMed Central

2013-01-01

A novel hand biometric authentication method based on measurements of the user’s stationary hand gesture of hand sign language is proposed. The measurement of hand gestures could be sequentially acquired by a low-cost video camera. There could possibly be another level of contextual information, associated with these hand signs to be used in biometric authentication. As an analogue, instead of typing a password ‘iloveu’ in text which is relatively vulnerable over a communication network, a signer can encode a biometric password using a sequence of hand signs, ‘i’ , ‘l’ , ‘o’ , ‘v’ , ‘e’ , and ‘u’. Subsequently the features from the hand gesture images are extracted which are integrally fuzzy in nature, to be recognized by a classification model for telling if this signer is who he claimed himself to be, by examining over his hand shape and the postures in doing those signs. It is believed that everybody has certain slight but unique behavioral characteristics in sign language, so are the different hand shape compositions. Simple and efficient image processing algorithms are used in hand sign recognition, including intensity profiling, color histogram and dimensionality analysis, coupled with several popular machine learning algorithms. Computer simulation is conducted for investigating the efficacy of this novel biometric authentication model which shows up to 93.75% recognition accuracy. PMID:24172288

User-Centered Authentication: LDAP, WRAP, X.509, XML (SIG LAN: Library Automation and Networks).

ERIC Educational Resources Information Center

Coble, Jim

2000-01-01

Presents an abstract for a planned panel session on technologies for user-centered authentication and authorization currently deployed in pilot or production implementations in academic computing. Presentations included: "Implementing LSAP for Single-Password Access to Campus Resources" (Layne Nordgren); "Implementing a Scalable…

Evaluating authentication options for mobile health applications in younger and older adults

PubMed Central

Khan, Hassan; Hengartner, Urs; Ong, Stephanie; Logan, Alexander G.; Vogel, Daniel; Gebotys, Robert; Yang, Jilan

2018-01-01

Objective Apps promoting patient self-management may improve health outcomes. However, methods to secure stored information on mobile devices may adversely affect usability. We tested the reliability and usability of common user authentication techniques in younger and older adults. Methodology Usability testing was conducted in two age groups, 18 to 30 years and 50 years and older. After completing a demographic questionnaire, each participant tested four authentication options in random order: four-digit personal identification number (PIN), graphical password (GRAPHICAL), Android pattern-lock (PATTERN), and a swipe-style Android fingerprint scanner (FINGERPRINT). Participants rated each option using the Systems Usability Scale (SUS). Results A total of 59 older and 43 younger participants completed the study. Overall, PATTERN was the fastest option (3.44s), and PIN had the fewest errors per attempt (0.02). Participants were able to login using PIN, PATTERN, and GRAPHICAL at least 98% of the time. FINGERPRINT was the slowest (26.97s), had an average of 1.46 errors per attempt, and had a successful login rate of 85%. Overall, PIN and PATTERN had higher SUS scores than FINGERPRINT and GRAPHICAL. Compared to younger participants, older participants were also less likely to find PATTERN to be tiring, annoying or time consuming and less likely to consider PIN to be time consuming. Younger participants were more likely to rate GRAPHICAL as annoying, time consuming and tiring than older participants. Conclusions On mobile devices, PIN and pattern-lock outperformed graphical passwords and swipe-style fingerprints. All participants took longer to authenticate using the swipe-style fingerprint compared to other options. Older participants also took two to three seconds longer to authenticate using the PIN, pattern and graphical passwords though this did not appear to affect perceived usability. PMID:29300736

Evaluating authentication options for mobile health applications in younger and older adults.

PubMed

Grindrod, Kelly; Khan, Hassan; Hengartner, Urs; Ong, Stephanie; Logan, Alexander G; Vogel, Daniel; Gebotys, Robert; Yang, Jilan

2018-01-01

Apps promoting patient self-management may improve health outcomes. However, methods to secure stored information on mobile devices may adversely affect usability. We tested the reliability and usability of common user authentication techniques in younger and older adults. Usability testing was conducted in two age groups, 18 to 30 years and 50 years and older. After completing a demographic questionnaire, each participant tested four authentication options in random order: four-digit personal identification number (PIN), graphical password (GRAPHICAL), Android pattern-lock (PATTERN), and a swipe-style Android fingerprint scanner (FINGERPRINT). Participants rated each option using the Systems Usability Scale (SUS). A total of 59 older and 43 younger participants completed the study. Overall, PATTERN was the fastest option (3.44s), and PIN had the fewest errors per attempt (0.02). Participants were able to login using PIN, PATTERN, and GRAPHICAL at least 98% of the time. FINGERPRINT was the slowest (26.97s), had an average of 1.46 errors per attempt, and had a successful login rate of 85%. Overall, PIN and PATTERN had higher SUS scores than FINGERPRINT and GRAPHICAL. Compared to younger participants, older participants were also less likely to find PATTERN to be tiring, annoying or time consuming and less likely to consider PIN to be time consuming. Younger participants were more likely to rate GRAPHICAL as annoying, time consuming and tiring than older participants. On mobile devices, PIN and pattern-lock outperformed graphical passwords and swipe-style fingerprints. All participants took longer to authenticate using the swipe-style fingerprint compared to other options. Older participants also took two to three seconds longer to authenticate using the PIN, pattern and graphical passwords though this did not appear to affect perceived usability.

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

2015-11-01

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity

PubMed Central

Kumari, Saru

2013-01-01

The authors review the biometrics-based user authentication scheme proposed by An in 2012. The authors show that there exist loopholes in the scheme which are detrimental for its security. Therefore the authors propose an improved scheme eradicating the flaws of An's scheme. Then a detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. The proposed scheme not only withstands security problems found in An's scheme but also provides some extra features with mere addition of only two hash operations. The proposed scheme allows user to freely change his password and also provides user anonymity with untraceability. PMID:24350272

An improved biometrics-based remote user authentication scheme with user anonymity.

PubMed

Khan, Muhammad Khurram; Kumari, Saru

2013-01-01

The authors review the biometrics-based user authentication scheme proposed by An in 2012. The authors show that there exist loopholes in the scheme which are detrimental for its security. Therefore the authors propose an improved scheme eradicating the flaws of An's scheme. Then a detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. The proposed scheme not only withstands security problems found in An's scheme but also provides some extra features with mere addition of only two hash operations. The proposed scheme allows user to freely change his password and also provides user anonymity with untraceability.

Practical Computer Security through Cryptography

NASA Technical Reports Server (NTRS)

McNab, David; Twetev, David (Technical Monitor)

1998-01-01

The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

Study on a Biometric Authentication Model based on ECG using a Fuzzy Neural Network

NASA Astrophysics Data System (ADS)

Kim, Ho J.; Lim, Joon S.

2018-03-01

Traditional authentication methods use numbers or graphic passwords and thus involve the risk of loss or theft. Various studies are underway regarding biometric authentication because it uses the unique biometric data of a human being. Biometric authentication technology using ECG from biometric data involves signals that record electrical stimuli from the heart. It is difficult to manipulate and is advantageous in that it enables unrestrained measurements from sensors that are attached to the skin. This study is on biometric authentication methods using the neural network with weighted fuzzy membership functions (NEWFM). In the biometric authentication process, normalization and the ensemble average is applied during preprocessing, characteristics are extracted using Haar-wavelets, and a registration process called “training” is performed in the fuzzy neural network. In the experiment, biometric authentication was performed on 73 subjects in the Physionet Database. 10-40 ECG waveforms were tested for use in the registration process, and 15 ECG waveforms were deemed the appropriate number for registering ECG waveforms. 1 ECG waveforms were used during the authentication stage to conduct the biometric authentication test. Upon testing the proposed biometric authentication method based on 73 subjects from the Physionet Database, the TAR was 98.32% and FAR was 5.84%.

CUE: counterfeit-resistant usable eye movement-based authentication via oculomotor plant characteristics and complex eye movement patterns

NASA Astrophysics Data System (ADS)

Komogortsev, Oleg V.; Karpov, Alexey; Holland, Corey D.

2012-06-01

The widespread use of computers throughout modern society introduces the necessity for usable and counterfeit-resistant authentication methods to ensure secure access to personal resources such as bank accounts, e-mail, and social media. Current authentication methods require tedious memorization of lengthy pass phrases, are often prone to shouldersurfing, and may be easily replicated (either by counterfeiting parts of the human body or by guessing an authentication token based on readily available information). This paper describes preliminary work toward a counterfeit-resistant usable eye movement-based (CUE) authentication method. CUE does not require any passwords (improving the memorability aspect of the authentication system), and aims to provide high resistance to spoofing and shoulder-surfing by employing the combined biometric capabilities of two behavioral biometric traits: 1) oculomotor plant characteristics (OPC) which represent the internal, non-visible, anatomical structure of the eye; 2) complex eye movement patterns (CEM) which represent the strategies employed by the brain to guide visual attention. Both OPC and CEM are extracted from the eye movement signal provided by an eye tracking system. Preliminary results indicate that the fusion of OPC and CEM traits is capable of providing a 30% reduction in authentication error when compared to the authentication accuracy of individual traits.

Robust anonymous authentication scheme for telecare medical information systems.

PubMed

Xie, Qi; Zhang, Jun; Dong, Na

2013-04-01

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.'s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.'s scheme also has some weaknesses. In particular, Chen et al.'s scheme does not provide user's privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user's smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

One Time Passwords in Everything (OPIE): Experiences with Building and Using Stringer Authentication

DTIC Science & Technology

1995-01-01

opiepasswd(1). The name change brings it more in line with its UNIX counterpart passwd (1), which should make both programs easier to remember for users. This...char * passwd ) int opiehash(char *x, unsigned algorithm) The one-time password schemes implemented in OPIE, as rst described in [Hal94], compute a...seed, passwd ); while (sequence-- != 0) opiehash(result, algorithm); opiebtoe(result,words); Send words. : : : 6 Deployment Every machine that has

One-Time Password Registration Key Code Request | High-Performance

Science.gov Websites

Computing | NREL One-Time Password Registration Key Code Request One-Time Password Registration Key Code Request Use this form to request a one-time password (OTP) registration key code for using . Alternate Email In case there is a second email where we might contact you Phone In case we need to contact

Audited credential delegation: a usable security solution for the virtual physiological human toolkit.

PubMed

Haidar, Ali N; Zasada, Stefan J; Coveney, Peter V; Abdallah, Ali E; Beckles, Bruce; Jones, Mike A S

2011-06-06

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username-password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

PubMed Central

Haidar, Ali N.; Zasada, Stefan J.; Coveney, Peter V.; Abdallah, Ali E.; Beckles, Bruce; Jones, Mike A. S.

2011-01-01

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username–password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale. PMID:22670214

Generating cancelable fingerprint templates.

PubMed

Ratha, Nalini K; Chikkerur, Sharat; Connell, Jonathan H; Bolle, Ruud M

2007-04-01

Biometrics-based authentication systems offer obvious usability advantages over traditional password and token-based authentication schemes. However, biometrics raises several privacy concerns. A biometric is permanently associated with a user and cannot be changed. Hence, if a biometric identifier is compromised, it is lost forever and possibly for every application where the biometric is used. Moreover, if the same biometric is used in multiple applications, a user can potentially be tracked from one application to the next by cross-matching biometric databases. In this paper, we demonstrate several methods to generate multiple cancelable identifiers from fingerprint images to overcome these problems. In essence, a user can be given as many biometric identifiers as needed by issuing a new transformation "key." The identifiers can be cancelled and replaced when compromised. We empirically compare the performance of several algorithms such as Cartesian, polar, and surface folding transformations of the minutiae positions. It is demonstrated through multiple experiments that we can achieve revocability and prevent cross-matching of biometric databases. It is also shown that the transforms are noninvertible by demonstrating that it is computationally as hard to recover the original biometric identifier from a transformed version as by randomly guessing. Based on these empirical results and a theoretical analysis we conclude that feature-level cancelable biometric construction is practicable in large biometric deployments.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, Tony

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

SPI/U3.2. Security Profile Inspector for UNIX Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, A.

1994-08-01

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

The Development of a Portable Hard Disk Encryption/Decryption System with a MEMS Coded Lock.

PubMed

Zhang, Weiping; Chen, Wenyuan; Tang, Jian; Xu, Peng; Li, Yibin; Li, Shengyong

2009-01-01

In this paper, a novel portable hard-disk encryption/decryption system with a MEMS coded lock is presented, which can authenticate the user and provide the key for the AES encryption/decryption module. The portable hard-disk encryption/decryption system is composed of the authentication module, the USB portable hard-disk interface card, the ATA protocol command decoder module, the data encryption/decryption module, the cipher key management module, the MEMS coded lock controlling circuit module, the MEMS coded lock and the hard disk. The ATA protocol circuit, the MEMS control circuit and AES encryption/decryption circuit are designed and realized by FPGA(Field Programmable Gate Array). The MEMS coded lock with two couplers and two groups of counter-meshing-gears (CMGs) are fabricated by a LIGA-like process and precision engineering method. The whole prototype was fabricated and tested. The test results show that the user's password could be correctly discriminated by the MEMS coded lock, and the AES encryption module could get the key from the MEMS coded lock. Moreover, the data in the hard-disk could be encrypted or decrypted, and the read-write speed of the dataflow could reach 17 MB/s in Ultra DMA mode.

How to Speak an Authentication Secret Securely from an Eavesdropper

NASA Astrophysics Data System (ADS)

O'Gorman, Lawrence; Brotman, Lynne; Sammon, Michael

When authenticating over the telephone or mobile headphone, the user cannot always assure that no eavesdropper hears the password or authentication secret. We describe an eavesdropper-resistant, challenge-response authentication scheme for spoken authentication where an attacker can hear the user’s voiced responses. This scheme entails the user to memorize a small number of plaintext-ciphertext pairs. At authentication, these are challenged in random order and interspersed with camouflage elements. It is shown that the response can be made to appear random so that no information on the memorized secret can be learned by eavesdroppers. We describe the method along with parameter value tradeoffs of security strength, authentication time, and memory effort. This scheme was designed for user authentication of wireless headsets used for hands-free communication by healthcare staff at a hospital.

Real time biometric surveillance with gait recognition

NASA Astrophysics Data System (ADS)

Mohapatra, Subasish; Swain, Anisha; Das, Manaswini; Mohanty, Subhadarshini

2018-04-01

Bio metric surveillance has become indispensable for every system in the recent years. The contribution of bio metric authentication, identification, and screening purposes are widely used in various domains for preventing unauthorized access. A large amount of data needs to be updated, segregated and safeguarded from malicious software and misuse. Bio metrics is the intrinsic characteristics of each individual. Recently fingerprints, iris, passwords, unique keys, and cards are commonly used for authentication purposes. These methods have various issues related to security and confidentiality. These systems are not yet automated to provide the safety and security. The gait recognition system is the alternative for overcoming the drawbacks of the recent bio metric based authentication systems. Gait recognition is newer as it hasn't been implemented in the real-world scenario so far. This is an un-intrusive system that requires no knowledge or co-operation of the subject. Gait is a unique behavioral characteristic of every human being which is hard to imitate. The walking style of an individual teamed with the orientation of joints in the skeletal structure and inclinations between them imparts the unique characteristic. A person can alter one's own external appearance but not skeletal structure. These are real-time, automatic systems that can even process low-resolution images and video frames. In this paper, we have proposed a gait recognition system and compared the performance with conventional bio metric identification systems.

Robust and Reusable Fuzzy Extractors

NASA Astrophysics Data System (ADS)

Boyen, Xavier

The use of biometric features as key material in security protocols has often been suggested to relieve their owner from the need to remember long cryptographic secrets. The appeal of biometric data as cryptographic secrets stems from their high apparent entropy, their availability to their owner, and their relative immunity to loss. In particular, they constitute a very effective basis for user authentication, especially when combined with complementary credentials such as a short memorized password or a physical token. However, the use of biometrics in cryptography does not come without problems. Some difficulties are technical, such as the lack of uniformity and the imperfect reproducibility of biometrics, but some challenges are more fundamental.

Guidelines for Network Security in the Learning Environment.

ERIC Educational Resources Information Center

Littman, Marlyn Kemper

1996-01-01

Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

Centralized Authentication with Kerberos 5, Part I

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wachsmann, A

Account administration in a distributed Unix/Linux environment can become very complicated and messy if done by hand. Large sites use special tools to deal with this problem. I will describe how even very small installations like your three computer network at home can take advantage of the very same tools. The problem in a distributed environment is that password and shadow files need to be changed individually on each machine if an account change occurs. Account changes include: password change, addition/removal of accounts, name change of an account (UID/GID changes are a big problem in any case), additional or removedmore » login privileges to a (group of) computer(s), etc. In this article, I will show how Kerberos 5 solves the authentication problem in a distributed computing environment. A second article will describe a solution for the authorization problem.« less

Using cloud models of heartbeats as the entity identifier to secure mobile devices.

PubMed

Fu, Donglai; Liu, Yanhua

2017-01-01

Mobile devices are extensively used to store more private and often sensitive information. Therefore, it is important to protect them against unauthorised access. Authentication ensures that authorised users can use mobile devices. However, traditional authentication methods, such as numerical or graphic passwords, are vulnerable to passive attacks. For example, an adversary can steal the password by snooping from a shorter distance. To avoid these problems, this study presents a biometric approach that uses cloud models of heartbeats as the entity identifier to secure mobile devices. Here, it is identified that these concepts including cloud model or cloud have nothing to do with cloud computing. The cloud model appearing in the study is the cognitive model. In the proposed method, heartbeats are collected by two ECG electrodes that are connected to one mobile device. The backward normal cloud generator is used to generate ECG standard cloud models characterising the heartbeat template. When a user tries to have access to their mobile device, cloud models regenerated by fresh heartbeats will be compared with ECG standard cloud models to determine if the current user can use this mobile device. This authentication method was evaluated from three aspects including accuracy, authentication time and energy consumption. The proposed method gives 86.04% of true acceptance rate with 2.73% of false acceptance rate. One authentication can be done in 6s, and this processing consumes about 2000 mW of power.

Facelock: familiarity-based graphical authentication.

PubMed

Jenkins, Rob; McLachlan, Jane L; Renaud, Karen

2014-01-01

Authentication codes such as passwords and PIN numbers are widely used to control access to resources. One major drawback of these codes is that they are difficult to remember. Account holders are often faced with a choice between forgetting a code, which can be inconvenient, or writing it down, which compromises security. In two studies, we test a new knowledge-based authentication method that does not impose memory load on the user. Psychological research on face recognition has revealed an important distinction between familiar and unfamiliar face perception: When a face is familiar to the observer, it can be identified across a wide range of images. However, when the face is unfamiliar, generalisation across images is poor. This contrast can be used as the basis for a personalised 'facelock', in which authentication succeeds or fails based on image-invariant recognition of faces that are familiar to the account holder. In Study 1, account holders authenticated easily by detecting familiar targets among other faces (97.5% success rate), even after a one-year delay (86.1% success rate). Zero-acquaintance attackers were reduced to guessing (<1% success rate). Even personal attackers who knew the account holder well were rarely able to authenticate (6.6% success rate). In Study 2, we found that shoulder-surfing attacks by strangers could be defeated by presenting different photos of the same target faces in observed and attacked grids (1.9% success rate). Our findings suggest that the contrast between familiar and unfamiliar face recognition may be useful for developers of graphical authentication systems.

A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Chang, Ya-Fen; Yu, Shih-Hui; Shiao, Ding-Rui

2013-04-01

Connected health care provides new opportunities for improving financial and clinical performance. Many connected health care applications such as telecare medicine information system, personally controlled health records system, and patient monitoring have been proposed. Correct and quality care is the goal of connected heath care, and user authentication can ensure the legality of patients. After reviewing authentication schemes for connected health care applications, we find that many of them cannot protect patient privacy such that others can trace users/patients by the transmitted data. And the verification tokens used by these authentication schemes to authenticate users or servers are only password, smart card and RFID tag. Actually, these verification tokens are not unique and easy to copy. On the other hand, biometric characteristics, such as iris, face, voiceprint, fingerprint and so on, are unique, easy to be verified, and hard to be copied. In this paper, a biometrics-based user authentication scheme will be proposed to ensure uniqueness and anonymity at the same time. With the proposed scheme, only the legal user/patient himself/herself can access the remote server, and no one can trace him/her according to transmitted data.

Implementation of a single sign-on system between practice, research and learning systems.

PubMed

Purkayastha, Saptarshi; Gichoya, Judy W; Addepally, Siva Abhishek

2017-03-29

Multiple specialized electronic medical systems are utilized in the health enterprise. Each of these systems has their own user management, authentication and authorization process, which makes it a complex web for navigation and use without a coherent process workflow. Users often have to remember multiple passwords, login/logout between systems that disrupt their clinical workflow. Challenges exist in managing permissions for various cadres of health care providers. This case report describes our experience of implementing a single sign-on system, used between an electronic medical records system and a learning management system at a large academic institution with an informatics department responsible for student education and a medical school affiliated with a hospital system caring for patients and conducting research. At our institution, we use OpenMRS for research registry tracking of interventional radiology patients as well as to provide access to medical records to students studying health informatics. To provide authentication across different users of the system with different permissions, we developed a Central Authentication Service (CAS) module for OpenMRS, released under the Mozilla Public License and deployed it for single sign-on across the academic enterprise. The module has been in implementation since August 2015 to present, and we assessed usability of the registry and education system before and after implementation of the CAS module. 54 students and 3 researchers were interviewed. The module authenticates users with appropriate privileges in the medical records system, providing secure access with minimal disruption to their workflow. No passwords requests were sent and users reported ease of use, with streamlined workflow. The project demonstrates that enterprise-wide single sign-on systems should be used in healthcare to reduce complexity like "password hell", improve usability and user navigation. We plan to extend this to work with other systems used in the health care enterprise.

The Development of a Portable Hard Disk Encryption/Decryption System with a MEMS Coded Lock

PubMed Central

Zhang, Weiping; Chen, Wenyuan; Tang, Jian; Xu, Peng; Li, Yibin; Li, Shengyong

2009-01-01

In this paper, a novel portable hard-disk encryption/decryption system with a MEMS coded lock is presented, which can authenticate the user and provide the key for the AES encryption/decryption module. The portable hard-disk encryption/decryption system is composed of the authentication module, the USB portable hard-disk interface card, the ATA protocol command decoder module, the data encryption/decryption module, the cipher key management module, the MEMS coded lock controlling circuit module, the MEMS coded lock and the hard disk. The ATA protocol circuit, the MEMS control circuit and AES encryption/decryption circuit are designed and realized by FPGA(Field Programmable Gate Array). The MEMS coded lock with two couplers and two groups of counter-meshing-gears (CMGs) are fabricated by a LIGA-like process and precision engineering method. The whole prototype was fabricated and tested. The test results show that the user's password could be correctly discriminated by the MEMS coded lock, and the AES encryption module could get the key from the MEMS coded lock. Moreover, the data in the hard-disk could be encrypted or decrypted, and the read-write speed of the dataflow could reach 17 MB/s in Ultra DMA mode. PMID:22291566

Privacy and Security within Biobanking: The Role of Information Technology.

PubMed

Heatherly, Raymond

2016-03-01

Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. © 2016 American Society of Law, Medicine & Ethics.

Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Han, Sangchul; Kim, Moonseong; Paik, Juryon; Won, Dongho

2015-01-01

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond; Han, Sangchul; Kim, Moonseong; Paik, Juryon; Won, Dongho

2015-01-01

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). PMID:25849359

On the security of a dynamic ID-based authentication scheme for telecare medical information systems.

PubMed

Lin, Han-Yu

2013-04-01

Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients' electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.

Optical key system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hagans, K.G.; Clough, R.E.

2000-04-25

An optical key system comprises a battery-operated optical key and an isolated lock that derives both its operating power and unlock signals from the correct optical key. A light emitting diode or laser diode is included within the optical key and is connected to transmit a bit-serial password. The key user physically enters either the code-to-transmit directly, or an index to a pseudorandom number code, in the key. Such person identification numbers can be retained permanently, or ephemeral. When a send button is pressed, the key transmits a beam of light modulated with the password information. The modulated beam ofmore » light is received by a corresponding optical lock with a photovoltaic cell that produces enough power from the beam of light to operate a password-screen digital logic. In one application, an acceptable password allows a two watt power laser diode to pump ignition and timing information over a fiberoptic cable into a sealed engine compartment. The receipt of a good password allows the fuel pump, spark, and starter systems to each operate. Therefore, bypassing the lock mechanism as is now routine with automobile thieves is pointless because the engine is so thoroughly disabled.« less

Optical key system

DOEpatents

Hagans, Karla G.; Clough, Robert E.

2000-01-01

An optical key system comprises a battery-operated optical key and an isolated lock that derives both its operating power and unlock signals from the correct optical key. A light emitting diode or laser diode is included within the optical key and is connected to transmit a bit-serial password. The key user physically enters either the code-to-transmit directly, or an index to a pseudorandom number code, in the key. Such person identification numbers can be retained permanently, or ephemeral. When a send button is pressed, the key transmits a beam of light modulated with the password information. The modulated beam of light is received by a corresponding optical lock with a photovoltaic cell that produces enough power from the beam of light to operate a password-screen digital logic. In one application, an acceptable password allows a two watt power laser diode to pump ignition and timing information over a fiberoptic cable into a sealed engine compartment. The receipt of a good password allows the fuel pump, spark, and starter systems to each operate. Therefore, bypassing the lock mechanism as is now routine with automobile thieves is pointless because the engine is so thoroughly disabled.

Facelock: familiarity-based graphical authentication

PubMed Central

McLachlan, Jane L.; Renaud, Karen

2014-01-01

Authentication codes such as passwords and PIN numbers are widely used to control access to resources. One major drawback of these codes is that they are difficult to remember. Account holders are often faced with a choice between forgetting a code, which can be inconvenient, or writing it down, which compromises security. In two studies, we test a new knowledge-based authentication method that does not impose memory load on the user. Psychological research on face recognition has revealed an important distinction between familiar and unfamiliar face perception: When a face is familiar to the observer, it can be identified across a wide range of images. However, when the face is unfamiliar, generalisation across images is poor. This contrast can be used as the basis for a personalised ‘facelock’, in which authentication succeeds or fails based on image-invariant recognition of faces that are familiar to the account holder. In Study 1, account holders authenticated easily by detecting familiar targets among other faces (97.5% success rate), even after a one-year delay (86.1% success rate). Zero-acquaintance attackers were reduced to guessing (<1% success rate). Even personal attackers who knew the account holder well were rarely able to authenticate (6.6% success rate). In Study 2, we found that shoulder-surfing attacks by strangers could be defeated by presenting different photos of the same target faces in observed and attacked grids (1.9% success rate). Our findings suggest that the contrast between familiar and unfamiliar face recognition may be useful for developers of graphical authentication systems. PMID:25024913

Mobile Device Management

DTIC Science & Technology

2012-01-01

password policies (or smart card authentication), disabling compo- nents of the operating system that were deemed unsafe, allowing users to only install...written nearly 100 applications for the iOS and Android platforms with over 1,500,000 downloads on iTunes and Google Play. CPT Braunstein is a

75 FR 32915 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-10

... used to authenticate authorized desktop and laptop computer users. Computer servers are scanned monthly... data is also used for management and statistical reports and studies. Routine uses of records... duties. The computer files are password protected with access restricted to authorized users. Records are...

Securing TCP/IP and Dial-up Access to Administrative Data.

ERIC Educational Resources Information Center

Conrad, L. Dean

1992-01-01

This article describes Arizona State University's solution to security risk inherent in general access systems such as TCP/IP (Transmission Control Protocol/INTERNET Protocol). Advantages and disadvantages of various options are compared, and the process of selecting a log-on authentication approach involving generation of a different password at…

76 FR 45902 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-01

... will allow our users to maintain one User ID, consisting of a self-selected Username and Password, to...) Registration and identity verification; (2) enhancement of the User ID; and (3) authentication. The...- person identification verification process for individuals who cannot or are not willing to register...

Online Learning Integrity Approaches: Current Practices and Future Solutions

ERIC Educational Resources Information Center

Lee-Post, Anita; Hapke, Holly

2017-01-01

The primary objective of this paper is to help institutions respond to the stipulation of the Higher Education Opportunity Act of 2008 by adopting cost-effective academic integrity solutions without compromising the convenience and flexibility of online learning. Current user authentication solutions such as user ID and password, security…

ESnet authentication services and trust federations

NASA Astrophysics Data System (ADS)

Muruganantham, Dhivakaran; Helm, Mike; Genovese, Tony

2005-01-01

ESnet provides authentication services and trust federation support for SciDAC projects, collaboratories, and other distributed computing applications. The ESnet ATF team operates the DOEGrids Certificate Authority, available to all DOE Office of Science programs, plus several custom CAs, including one for the National Fusion Collaboratory and one for NERSC. The secure hardware and software environment developed to support CAs is suitable for supporting additional custom authentication and authorization applications that your program might require. Seamless, secure interoperation across organizational and international boundaries is vital to collaborative science. We are fostering the development of international PKI federations by founding the TAGPMA, the American regional PMA, and the worldwide IGTF Policy Management Authority (PMA), as well as participating in European and Asian regional PMAs. We are investigating and prototyping distributed authentication technology that will allow us to support the "roaming scientist" (distributed wireless via eduroam), as well as more secure authentication methods (one-time password tokens).

21 CFR 1311.55 - Requirements for systems used to process digitally signed orders.

Code of Federal Regulations, 2010 CFR

2010-04-01

... system must use either a user identification and password combination or biometric authentication to... and any other records required in part 1305 of this chapter, including any linked data. (10) The...) A system used to receive, verify, and create linked records for orders signed with a CSOS digital...

On the security of two remote user authentication schemes for telecare medical information systems.

PubMed

Kim, Kee-Won; Lee, Jae-Dong

2014-05-01

The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

Authentication techniques for smart cards

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, R.A.

1994-02-01

Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thoroughmore » understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.« less

A Public-Key Based Authentication and Key Establishment Protocol Coupled with a Client Puzzle.

ERIC Educational Resources Information Center

Lee, M. C.; Fung, Chun-Kan

2003-01-01

Discusses network denial-of-service attacks which have become a security threat to the Internet community and suggests the need for reliable authentication protocols in client-server applications. Presents a public-key based authentication and key establishment protocol coupled with a client puzzle protocol and validates it through formal logic…

The Characteristics of User-Generated Passwords

DTIC Science & Technology

1990-03-01

electronic keys), user interface tokens (pocket devices that can generate one-time passwords) and fixed password devices ( plastic cards that contain...APPENDIX B-7 DIFFREM DIFFICULTY REMfEIBERING by PASSCHAR PASSORD CARACTERISTICS PASSCHAR Pate I of 1 Count 1 Row Pet IALPHAVET NUMERIC ALPHANUM ASCII Cal Pet

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

PubMed

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2015-09-01

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.

PKPass

DOE Office of Scientific and Technical Information (OSTI.GOV)

Adamson, Ryan M.

Password management solutions exist, but few are designed for enterprise systems administrators sharing oncall rotations. Due to the Multi-Factor Level of Assurance 4 effort, DOE is now distributing PIV cards with cryptographically signed certificate and private key pairs to administrators and other security-significant users. We utilize this public key infrastructure (PKI) to encrypt passwords for other recipients in a secure way. This is cross platform (works on OSX and Linux systems), and has already been adopted internally by the NCCS systems administration staff to replace their old password book system.

Employing Two Factor Authentication Mechanisms: A Case Study

ERIC Educational Resources Information Center

Lawrence, Cameron; Fulton, Eric; Evans, Gerald; Firth, David

2014-01-01

This case study examines the life of a digital native who has her online accounts hacked, passwords reset, and is locked out of important online resources including her university email account and Facebook. Part one of the case study examines how the hack was perpetrated and the fallout of losing control of one's digital identity. Part two of the…

A novel biometric authentication approach using ECG and EMG signals.

PubMed

Belgacem, Noureddine; Fournier, Régis; Nait-Ali, Amine; Bereksi-Reguig, Fethi

2015-05-01

Security biometrics is a secure alternative to traditional methods of identity verification of individuals, such as authentication systems based on user name and password. Recently, it has been found that the electrocardiogram (ECG) signal formed by five successive waves (P, Q, R, S and T) is unique to each individual. In fact, better than any other biometrics' measures, it delivers proof of subject's being alive as extra information which other biometrics cannot deliver. The main purpose of this work is to present a low-cost method for online acquisition and processing of ECG signals for person authentication and to study the possibility of providing additional information and retrieve personal data from an electrocardiogram signal to yield a reliable decision. This study explores the effectiveness of a novel biometric system resulting from the fusion of information and knowledge provided by ECG and EMG (Electromyogram) physiological recordings. It is shown that biometrics based on these ECG/EMG signals offers a novel way to robustly authenticate subjects. Five ECG databases (MIT-BIH, ST-T, NSR, PTB and ECG-ID) and several ECG signals collected in-house from volunteers were exploited. A palm-based ECG biometric system was developed where the signals are collected from the palm of the subject through a minimally intrusive one-lead ECG set-up. A total of 3750 ECG beats were used in this work. Feature extraction was performed on ECG signals using Fourier descriptors (spectral coefficients). Optimum-Path Forest classifier was used to calculate the degree of similarity between individuals. The obtained results from the proposed approach look promising for individuals' authentication.

Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing.

PubMed

Ehatisham-Ul-Haq, Muhammad; Azam, Muhammad Awais; Loo, Jonathan; Shuang, Kai; Islam, Syed; Naeem, Usman; Amin, Yasar

2017-09-06

Smartphones are context-aware devices that provide a compelling platform for ubiquitous computing and assist users in accomplishing many of their routine tasks anytime and anywhere, such as sending and receiving emails. The nature of tasks conducted with these devices has evolved with the exponential increase in the sensing and computing capabilities of a smartphone. Due to the ease of use and convenience, many users tend to store their private data, such as personal identifiers and bank account details, on their smartphone. However, this sensitive data can be vulnerable if the device gets stolen or lost. A traditional approach for protecting this type of data on mobile devices is to authenticate users with mechanisms such as PINs, passwords, and fingerprint recognition. However, these techniques are vulnerable to user compliance and a plethora of attacks, such as smudge attacks. The work in this paper addresses these challenges by proposing a novel authentication framework, which is based on recognizing the behavioral traits of smartphone users using the embedded sensors of smartphone, such as Accelerometer, Gyroscope and Magnetometer. The proposed framework also provides a platform for carrying out multi-class smart user authentication, which provides different levels of access to a wide range of smartphone users. This work has been validated with a series of experiments, which demonstrate the effectiveness of the proposed framework.

Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing

PubMed Central

Ehatisham-ul-Haq, Muhammad; Azam, Muhammad Awais; Loo, Jonathan; Shuang, Kai; Islam, Syed; Naeem, Usman; Amin, Yasar

2017-01-01

Smartphones are context-aware devices that provide a compelling platform for ubiquitous computing and assist users in accomplishing many of their routine tasks anytime and anywhere, such as sending and receiving emails. The nature of tasks conducted with these devices has evolved with the exponential increase in the sensing and computing capabilities of a smartphone. Due to the ease of use and convenience, many users tend to store their private data, such as personal identifiers and bank account details, on their smartphone. However, this sensitive data can be vulnerable if the device gets stolen or lost. A traditional approach for protecting this type of data on mobile devices is to authenticate users with mechanisms such as PINs, passwords, and fingerprint recognition. However, these techniques are vulnerable to user compliance and a plethora of attacks, such as smudge attacks. The work in this paper addresses these challenges by proposing a novel authentication framework, which is based on recognizing the behavioral traits of smartphone users using the embedded sensors of smartphone, such as Accelerometer, Gyroscope and Magnetometer. The proposed framework also provides a platform for carrying out multi-class smart user authentication, which provides different levels of access to a wide range of smartphone users. This work has been validated with a series of experiments, which demonstrate the effectiveness of the proposed framework. PMID:28878177

Multi-factor authentication

DOEpatents

Hamlet, Jason R; Pierson, Lyndon G

2014-10-21

Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

Three-party authenticated key agreements for optimal communication

PubMed Central

Lee, Tian-Fu; Hwang, Tzonelih

2017-01-01

Authenticated key agreements enable users to determine session keys, and to securely communicate with others over an insecure channel via the session keys. This study investigates the lower bounds on communications for three-party authenticated key agreements and considers whether or not the sub-keys for generating a session key can be revealed in the channel. Since two clients do not share any common secret key, they require the help of the server to authenticate their identities and exchange confidential and authenticated information over insecure networks. However, if the session key security is based on asymmetric cryptosystems, then revealing the sub-keys cannot compromise the session key. The clients can directly exchange the sub-keys and reduce the transmissions. In addition, authenticated key agreements were developed by using the derived results of the lower bounds on communications. Compared with related approaches, the proposed protocols had fewer transmissions and realized the lower bounds on communications. PMID:28355253

A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

PubMed

Das, Ashok Kumar

2015-03-01

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http://alaskafisheries.noaa.gov. (2... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

Comparative study of key exchange and authentication methods in application, transport and network level security mechanisms

NASA Astrophysics Data System (ADS)

Fathirad, Iraj; Devlin, John; Jiang, Frank

2012-09-01

The key-exchange and authentication are two crucial elements of any network security mechanism. IPsec, SSL/TLS, PGP and S/MIME are well-known security approaches in providing security service to network, transport and application layers; these protocols use different methods (based on their requirements) to establish keying materials and authenticates key-negotiation and participated parties. This paper studies and compares the authenticated key negotiation methods in mentioned protocols.

Access control for electronic patient records.

PubMed

Glagola, M J

1998-01-01

The transition from hardcopy records to electronic records is in the forefront for healthcare today. For healthcare facilities, a major issue is determining who can access patients' medical information and how access to this information can be controlled. There are three components to access control: identification, authentication and authorization. Checking proof of identity is a means of authenticating someone--through a driver's license, passport or their fingerprints. Similar processes are needed in a computer environment, through the use of passwords, one-time passwords or smartcards, encryption and kerberos, and call-back procedures. New in the area of access control are biometric devices, which are hardware/software combinations that digitize a physical characteristic and compare the sample with previously stored samples. Fingerprints, voiceprints and facial features are examples. Their cost is currently prohibitive, but in time, they may become more common. Digital certificates and certification authorities are other means used to authenticate identify. When a system challenges a user's identity at log on, the user provides a certification that tells the system to go to the issuing certification authority and find proof the user's claim is valid. Low-level certifications offer little value for sensitive data, but high-level certification is now being introduced. It requires more specific, detailed information on the applicant. Authorization, the final component of access control, establishes what a specific user can and cannot access. To have effective access control, transaction logging and system monitoring are needed to ensure the various techniques are being used and performing properly.

Quantum Dialogue with Authentication Based on Bell States

NASA Astrophysics Data System (ADS)

Shen, Dongsu; Ma, Wenping; Yin, Xunru; Li, Xiaoping

2013-06-01

We propose an authenticated quantum dialogue protocol, which is based on a shared private quantum entangled channel. In this protocol, the EPR pairs are randomly prepared in one of the four Bell states for communication. By performing four Pauli operations on the shared EPR pairs to encode their shared authentication key and secret message, two legitimate users can implement mutual identity authentication and quantum dialogue without the help from the third party authenticator. Furthermore, due to the EPR pairs which are used for secure communication are utilized to implement authentication and the whole authentication process is included in the direct secure communication process, it does not require additional particles to realize authentication in this protocol. The updated authentication key provides the counterparts with a new authentication key for the next authentication and direct communication. Compared with other secure communication with authentication protocols, this one is more secure and efficient owing to the combination of authentication and direct communication. Security analysis shows that it is secure against the eavesdropping attack, the impersonation attack and the man-in-the-middle (MITM) attack.

Active Authentication: Beyond Passwords

DTIC Science & Technology

2011-11-18

103m 26-Jul-07 208k 27-Dec-10 4.9m Source: www.privacyrights.org/data-breach Hackers broke into a Gannett Co database containing personal...Pattern • Knuckle Pattern • Lip Pattern • Nail bed Pattern • Nose Pattern • Oto-acoustic Emissions • Palmprint • Retina Pattern • Skin... Palmprint Knuckle Pattern Pulse Electrocardiogram Electroencephalogram Face Geometry Lip Pattern Blue may be suitable for continuous monitoring

System of end-to-end symmetric database encryption

NASA Astrophysics Data System (ADS)

Galushka, V. V.; Aydinyan, A. R.; Tsvetkova, O. L.; Fathi, V. A.; Fathi, D. V.

2018-05-01

The article is devoted to the actual problem of protecting databases from information leakage, which is performed while bypassing access control mechanisms. To solve this problem, it is proposed to use end-to-end data encryption, implemented at the end nodes of an interaction of the information system components using one of the symmetric cryptographic algorithms. For this purpose, a key management method designed for use in a multi-user system based on the distributed key representation model, part of which is stored in the database, and the other part is obtained by converting the user's password, has been developed and described. In this case, the key is calculated immediately before the cryptographic transformations and is not stored in the memory after the completion of these transformations. Algorithms for registering and authorizing a user, as well as changing his password, have been described, and the methods for calculating parts of a key when performing these operations have been provided.

An Efficient Authenticated Key Transfer Scheme in Client-Server Networks

NASA Astrophysics Data System (ADS)

Shi, Runhua; Zhang, Shun

2017-10-01

In this paper, we presented a novel authenticated key transfer scheme in client-server networks, which can achieve two secure goals of remote user authentication and the session key establishment between the remote user and the server. Especially, the proposed scheme can subtly provide two fully different authentications: identity-base authentication and anonymous authentication, while the remote user only holds a private key. Furthermore, our scheme only needs to transmit 1-round messages from the remote user to the server, thus it is very efficient in communication complexity. In addition, the most time-consuming computation in our scheme is elliptic curve scalar point multiplication, so it is also feasible even for mobile devices.

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

PubMed

Baig, Ahmed Fraz; Hassan, Khwaja Mansoor Ul; Ghani, Anwar; Chaudhry, Shehzad Ashraf; Khan, Imran; Ashraf, Muhammad Usman

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.'s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols.

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks

PubMed Central

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. PMID:29702675

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks.

PubMed

Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

2016-10-07

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.'s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes.

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks

PubMed Central

Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

2016-01-01

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.’s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes. PMID:27739417

Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.

PubMed

Khan, Muhammad Khurram; Alghathbar, Khaled

2010-01-01

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems.

PubMed

Lee, Tian-Fu

2013-12-01

A smartcard-based authentication and key agreement scheme for telecare medicine information systems enables patients, doctors, nurses and health visitors to use smartcards for secure login to medical information systems. Authorized users can then efficiently access remote services provided by the medicine information systems through public networks. Guo and Chang recently improved the efficiency of a smartcard authentication and key agreement scheme by using chaotic maps. Later, Hao et al. reported that the scheme developed by Guo and Chang had two weaknesses: inability to provide anonymity and inefficient double secrets. Therefore, Hao et al. proposed an authentication scheme for telecare medicine information systems that solved these weaknesses and improved performance. However, a limitation in both schemes is their violation of the contributory property of key agreements. This investigation discusses these weaknesses and proposes a new smartcard-based authentication and key agreement scheme that uses chaotic maps for telecare medicine information systems. Compared to conventional schemes, the proposed scheme provides fewer weaknesses, better security, and more efficiency.

Study on the security of the authentication scheme with key recycling in QKD

NASA Astrophysics Data System (ADS)

Li, Qiong; Zhao, Qiang; Le, Dan; Niu, Xiamu

2016-09-01

In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.

A Routing Path Construction Method for Key Dissemination Messages in Sensor Networks

PubMed Central

Moon, Soo Young; Cho, Tae Ho

2014-01-01

Authentication is an important security mechanism for detecting forged messages in a sensor network. Each cluster head (CH) in dynamic key distribution schemes forwards a key dissemination message that contains encrypted authentication keys within its cluster to next-hop nodes for the purpose of authentication. The forwarding path of the key dissemination message strongly affects the number of nodes to which the authentication keys in the message are actually distributed. We propose a routing method for the key dissemination messages to increase the number of nodes that obtain the authentication keys. In the proposed method, each node selects next-hop nodes to which the key dissemination message will be forwarded based on secret key indexes, the distance to the sink node, and the energy consumption of its neighbor nodes. The experimental results show that the proposed method can increase by 50–70% the number of nodes to which authentication keys in each cluster are distributed compared to geographic and energy-aware routing (GEAR). In addition, the proposed method can detect false reports earlier by using the distributed authentication keys, and it consumes less energy than GEAR when the false traffic ratio (FTR) is ≥10%. PMID:25136649

A User Authentication Scheme Based on Elliptic Curves Cryptography for Wireless Ad Hoc Networks

PubMed Central

Chen, Huifang; Ge, Linlin; Xie, Lei

2015-01-01

The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes. PMID:26184224

A User Authentication Scheme Based on Elliptic Curves Cryptography for Wireless Ad Hoc Networks.

PubMed

Chen, Huifang; Ge, Linlin; Xie, Lei

2015-07-14

The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes.

Advanced Terrain Representation for the Microticcit Workstation: System Maintenance Manual

DTIC Science & Technology

1986-02-01

enter the */ /* password. */ /* Inputs: passwd - password to compare userfs entry to */ /* Outputs: TRUE - if password entered correctly...include "atrdefs.h" #include "ctype.h" extern char window[]; /* useable portion of screen */ 1 i getpw( passwd ) char passwd []; { int c...blank input window */ pcvgcp(&row,*col); curs_off(); nchars - ntries - 0; len « strlen( passwd ); pcvwca(len,• *,REVIDEO); /* process keys till user

Server-Controlled Identity-Based Authenticated Key Exchange

NASA Astrophysics Data System (ADS)

Guo, Hua; Mu, Yi; Zhang, Xiyong; Li, Zhoujun

We present a threshold identity-based authenticated key exchange protocol that can be applied to an authenticated server-controlled gateway-user key exchange. The objective is to allow a user and a gateway to establish a shared session key with the permission of the back-end servers, while the back-end servers cannot obtain any information about the established session key. Our protocol has potential applications in strong access control of confidential resources. In particular, our protocol possesses the semantic security and demonstrates several highly-desirable security properties such as key privacy and transparency. We prove the security of the protocol based on the Bilinear Diffie-Hellman assumption in the random oracle model.

Quantum secret sharing with identity authentication based on Bell states

NASA Astrophysics Data System (ADS)

Abulkasim, Hussein; Hamad, Safwat; Khalifa, Amal; El Bahnasy, Khalid

Quantum secret sharing techniques allow two parties or more to securely share a key, while the same number of parties or less can efficiently deduce the secret key. In this paper, we propose an authenticated quantum secret sharing protocol, where a quantum dialogue protocol is adopted to authenticate the identity of the parties. The participants simultaneously authenticate the identity of each other based on parts of a prior shared key. Moreover, the whole prior shared key can be reused for deducing the secret data. Although the proposed scheme does not significantly improve the efficiency performance, it is more secure compared to some existing quantum secret sharing scheme due to the identity authentication process. In addition, the proposed scheme can stand against participant attack, man-in-the-middle attack, impersonation attack, Trojan-horse attack as well as information leaks.

USign--a security enhanced electronic consent model.

PubMed

Li, Yanyan; Xie, Mengjun; Bian, Jiang

2014-01-01

Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

Design of a MEMS-based retina scanning system for biometric authentication

NASA Astrophysics Data System (ADS)

Woittennek, Franziska; Knobbe, Jens; Pügner, Tino; Schelinski, Uwe; Grüger, Heinrich

2014-05-01

There is an increasing need for reliable authentication for a number of applications such as e commerce. Common authentication methods based on ownership (ID card) or knowledge factors (password, PIN) are often prone to manipulations and may therefore be not safe enough. Various inherence factor based methods like fingerprint, retinal pattern or voice identifications are considered more secure. Retina scanning in particular offers both low false rejection rate (FRR) and low false acceptance rate (FAR) with about one in a million. Images of the retina with its characteristic pattern of blood vessels can be made with either a fundus camera or laser scanning methods. The present work describes the optical design of a new compact retina laser scanner which is based on MEMS (Micro Electric Mechanical System) technology. The use of a dual axis micro scanning mirror for laser beam deflection enables a more compact and robust design compared to classical systems. The scanner exhibits a full field of view of 10° which corresponds to an area of 4 mm2 on the retinal surface surrounding the optical disc. The system works in the near infrared and is designed for use under ambient light conditions, which implies a pupil diameter of 1.5 mm. Furthermore it features a long eye relief of 30 mm so that it can be conveniently used by persons wearing glasses. The optical design requirements and the optical performance are discussed in terms of spot diagrams and ray fan plots.

Triboelectric Nanogenerator as a Self-Powered Communication Unit for Processing and Transmitting Information.

PubMed

Yu, Aifang; Chen, Xiangyu; Wang, Rui; Liu, Jingyu; Luo, Jianjun; Chen, Libo; Zhang, Yang; Wu, Wei; Liu, Caihong; Yuan, Hongtao; Peng, Mingzeng; Hu, Weiguo; Zhai, Junyi; Wang, Zhong Lin

2016-04-26

In this paper, we demonstrate an application of a triboelectric nanogenerator (TENG) as a self-powered communication unit. An elaborately designed TENG is used to translate a series of environmental triggering signals into binary digital signals and drives an electronic-optical device to transmit binary digital data in real-time without an external power supply. The elaborately designed TENG is built in a membrane structure that can effectively drive the electronic-optical device in a bandwidth from 1.30 to 1.65 kHz. Two typical communication modes (amplitude-shift keying and frequency-shift keying) are realized through the resonant response of TENG to different frequencies, and two digital signals, i.e., "1001" and "0110", are successfully transmitted and received through this system, respectively. Hence, in this study, a simple but efficient method for directly transmitting ambient vibration to the receiver as a digital signal is established using an elaborately designed TENG and an optical communication technique. This type of the communication system, as well as the implementation method presented, exhibits great potential for applications in the smart city, smart home, password authentication, and so on.

A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Wen, Fengtong

2013-12-01

User authentication plays an important role to protect resources or services from being accessed by unauthorized users. In a recent paper, Das et al. proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. This scheme uses three factors, e.g. biometrics, password, and smart card, to protect the security. It protects user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Das et al.'s scheme, and show that the scheme is in fact insecure against the replay attack, user impersonation attacks and off-line guessing attacks. Then, we also propose a robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Compared with the existing schemes, our protocol uses a different user authentication mechanism to resist replay attack. We show that our proposed scheme can provide stronger security than previous protocols. Furthermore, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

Authentication in Reprogramming of Sensor Networks for Mote Class Adversaries

DTIC Science & Technology

2006-01-01

based approach. In this paper, we propose a symmetric key-based protocol for authenticating the reprogramming process. Our protocol is based on the ... secret instantiation algorithm, which requires only O(log n) keys to be maintained at each sensor. We integrate this algorithm with the existing

Patients’ Data Management System Protected by Identity-Based Authentication and Key Exchange

PubMed Central

Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti

2017-01-01

A secure and distributed framework for the management of patients’ information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients’ data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed. PMID:28362328

Patients' Data Management System Protected by Identity-Based Authentication and Key Exchange.

PubMed

Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti

2017-03-31

A secure and distributed framework for the management of patients' information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients' data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed.

A Key Establishment Protocol for RFID User in IPTV Environment

NASA Astrophysics Data System (ADS)

Jeong, Yoon-Su; Kim, Yong-Tae; Sohn, Jae-Min; Park, Gil-Cheol; Lee, Sang-Ho

In recent years, the usage of IPTV (Internet Protocol Television) has been increased. The reason is a technological convergence of broadcasting and telecommunication delivering interactive applications and multimedia content through high speed Internet connections. The main critical point of IPTV security requirements is subscriber authentication. That is, IPTV service should have the capability to identify the subscribers to prohibit illegal access. Currently, IPTV service does not provide a sound authentication mechanism to verify the identity of its wireless users (or devices). This paper focuses on a lightweight authentication and key establishment protocol based on the use of hash functions. The proposed approach provides effective authentication for a mobile user with a RFID tag whose authentication information is communicated back and forth with the IPTV authentication server via IPTV set-top box (STB). That is, the proposed protocol generates user's authentication information that is a bundle of two public keys derived from hashing user's private keys and RFID tag's session identifier, and adds 1bit to this bundled information for subscriber's information confidentiality before passing it to the authentication server.

Addressing the vulnerabilities of pass-thoughts

NASA Astrophysics Data System (ADS)

Fernandez, Gabriel C.; Danko, Amanda S.

2016-05-01

As biometrics become increasingly pervasive, consumer electronics are reaping the benefits of improved authentication methods. Leveraging the physical characteristics of a user reduces the burden of setting and remembering complex passwords, while enabling stronger security. Multi-factor systems lend further credence to this model, increasing security via multiple passive data points. In recent years, brainwaves have been shown to be another feasible source for biometric authentication. Physically unique to an individual in certain circumstances, the signals can also be changed by the user at will, making them more robust than static physical characteristics. No paradigm is impervious however, and even well-established medical technologies have deficiencies. In this work, a system for biometric authentication via brainwaves is constructed with electroencephalography (EEG). The efficacy of EEG biometrics via existing consumer electronics is evaluated, and vulnerabilities of such a system are enumerated. Impersonation attacks are performed to expose the extent to which the system is vulnerable. Finally, a multimodal system combining EEG with additional factors is recommended and outlined.

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

PubMed

Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

2016-01-01

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments.

PubMed

Yang, Li; Zheng, Zhiming

2018-01-01

According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.

Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments

PubMed Central

Zheng, Zhiming

2018-01-01

According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks. PMID:29534085

Molecules for security measures: from keypad locks to advanced communication protocols.

PubMed

Andréasson, J; Pischel, U

2018-04-03

The idea of using molecules in the context of information security has sparked the interest of researchers from many scientific disciplines. This is clearly manifested in the diversity of the molecular platforms and the analytical techniques used for this purpose, some of which we highlight in this Tutorial Review. Moreover, those molecular systems can be used to emulate a broad spectrum of security measures. For a long time, molecular keypad locks enjoyed a clear preference and the review starts off with a description of how these devices developed. In the last few years, however, the field has evolved into something larger. Examples include more complex authentication protocols (multi-factor authentication and one-time passwords), the recognition of erroneous procedures in data transmission (parity devices), as well as steganographic and cryptographic protection.

Unlocking data: federated identity with LSDMA and dCache

NASA Astrophysics Data System (ADS)

Millar, AP; Behrmann, G.; Bernardt, C.; Fuhrmann, P.; Hardt, M.; Hayrapetyan, A.; Litvintsev, D.; Mkrtchyan, T.; Rossi, A.; Schwank, K.

2015-12-01

X.509, the dominant identity system from grid computing, has proved unpopular for many user communities. More popular alternatives generally assume the user is interacting via their web-browser. Such alternatives allow a user to authenticate with many services with the same credentials (user-name and password). They also allow users from different organisations form collaborations quickly and simply. Scientists generally require that their custom analysis software has direct access to the data. Such direct access is not currently supported by alternatives to X.509, as they require the use of a web-browser. Various approaches to solve this issue are being investigated as part of the Large Scale Data Management and Analysis (LSDMA) project, a German funded national R&D project. These involve dynamic credential translation (creating an X.509 credential) to allow backwards compatibility in addition to direct SAML- and OpenID Connect-based authentication. We present a summary of the current state of art and the current status of the federated identity work funded by the LSDMA project along with the future road map.

A Scenario-Based Protocol Checker for Public-Key Authentication Scheme

NASA Astrophysics Data System (ADS)

Saito, Takamichi

Security protocol provides communication security for the internet. One of the important features of it is authentication with key exchange. Its correctness is a requirement of the whole of the communication security. In this paper, we introduce three attack models realized as their attack scenarios, and provide an authentication-protocol checker for applying three attack-scenarios based on the models. We also utilize it to check two popular security protocols: Secure SHell (SSH) and Secure Socket Layer/Transport Layer Security (SSL/TLS).

Privacy authentication using key attribute-based encryption in mobile cloud computing

NASA Astrophysics Data System (ADS)

Mohan Kumar, M.; Vijayan, R.

2017-11-01

Mobile Cloud Computing is becoming more popular in nowadays were users of smartphones are getting increased. So, the security level of cloud computing as to be increased. Privacy Authentication using key-attribute based encryption helps the users for business development were the data sharing with the organization using the cloud in a secured manner. In Privacy Authentication the sender of data will have permission to add their receivers to whom the data access provided for others the access denied. In sender application, the user can choose the file which is to be sent to receivers and then that data will be encrypted using Key-attribute based encryption using AES algorithm. In which cipher created, and that stored in Amazon Cloud along with key value and the receiver list.

Self-Assembled Resonance Energy Transfer Keys for Secure Communication over Classical Channels.

PubMed

Nellore, Vishwa; Xi, Sam; Dwyer, Chris

2015-12-22

Modern authentication and communication protocols increasingly use physical keys in lieu of conventional software-based keys for security. This shift is primarily driven by the ability to derive a unique, unforgeable signature from a physical key. The sole demonstration of an unforgeable key, thus far, has been through quantum key distribution, which suffers from limited communication distances and expensive infrastructure requirements. Here, we show a method for creating unclonable keys by molecular self-assembly of resonance energy transfer (RET) devices. It is infeasible to clone the RET-key due to the inability to characterize the key using current technology, the large number of input-output combinations per key, and the variation of the key's response with time. However, the manufacturer can produce multiple identical devices, which enables inexpensive, secure authentication and communication over classical channels, and thus any distance. Through a detailed experimental survey of the nanoscale keys, we demonstrate that legitimate users are successfully authenticated 99.48% of the time and the false-positives are only 0.39%, over two attempts. We estimate that a legitimate user would have a computational advantage of more than 10(340) years over an attacker. Our method enables the discovery of physical key based multiparty authentication and communication schemes that are both practical and possess unprecedented security.

On Robust Key Agreement Based on Public Key Authentication

NASA Astrophysics Data System (ADS)

Hao, Feng

We describe two new attacks on the HMQV protocol. The first attack raises a serious question on the basic definition of "authentication" in HMQV, while the second attack is generally applicable to many other protocols. In addition, we present a new authenticated key agreement protocol called YAK. Our approach is to depend on well-established techniques such as Schnorr's signature. Among all the related protocols, YAK appears to be the simplest so far. We believe simplicity is an important engineering principle.

Public Key-Based Need-to-Know Authorization Engine Final Report CRADA No. TSB-1553-98

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mark, R.; Williams, R.

The goals of this project were to develop a public key-based authentication service plug-in based on LLNL's requirements, integrate the public key-based authentication with the Intra Verse authorization service adn the LLNL NTK server by developing a full-featured version of the prototyped Intra Verse need-to-know plug in; and to test the authorization and need-to-know plug-in in a secured extranet prototype among selected national Labs.

Open source system OpenVPN in a function of Virtual Private Network

NASA Astrophysics Data System (ADS)

Skendzic, A.; Kovacic, B.

2017-05-01

Using of Virtual Private Networks (VPN) can establish high security level in network communication. VPN technology enables high security networking using distributed or public network infrastructure. VPN uses different security and managing rules inside networks. It can be set up using different communication channels like Internet or separate ISP communication infrastructure. VPN private network makes security communication channel over public network between two endpoints (computers). OpenVPN is an open source software product under GNU General Public License (GPL) that can be used to establish VPN communication between two computers inside business local network over public communication infrastructure. It uses special security protocols and 256-bit Encryption and it is capable of traversing network address translators (NATs) and firewalls. It allows computers to authenticate each other using a pre-shared secret key, certificates or username and password. This work gives review of VPN technology with a special accent on OpenVPN. This paper will also give comparison and financial benefits of using open source VPN software in business environment.

BossPro: a biometrics-based obfuscation scheme for software protection

NASA Astrophysics Data System (ADS)

Kuseler, Torben; Lami, Ihsan A.; Al-Assam, Hisham

2013-05-01

This paper proposes to integrate biometric-based key generation into an obfuscated interpretation algorithm to protect authentication application software from illegitimate use or reverse-engineering. This is especially necessary for mCommerce because application programmes on mobile devices, such as Smartphones and Tablet-PCs are typically open for misuse by hackers. Therefore, the scheme proposed in this paper ensures that a correct interpretation / execution of the obfuscated program code of the authentication application requires a valid biometric generated key of the actual person to be authenticated, in real-time. Without this key, the real semantics of the program cannot be understood by an attacker even if he/she gains access to this application code. Furthermore, the security provided by this scheme can be a vital aspect in protecting any application running on mobile devices that are increasingly used to perform business/financial or other security related applications, but are easily lost or stolen. The scheme starts by creating a personalised copy of any application based on the biometric key generated during an enrolment process with the authenticator as well as a nuance created at the time of communication between the client and the authenticator. The obfuscated code is then shipped to the client's mobile devise and integrated with real-time biometric extracted data of the client to form the unlocking key during execution. The novelty of this scheme is achieved by the close binding of this application program to the biometric key of the client, thus making this application unusable for others. Trials and experimental results on biometric key generation, based on client's faces, and an implemented scheme prototype, based on the Android emulator, prove the concept and novelty of this proposed scheme.

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments

PubMed Central

Huang, Yuanfei; Ma, Fangchao

2017-01-01

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.’s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.’s scheme still has weaknesses. In this paper, we show that Moon et al.’s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient. PMID:29121050

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments.

PubMed

Guo, Hua; Wang, Pei; Zhang, Xiyong; Huang, Yuanfei; Ma, Fangchao

2017-01-01

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.'s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.'s scheme still has weaknesses. In this paper, we show that Moon et al.'s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient.

Safe and Secure Services Based on NGN

NASA Astrophysics Data System (ADS)

Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography

PubMed Central

Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

2016-01-01

Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols. PMID:27163786

Password Cracking Using Sony Playstations

NASA Astrophysics Data System (ADS)

Kleinhans, Hugo; Butts, Jonathan; Shenoi, Sujeet

Law enforcement agencies frequently encounter encrypted digital evidence for which the cryptographic keys are unknown or unavailable. Password cracking - whether it employs brute force or sophisticated cryptanalytic techniques - requires massive computational resources. This paper evaluates the benefits of using the Sony PlayStation 3 (PS3) to crack passwords. The PS3 offers massive computational power at relatively low cost. Moreover, multiple PS3 systems can be introduced easily to expand parallel processing when additional power is needed. This paper also describes a distributed framework designed to enable law enforcement agents to crack encrypted archives and applications in an efficient and cost-effective manner.

Deterrence of device counterfeiting, cloning, and subversion by substitution using hardware fingerprinting

DOEpatents

Hamlet, Jason R; Bauer, Todd M; Pierson, Lyndon G

2014-09-30

Deterrence of device subversion by substitution may be achieved by including a cryptographic fingerprint unit within a computing device for authenticating a hardware platform of the computing device. The cryptographic fingerprint unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware platform. The PUF circuit is used to generate a PUF value. A key generator is coupled to generate a private key and a public key based on the PUF value while a decryptor is coupled to receive an authentication challenge posed to the computing device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

An optical authentication system based on imaging of excitation-selected lanthanide luminescence.

PubMed

Carro-Temboury, Miguel R; Arppe, Riikka; Vosch, Tom; Sørensen, Thomas Just

2018-01-01

Secure data encryption relies heavily on one-way functions, and copy protection relies on features that are difficult to reproduce. We present an optical authentication system based on lanthanide luminescence from physical one-way functions or physical unclonable functions (PUFs). They cannot be reproduced and thus enable unbreakable encryption. Further, PUFs will prevent counterfeiting if tags with unique PUFs are grafted onto products. We have developed an authentication system that comprises a hardware reader, image analysis, and authentication software and physical keys that we demonstrate as an anticounterfeiting system. The physical keys are PUFs made from random patterns of taggants in polymer films on glass that can be imaged following selected excitation of particular lanthanide(III) ions doped into the individual taggants. This form of excitation-selected imaging ensures that by using at least two lanthanide(III) ion dopants, the random patterns cannot be copied, because the excitation selection will fail when using any other emitter. With the developed reader and software, the random patterns are read and digitized, which allows a digital pattern to be stored. This digital pattern or digital key can be used to authenticate the physical key in anticounterfeiting or to encrypt any message. The PUF key was produced with a staggering nominal encoding capacity of 7 3600 . Although the encoding capacity of the realized authentication system reduces to 6 × 10 104 , it is more than sufficient to completely preclude counterfeiting of products.

Enhancing Heart-Beat-Based Security for mHealth Applications.

PubMed

Seepers, Robert M; Strydis, Christos; Sourdis, Ioannis; De Zeeuw, Chris I

2017-01-01

In heart-beat-based security, a security key is derived from the time difference between consecutive heart beats (the inter-pulse interval, IPI), which may, subsequently, be used to enable secure communication. While heart-beat-based security holds promise in mobile health (mHealth) applications, there currently exists no work that provides a detailed characterization of the delivered security in a real system. In this paper, we evaluate the strength of IPI-based security keys in the context of entity authentication. We investigate several aspects that should be considered in practice, including subjects with reduced heart-rate variability (HRV), different sensor-sampling frequencies, intersensor variability (i.e., how accurate each entity may measure heart beats) as well as average and worst-case-authentication time. Contrary to the current state of the art, our evaluation demonstrates that authentication using multiple, less-entropic keys may actually increase the key strength by reducing the effects of intersensor variability. Moreover, we find that the maximal key strength of a 60-bit key varies between 29.2 bits and only 5.7 bits, depending on the subject's HRV. To improve security, we introduce the inter-multi-pulse interval (ImPI), a novel method of extracting entropy from the heart by considering the time difference between nonconsecutive heart beats. Given the same authentication time, using the ImPI for key generation increases key strength by up to 3.4 × (+19.2 bits) for subjects with limited HRV, at the cost of an extended key-generation time of 4.8 × (+45 s).

A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks

PubMed Central

Wang, Changji; Yuan, Yuan; Wu, Jiayuan

2017-01-01

Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication. PMID:28632171

A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks.

PubMed

Wang, Changji; Yuan, Yuan; Wu, Jiayuan

2017-06-20

Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication.

Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

PubMed

Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

PubMed

Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Robust general N user authentication scheme in a centralized quantum communication network via generalized GHZ states

NASA Astrophysics Data System (ADS)

Farouk, Ahmed; Batle, J.; Elhoseny, M.; Naseri, Mosayeb; Lone, Muzaffar; Fedorov, Alex; Alkhambashi, Majid; Ahmed, Syed Hassan; Abdel-Aty, M.

2018-04-01

Quantum communication provides an enormous advantage over its classical counterpart: security of communications based on the very principles of quantum mechanics. Researchers have proposed several approaches for user identity authentication via entanglement. Unfortunately, these protocols fail because an attacker can capture some of the particles in a transmitted sequence and send what is left to the receiver through a quantum channel. Subsequently, the attacker can restore some of the confidential messages, giving rise to the possibility of information leakage. Here we present a new robust General N user authentication protocol based on N-particle Greenberger-Horne-Zeilinger (GHZ) states, which makes eavesdropping detection more effective and secure, as compared to some current authentication protocols. The security analysis of our protocol for various kinds of attacks verifies that it is unconditionally secure, and that an attacker will not obtain any information about the transmitted key. Moreover, as the number of transferred key bits N becomes larger, while the number of users for transmitting the information is increased, the probability of effectively obtaining the transmitted authentication keys is reduced to zero.

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme.

PubMed

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

Optical information authentication using compressed double-random-phase-encoded images and quick-response codes.

PubMed

Wang, Xiaogang; Chen, Wen; Chen, Xudong

2015-03-09

In this paper, we develop a new optical information authentication system based on compressed double-random-phase-encoded images and quick-response (QR) codes, where the parameters of optical lightwave are used as keys for optical decryption and the QR code is a key for verification. An input image attached with QR code is first optically encoded in a simplified double random phase encoding (DRPE) scheme without using interferometric setup. From the single encoded intensity pattern recorded by a CCD camera, a compressed double-random-phase-encoded image, i.e., the sparse phase distribution used for optical decryption, is generated by using an iterative phase retrieval technique with QR code. We compare this technique to the other two methods proposed in literature, i.e., Fresnel domain information authentication based on the classical DRPE with holographic technique and information authentication based on DRPE and phase retrieval algorithm. Simulation results show that QR codes are effective on improving the security and data sparsity of optical information encryption and authentication system.

A novel chaotic stream cipher and its application to palmprint template protection

NASA Astrophysics Data System (ADS)

Li, Heng-Jian; Zhang, Jia-Shu

2010-04-01

Based on a coupled nonlinear dynamic filter (NDF), a novel chaotic stream cipher is presented in this paper and employed to protect palmprint templates. The chaotic pseudorandom bit generator (PRBG) based on a coupled NDF, which is constructed in an inverse flow, can generate multiple bits at one iteration and satisfy the security requirement of cipher design. Then, the stream cipher is employed to generate cancelable competitive code palmprint biometrics for template protection. The proposed cancelable palmprint authentication system depends on two factors: the palmprint biometric and the password/token. Therefore, the system provides high-confidence and also protects the user's privacy. The experimental results of verification on the Hong Kong PolyU Palmprint Database show that the proposed approach has a large template re-issuance ability and the equal error rate can achieve 0.02%. The performance of the palmprint template protection scheme proves the good practicability and security of the proposed stream cipher.

Secure ADS-B authentication system and method

NASA Technical Reports Server (NTRS)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

Attacks on quantum key distribution protocols that employ non-ITS authentication

NASA Astrophysics Data System (ADS)

Pacher, C.; Abidin, A.; Lorünser, T.; Peev, M.; Ursin, R.; Zeilinger, A.; Larsson, J.-Å.

2016-01-01

We demonstrate how adversaries with large computing resources can break quantum key distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not information-theoretically secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced, it was shown to prevent straightforward man-in-the-middle (MITM) attacks against QKD protocols. In this paper, we prove that the set of messages that collide with any given message under this authentication code contains with high probability a message that has small Hamming distance to any other given message. Based on this fact, we present extended MITM attacks against different versions of BB84 QKD protocols using the addressed authentication code; for three protocols, we describe every single action taken by the adversary. For all protocols, the adversary can obtain complete knowledge of the key, and for most protocols her success probability in doing so approaches unity. Since the attacks work against all authentication methods which allow to calculate colliding messages, the underlying building blocks of the presented attacks expose the potential pitfalls arising as a consequence of non-ITS authentication in QKD post-processing. We propose countermeasures, increasing the eavesdroppers demand for computational power, and also prove necessary and sufficient conditions for upgrading the discussed authentication code to the ITS level.

Privacy-protected biometric templates: acoustic ear identification

NASA Astrophysics Data System (ADS)

Tuyls, Pim T.; Verbitskiy, Evgeny; Ignatenko, Tanya; Schobben, Daniel; Akkermans, Ton H.

2004-08-01

Unique Biometric Identifiers offer a very convenient way for human identification and authentication. In contrast to passwords they have hence the advantage that they can not be forgotten or lost. In order to set-up a biometric identification/authentication system, reference data have to be stored in a central database. As biometric identifiers are unique for a human being, the derived templates comprise unique, sensitive and therefore private information about a person. This is why many people are reluctant to accept a system based on biometric identification. Consequently, the stored templates have to be handled with care and protected against misuse [1, 2, 3, 4, 5, 6]. It is clear that techniques from cryptography can be used to achieve privacy. However, as biometric data are noisy, and cryptographic functions are by construction very sensitive to small changes in their input, and hence one can not apply those crypto techniques straightforwardly. In this paper we show the feasibility of the techniques developed in [5], [6] by applying them to experimental biometric data. As biometric identifier we have choosen the shape of the inner ear-canal, which is obtained by measuring the headphone-to-ear-canal Transfer Functions (HpTFs) which are known to be person dependent [7].

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

PubMed Central

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-01-01

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

PubMed

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

PubMed Central

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

PubMed

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

A novel, privacy-preserving cryptographic approach for sharing sequencing data

PubMed Central

Cassa, Christopher A; Miller, Rachel A; Mandl, Kenneth D

2013-01-01

Objective DNA samples are often processed and sequenced in facilities external to the point of collection. These samples are routinely labeled with patient identifiers or pseudonyms, allowing for potential linkage to identity and private clinical information if intercepted during transmission. We present a cryptographic scheme to securely transmit externally generated sequence data which does not require any patient identifiers, public key infrastructure, or the transmission of passwords. Materials and methods This novel encryption scheme cryptographically protects participant sequence data using a shared secret key that is derived from a unique subset of an individual’s genetic sequence. This scheme requires access to a subset of an individual’s genetic sequence to acquire full access to the transmitted sequence data, which helps to prevent sample mismatch. Results We validate that the proposed encryption scheme is robust to sequencing errors, population uniqueness, and sibling disambiguation, and provides sufficient cryptographic key space. Discussion Access to a set of an individual’s genotypes and a mutually agreed cryptographic seed is needed to unlock the full sequence, which provides additional sample authentication and authorization security. We present modest fixed and marginal costs to implement this transmission architecture. Conclusions It is possible for genomics researchers who sequence participant samples externally to protect the transmission of sequence data using unique features of an individual’s genetic sequence. PMID:23125421

Discussion and a new method of optical cryptosystem based on interference

NASA Astrophysics Data System (ADS)

Lu, Dajiang; He, Wenqi; Liao, Meihua; Peng, Xiang

2017-02-01

A discussion and an objective security analysis of the well-known optical image encryption based on interference are presented in this paper. A new method is also proposed to eliminate the security risk of the original cryptosystem. For a possible practical application, we expand this new method into a hierarchical authentication scheme. In this authentication system, with a pre-generated and fixed random phase lock, different target images indicating different authentication levels are analytically encoded into corresponding phase-only masks (phase keys) and amplitude-only masks (amplitude keys). For the authentication process, a legal user can obtain a specified target image at the output plane if his/her phase key, and amplitude key, which should be settled close against the fixed internal phase lock, are respectively illuminated by two coherent beams. By comparing the target image with all the standard certification images in the database, the system can thus verify the user's legality even his/her identity level. Moreover, in despite of the internal phase lock of this system being fixed, the crosstalk between different pairs of keys held by different users is low. Theoretical analysis and numerical simulation are both provided to demonstrate the validity of this method.

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks.

PubMed

Kim, Ki-Wook; Han, Youn-Hee; Min, Sung-Gi

2017-09-21

Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism.

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks

PubMed Central

Han, Youn-Hee; Min, Sung-Gi

2017-01-01

Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism. PMID:28934152

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme

PubMed Central

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks. PMID:26866606

Continuous QKD and high speed data encryption

NASA Astrophysics Data System (ADS)

Zbinden, Hugo; Walenta, Nino; Guinnard, Olivier; Houlmann, Raphael; Wen, Charles Lim Ci; Korzh, Boris; Lunghi, Tommaso; Gisin, Nicolas; Burg, Andreas; Constantin, Jeremy; Legré, Matthieu; Trinkler, Patrick; Caselunghe, Dario; Kulesza, Natalia; Trolliet, Gregory; Vannel, Fabien; Junod, Pascal; Auberson, Olivier; Graf, Yoan; Curchod, Gilles; Habegger, Gilles; Messerli, Etienne; Portmann, Christopher; Henzen, Luca; Keller, Christoph; Pendl, Christian; Mühlberghuber, Michael; Roth, Christoph; Felber, Norbert; Gürkaynak, Frank; Schöni, Daniel; Muheim, Beat

2013-10-01

We present the results of a Swiss project dedicated to the development of high speed quantum key distribution and data encryption. The QKD engine features fully automated key exchange, hardware key distillation based on finite key security analysis, efficient authentication and wavelength division multiplexing of the quantum and the classical channel and one-time pas encryption. The encryption device allows authenticated symmetric key encryption (e.g AES) at rates of up to 100 Gb/s. A new quantum key can uploaded up to 1000 times second from the QKD engine.

Multicast Delayed Authentication For Streaming Synchrophasor Data in the Smart Grid

PubMed Central

Câmara, Sérgio; Anand, Dhananjay; Pillitteri, Victoria; Carmo, Luiz

2017-01-01

Multicast authentication of synchrophasor data is challenging due to the design requirements of Smart Grid monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf -TESLA, Infinite Timed Efficient Stream Loss-tolerant Authentication, a multicast delayed authentication protocol for communication links used to stream synchrophasor data for wide area control of electric power networks. Our approach is based on the authentication protocol TESLA but is augmented to accommodate high frequency transmissions of unbounded length. inf TESLA protocol utilizes the Dual Offset Key Chains mechanism to reduce authentication delay and computational cost associated with key chain commitment. We provide a description of the mechanism using two different modes for disclosing keys and demonstrate its security against a man-in-the-middle attack attempt. We compare our approach against the TESLA protocol in a 2-day simulation scenario, showing a reduction of 15.82% and 47.29% in computational cost, sender and receiver respectively, and a cumulative reduction in the communication overhead. PMID:28736582

Multicast Delayed Authentication For Streaming Synchrophasor Data in the Smart Grid.

PubMed

Câmara, Sérgio; Anand, Dhananjay; Pillitteri, Victoria; Carmo, Luiz

2016-01-01

Multicast authentication of synchrophasor data is challenging due to the design requirements of Smart Grid monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf -TESLA, Infinite Timed Efficient Stream Loss-tolerant Authentication, a multicast delayed authentication protocol for communication links used to stream synchrophasor data for wide area control of electric power networks. Our approach is based on the authentication protocol TESLA but is augmented to accommodate high frequency transmissions of unbounded length. inf TESLA protocol utilizes the Dual Offset Key Chains mechanism to reduce authentication delay and computational cost associated with key chain commitment. We provide a description of the mechanism using two different modes for disclosing keys and demonstrate its security against a man-in-the-middle attack attempt. We compare our approach against the TESLA protocol in a 2-day simulation scenario, showing a reduction of 15.82% and 47.29% in computational cost, sender and receiver respectively, and a cumulative reduction in the communication overhead.

Making "Community" an Authentic Part of School and Community Partnerships. Chapin Hall Discussion Paper

ERIC Educational Resources Information Center

Walker, Lisa; Smithgall, Cheryl; Cusick, Gretchen Ruth

2012-01-01

With the idea that schools in low-income urban areas require stronger communities to improve educational outcomes, this discussion paper examines questions related to the authentic engagement of communities in school and community partnerships. It presents three key ideas for considering authentic engagement: place-based policy, community-based…

CELLPEDIA: a repository for human cell information for cell studies and differentiation analyses.

PubMed

Hatano, Akiko; Chiba, Hirokazu; Moesa, Harry Amri; Taniguchi, Takeaki; Nagaie, Satoshi; Yamanegi, Koji; Takai-Igarashi, Takako; Tanaka, Hiroshi; Fujibuchi, Wataru

2011-01-01

CELLPEDIA is a repository database for current knowledge about human cells. It contains various types of information, such as cell morphologies, gene expression and literature references. The major role of CELLPEDIA is to provide a digital dictionary of human cells for the biomedical field, including support for the characterization of artificially generated cells in regenerative medicine. CELLPEDIA features (i) its own cell classification scheme, in which whole human cells are classified by their physical locations in addition to conventional taxonomy; and (ii) cell differentiation pathways compiled from biomedical textbooks and journal papers. Currently, human differentiated cells and stem cells are classified into 2260 and 66 cell taxonomy keys, respectively, from which 934 parent-child relationships reported in cell differentiation or transdifferentiation pathways are retrievable. As far as we know, this is the first attempt to develop a digital cell bank to function as a public resource for the accumulation of current knowledge about human cells. The CELLPEDIA homepage is freely accessible except for the data submission pages that require authentication (please send a password request to cell-info@cbrc.jp). Database URL: http://cellpedia.cbrc.jp/

Application-level regression testing framework using Jenkins

DOE PAGES

Budiardja, Reuben; Bouvet, Timothy; Arnold, Galen

2017-09-26

Monitoring and testing for regression of large-scale systems such as the NCSA's Blue Waters supercomputer are challenging tasks. In this paper, we describe the solution we came up with to perform those tasks. The goal was to find an automated solution for running user-level regression tests to evaluate system usability and performance. Jenkins, an automation server software, was chosen for its versatility, large user base, and multitude of plugins including collecting data and plotting test results over time. We also describe our Jenkins deployment to launch and monitor jobs on remote HPC system, perform authentication with one-time password, and integratemore » with our LDAP server for its authorization. We show some use cases and describe our best practices for successfully using Jenkins as a user-level system-wide regression testing and monitoring framework for large supercomputer systems.« less

Application-level regression testing framework using Jenkins

DOE Office of Scientific and Technical Information (OSTI.GOV)

Budiardja, Reuben; Bouvet, Timothy; Arnold, Galen

Monitoring and testing for regression of large-scale systems such as the NCSA's Blue Waters supercomputer are challenging tasks. In this paper, we describe the solution we came up with to perform those tasks. The goal was to find an automated solution for running user-level regression tests to evaluate system usability and performance. Jenkins, an automation server software, was chosen for its versatility, large user base, and multitude of plugins including collecting data and plotting test results over time. We also describe our Jenkins deployment to launch and monitor jobs on remote HPC system, perform authentication with one-time password, and integratemore » with our LDAP server for its authorization. We show some use cases and describe our best practices for successfully using Jenkins as a user-level system-wide regression testing and monitoring framework for large supercomputer systems.« less

Secure and Privacy Enhanced Gait Authentication on Smart Phone

PubMed Central

Choi, Deokjai

2014-01-01

Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

MPI Enhancements in John the Ripper

NASA Astrophysics Data System (ADS)

Sykes, Edward R.; Lin, Michael; Skoczen, Wesley

2010-11-01

John the Ripper (JtR) is an open source software package commonly used by system administrators to enforce password policy. JtR is designed to attack (i.e., crack) passwords encrypted in a wide variety of commonly used formats. While parallel implementations of JtR exist, there are several limitations to them. This research reports on two distinct algorithms that enhance this password cracking tool using the Message Passing Interface. The first algorithm is a novel approach that uses numerous processors to crack one password by using an innovative approach to workload distribution. In this algorithm the candidate password is distributed to all participating processors and the word list is divided based on probability so that each processor has the same likelihood of cracking the password while eliminating overlapping operations. The second algorithm developed in this research involves dividing the passwords within a password file equally amongst available processors while ensuring load-balanced and fault-tolerant behavior. This paper describes John the Ripper, the design of these two algorithms and preliminary results. Given the same amount of time, the original JtR can crack 29 passwords, whereas our algorithms 1 and 2 can crack an additional 35 and 45 passwords respectively.

The construction of a public key infrastructure for healthcare information networks in Japan.

PubMed

Sakamoto, N

2001-01-01

The digital signature is a key technology in the forthcoming Internet society for electronic healthcare as well as for electronic commerce. Efficient exchanges of authorized information with a digital signature in healthcare information networks require a construction of a public key infrastructure (PKI). In order to introduce a PKI to healthcare information networks in Japan, we proposed a development of a user authentication system based on a PKI for user management, user authentication and privilege management of healthcare information systems. In this paper, we describe the design of the user authentication system and its implementation. The user authentication system provides a certification authority service and a privilege management service while it is comprised of a user authentication client and user authentication serves. It is designed on a basis of an X.509 PKI and is implemented with using OpenSSL and OpenLDAP. It was incorporated into the financial information management system for the national university hospitals and has been successfully working for about one year. The hospitals plan to use it as a user authentication method for their whole healthcare information systems. One implementation of the system is free to the national university hospitals with permission of the Japanese Ministry of Education, Culture, Sports, Science and Technology. Another implementation is open to the other healthcare institutes by support of the Medical Information System Development Center (MEDIS-DC). We are moving forward to a nation-wide construction of a PKI for healthcare information networks based on it.

Quantum key distribution using card, base station and trusted authority

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nordholt, Jane E.; Hughes, Richard John; Newell, Raymond Thorson

Techniques and tools for quantum key distribution ("QKD") between a quantum communication ("QC") card, base station and trusted authority are described herein. In example implementations, a QC card contains a miniaturized QC transmitter and couples with a base station. The base station provides a network connection with the trusted authority and can also provide electric power to the QC card. When coupled to the base station, after authentication by the trusted authority, the QC card acquires keys through QKD with a trust authority. The keys can be used to set up secure communication, for authentication, for access control, or formore » other purposes. The QC card can be implemented as part of a smart phone or other mobile computing device, or the QC card can be used as a fillgun for distribution of the keys.« less

Quantum key distribution using card, base station and trusted authority

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nordholt, Jane Elizabeth; Hughes, Richard John; Newell, Raymond Thorson

Techniques and tools for quantum key distribution ("QKD") between a quantum communication ("QC") card, base station and trusted authority are described herein. In example implementations, a QC card contains a miniaturized QC transmitter and couples with a base station. The base station provides a network connection with the trusted authority and can also provide electric power to the QC card. When coupled to the base station, after authentication by the trusted authority, the QC card acquires keys through QKD with a trusted authority. The keys can be used to set up secure communication, for authentication, for access control, or formore » other purposes. The QC card can be implemented as part of a smart phone or other mobile computing device, or the QC card can be used as a fillgun for distribution of the keys.« less

Image encryption using fingerprint as key based on phase retrieval algorithm and public key cryptography

NASA Astrophysics Data System (ADS)

Zhao, Tieyu; Ran, Qiwen; Yuan, Lin; Chi, Yingying; Ma, Jing

2015-09-01

In this paper, a novel image encryption system with fingerprint used as a secret key is proposed based on the phase retrieval algorithm and RSA public key algorithm. In the system, the encryption keys include the fingerprint and the public key of RSA algorithm, while the decryption keys are the fingerprint and the private key of RSA algorithm. If the users share the fingerprint, then the system will meet the basic agreement of asymmetric cryptography. The system is also applicable for the information authentication. The fingerprint as secret key is used in both the encryption and decryption processes so that the receiver can identify the authenticity of the ciphertext by using the fingerprint in decryption process. Finally, the simulation results show the validity of the encryption scheme and the high robustness against attacks based on the phase retrieval technique.

What's in a Name?

NASA Astrophysics Data System (ADS)

Bonneau, Joseph; Just, Mike; Matthews, Greg

We study the efficiency of statistical attacks on human authentication systems relying on personal knowledge questions. We adapt techniques from guessing theory to measure security against a trawling attacker attempting to compromise a large number of strangers' accounts. We then examine a diverse corpus of real-world statistical distributions for likely answer categories such as the names of people, pets, and places and find that personal knowledge questions are significantly less secure than graphical or textual passwords. We also demonstrate that statistics can be used to increase security by proactively shaping the answer distribution to lower the prevalence of common responses.

Hacker tracking Security system for HMI

NASA Astrophysics Data System (ADS)

Chauhan, Rajeev Kumar

2011-12-01

Conventional Supervisory control and data Acquisition (SCADA) systems use PC, notebook, thin client, and PDA as a Client. Nowadays the Process Industries are following multi shift system that's why multi- client of different category have to work at a single human Machine Interface (HMI). They may hack the HMI Display and change setting of the other client. This paper introduces a Hacker tracking security (HTS) System for HMI. This is developed by using the conventional and Biometric authentication. HTS system is developed by using Numeric passwords, Smart card, biometric, blood flow and Finger temperature. This work is also able to identify the hackers.

Optical authentication based on moiré effect of nonlinear gratings in phase space

NASA Astrophysics Data System (ADS)

Liao, Meihua; He, Wenqi; Wu, Jiachen; Lu, Dajiang; Liu, Xiaoli; Peng, Xiang

2015-12-01

An optical authentication scheme based on the moiré effect of nonlinear gratings in phase space is proposed. According to the phase function relationship of the moiré effect in phase space, an arbitrary authentication image can be encoded into two nonlinear gratings which serve as the authentication lock (AL) and the authentication key (AK). The AL is stored in the authentication system while the AK is assigned to the authorized user. The authentication procedure can be performed using an optoelectronic approach, while the design process is accomplished by a digital approach. Furthermore, this optical authentication scheme can be extended for multiple users with different security levels. The proposed scheme can not only verify the legality of a user identity, but can also discriminate and control the security levels of legal users. Theoretical analysis and simulation experiments are provided to verify the feasibility and effectiveness of the proposed scheme.

Biometrics: Accessibility challenge or opportunity?

PubMed

Blanco-Gonzalo, Ramon; Lunerti, Chiara; Sanchez-Reillo, Raul; Guest, Richard Michael

2018-01-01

Biometric recognition is currently implemented in several authentication contexts, most recently in mobile devices where it is expected to complement or even replace traditional authentication modalities such as PIN (Personal Identification Number) or passwords. The assumed convenience characteristics of biometrics are transparency, reliability and ease-of-use, however, the question of whether biometric recognition is as intuitive and straightforward to use is open to debate. Can biometric systems make some tasks easier for people with accessibility concerns? To investigate this question, an accessibility evaluation of a mobile app was conducted where test subjects withdraw money from a fictitious ATM (Automated Teller Machine) scenario. The biometric authentication mechanisms used include face, voice, and fingerprint. Furthermore, we employed traditional modalities of PIN and pattern in order to check if biometric recognition is indeed a real improvement. The trial test subjects within this work were people with real-life accessibility concerns. A group of people without accessibility concerns also participated, providing a baseline performance. Experimental results are presented concerning performance, HCI (Human-Computer Interaction) and accessibility, grouped according to category of accessibility concern. Our results reveal links between individual modalities and user category establishing guidelines for future accessible biometric products.

Biometrics: Accessibility challenge or opportunity?

PubMed Central

Lunerti, Chiara; Sanchez-Reillo, Raul; Guest, Richard Michael

2018-01-01

Biometric recognition is currently implemented in several authentication contexts, most recently in mobile devices where it is expected to complement or even replace traditional authentication modalities such as PIN (Personal Identification Number) or passwords. The assumed convenience characteristics of biometrics are transparency, reliability and ease-of-use, however, the question of whether biometric recognition is as intuitive and straightforward to use is open to debate. Can biometric systems make some tasks easier for people with accessibility concerns? To investigate this question, an accessibility evaluation of a mobile app was conducted where test subjects withdraw money from a fictitious ATM (Automated Teller Machine) scenario. The biometric authentication mechanisms used include face, voice, and fingerprint. Furthermore, we employed traditional modalities of PIN and pattern in order to check if biometric recognition is indeed a real improvement. The trial test subjects within this work were people with real-life accessibility concerns. A group of people without accessibility concerns also participated, providing a baseline performance. Experimental results are presented concerning performance, HCI (Human-Computer Interaction) and accessibility, grouped according to category of accessibility concern. Our results reveal links between individual modalities and user category establishing guidelines for future accessible biometric products. PMID:29565989

Security and privacy in electronic health records: a systematic literature review.

PubMed

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright © 2013 Elsevier Inc. All rights reserved.

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network

PubMed Central

Rajagopalan, S. P.

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network. PMID:29040290

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

PubMed

Alagarsamy, Sumithra; Rajagopalan, S P

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Method and system for source authentication in group communications

NASA Technical Reports Server (NTRS)

Roy-Chowdhury, Ayan (Inventor); Baras, John S. (Inventor)

2013-01-01

A method and system for authentication is provided. A central node for issuing certificates to a plurality of nodes associated with the central node in a network is also provided. The central node receives a first key from at least one node from among the plurality of nodes and generates a second key based on the received first key and generates a certificate for the at least one node. The generated certificate is transmitted to the at least one node.

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme.

PubMed

Zhang, Liping; Zhu, Shaohui; Tang, Shanyu

2017-03-01

Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.

27 CFR 73.12 - What security controls must I use for identification codes and passwords?

Code of Federal Regulations, 2010 CFR

2010-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2010-04-01 2010-04-01 false What security controls... controls must I use for identification codes and passwords? If you use electronic signatures based upon use of identification codes in combination with passwords, you must employ controls to ensure their...

Implications of What Children Know about Computer Passwords

ERIC Educational Resources Information Center

Coggins, Porter E.

2013-01-01

The purpose of this article is to present several implications and recommendations regarding what elementary school children, aged 9-12 years, know about computer passwords and what they know about why computer passwords are important. Student knowledge can then be used to make relevant curriculum decisions based in conjunction with applicable…

Cryptographic framework for document-objects resulting from multiparty collaborative transactions.

PubMed

Goh, A

2000-01-01

Multiparty transactional frameworks--i.e. Electronic Data Interchange (EDI) or Health Level (HL) 7--often result in composite documents which can be accurately modelled using hyperlinked document-objects. The structural complexity arising from multiauthor involvement and transaction-specific sequencing would be poorly handled by conventional digital signature schemes based on a single evaluation of a one-way hash function and asymmetric cryptography. In this paper we outline the generation of structure-specific authentication hash-trees for the the authentication of transactional document-objects, followed by asymmetric signature generation on the hash-tree value. Server-side multi-client signature verification would probably constitute the single most compute-intensive task, hence the motivation for our usage of the Rabin signature protocol which results in significantly reduced verification workloads compared to the more commonly applied Rivest-Shamir-Adleman (RSA) protocol. Data privacy is handled via symmetric encryption of message traffic using session-specific keys obtained through key-negotiation mechanisms based on discrete-logarithm cryptography. Individual client-to-server channels can be secured using a double key-pair variation of Diffie-Hellman (DH) key negotiation, usage of which also enables bidirectional node authentication. The reciprocal server-to-client multicast channel is secured through Burmester-Desmedt (BD) key-negotiation which enjoys significant advantages over the usual multiparty extensions to the DH protocol. The implementation of hash-tree signatures and bi/multidirectional key negotiation results in a comprehensive cryptographic framework for multiparty document-objects satisfying both authentication and data privacy requirements.

Graph State-Based Quantum Group Authentication Scheme

NASA Astrophysics Data System (ADS)

Liao, Longxia; Peng, Xiaoqi; Shi, Jinjing; Guo, Ying

2017-02-01

Motivated by the elegant structure of the graph state, we design an ingenious quantum group authentication scheme, which is implemented by operating appropriate operations on the graph state and can solve the problem of multi-user authentication. Three entities, the group authentication server (GAS) as a verifier, multiple users as provers and the trusted third party Trent are included. GAS and Trent assist the multiple users in completing the authentication process, i.e., GAS is responsible for registering all the users while Trent prepares graph states. All the users, who request for authentication, encode their authentication keys on to the graph state by performing Pauli operators. It demonstrates that a novel authentication scheme can be achieved with the flexible use of graph state, which can synchronously authenticate a large number of users, meanwhile the provable security can be guaranteed definitely.

Development of authentication code for multi-access optical code division multiplexing based quantum key distribution

NASA Astrophysics Data System (ADS)

Taiwo, Ambali; Alnassar, Ghusoon; Bakar, M. H. Abu; Khir, M. F. Abdul; Mahdi, Mohd Adzir; Mokhtar, M.

2018-05-01

One-weight authentication code for multi-user quantum key distribution (QKD) is proposed. The code is developed for Optical Code Division Multiplexing (OCDMA) based QKD network. A unique address assigned to individual user, coupled with degrading probability of predicting the source of the qubit transmitted in the channel offer excellent secure mechanism against any form of channel attack on OCDMA based QKD network. Flexibility in design as well as ease of modifying the number of users are equally exceptional quality presented by the code in contrast to Optical Orthogonal Code (OOC) earlier implemented for the same purpose. The code was successfully applied to eight simultaneous users at effective key rate of 32 bps over 27 km transmission distance.

Encryption Characteristics of Two USB-based Personal Health Record Devices

PubMed Central

Wright, Adam; Sittig, Dean F.

2007-01-01

Personal health records (PHRs) hold great promise for empowering patients and increasing the accuracy and completeness of health information. We reviewed two small USB-based PHR devices that allow a patient to easily store and transport their personal health information. Both devices offer password protection and encryption features. Analysis of the devices shows that they store their data in a Microsoft Access database. Due to a flaw in the encryption of this database, recovering the user’s password can be accomplished with minimal effort. Our analysis also showed that, rather than encrypting health information with the password chosen by the user, the devices stored the user’s password as a string in the database and then encrypted that database with a common password set by the manufacturer. This is another serious vulnerability. This article describes the weaknesses we discovered, outlines three critical flaws with the security model used by the devices, and recommends four guidelines for improving the security of similar devices. PMID:17460132

Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

PubMed Central

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-01-01

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs. PMID:24919012

Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

PubMed

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-06-10

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem.

PubMed

Zhao, Zhenguo

2014-05-01

With the fast advancement of the wireless communication technology and the widespread use of medical systems, the radio frequency identification (RFID) technology has been widely used in healthcare environments. As the first important protocol for ensuring secure communication in healthcare environment, the RFID authentication protocols derive more and more attentions. Most of RFID authentication protocols are based on hash function or symmetric cryptography. To get more security properties, elliptic curve cryptosystem (ECC) has been used in the design of RFID authentication protocol. Recently, Liao and Hsiao proposed a new RFID authentication protocol using ECC and claimed their protocol could withstand various attacks. In this paper, we will show that their protocol suffers from the key compromise problem, i.e. an adversary could get the private key stored in the tag. To enhance the security, we propose a new RFID authentication protocol using ECC. Detailed analysis shows the proposed protocol not only could overcome weaknesses in Liao and Hsiao's protocol but also has the same performance. Therefore, it is more suitable for healthcare environments.

Fast and secure handover of intra-ASN IEEE802.16 network by proposed certificate based pre-authentication

NASA Astrophysics Data System (ADS)

Sridevi, B.; Supriya, T. S.; Rajaram, S.

2013-01-01

The current generation of wireless networks has been designed predominantly to support voice and more recently data traffic. WiMAX is currently one of the hottest technologies in wireless. The main motive of the mobile technologies is to provide seamless cost effective mobility. But this is affected by Authentication cost and handover delay since on each handoff the Mobile Station (MS) has to undergo all steps of authentication. Pre-Authentication is used to reduce the handover delay and increase the speed of the Intra-ASN Handover. Proposed Pre-Authentication method is intended to reduce the authentication delay by getting pre authenticated by central authority called Pre Authentication Authority (PAA). MS requests PAA for Pre Authentication Certificate (PAC) before performing handoff. PAA verifies the identity of MS and provides PAC to MS and also to the neighboring target Base Stations (tBSs). MS having time bound PAC can skip the authentication process when recognized by target BS during handoff. It also prevents the DOS (Denial Of Service) attack and Replay attack. It has no wastage of unnecessary key exchange of the resources. The proposed work is simulated by NS2 model and by MATLAB.

PBL: An Evaluation of the Effectiveness of Authentic Problem-Based Learning (aPBL)

ERIC Educational Resources Information Center

Woods, Donald R.

2012-01-01

Many different versions of Problem-based Learning (PBL) are used today. To be consistent in evaluating the effectiveness of PBL, the focus in this paper is on what Howard Barrows called authentic PBL (aPBL). In aPBL students are empowered with the learning process; key distinguishing features are that the students teach each other the new…

Secured Hash Based Burst Header Authentication Design for Optical Burst Switched Networks

NASA Astrophysics Data System (ADS)

Balamurugan, A. M.; Sivasubramanian, A.; Parvathavarthini, B.

2017-12-01

The optical burst switching (OBS) is a promising technology that could meet the fast growing network demand. They are featured with the ability to meet the bandwidth requirement of applications that demand intensive bandwidth. OBS proves to be a satisfactory technology to tackle the huge bandwidth constraints, but suffers from security vulnerabilities. The objective of this proposed work is to design a faster and efficient burst header authentication algorithm for core nodes. There are two important key features in this work, viz., header encryption and authentication. Since the burst header is an important in optical burst switched network, it has to be encrypted; otherwise it is be prone to attack. The proposed MD5&RC4-4S based burst header authentication algorithm runs 20.75 ns faster than the conventional algorithms. The modification suggested in the proposed RC4-4S algorithm gives a better security and solves the correlation problems between the publicly known outputs during key generation phase. The modified MD5 recommended in this work provides 7.81 % better avalanche effect than the conventional algorithm. The device utilization result also shows the suitability of the proposed algorithm for header authentication in real time applications.

Automated secured cost effective key refreshing technique to enhance WiMAX privacy key management

NASA Astrophysics Data System (ADS)

Sridevi, B.; Sivaranjani, S.; Rajaram, S.

2013-01-01

In all walks of life the way of communication is transformed by the rapid growth of wireless communication and its pervasive use. A wireless network which is fixed and richer in bandwidth is specified as IEEE 802.16, promoted and launched by an industrial forum is termed as Worldwide Interoperability for Microwave Access (WiMAX). This technology enables seamless delivery of wireless broadband service for fixed and/or mobile users. The obscurity is the long delay which occurs during the handoff management in every network. Mobile WiMAX employs an authenticated key management protocol as a part of handoff management in which the Base Station (BS) controls the distribution of keying material to the Mobile Station (MS). The protocol employed is Privacy Key Management Version 2- Extensible Authentication Protocol (PKMV2-EAP) which is responsible for the normal and periodical authorization of MSs, reauthorization as well as key refreshing. Authorization key (AK) and Traffic Encryption key (TEK) plays a vital role in key exchange. When the lifetime of key expires, MS has to request for a new key to BS which in turn leads to repetition of authorization, authentication as well as key exchange. To avoid service interruption during reauthorization , two active keys are transmitted at the same time by BS to MS. The consequences of existing work are hefty amount of bandwidth utilization, time consumption and large storage. It is also endured by Man in the Middle attack and Impersonation due to lack of security in key exchange. This paper designs an automatic mutual refreshing of keys to minimize bandwidth utilization, key storage and time consumption by proposing Previous key and Iteration based Key Refreshing Function (PKIBKRF). By integrating PKIBKRF in key generation, the simulation results indicate that 21.8% of the bandwidth and storage of keys are reduced and PKMV2 mutual authentication time is reduced by 66.67%. The proposed work is simulated with Qualnet model and backed by MATLAB for processing and MYSQL for storing keys.

Digital camera with apparatus for authentication of images produced from an image file

NASA Technical Reports Server (NTRS)

Friedman, Gary L. (Inventor)

1993-01-01

A digital camera equipped with a processor for authentication of images produced from an image file taken by the digital camera is provided. The digital camera processor has embedded therein a private key unique to it, and the camera housing has a public key that is so uniquely based upon the private key that digital data encrypted with the private key by the processor may be decrypted using the public key. The digital camera processor comprises means for calculating a hash of the image file using a predetermined algorithm, and second means for encrypting the image hash with the private key, thereby producing a digital signature. The image file and the digital signature are stored in suitable recording means so they will be available together. Apparatus for authenticating at any time the image file as being free of any alteration uses the public key for decrypting the digital signature, thereby deriving a secure image hash identical to the image hash produced by the digital camera and used to produce the digital signature. The apparatus calculates from the image file an image hash using the same algorithm as before. By comparing this last image hash with the secure image hash, authenticity of the image file is determined if they match, since even one bit change in the image hash will cause the image hash to be totally different from the secure hash.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

PubMed

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

Distributed Password Cracking

DTIC Science & Technology

2009-12-01

other services for early UNIX systems at Bell labs. In many UNIX based systems, the field added to ‘etc/ passwd ’ file to carry GCOS ID information was...charset, and external. struct options_main { /* Option flags */ opt_flags flags; /* Password files */ struct list_main * passwd ; /* Password file...object PASSWD . It is part of several other data structures. struct PASSWD { int id; char *login; char *passwd_hash; int UID

User Registration Systems for Distributed Systems

NASA Astrophysics Data System (ADS)

Murphy, K. J.; Cechini, M.; Pilone, D.; Mitchell, A.

2010-12-01

As NASA’s Earth Observing System Data and Information System (EOSDIS) systems have evolved over the years, most of the EOSDIS data are now available to users via anonymous on-line access. Although the changes have improved the dissemination efficiency of earth science data, the anonymous access has made it difficult to characterize users, capture metrics on the value of EOSDIS and provide customized services that benefit users. As the number of web-based applications continues to grow, data centers and application providers have implemented their own user registration systems and provided new tools and interfaces for their registered users. This has led to the creation of independent registration systems for accessing data and interacting with online tools and services. The user profile information maintained at each of these registration systems is not consistent and the registration enforcement varies by system as well. This problem is in no way unique to EOSDIS and represents a general challenge to the distributed computing community. In a study done in 2007(http://www2007.org/papers/paper620.pd), the average user has approximately 7 passwords for about 25 accounts and enters a password 8 times a day. These numbers have only increased in the last three years. To try and address this, a number of solutions have been offered including Single Sign-On solutions using a common backend like Microsoft Active Directory or an LDAP server, trust based identity providers like OpenID, and various forms of authorization delegation like OAuth or SAML/XACML. This talk discusses the differences between authentication and authorization, the state of the more popular user registration solutions available for distributed use, and some of the technical and policy drivers that need to be considered when incorporating a user registration system into your application.

Manticore and CS mode : parallelizable encryption with joint cipher-state authentication.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Torgerson, Mark Dolan; Draelos, Timothy John; Schroeppel, Richard Crabtree

2004-10-01

We describe a new mode of encryption with inexpensive authentication, which uses information from the internal state of the cipher to provide the authentication. Our algorithms have a number of benefits: (1) the encryption has properties similar to CBC mode, yet the encipherment and authentication can be parallelized and/or pipelined, (2) the authentication overhead is minimal, and (3) the authentication process remains resistant against some IV reuse. We offer a Manticore class of authenticated encryption algorithms based on cryptographic hash functions, which support variable block sizes up to twice the hash output length and variable key lengths. A proof ofmore » security is presented for the MTC4 and Pepper algorithms. We then generalize the construction to create the Cipher-State (CS) mode of encryption that uses the internal state of any round-based block cipher as an authenticator. We provide hardware and software performance estimates for all of our constructions and give a concrete example of the CS mode of encryption that uses AES as the encryption primitive and adds a small speed overhead (10-15%) compared to AES alone.« less

dCache, Sync-and-Share for Big Data

NASA Astrophysics Data System (ADS)

Millar, AP; Fuhrmann, P.; Mkrtchyan, T.; Behrmann, G.; Bernardt, C.; Buchholz, Q.; Guelzow, V.; Litvintsev, D.; Schwank, K.; Rossi, A.; van der Reest, P.

2015-12-01

The availability of cheap, easy-to-use sync-and-share cloud services has split the scientific storage world into the traditional big data management systems and the very attractive sync-and-share services. With the former, the location of data is well understood while the latter is mostly operated in the Cloud, resulting in a rather complex legal situation. Beside legal issues, those two worlds have little overlap in user authentication and access protocols. While traditional storage technologies, popular in HEP, are based on X.509, cloud services and sync-and-share software technologies are generally based on username/password authentication or mechanisms like SAML or Open ID Connect. Similarly, data access models offered by both are somewhat different, with sync-and-share services often using proprietary protocols. As both approaches are very attractive, dCache.org developed a hybrid system, providing the best of both worlds. To avoid reinventing the wheel, dCache.org decided to embed another Open Source project: OwnCloud. This offers the required modern access capabilities but does not support the managed data functionality needed for large capacity data storage. With this hybrid system, scientists can share files and synchronize their data with laptops or mobile devices as easy as with any other cloud storage service. On top of this, the same data can be accessed via established mechanisms, like GridFTP to serve the Globus Transfer Service or the WLCG FTS3 tool, or the data can be made available to worker nodes or HPC applications via a mounted filesystem. As dCache provides a flexible authentication module, the same user can access its storage via different authentication mechanisms; e.g., X.509 and SAML. Additionally, users can specify the desired quality of service or trigger media transitions as necessary, thus tuning data access latency to the planned access profile. Such features are a natural consequence of using dCache. We will describe the design of the hybrid dCache/OwnCloud system, report on several months of operations experience running it at DESY, and elucidate the future road-map.

Authentic Teachers: Student Criteria Perceiving Authenticity of Teachers

ERIC Educational Resources Information Center

De Bruyckere, Pedro; Kirschner, Paul A.

2016-01-01

Authenticity is seen by many as a key for good learning and education. There is talk of authentic instruction, authentic learning, authentic problems, authentic assessment, authentic tools and authentic teachers. The problem is that while authenticity is an often-used adjective describing almost all aspects of teaching and learning, the concept…

Decryption-decompression of AES protected ZIP files on GPUs

NASA Astrophysics Data System (ADS)

Duong, Tan Nhat; Pham, Phong Hong; Nguyen, Duc Huu; Nguyen, Thuy Thanh; Le, Hung Duc

2011-10-01

AES is a strong encryption system, so decryption-decompression of AES encrypted ZIP files requires very large computing power and techniques of reducing the password space. This makes implementations of techniques on common computing system not practical. In [1], we reduced the original very large password search space to a much smaller one which surely containing the correct password. Based on reduced set of passwords, in this paper, we parallel decryption, decompression and plain text recognition for encrypted ZIP files by using CUDA computing technology on graphics cards GeForce GTX295 of NVIDIA, to find out the correct password. The experimental results have shown that the speed of decrypting, decompressing, recognizing plain text and finding out the original password increases about from 45 to 180 times (depends on the number of GPUs) compared to sequential execution on the Intel Core 2 Quad Q8400 2.66 GHz. These results have demonstrated the potential applicability of GPUs in this cryptanalysis field.

Unconditionally Secure Credit/Debit Card Chip Scheme and Physical Unclonable Function

NASA Astrophysics Data System (ADS)

Kish, Laszlo B.; Entesari, Kamran; Granqvist, Claes-Göran; Kwan, Chiman

The statistical-physics-based Kirchhoff-law-Johnson-noise (KLJN) key exchange offers a new and simple unclonable system for credit/debit card chip authentication and payment. The key exchange, the authentication and the communication are unconditionally secure so that neither mathematics- nor statistics-based attacks are able to crack the scheme. The ohmic connection and the short wiring lengths between the chips in the card and the terminal constitute an ideal setting for the KLJN protocol, and even its simplest versions offer unprecedented security and privacy for credit/debit card chips and applications of physical unclonable functions (PUFs).

Computer-Access-Code Matrices

NASA Technical Reports Server (NTRS)

Collins, Earl R., Jr.

1990-01-01

Authorized users respond to changing challenges with changing passwords. Scheme for controlling access to computers defeats eavesdroppers and "hackers". Based on password system of challenge and password or sign, challenge, and countersign correlated with random alphanumeric codes in matrices of two or more dimensions. Codes stored on floppy disk or plug-in card and changed frequently. For even higher security, matrices of four or more dimensions used, just as cubes compounded into hypercubes in concurrent processing.

Authentication and Encryption Using Modified Elliptic Curve Cryptography with Particle Swarm Optimization and Cuckoo Search Algorithm

NASA Astrophysics Data System (ADS)

Kota, Sujatha; Padmanabhuni, Venkata Nageswara Rao; Budda, Kishor; K, Sruthi

2018-05-01

Elliptic Curve Cryptography (ECC) uses two keys private key and public key and is considered as a public key cryptographic algorithm that is used for both authentication of a person and confidentiality of data. Either one of the keys is used in encryption and other in decryption depending on usage. Private key is used in encryption by the user and public key is used to identify user in the case of authentication. Similarly, the sender encrypts with the private key and the public key is used to decrypt the message in case of confidentiality. Choosing the private key is always an issue in all public key Cryptographic Algorithms such as RSA, ECC. If tiny values are chosen in random the security of the complete algorithm becomes an issue. Since the Public key is computed based on the Private Key, if they are not chosen optimally they generate infinity values. The proposed Modified Elliptic Curve Cryptography uses selection in either of the choices; the first option is by using Particle Swarm Optimization and the second option is by using Cuckoo Search Algorithm for randomly choosing the values. The proposed algorithms are developed and tested using sample database and both are found to be secured and reliable. The test results prove that the private key is chosen optimally not repetitive or tiny and the computations in public key will not reach infinity.

Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things.

PubMed

Martín-Fernández, Francisco; Caballero-Gil, Pino; Caballero-Gil, Cándido

2016-01-07

This paper describes the design and analysis of a new scheme for the authenticated exchange of confidential information in insecure environments within the Internet of Things, which allows a receiver of a message to authenticate the sender and compute a secret key shared with it. The proposal is based on the concept of a non-interactive zero-knowledge proof, so that in a single communication, relevant data may be inferred to verify the legitimacy of the sender. Besides, the new scheme uses the idea under the Diffie-Hellman protocol for the establishment of a shared secret key. The proposal has been fully developed for platforms built on the Android Open Source Project, so it can be used in any device or sensor with this operating system. This work provides a performance study of the implementation and a comparison between its promising results and others obtained with similar schemes.

Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things

PubMed Central

Martín-Fernández, Francisco; Caballero-Gil, Pino; Caballero-Gil, Cándido

2016-01-01

This paper describes the design and analysis of a new scheme for the authenticated exchange of confidential information in insecure environments within the Internet of Things, which allows a receiver of a message to authenticate the sender and compute a secret key shared with it. The proposal is based on the concept of a non-interactive zero-knowledge proof, so that in a single communication, relevant data may be inferred to verify the legitimacy of the sender. Besides, the new scheme uses the idea under the Diffie–Hellman protocol for the establishment of a shared secret key. The proposal has been fully developed for platforms built on the Android Open Source Project, so it can be used in any device or sensor with this operating system. This work provides a performance study of the implementation and a comparison between its promising results and others obtained with similar schemes. PMID:26751454

Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups

NASA Astrophysics Data System (ADS)

Desmedt, Yvo; Lange, Tanja; Burmester, Mike

Task-specific groups are often formed in an ad-hoc manner within large corporate structures, such as companies. Take the following typical scenario: A director decides to set up a task force group for some specific project. An order is passed down the hierarchy where it finally reaches a manager who selects some employees to form the group. The members should communicate in a secure way and for efficiency, a symmetric encryption system is chosen. To establish a joint secret key for the group, a group key exchange (GKE) protocol is used. We show how to use an existing Public Key Infrastructure (PKI) to achieve authenticated GKE by modifying the protocol and particularly by including signatures.

A secure RFID authentication protocol adopting error correction code.

PubMed

Chen, Chien-Ming; Chen, Shuai-Min; Zheng, Xinying; Chen, Pei-Yu; Sun, Hung-Min

2014-01-01

RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

A Secure RFID Authentication Protocol Adopting Error Correction Code

PubMed Central

Zheng, Xinying; Chen, Pei-Yu

2014-01-01

RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance. PMID:24959619

Optical multiple-image authentication based on cascaded phase filtering structure

NASA Astrophysics Data System (ADS)

Wang, Q.; Alfalou, A.; Brosseau, C.

2016-10-01

In this study, we report on the recent developments of optical image authentication algorithms. Compared with conventional optical encryption, optical image authentication achieves more security strength because such methods do not need to recover information of plaintext totally during the decryption period. Several recently proposed authentication systems are briefly introduced. We also propose a novel multiple-image authentication system, where multiple original images are encoded into a photon-limited encoded image by using a triple-plane based phase retrieval algorithm and photon counting imaging (PCI) technique. One can only recover a noise-like image using correct keys. To check authority of multiple images, a nonlinear fractional correlation is employed to recognize the original information hidden in the decrypted results. The proposal can be implemented optically using a cascaded phase filtering configuration. Computer simulation results are presented to evaluate the performance of this proposal and its effectiveness.

An interference-based optical authentication scheme using two phase-only masks with different diffraction distances

NASA Astrophysics Data System (ADS)

Lu, Dajiang; He, Wenqi; Liao, Meihua; Peng, Xiang

2017-02-01

A new method to eliminate the security risk of the well-known interference-based optical cryptosystem is proposed. In this method, which is suitable for security authentication application, two phase-only masks are separately placed at different distances from the output plane, where a certification image (public image) can be obtained. To further increase the security and flexibility of this authentication system, we employ one more validation image (secret image), which can be observed at another output plane, for confirming the identity of the user. Only if the two correct masks are properly settled at their positions one could obtain two significant images. Besides, even if the legal users exchange their masks (keys), the authentication process will fail and the authentication results will not reveal any information. Numerical simulations are performed to demonstrate the validity and security of the proposed method.

Secure biometric image sensor and authentication scheme based on compressed sensing.

PubMed

Suzuki, Hiroyuki; Suzuki, Masamichi; Urabe, Takuya; Obi, Takashi; Yamaguchi, Masahiro; Ohyama, Nagaaki

2013-11-20

It is important to ensure the security of biometric authentication information, because its leakage causes serious risks, such as replay attacks using the stolen biometric data, and also because it is almost impossible to replace raw biometric information. In this paper, we propose a secure biometric authentication scheme that protects such information by employing an optical data ciphering technique based on compressed sensing. The proposed scheme is based on two-factor authentication, the biometric information being supplemented by secret information that is used as a random seed for a cipher key. In this scheme, a biometric image is optically encrypted at the time of image capture, and a pair of restored biometric images for enrollment and verification are verified in the authentication server. If any of the biometric information is exposed to risk, it can be reenrolled by changing the secret information. Through numerical experiments, we confirm that finger vein images can be restored from the compressed sensing measurement data. We also present results that verify the accuracy of the scheme.

[Development of a secure and cost-effective infrastructure for the access of arbitrary web-based image distribution systems].

PubMed

Hackländer, T; Kleber, K; Schneider, H; Demabre, N; Cramer, B M

2004-08-01

To build an infrastructure that enables radiologists on-call and external users a teleradiological access to the HTML-based image distribution system inside the hospital via internet. In addition, no investment costs should arise on the user side and the image data should be sent renamed using cryptographic techniques. A pure HTML-based system manages the image distribution inside the hospital, with an open source project extending this system through a secure gateway outside the firewall of the hospital. The gateway handles the communication between the external users and the HTML server within the network of the hospital. A second firewall is installed between the gateway and the external users and builds up a virtual private network (VPN). A connection between the gateway and the external user is only acknowledged if the computers involved authenticate each other via certificates and the external users authenticate via a multi-stage password system. All data are transferred encrypted. External users get only access to images that have been renamed to a pseudonym by means of automated processing before. With an ADSL internet access, external users achieve an image load frequency of 0.4 CT images per second. More than 90 % of the delay during image transfer results from security checks within the firewalls. Data passing the gateway induce no measurable delay. Project goals were realized by means of an infrastructure that works vendor independently with any HTML-based image distribution systems. The requirements of data security were realized using state-of-the-art web techniques. Adequate access and transfer speed lead to a widespread acceptance of the system on the part of external users.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

PubMed Central

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

Comparative Study on Various Authentication Protocols in Wireless Sensor Networks.

PubMed

Rajeswari, S Raja; Seenivasagam, V

2016-01-01

Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated.

Comparative Study on Various Authentication Protocols in Wireless Sensor Networks

PubMed Central

Rajeswari, S. Raja; Seenivasagam, V.

2016-01-01

Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated. PMID:26881272

Storage-based Intrusion Detection: Watching storage activity for suspicious behavior

DTIC Science & Technology

2002-10-01

password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access pat- terns seen at the storage...example, consider a UNIX system password file (/etc/ passwd ), which con- sists of a set of well-defined records. Records are delimited by a line-break, and...etc/ passwd and verify that they conform to a set of basic integrity rules: 7-field records, non-empty password field, legal default shell, legal home

PCCEServer

DOE Office of Scientific and Technical Information (OSTI.GOV)

Perry, Marcia; Agarwal, Deb

2003-03-17

The PCCEServer application is a server that should be used in conjunction with the LBNLSecureMessaging user interface to enable secure synchronous and asynchronous messaging. It provides authentication and authorization services for members of a collaboration group via PKI/SSL and maintains an access control list. Members of collaboration groups using the LBNLSecureMessaging client must register identifying information. including usemame and password and an optional X.509 certificate, with the PCCEServer. This registration not only restricts access to instant messaging, but augments the LBNLSecureMessaging's IRC-based chat facility with persistence. Users register permanent unique user ids by which they are knowTl to other usersmore » in the system and create permanent venues intended for group conversations on a tong-term or continuous basis. In addition, the PCCEServer enhances instant messaging with presence and awareness information such as user availability, and it allows users to leave notes asynchronously for other users who are online or offline. Written in Java, it is a standalone application that can run on any platform that supports a Java Virtual Machine.« less

Authentication Without Secrets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pierson, Lyndon G.; Robertson, Perry J.

This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integritymore » of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.« less

Investigating the Effects of Authentic Activities on Foreign Language Learning: A Design-Based Research Approach

ERIC Educational Resources Information Center

Ozverir, Ildeniz; Osam, Ulker Vanci; Herrington, Jan

2017-01-01

Achieving communicative competency in English classes has been a key goal in contexts where English is taught as a foreign language (EFL). During this process, however, integrating the difficulty and complexity of real life tasks into classroom teaching has often been disregarded. Lack of opportunities for authentic language use often results in…

User Account Passwords | High-Performance Computing | NREL

Science.gov Websites

Account Passwords User Account Passwords For NREL's high-performance computing (HPC) systems, learn about user account password requirements and how to set up, log in, and change passwords. Password Logging In the First Time After you request an HPC user account, you'll receive a temporary password. Set

A study on the integrity and authentication of weather observation data using Identity Based Encryption.

PubMed

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Weather information provides a safe working environment by contributing to the economic activity of the nation, and plays role of the prevention of natural disasters, which can cause large scaled casualties and damage of property. Especially during times of war, weather information plays a more important role than strategy, tactics and information about trends of the enemy. Also, it plays an essential role for the taking off and landing of fighter jet and the sailing of warships. If weather information, which plays a major role in national security and economy, gets misused for cyber terrorism resulting false weather information, it could be a huge threat for national security and the economy. We propose a plan to safely transmit the measured value from meteorological sensors through a meteorological telecommunication network in order to guarantee the confidentiality and integrity of the data despite cyber-attacks. Also, such a plan allows one to produce reliable weather forecasts by performing mutual authentication through authentication devices. To make sure of this, one can apply an Identity Based Signature to ensure the integrity of measured data, and transmit the encrypted weather information with mutual authentication about the authentication devices. There are merits of this research: It is not necessary to manage authentication certificates unlike the Public Key Infrastructure methodology, and it provides a powerful security measure with the capability to be realized in a small scale computing environment, such as the meteorological observation system due to the low burden on managing keys.

A Password System Based on Sketches

DTIC Science & Technology

2016-07-12

than traditional passwords. Biometrics include biological properties such as fingerprints, voices, faces, and even handwriting . Fingerprints have been...perturbation of the sketch495 results in a corresponding change in the model, which is exactly what we imply when we say that model is (locally...Conf. on Frontiers in Handwriting Recognition (2010) 339–344.690 [29] M. Martinez-Diaz, J. Fierrez, J. Galbally, The DooDB Graphical Password Database: Data Analysis and Benchmark Results, IEEE Access 1 (2013) 596–605. 32 33

Deterministic Secure Quantum Communication and Authentication Protocol based on Extended GHZ-W State and Quantum One-time Pad

NASA Astrophysics Data System (ADS)

Li, Na; Li, Jian; Li, Lei-Lei; Wang, Zheng; Wang, Tao

2016-08-01

A deterministic secure quantum communication and authentication protocol based on extended GHZ-W state and quantum one-time pad is proposed. In the protocol, state | φ -> is used as the carrier. One photon of | φ -> state is sent to Alice, and Alice obtains a random key by measuring photons with bases determined by ID. The information of bases is secret to others except Alice and Bob. Extended GHZ-W states are used as decoy photons, the positions of which in information sequence are encoded with identity string ID of the legal user, and the eavesdropping detection rate reaches 81%. The eavesdropping detection based on extended GHZ-W state combines with authentication and the secret ID ensures the security of the protocol.

Addressing the Tension Between Strong Perimeter Control an Usability

NASA Technical Reports Server (NTRS)

Hinke, Thomas H.; Kolano, Paul Z.; Keller, Chris

2006-01-01

This paper describes a strong perimeter control system for a general purpose processing system, with the perimeter control system taking significant steps to address usability issues, thus mitigating the tension between strong perimeter protection and usability. A secure front end enforces two-factor authentication for all interactive access to an enclave that contains a large supercomputer and various associated systems, with each requiring their own authentication. Usability is addressed through a design in which the user has to perform two-factor authentication at the secure front end in order to gain access to the enclave, while an agent transparently performs public key authentication as needed to authenticate to specific systems within the enclave. The paper then describes a proxy system that allows users to transfer files into the enclave under script control, when the user is not present to perform two-factor authentication. This uses a pre-authorization approach based on public key technology, which is still strongly tied to both two-factor authentication and strict control over where files can be transferred on the target system. Finally the paper describes an approach to support network applications and systems such as grids or parallel file transfer protocols that require the use of many ports through the perimeter. The paper describes a least privilege approach that dynamically opens ports on a host-specific, if-authorized, as-needed, just-in-time basis.

Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle.

PubMed

Park, Namje; Kang, Namhi

2015-12-24

The Internet of Things (IoT), which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, "things" are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks.

Phone, Email and Video Interactions with Characters in an Epidemiology Game: Towards Authenticity

NASA Astrophysics Data System (ADS)

Ney, Muriel; Gonçalves, Celso; Blacheff, Nicolas; Schwartz, Claudine; Bosson, Jean-Luc

A key concern in game-based learning is the level of authenticity that the game requires in order to have an accurate match of what the learners can expect in the real world with what they need to learn. In this paper, we show how four challenges to the designer of authentic games have been addressed in a game for an undergraduate course in a medical school. We focus in particular on the system of interaction with different characters of the game, namely, the patients and a number of professionals. Students use their personal phone and email application, as well as various web sites. First, we analyze the authenticity of the game through four attributes, authenticity of the character, of the content of the feedback, of the mode and channel of communication and of the constraints. Second, the perceived authenticity (by students) is analyzed. The later is threefold and defined by an external authenticity (perceived likeness with a real life reference), an internal authenticity (perceived internal coherence of the proposed situations) and a didactical authenticity (perceived relevance with respect to learning goals).

Elemental Scanning Devices Authenticate Works of Art

NASA Technical Reports Server (NTRS)

2013-01-01

To better detect aluminum compounds, Marshall Space Flight Center partnered with KeyMaster Inc. (later acquired by Madison, Wisconsin-based Bruker AXS Inc.) to develop a vacuum pump system that could be attached to X-ray fluorescence (XRF) scanners. The resulting technology greatly expanded XRF scanner capabilities, and hundreds of museums now use them to authenticate artifacts and works of art.

Prevalence of Sharing Access Credentials in Electronic Medical Records

PubMed Central

Korach, Tzfania; Shreberk-Hassidim, Rony; Thomaidou, Elena; Uzefovsky, Florina; Ayal, Shahar; Ariely, Dan

2017-01-01

Objectives Confidentiality of health information is an important aspect of the physician patient relationship. The use of digital medical records has made data much more accessible. To prevent data leakage, many countries have created regulations regarding medical data accessibility. These regulations require a unique user ID for each medical staff member, and this must be protected by a password, which should be kept undisclosed by all means. Methods We performed a four-question Google Forms-based survey of medical staff. In the survey, each participant was asked if he/she ever obtained the password of another medical staff member. Then, we asked how many times such an episode occurred and the reason for it. Results A total of 299 surveys were gathered. The responses showed that 220 (73.6%) participants reported that they had obtained the password of another medical staff member. Only 171 (57.2%) estimated how many time it happened, with an average estimation of 4.75 episodes. All the residents that took part in the study (45, 15%) had obtained the password of another medical staff member, while only 57.5% (38/66) of the nurses reported this. Conclusions The use of unique user IDs and passwords to defend the privacy of medical data is a common requirement in medical organizations. Unfortunately, the use of passwords is doomed because medical staff members share their passwords with one another. Strict regulations requiring each staff member to have it's a unique user ID might lead to password sharing and to a decrease in data safety. PMID:28875052

Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms

DTIC Science & Technology

2011-08-31

2011 4 . TITLE AND SUBTITLE Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms 5a. CONTRACT...large numbers of hashed passwords (Booz Allen Hamilton, HBGary, Gawker, Sony Playstation , etc.), coupled with the availability of botnets that offer...when evaluating the strength of different password-composition policies. 4 . We investigate the effectiveness of entropy as a measure of password

Efficient model checking of network authentication protocol based on SPIN

NASA Astrophysics Data System (ADS)

Tan, Zhi-hua; Zhang, Da-fang; Miao, Li; Zhao, Dan

2013-03-01

Model checking is a very useful technique for verifying the network authentication protocols. In order to improve the efficiency of modeling and verification on the protocols with the model checking technology, this paper first proposes a universal formalization description method of the protocol. Combined with the model checker SPIN, the method can expediently verify the properties of the protocol. By some modeling simplified strategies, this paper can model several protocols efficiently, and reduce the states space of the model. Compared with the previous literature, this paper achieves higher degree of automation, and better efficiency of verification. Finally based on the method described in the paper, we model and verify the Privacy and Key Management (PKM) authentication protocol. The experimental results show that the method of model checking is effective, which is useful for the other authentication protocols.

A Secure and Robust Object-Based Video Authentication System

NASA Astrophysics Data System (ADS)

He, Dajun; Sun, Qibin; Tian, Qi

2004-12-01

An object-based video authentication system, which combines watermarking, error correction coding (ECC), and digital signature techniques, is presented for protecting the authenticity between video objects and their associated backgrounds. In this system, a set of angular radial transformation (ART) coefficients is selected as the feature to represent the video object and the background, respectively. ECC and cryptographic hashing are applied to those selected coefficients to generate the robust authentication watermark. This content-based, semifragile watermark is then embedded into the objects frame by frame before MPEG4 coding. In watermark embedding and extraction, groups of discrete Fourier transform (DFT) coefficients are randomly selected, and their energy relationships are employed to hide and extract the watermark. The experimental results demonstrate that our system is robust to MPEG4 compression, object segmentation errors, and some common object-based video processing such as object translation, rotation, and scaling while securely preventing malicious object modifications. The proposed solution can be further incorporated into public key infrastructure (PKI).

A resettable and reprogrammable DNA-based security system to identify multiple users with hierarchy.

PubMed

Li, Hailong; Hong, Wei; Dong, Shaojun; Liu, Yaqing; Wang, Erkang

2014-03-25

Molecular-level security devices have raised ever-increasing interest in recent years to protect data and information from illegal invasion. Prior molecular keypad locks have an output signal dependent upon not only the appropriate combination but also the exact sequence of inputs, but it cannot be reset or reprogrammed. Here, a DNA-based security system with reset and never-reported reprogram function is successfully developed in proof-of-principle, with which one can change the password in case that the system is cracked. The previous password becomes invalid in the reprogrammed security system. Interestingly, more than one password is designed to permit multiple users to access. By harnessing the intrinsic merit of the different passwords, the system can distinguish different user who is endowed with prior authority. The intelligent device is addressed on solid support and facilitates electronic processes, avoiding chemical accumulation in the system by simple removal of the electrode from the input solution and indicating a main avenue for its further development.

Authenticated multi-user quantum key distribution with single particles

NASA Astrophysics Data System (ADS)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle

PubMed Central

Park, Namje; Kang, Namhi

2015-01-01

The Internet of Things (IoT), which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, “things” are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks. PMID:26712759

A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth.

PubMed

Jiang, Qi; Lian, Xinxin; Yang, Chao; Ma, Jianfeng; Tian, Youliang; Yang, Yuanyuan

2016-11-01

Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.

Internet Address Space Management in Digital

DTIC Science & Technology

1992-09-01

password: % passwd Changing password for wade Old password: New password: Retype new password: 3. Log out of the cluster center machine by typing...that on some machine, you can use the " passwd " command on the machine where the change is needed. 16

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method.

PubMed

Dhamodharan, Udaya Suriya Raj Kumar; Vayanaperumal, Rajamani

2015-01-01

Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method

PubMed Central

Dhamodharan, Udaya Suriya Raj Kumar; Vayanaperumal, Rajamani

2015-01-01

Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting. PMID:26236773

Authenticity techniques for PACS images and records

NASA Astrophysics Data System (ADS)

Wong, Stephen T. C.; Abundo, Marco; Huang, H. K.

1995-05-01

Along with the digital radiology environment supported by picture archiving and communication systems (PACS) comes a new problem: How to establish trust in multimedia medical data that exist only in the easily altered memory of a computer. Trust is characterized in terms of integrity and privacy of digital data. Two major self-enforcing techniques can be used to assure the authenticity of electronic images and text -- key-based cryptography and digital time stamping. Key-based cryptography associates the content of an image with the originator using one or two distinct keys and prevents alteration of the document by anyone other than the originator. A digital time stamping algorithm generates a characteristic `digital fingerprint' for the original document using a mathematical hash function, and checks that it has not been modified. This paper discusses these cryptographic algorithms and their appropriateness for a PACS environment. It also presents experimental results of cryptographic algorithms on several imaging modalities.

Three-factor anonymous authentication and key agreement scheme for Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Nikooghadam, Morteza

2014-12-01

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan's scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

It's Not the "What," It's the "How": Four Key Behaviors for Authentic Leadership in Early Intervention

ERIC Educational Resources Information Center

LaRocco, Diana J.; Bruns, Deborah A.

2013-01-01

This article highlights four key behaviors that typify authentic leadership. Authentic leaders (1) exercise influence to reach shared goals; (2) engage in continuous learning; (3) build and nurture relationships; and (4) model behaviors they want others to display. Although the behaviors are presented as distinct, they are inextricably linked and…

Implementing Diffie-Hellman key exchange using quantum EPR pairs

NASA Astrophysics Data System (ADS)

Mandal, Sayonnha; Parakh, Abhishek

2015-05-01

This paper implements the concepts of perfect forward secrecy and the Diffie-Hellman key exchange using EPR pairs to establish and share a secret key between two non-authenticated parties and transfer messages between them without the risk of compromise. Current implementations of quantum cryptography are based on the BB84 protocol, which is susceptible to siphoning attacks on the multiple photons emitted by practical laser sources. This makes BB84-based quantum cryptography protocol unsuitable for network computing environments. Diffie-Hellman does not require the two parties to be mutually authenticated to each other, yet it can provide a basis for a number of authenticated protocols, most notably the concept of perfect forward secrecy. The work proposed in this paper provides a new direction in utilizing quantum EPR pairs in quantum key exchange. Although, classical cryptography boasts of efficient and robust protocols like the Diffie-Hellman key exchange, in the current times, with the advent of quantum computing they are very much vulnerable to eavesdropping and cryptanalytic attacks. Using quantum cryptographic principles, however, these classical encryption algorithms show more promise and a more robust and secure structure for applications. The unique properties of quantum EPR pairs also, on the other hand, go a long way in removing attacks like eavesdropping by their inherent nature of one particle of the pair losing its state if a measurement occurs on the other. The concept of perfect forward secrecy is revisited in this paper to attribute tighter security to the proposed protocol.

Alternative Fuels Data Center: Forgot Your Password?

Science.gov Websites

AFDC Printable Version Share this resource Send a link to Alternative Fuels Data Center: Forgot Your Password? to someone by E-mail Share Alternative Fuels Data Center: Forgot Your Password? on to share Alternative Fuels Data Center: Forgot Your Password? on AddThis.com... Forgot Your Password

Combining Cryptography with EEG Biometrics

PubMed Central

Kazanavičius, Egidijus; Woźniak, Marcin

2018-01-01

Cryptographic frameworks depend on key sharing for ensuring security of data. While the keys in cryptographic frameworks must be correctly reproducible and not unequivocally connected to the identity of a user, in biometric frameworks this is different. Joining cryptography techniques with biometrics can solve these issues. We present a biometric authentication method based on the discrete logarithm problem and Bose-Chaudhuri-Hocquenghem (BCH) codes, perform its security analysis, and demonstrate its security characteristics. We evaluate a biometric cryptosystem using our own dataset of electroencephalography (EEG) data collected from 42 subjects. The experimental results show that the described biometric user authentication system is effective, achieving an Equal Error Rate (ERR) of 0.024.

Combining Cryptography with EEG Biometrics.

PubMed

Damaševičius, Robertas; Maskeliūnas, Rytis; Kazanavičius, Egidijus; Woźniak, Marcin

2018-01-01

Cryptographic frameworks depend on key sharing for ensuring security of data. While the keys in cryptographic frameworks must be correctly reproducible and not unequivocally connected to the identity of a user, in biometric frameworks this is different. Joining cryptography techniques with biometrics can solve these issues. We present a biometric authentication method based on the discrete logarithm problem and Bose-Chaudhuri-Hocquenghem (BCH) codes, perform its security analysis, and demonstrate its security characteristics. We evaluate a biometric cryptosystem using our own dataset of electroencephalography (EEG) data collected from 42 subjects. The experimental results show that the described biometric user authentication system is effective, achieving an Equal Error Rate (ERR) of 0.024.

Continuous-variable quantum authentication of physical unclonable keys

NASA Astrophysics Data System (ADS)

Nikolopoulos, Georgios M.; Diamanti, Eleni

2017-04-01

We propose a scheme for authentication of physical keys that are materialized by optical multiple-scattering media. The authentication relies on the optical response of the key when probed by randomly selected coherent states of light, and the use of standard wavefront-shaping techniques that direct the scattered photons coherently to a specific target mode at the output. The quadratures of the electromagnetic field of the scattered light at the target mode are analysed using a homodyne detection scheme, and the acceptance or rejection of the key is decided upon the outcomes of the measurements. The proposed scheme can be implemented with current technology and offers collision resistance and robustness against key cloning.

A proactive password checker

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

Password selection has long been a difficult issue; traditionally, passwords are either assigned by the computer or chosen by the user. When the computer does the assignment, the passwords are often hard to remember; when the user makes the selection, the passwords are often easy to guess. This paper describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. The technique is site, user, and group compatible, and allows rapid changing of constraints imposed upon the password. Although experience with this technique is limited, it appears to have much promise.

Authentic leadership: a new theory for nursing or back to basics?

PubMed

Wong, Carol; Cummings, Greta

2009-01-01

Authentic leadership is an emerging theoretical model purported to focus on the root component of effective leadership. The purpose of this paper is to describe the relevance of authentic leadership to the advancement of nursing leadership practice and research and address the question of whether this is a new theory for leadership or an old one in new packaging. The paper outlines the origins and key elements of the model, assesses the theoretical, conceptual and measurement issues associated with authentic leadership and compares it with other leadership theories frequently reported in the nursing literature. The emerging authentic leadership theory holds promise for explaining the underlying processes by which authentic leaders and followers influence work outcomes and organizational performance. Construct validity of authentic leadership has preliminary documentation and a few studies have shown positive relationships between authenticity and trust. Furthermore, the clarity of the authenticity construct and comprehensiveness of the overall theoretical framework provide a fruitful base for future research examining the relationship between authentic leadership and the creation of healthier work environments. A clear focus on the relational aspects of leadership, the foundational moral/ethical component, a potential linkage of positive psychological capital to work engagement and the emphasis on leader and follower development in the authentic leadership framework are closely aligned to current and future nursing leadership practice and research priorities for the creation of sustainable changes in nursing work environments.

A network identity authentication system based on Fingerprint identification technology

NASA Astrophysics Data System (ADS)

Xia, Hong-Bin; Xu, Wen-Bo; Liu, Yuan

2005-10-01

Fingerprint verification is one of the most reliable personal identification methods. However, most of the automatic fingerprint identification system (AFIS) is not run via Internet/Intranet environment to meet today's increasing Electric commerce requirements. This paper describes the design and implementation of the archetype system of identity authentication based on fingerprint biometrics technology, and the system can run via Internet environment. And in our system the COM and ASP technology are used to integrate Fingerprint technology with Web database technology, The Fingerprint image preprocessing algorithms are programmed into COM, which deployed on the internet information server. The system's design and structure are proposed, and the key points are discussed. The prototype system of identity authentication based on Fingerprint have been successfully tested and evaluated on our university's distant education applications in an internet environment.

An improved biometrics-based authentication scheme for telecare medical information systems.

PubMed

Guo, Dianli; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2015-03-01

Telecare medical information system (TMIS) offers healthcare delivery services and patients can acquire their desired medical services conveniently through public networks. The protection of patients' privacy and data confidentiality are significant. Very recently, Mishra et al. proposed a biometrics-based authentication scheme for telecare medical information system. Their scheme can protect user privacy and is believed to resist a range of network attacks. In this paper, we analyze Mishra et al.'s scheme and identify that their scheme is insecure to against known session key attack and impersonation attack. Thereby, we present a modified biometrics-based authentication scheme for TMIS to eliminate the aforementioned faults. Besides, we demonstrate the completeness of the proposed scheme through BAN-logic. Compared to the related schemes, our protocol can provide stronger security and it is more practical.

Fast, Parallel and Secure Cryptography Algorithm Using Lorenz's Attractor

NASA Astrophysics Data System (ADS)

Marco, Anderson Gonçalves; Martinez, Alexandre Souto; Bruno, Odemir Martinez

A novel cryptography method based on the Lorenz's attractor chaotic system is presented. The proposed algorithm is secure and fast, making it practical for general use. We introduce the chaotic operation mode, which provides an interaction among the password, message and a chaotic system. It ensures that the algorithm yields a secure codification, even if the nature of the chaotic system is known. The algorithm has been implemented in two versions: one sequential and slow and the other, parallel and fast. Our algorithm assures the integrity of the ciphertext (we know if it has been altered, which is not assured by traditional algorithms) and consequently its authenticity. Numerical experiments are presented, discussed and show the behavior of the method in terms of security and performance. The fast version of the algorithm has a performance comparable to AES, a popular cryptography program used commercially nowadays, but it is more secure, which makes it immediately suitable for general purpose cryptography applications. An internet page has been set up, which enables the readers to test the algorithm and also to try to break into the cipher.

Digital Camera with Apparatus for Authentication of Images Produced from an Image File

NASA Technical Reports Server (NTRS)

Friedman, Gary L. (Inventor)

1996-01-01

A digital camera equipped with a processor for authentication of images produced from an image file taken by the digital camera is provided. The digital camera processor has embedded therein a private key unique to it, and the camera housing has a public key that is so uniquely related to the private key that digital data encrypted with the private key may be decrypted using the public key. The digital camera processor comprises means for calculating a hash of the image file using a predetermined algorithm, and second means for encrypting the image hash with the private key, thereby producing a digital signature. The image file and the digital signature are stored in suitable recording means so they will be available together. Apparatus for authenticating the image file as being free of any alteration uses the public key for decrypting the digital signature, thereby deriving a secure image hash identical to the image hash produced by the digital camera and used to produce the digital signature. The authenticating apparatus calculates from the image file an image hash using the same algorithm as before. By comparing this last image hash with the secure image hash, authenticity of the image file is determined if they match. Other techniques to address time-honored methods of deception, such as attaching false captions or inducing forced perspectives, are included.

Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

PubMed

Park, Chang-Seop

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

PubMed Central

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

Claims-Based Authentication for a Web-Based Enterprise

DTIC Science & Technology

2013-07-01

authority must use known and registered (or in specific cases defined ) certificate revocation and currency-checking software . B. Translation of...Machines and services are issued software certificates that contain the public key with the private key generated and remaining in hardware...publicly available) information. A hardware token that contains the certificate is preferred to software -only certificates. For enterprise users

Authentication and Key Establishment in Dynamic Wireless Sensor Networks

PubMed Central

Qiu, Ying; Zhou, Jianying; Baek, Joonsang; Lopez, Javier

2010-01-01

When a sensor node roams within a very large and distributed wireless sensor network, which consists of numerous sensor nodes, its routing path and neighborhood keep changing. In order to provide a high level of security in this environment, the moving sensor node needs to be authenticated to new neighboring nodes and a key established for secure communication. The paper proposes an efficient and scalable protocol to establish and update the authentication key in a dynamic wireless sensor network environment. The protocol guarantees that two sensor nodes share at least one key with probability 1 (100%) with less memory and energy cost, while not causing considerable communication overhead. PMID:22319321

Design and implementation of PKI-based certification authority

NASA Astrophysics Data System (ADS)

Zheng, Ying; Bai, Qinghai; Zhao, Linna; Chun, Hua; Chen, Jing

2015-12-01

PKI achieves the management of public key by certificates. It combines the user's public key and his or her identification formation through a trusted third-party organization CA, in order to authenticate the user's identity on the Internet, thus ensuring the authenticity, integrity, confidentiality, and non- repudiation of the information transmitted on the Internet. CA is the most critical agency in the PKI system, mainly responsible for issuing and managing certificates. On the basis of the actual needs of an enterprise, in this paper the author designs and develops a small-sized PKI-based Certification Authority equipped with the functions of root CA initialization, certificate application, certificate issuance, certificate revocation, and the generation of certificate revocation list. The author also points out the problems that need to be mentioned in the design and development.

Design and implementation of a secure wireless mote-based medical sensor network.

PubMed

Malasri, Kriangsiri; Wang, Lan

2009-01-01

A medical sensor network can wirelessly monitor vital signs of humans, making it useful for long-term health care without sacrificing patient comfort and mobility. For such a network to be viable, its design must protect data privacy and authenticity given that medical data are highly sensitive. We identify the unique security challenges of such a sensor network and propose a set of resource-efficient mechanisms to address these challenges. Our solution includes (1) a novel two-tier scheme for verifying the authenticity of patient data, (2) a secure key agreement protocol to set up shared keys between sensor nodes and base stations, and (3) symmetric encryption/decryption for protecting data confidentiality and integrity. We have implemented the proposed mechanisms on a wireless mote platform, and our results confirm their feasibility.

An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks

PubMed Central

Pirbhulal, Sandeep; Zhang, Heye; Mukhopadhyay, Subhas Chandra; Li, Chunyue; Wang, Yumei; Li, Guanglin; Wu, Wanqing; Zhang, Yuan-Ting

2015-01-01

Body Sensor Network (BSN) is a network of several associated sensor nodes on, inside or around the human body to monitor vital signals, such as, Electroencephalogram (EEG), Photoplethysmography (PPG), Electrocardiogram (ECG), etc. Each sensor node in BSN delivers major information; therefore, it is very significant to provide data confidentiality and security. All existing approaches to secure BSN are based on complex cryptographic key generation procedures, which not only demands high resource utilization and computation time, but also consumes large amount of energy, power and memory during data transmission. However, it is indispensable to put forward energy efficient and computationally less complex authentication technique for BSN. In this paper, a novel biometric-based algorithm is proposed, which utilizes Heart Rate Variability (HRV) for simple key generation process to secure BSN. Our proposed algorithm is compared with three data authentication techniques, namely Physiological Signal based Key Agreement (PSKA), Data Encryption Standard (DES) and Rivest Shamir Adleman (RSA). Simulation is performed in Matlab and results suggest that proposed algorithm is quite efficient in terms of transmission time utilization, average remaining energy and total power consumption. PMID:26131666

An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks.

PubMed

Pirbhulal, Sandeep; Zhang, Heye; Mukhopadhyay, Subhas Chandra; Li, Chunyue; Wang, Yumei; Li, Guanglin; Wu, Wanqing; Zhang, Yuan-Ting

2015-06-26

Body Sensor Network (BSN) is a network of several associated sensor nodes on, inside or around the human body to monitor vital signals, such as, Electroencephalogram (EEG), Photoplethysmography (PPG), Electrocardiogram (ECG), etc. Each sensor node in BSN delivers major information; therefore, it is very significant to provide data confidentiality and security. All existing approaches to secure BSN are based on complex cryptographic key generation procedures, which not only demands high resource utilization and computation time, but also consumes large amount of energy, power and memory during data transmission. However, it is indispensable to put forward energy efficient and computationally less complex authentication technique for BSN. In this paper, a novel biometric-based algorithm is proposed, which utilizes Heart Rate Variability (HRV) for simple key generation process to secure BSN. Our proposed algorithm is compared with three data authentication techniques, namely Physiological Signal based Key Agreement (PSKA), Data Encryption Standard (DES) and Rivest Shamir Adleman (RSA). Simulation is performed in Matlab and results suggest that proposed algorithm is quite efficient in terms of transmission time utilization, average remaining energy and total power consumption.

An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology

PubMed Central

Winata, Doni

2018-01-01

The development of information technology has paved the way for faster and more convenient payment process flows and new methodology for the design and implementation of next generation payment systems. The growth of smartphone usage nowadays has fostered a new and popular mobile payment environment. Most of the current generation smartphones support Bluetooth Low Energy (BLE) technology to communicate with nearby BLE-enabled devices. It is plausible to construct an Over-the-Air BLE-based mobile payment system as one of the payment methods for people living in modern societies. In this paper, a secure indoor positioning-based mobile payment authentication protocol with BLE technology and the corresponding mobile payment system design are proposed. The proposed protocol consists of three phases: initialization phase, session key construction phase, and authentication phase. When a customer moves toward the POS counter area, the proposed mobile payment system will automatically detect the position of the customer to confirm whether the customer is ready for the checkout process. Once the system has identified the customer is standing within the payment-enabled area, the payment system will invoke authentication process between POS and the customer’s smartphone through BLE communication channel to generate a secure session key and establish an authenticated communication session to perform the payment transaction accordingly. A prototype is implemented to assess the performance of the proposed design for mobile payment system. In addition, security analysis is conducted to evaluate the security strength of the proposed protocol. PMID:29587399

An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology.

PubMed

Yohan, Alexander; Lo, Nai-Wei; Winata, Doni

2018-03-25

The development of information technology has paved the way for faster and more convenient payment process flows and new methodology for the design and implementation of next generation payment systems. The growth of smartphone usage nowadays has fostered a new and popular mobile payment environment. Most of the current generation smartphones support Bluetooth Low Energy (BLE) technology to communicate with nearby BLE-enabled devices. It is plausible to construct an Over-the-Air BLE-based mobile payment system as one of the payment methods for people living in modern societies. In this paper, a secure indoor positioning-based mobile payment authentication protocol with BLE technology and the corresponding mobile payment system design are proposed. The proposed protocol consists of three phases: initialization phase, session key construction phase, and authentication phase. When a customer moves toward the POS counter area, the proposed mobile payment system will automatically detect the position of the customer to confirm whether the customer is ready for the checkout process. Once the system has identified the customer is standing within the payment-enabled area, the payment system will invoke authentication process between POS and the customer's smartphone through BLE communication channel to generate a secure session key and establish an authenticated communication session to perform the payment transaction accordingly. A prototype is implemented to assess the performance of the proposed design for mobile payment system. In addition, security analysis is conducted to evaluate the security strength of the proposed protocol.

Comparasion of Password Generator between Coupled Linear Congruential Generator (CLCG) and Linear Congruential Generator (LCG)

NASA Astrophysics Data System (ADS)

Imamah; Djunaidy, A.; Rachmad, A.; Damayanti, F.

2018-01-01

Password is needed to access the computing services. Text password is a combination between characters, numbers and symbols. One of issues is users will often choose guessable passwords, e.g. date of birth, name of pet, or anniversary date. To address this issue, we proposed password generator using Coupled Congruential method (CLCG). CLCG is a method to solve the weakness of Linear Congruential generator (LCG). In this research, we want to prove that CLCG is really good to generate random password compared to LCG method. The result of this research proves that the highest password strength is obtained by CLCG with score 77.4%. Besides of those things, we had proved that term of LCG is also applicable to CLCG.

Chemical composition analysis and authentication of whisky.

PubMed

Wiśniewska, Paulina; Dymerski, Tomasz; Wardencki, Waldemar; Namieśnik, Jacek

2015-08-30

Whisky (whiskey) is one of the most popular spirit-based drinks made from malted or saccharified grains, which should mature for at least 3 years in wooden barrels. High popularity of products usually causes a potential risk of adulteration. Thus authenticity assessment is one of the key elements of food product marketing. Authentication of whisky is based on comparing the composition of this alcohol with other spirit drinks. The present review summarizes all information about the comparison of whisky and other alcoholic beverages, the identification of type of whisky or the assessment of its quality and finally the authentication of whisky. The article also presents the various techniques used for analyzing whisky, such as gas and liquid chromatography with different types of detectors (FID, AED, UV-Vis), electronic nose, atomic absorption spectroscopy and mass spectrometry. In some cases the application of chemometric methods is also described, namely PCA, DFA, LDA, ANOVA, SIMCA, PNN, k-NN and CA, as well as preparation techniques such SPME or SPE. © 2014 Society of Chemical Industry.

Authenticated Quantum Key Distribution with Collective Detection using Single Photons

NASA Astrophysics Data System (ADS)

Huang, Wei; Xu, Bing-Jie; Duan, Ji-Tong; Liu, Bin; Su, Qi; He, Yuan-Hang; Jia, Heng-Yue

2016-10-01

We present two authenticated quantum key distribution (AQKD) protocols by utilizing the idea of collective (eavesdropping) detection. One is a two-party AQKD protocol, the other is a multiparty AQKD protocol with star network topology. In these protocols, the classical channels need not be assumed to be authenticated and the single photons are used as the quantum information carriers. To achieve mutual identity authentication and establish a random key in each of the proposed protocols, only one participant should be capable of preparing and measuring single photons, and the main quantum ability that the rest of the participants should have is just performing certain unitary operations. Security analysis shows that these protocols are free from various kinds of attacks, especially the impersonation attack and the man-in-the-middle (MITM) attack.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

A pedagogical example of second-order arithmetic sequences applied to the construction of computer passwords by upper elementary grade students

NASA Astrophysics Data System (ADS)

Coggins, Porter E.

2015-04-01

The purpose of this paper is (1) to present how general education elementary school age students constructed computer passwords using digital root sums and second-order arithmetic sequences, (2) argue that computer password construction can be used as an engaging introduction to generate interest in elementary school students to study mathematics related to computer science, and (3) share additional mathematical ideas accessible to elementary school students that can be used to create computer passwords. This paper serves to fill a current gap in the literature regarding the integration of mathematical content accessible to upper elementary school students and aspects of computer science in general, and computer password construction in particular. In addition, the protocols presented here can serve as a hook to generate further interest in mathematics and computer science. Students learned to create a random-looking computer password by using biometric measurements of their shoe size, height, and age in months and to create a second-order arithmetic sequence, then converted the resulting numbers into characters that become their computer passwords. This password protocol can be used to introduce students to good computer password habits that can serve a foundation for a life-long awareness of data security. A refinement of the password protocol is also presented.

Impersonation attack on a quantum secure direct communication and authentication protocol with improvement

NASA Astrophysics Data System (ADS)

Amerimehr, Ali; Hadain Dehkordi, Massoud

2018-03-01

We analyze the security of a quantum secure direct communication and authentication protocol based on single photons. We first give an impersonation attack on the protocol. The cryptanalysis shows that there is a gap in the authentication procedure of the protocol so that an opponent can reveal the secret information by an undetectable attempt. We then propose an improvement for the protocol and show it closes the gap by applying a mutual authentication procedure. In the improved protocol single photons are transmitted once in a session, so it is easy to implement as the primary protocol. Furthermore, we use a novel technique for secret order rearrangement of photons by which not only quantum storage is eliminated also a secret key can be reused securely. So the new protocol is applicable in practical approaches like embedded system devices.

A proposal for new keypad design of electronic locks.

PubMed

Trayner, C

1993-10-01

Electronic locks, for which a password is entered on a computer-style keyboard, are described. Certain security problems associated with them are analysed. It is proposed that different labelling of the keyboard keys can reduce this problem. Theoretical figures are provided to support this claim and to aid design.

A PKI Approach for Deploying Modern Secure Distributed E-Learning and M-Learning Environments

ERIC Educational Resources Information Center

Kambourakis, Georgios; Kontoni, Denise-Penelope N.; Rouskas, Angelos; Gritzalis, Stefanos

2007-01-01

While public key cryptography is continuously evolving and its installed base is growing significantly, recent research works examine its potential use in e-learning or m-learning environments. Public key infrastructure (PKI) and attribute certificates (ACs) can provide the appropriate framework to effectively support authentication and…

Multiple-image authentication with a cascaded multilevel architecture based on amplitude field random sampling and phase information multiplexing.

PubMed

Fan, Desheng; Meng, Xiangfeng; Wang, Yurong; Yang, Xiulun; Pan, Xuemei; Peng, Xiang; He, Wenqi; Dong, Guoyan; Chen, Hongyi

2015-04-10

A multiple-image authentication method with a cascaded multilevel architecture in the Fresnel domain is proposed, in which a synthetic encoded complex amplitude is first fabricated, and its real amplitude component is generated by iterative amplitude encoding, random sampling, and space multiplexing for the low-level certification images, while the phase component of the synthetic encoded complex amplitude is constructed by iterative phase information encoding and multiplexing for the high-level certification images. Then the synthetic encoded complex amplitude is iteratively encoded into two phase-type ciphertexts located in two different transform planes. During high-level authentication, when the two phase-type ciphertexts and the high-level decryption key are presented to the system and then the Fresnel transform is carried out, a meaningful image with good quality and a high correlation coefficient with the original certification image can be recovered in the output plane. Similar to the procedure of high-level authentication, in the case of low-level authentication with the aid of a low-level decryption key, no significant or meaningful information is retrieved, but it can result in a remarkable peak output in the nonlinear correlation coefficient of the output image and the corresponding original certification image. Therefore, the method realizes different levels of accessibility to the original certification image for different authority levels with the same cascaded multilevel architecture.

Image authentication using distributed source coding.

PubMed

Lin, Yao-Chung; Varodayan, David; Girod, Bernd

2012-01-01

We present a novel approach using distributed source coding for image authentication. The key idea is to provide a Slepian-Wolf encoded quantized image projection as authentication data. This version can be correctly decoded with the help of an authentic image as side information. Distributed source coding provides the desired robustness against legitimate variations while detecting illegitimate modification. The decoder incorporating expectation maximization algorithms can authenticate images which have undergone contrast, brightness, and affine warping adjustments. Our authentication system also offers tampering localization by using the sum-product algorithm.

Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network

PubMed Central

Malasri, Kriangsiri; Wang, Lan

2009-01-01

A medical sensor network can wirelessly monitor vital signs of humans, making it useful for long-term health care without sacrificing patient comfort and mobility. For such a network to be viable, its design must protect data privacy and authenticity given that medical data are highly sensitive. We identify the unique security challenges of such a sensor network and propose a set of resource-efficient mechanisms to address these challenges. Our solution includes (1) a novel two-tier scheme for verifying the authenticity of patient data, (2) a secure key agreement protocol to set up shared keys between sensor nodes and base stations, and (3) symmetric encryption/decryption for protecting data confidentiality and integrity. We have implemented the proposed mechanisms on a wireless mote platform, and our results confirm their feasibility. PMID:22454585

Cultivating Sustainable and Authentic Service-Learning Partnerships in the Environmental Sciences

NASA Astrophysics Data System (ADS)

Ivanochko, Tara; Grain, Kari

2017-04-01

The two-term, community service-learning capstone course for Environmental Sciences at the University of British Columbia, Canada, aims to support both community and students using authentic science practice in service of the community. During the course development, we implemented a routine process for student and community feedback, instructor reflection and course revision. Drawing on data from 23 interviews and 9 focus groups collected over three years, findings from this study highlight ways that community partnerships can be sustained while students have an authentic science experience. Based on data collected from community partners, we highlight the key processes, challenges, successes, and practical considerations in the creation and sustainability of a scientifically robust service-learning course.

Multi-agent integrated password management (MIPM) application secured with encryption

NASA Astrophysics Data System (ADS)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

Comparison of Fingerprint and Iris Biometric Authentication for Control of Digital Signatures

PubMed Central

Zuckerman, Alan E.; Moon, Kenneth A.; Eaddy, Kenneth

2002-01-01

Biometric authentication systems can be used to control digital signature of medical documents. This pilot study evaluated the use of two different fingerprint technologies and one iris technology to control creation of digital signatures on a central server using public private key pairs stored on the server. Documents and signatures were stored in XML for portability. Key pairs and authentication certificates were generated during biometric enrollment. Usability and user acceptance were guarded and limitations of biometric systems prevented use of the system with all test subjects. The system detected alternations in the data content and provided future signer re-authentication for non-repudiation.

Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys

DOE Office of Scientific and Technical Information (OSTI.GOV)

Benz, Jacob M.; Tolk, Keith; Tanner, Jennifer E.

The Office of Nuclear Verification (ONV) is supporting the development of a piece of equipment to provide data authentication and protection for a suite of monitoring sensors as part of a larger effort to create an arms control technology toolkit. This device, currently called the Red Box, leverages the strengths of both secret and public cryptographic keys to authenticate, digitally sign, and pass along monitoring data to allow for host review, and redaction if necessary, without the loss of confidence in the authenticity of the data by the monitoring party. The design of the Red Box will allow for themore » addition and removal of monitoring equipment and can also verify that the data was collected by authentic monitoring equipment prior to signing the data and sending it to the host and for review. The host will then forward the data to the monitor for review and inspection. This paper will highlight the progress to date of the Red Box development, and will explain the novel method of leveraging both symmetric and asymmetric (secret and public key) cryptography to authenticate data within a warhead monitoring regime.« less

Security Concepts for Satellite Links

NASA Astrophysics Data System (ADS)

Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.

2008-08-01

The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).

Considering Components, Types, and Degrees of Authenticity in Designing Technology to Support Transfer

ERIC Educational Resources Information Center

Hardre, Patricia L.

2013-01-01

Authenticity is a key to using technology for instruction in ways that enhance learning and support learning transfer. Simply put, a representation is authentic when it shows learners clearly what a task, context, or experience will be like in real practice. More authentic representations help people learn and understand better. They support…

Algorithm for personal identification in distance learning system based on registration of keyboard rhythm

NASA Astrophysics Data System (ADS)

Nikitin, P. V.; Savinov, A. N.; Bazhenov, R. I.; Sivandaev, S. V.

2018-05-01

The article describes the method of identifying a person in distance learning systems based on a keyboard rhythm. An algorithm for the organization of access control is proposed, which implements authentication, identification and verification of a person using the keyboard rhythm. Authentication methods based on biometric personal parameters, including those based on the keyboard rhythm, due to the inexistence of biometric characteristics without a particular person, are able to provide an advanced accuracy and inability to refuse authorship and convenience for operators of automated systems, in comparison with other methods of conformity checking. Methods of permanent hidden keyboard monitoring allow detecting the substitution of a student and blocking the key system.

eBiometrics: an enhanced multi-biometrics authentication technique for real-time remote applications on mobile devices

NASA Astrophysics Data System (ADS)

Kuseler, Torben; Lami, Ihsan; Jassim, Sabah; Sellahewa, Harin

2010-04-01

The use of mobile communication devices with advance sensors is growing rapidly. These sensors are enabling functions such as Image capture, Location applications, and Biometric authentication such as Fingerprint verification and Face & Handwritten signature recognition. Such ubiquitous devices are essential tools in today's global economic activities enabling anywhere-anytime financial and business transactions. Cryptographic functions and biometric-based authentication can enhance the security and confidentiality of mobile transactions. Using Biometric template security techniques in real-time biometric-based authentication are key factors for successful identity verification solutions, but are venerable to determined attacks by both fraudulent software and hardware. The EU-funded SecurePhone project has designed and implemented a multimodal biometric user authentication system on a prototype mobile communication device. However, various implementations of this project have resulted in long verification times or reduced accuracy and/or security. This paper proposes to use built-in-self-test techniques to ensure no tampering has taken place on the verification process prior to performing the actual biometric authentication. These techniques utilises the user personal identification number as a seed to generate a unique signature. This signature is then used to test the integrity of the verification process. Also, this study proposes the use of a combination of biometric modalities to provide application specific authentication in a secure environment, thus achieving optimum security level with effective processing time. I.e. to ensure that the necessary authentication steps and algorithms running on the mobile device application processor can not be undermined or modified by an imposter to get unauthorized access to the secure system.

Design of a mutual authentication based on NTRUsign with a perturbation and inherent multipoint control protocol frames in an Ethernet-based passive optical network

NASA Astrophysics Data System (ADS)

Yin, Aihan; Ding, Yisheng

2014-11-01

Identity-related security issues inherently present in passive optical networks (PON) still exist in the current (1G) and next-generation (10G) Ethernet-based passive optical network (EPON) systems. We propose a mutual authentication scheme that integrates an NTRUsign digital signature algorithm with inherent multipoint control protocol (MPCP) frames over an EPON system between the optical line terminal (OLT) and optical network unit (ONU). Here, a primitive NTRUsign algorithm is significantly modified through the use of a new perturbation so that it can be effectively used for simultaneously completing signature and authentication functions on the OLT and the ONU sides. Also, in order to transmit their individual sensitive messages, which include public key, signature, and random value and so forth, to each other, we redefine three unique frames according to MPCP format frame. These generated messages can be added into the frames and delivered to each other, allowing the OLT and the ONU to go ahead with a mutual identity authentication process to verify their legal identities. Our simulation results show that this proposed scheme performs very well in resisting security attacks and has low influence on the registration efficiency to to-be-registered ONUs. A performance comparison with traditional authentication algorithms is also presented. To the best of our knowledge, no detailed design of mutual authentication in EPON can be found in the literature up to now.

Biometrics encryption combining palmprint with two-layer error correction codes

NASA Astrophysics Data System (ADS)

Li, Hengjian; Qiu, Jian; Dong, Jiwen; Feng, Guang

2017-07-01

To bridge the gap between the fuzziness of biometrics and the exactitude of cryptography, based on combining palmprint with two-layer error correction codes, a novel biometrics encryption method is proposed. Firstly, the randomly generated original keys are encoded by convolutional and cyclic two-layer coding. The first layer uses a convolution code to correct burst errors. The second layer uses cyclic code to correct random errors. Then, the palmprint features are extracted from the palmprint images. Next, they are fused together by XORing operation. The information is stored in a smart card. Finally, the original keys extraction process is the information in the smart card XOR the user's palmprint features and then decoded with convolutional and cyclic two-layer code. The experimental results and security analysis show that it can recover the original keys completely. The proposed method is more secure than a single password factor, and has higher accuracy than a single biometric factor.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks.

PubMed

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-12-08

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie-Hellman problem.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks

PubMed Central

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-01-01

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie–Hellman problem. PMID:29292792

Obfuscated authentication systems, devices, and methods

DOEpatents

Armstrong, Robert C; Hutchinson, Robert L

2013-10-22

Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

A Huge Responsibility: Three Keys to Teaching Elementary Students

ERIC Educational Resources Information Center

Davison, Leslie

2014-01-01

Based on her 20 years of teaching Spanish, Leslie Davison strives for a holistic approach to teaching and learning that is authentic and relevant to her young language learners. Herein, she shares three keys to teaching elementary level students in a way that ensures they will have a "Can Do" attitude in terms of language proficiency and…

Improving the Design and Implementation of In-Service Professional Development in Early Childhood Intervention

ERIC Educational Resources Information Center

Dunst, Carl J.

2015-01-01

A model for designing and implementing evidence-­based in­-service professional development in early childhood intervention as well as the key features of the model are described. The key features include professional development specialist (PDS) description and demonstration of an intervention practice, active and authentic job-­embedded…

An Authentic Online Community of Learning Framework for Higher Education: Development Process

ERIC Educational Resources Information Center

Parker, Jenni

2017-01-01

A key challenge for higher education practitioners is to identify how to construct more engaging online environments that promote key learning skills and encourage self-directed learning. This paper discusses a study that investigated how online university courses could be designed to be more engaging. The study employed a design-based research…

dLocAuth: a dynamic multifactor authentication scheme for mCommerce applications using independent location-based obfuscation

NASA Astrophysics Data System (ADS)

Kuseler, Torben; Lami, Ihsan A.

2012-06-01

This paper proposes a new technique to obfuscate an authentication-challenge program (named LocProg) using randomly generated data together with a client's current location in real-time. LocProg can be used to enable any handsetapplication on mobile-devices (e.g. mCommerce on Smartphones) that requires authentication with a remote authenticator (e.g. bank). The motivation of this novel technique is to a) enhance the security against replay attacks, which is currently based on using real-time nonce(s), and b) add a new security factor, which is location verified by two independent sources, to challenge / response methods for authentication. To assure a secure-live transaction, thus reducing the possibility of replay and other remote attacks, the authors have devised a novel technique to obtain the client's location from two independent sources of GPS on the client's side and the cellular network on authenticator's side. The algorithm of LocProg is based on obfuscating "random elements plus a client's data" with a location-based key, generated on the bank side. LocProg is then sent to the client and is designed so it will automatically integrate into the target application on the client's handset. The client can then de-obfuscate LocProg if s/he is within a certain range around the location calculated by the bank and if the correct personal data is supplied. LocProg also has features to protect against trial/error attacks. Analysis of LocAuth's security (trust, threat and system models) and trials based on a prototype implementation (on Android platform) prove the viability and novelty of LocAuth.

An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles

NASA Astrophysics Data System (ADS)

Moriyama, Daisuke; Okamoto, Tatsuaki

This paper presents a (PKI-based) two-pass authenticated key exchange (AKE) protocol that is secure in the extended Canetti-Krawczyk (eCK) security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and relies on no implementation techniques such as a trick by LaMacchia, Lauter and Mityagin (so-called the NAXOS trick). Since an AKE protocol that is eCK-secure under a NAXOS-like implementation trick will be no more eCK-secure if some realistic information leakage occurs through side-channel attacks, it has been an important open problem how to realize an eCK-secure AKE protocol without using the NAXOS tricks (and without random oracles).

Voice Biometrics as a Way to Self-service Password Reset

NASA Astrophysics Data System (ADS)

Hohgräfe, Bernd; Jacobi, Sebastian

Password resets are time consuming. Especially when urgent jobs need to be done, it is cumbersome to inform the user helpdesk, to identify oneself and then to wait for response. It is easy to enter a wrong password multiple times, which leads to the blocking of the application. Voice biometrics is an easy and secure way for individuals to reset their own password. Read more about how you can ease the burden of your user helpdesk and how voice biometric password resets benefit your expense situation without harming your security.

BACTrack: A Surveillance Technique for Detecting and Locating Bioagent Attacks

DTIC Science & Technology

2003-06-10

Implementation • Location History – Location tracking/storage using cell - phone network (geo-location mandated by 2006) • Subscription Services...Reporting – User reports symptoms through automated cell - phone interface using password Individual reports only releasable with password Summary...Earlier detection and location relative to medical surveillance • The cell - phone location based service market can offer a means to implement BACTrack and to distribute its costs

Off-line compatible electronic cash method and system

DOEpatents

Kravitz, D.W.; Gemmell, P.S.; Brickell, E.F.

1998-11-03

An off-line electronic cash system having an electronic coin, a bank B, a payee S, and a user U with an account at the bank B as well as a user password z{sub u,i}, has a method for performing an electronic cash transfer. An electronic coin is withdrawn from the bank B by the user U and an electronic record of the electronic coin is stored by the bank B. The coin is paid to the payee S by the user U. The payee S deposits the coin with the bank B. A determination is made that the coin is spent and the record of the coin is deleted by the bank B. A further deposit of the same coin after the record is deleted is determined. Additionally, a determination is made which user U originally withdrew the coin after deleting the record. To perform these operations a key pair is generated by the user, including public and secret signature keys. The public signature key along with a user password z{sub u,i} and a withdrawal amount are sent to the bank B by the user U. In response, the bank B sends a coin to the user U signed by the secret key of the bank indicating the value of the coin and the public key of the user U. The payee S transmits a challenge counter to the user U prior to receiving the coin. 16 figs.

Off-line compatible electronic cash method and system

DOEpatents

Kravitz, David W.; Gemmell, Peter S.; Brickell, Ernest F.

1998-01-01

An off-line electronic cash system having an electronic coin, a bank B, a payee S, and a user U with an account at the bank B as well as a user password z.sub.u,i, has a method for performing an electronic cash transfer. An electronic coin is withdrawn from the bank B by the user U and an electronic record of the electronic coin is stored by the bank B. The coin is paid to the payee S by the user U. The payee S deposits the coin with the bank B. A determination is made that the coin is spent and the record of the coin is deleted by the bank B. A further deposit of the same coin after the record is deleted is determined. Additionally, a determination is made which user U originally withdrew the coin after deleting the record. To perform these operations a key pair is generated by the user, including public and secret signature keys. The public signature key along with a user password z.sub.u,i and a withdrawal amount are sent to the bank B by the user U. In response, the bank B sends a coin to the user U signed by the secret key of the bankindicating the value of the coin and the public key of the user U. The payee S transmits a challenge counter to the user U prior to receiving the coin.

A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems.

PubMed

Xu, Xin; Zhu, Ping; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua; He, Lian

2014-01-01

In the field of the Telecare Medicine Information System, recent researches have focused on consummating more convenient and secure healthcare delivery services for patients. In order to protect the sensitive information, various attempts such as access control have been proposed to safeguard patients' privacy in this system. However, these schemes suffered from some certain security defects and had costly consumption, which were not suitable for the telecare medicine information system. In this paper, based on the elliptic curve cryptography, we propose a secure and efficient two-factor mutual authentication and key agreement scheme to reduce the computational cost. Such a scheme enables to provide the patient anonymity by employing the dynamic identity. Compared with other related protocols, the security analysis and performance evaluation show that our scheme overcomes some well-known attacks and has a better performance in the telecare medicine information system.

Unconditional security from noisy quantum storage

NASA Astrophysics Data System (ADS)

Wehner, Stephanie

2010-03-01

We consider the implementation of two-party cryptographic primitives based on the sole physical assumption that no large-scale reliable quantum storage is available to the cheating party. An important example of such a task is secure identification. Here, Alice wants to identify herself to Bob (possibly an ATM machine) without revealing her password. More generally, Alice and Bob wish to solve problems where Alice holds an input x (e.g. her password), and Bob holds an input y (e.g. the password an honest Alice should possess), and they want to obtain the value of some function f(x,y) (e.g. the equality function). Security means that the legitimate users should not learn anything beyond this specification. That is, Alice should not learn anything about y and Bob should not learn anything about x, other than what they may be able to infer from the value of f(x,y). We show that any such problem can be solved securely in the noisy-storage model by constructing protocols for bit commitment and oblivious transfer, where we prove security against the most general attack. Our protocols can be implemented with present-day hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties. Our work raises a large number of immediate theoretical as well as experimental questions related to many aspects of quantum information science, such as for example understanding the information carrying properties of quantum channels and memories, randomness extraction, min-entropy sampling, as well as constructing small handheld devices which are suitable for the task of secure identification. [4pt] Full version available at arXiv:0906.1030 (theoretical) and arXiv:0911.2302 (practically oriented).

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

PubMed Central

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic. PMID:27007951

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

PubMed

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

Opportunistic Mobility Support for Resource Constrained Sensor Devices in Smart Cities

PubMed Central

Granlund, Daniel; Holmlund, Patrik; Åhlund, Christer

2015-01-01

A multitude of wireless sensor devices and technologies are being developed and deployed in cities all over the world. Sensor applications in city environments may include highly mobile installations that span large areas which necessitates sensor mobility support. This paper presents and validates two mechanisms for supporting sensor mobility between different administrative domains. Firstly, EAP-Swift, an Extensible Authentication Protocol (EAP)-based sensor authentication protocol is proposed that enables light-weight sensor authentication and key generation. Secondly, a mechanism for handoffs between wireless sensor gateways is proposed. We validate both mechanisms in a real-life study that was conducted in a smart city environment with several fixed sensors and moving gateways. We conduct similar experiments in an industry-based anechoic Long Term Evolution (LTE) chamber with an ideal radio environment. Further, we validate our results collected from the smart city environment against the results produced under ideal conditions to establish best and real-life case scenarios. Our results clearly validate that our proposed mechanisms can facilitate efficient sensor authentication and handoffs while sensors are roaming in a smart city environment. PMID:25738767

Opportunistic mobility support for resource constrained sensor devices in smart cities.

PubMed

Granlund, Daniel; Holmlund, Patrik; Åhlund, Christer

2015-03-02

A multitude of wireless sensor devices and technologies are being developed and deployed in cities all over the world. Sensor applications in city environments may include highly mobile installations that span large areas which necessitates sensor mobility support. This paper presents and validates two mechanisms for supporting sensor mobility between different administrative domains. Firstly, EAP-Swift, an Extensible Authentication Protocol (EAP)-based sensor authentication protocol is proposed that enables light-weight sensor authentication and key generation. Secondly, a mechanism for handoffs between wireless sensor gateways is proposed. We validate both mechanisms in a real-life study that was conducted in a smart city environment with several fixed sensors and moving gateways. We conduct similar experiments in an industry-based anechoic Long Term Evolution (LTE) chamber with an ideal radio environment. Further, we validate our results collected from the smart city environment against the results produced under ideal conditions to establish best and real-life case scenarios. Our results clearly validate that our proposed mechanisms can facilitate efficient sensor authentication and handoffs while sensors are roaming in a smart city environment.

A Remote PLC Laboratory (RLab) for Distance Practical Work of Industrial Automation

NASA Astrophysics Data System (ADS)

Haritman, E.; Somantri, Y.; Wahyudin, D.; Mulyana, E.

2018-02-01

A laboratory is an essential equipment for engineering students to do a useful practical work. Therefore, universities should provide an adequate facility for practical work. On the other hand, industrial automation laboratory would offer students beneficial experience by using various educational PLC kits. This paper describes the development of Web-based Programmable Logic Controller (PLC) remote laboratory called RLab. It provides an environment for learners to study PLC application to control the level of the non-interacting tank. The RLab architecture is based on a Moodle and Remote Desktop, which also manages the booking system of the schedule of practical work in the laboratory. The RLab equipped by USB cameras providing a real-time view of PLC environment. To provide a secured system, the RLab combines Moodle and Remote Desktop application for the authentication system and management of remote users. Moodle will send PartnerID and password to connect to TeamViewer. It has been examined that the laboratory requirement, time and flexibility restrictions constitute a significant obstacle facing traditional students desiring to finish the course. A remote access laboratory can be eliminating time and flexibility restrictions. The preliminary study of RLab usability proved that such system is adequate to give the learners a distance practical work environment.

Image multiplexing and authentication based on double phase retrieval in fresnel transform domain

NASA Astrophysics Data System (ADS)

Chang, Hsuan-Ting; Lin, Che-Hsian; Chen, Chien-Yue

2017-04-01

An image multiplexing and authentication method based on the double-phase retrieval algorithm (DPRA) with the manipulations of wavelength and position in the Fresnel transform (FrT) domain is proposed in this study. The DPRA generates two matched phase-only functions (POFs) in the different planes so that the corresponding image can be reconstructed at the output plane. Given a number of target images, all the sets of matched POFs are used to generate the phase-locked system through the phase modulation and synthesis to achieve the multiplexing purpose. To reconstruct a target image, the corresponding phase key and all the correct parameters in the FrT are required. Therefore, the authentication system with high-level security can be achieved. The computer simulation verifies the validity of the proposed method and also shows good resistance to the crosstalk among the reconstructed images.

Device interoperability and authentication for telemedical appliance based on the ISO/IEEE 11073 Personal Health Device (PHD) Standards.

PubMed

Caranguian, Luther Paul R; Pancho-Festin, Susan; Sison, Luis G

2012-01-01

In this study, we focused on the interoperability and authentication of medical devices in the context of telemedical systems. A recent standard called the ISO/IEEE 11073 Personal Health Device (X73-PHD) Standards addresses the device interoperability problem by defining common protocols for agent (medical device) and manager (appliance) interface. The X73-PHD standard however has not addressed security and authentication of medical devices which is important in establishing integrity of a telemedical system. We have designed and implemented a security policy within the X73-PHD standards. The policy will enable device authentication using Asymmetric-Key Cryptography and the RSA algorithm as the digital signature scheme. We used two approaches for performing the digital signatures: direct software implementation and use of embedded security modules (ESM). The two approaches were evaluated and compared in terms of execution time and memory requirement. For the standard 2048-bit RSA, ESM calculates digital signatures only 12% of the total time for the direct implementation. Moreover, analysis shows that ESM offers more security advantage such as secure storage of keys compared to using direct implementation. Interoperability with other systems was verified by testing the system with LNI Healthlink, a manager software that implements the X73-PHD standard. Lastly, security analysis was done and the system's response to common attacks on authentication systems was analyzed and several measures were implemented to protect the system against them.

An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks.

PubMed

Zhu, Hongfei; Tan, Yu-An; Zhu, Liehuang; Wang, Xianmin; Zhang, Quanxin; Li, Yuanzhang

2018-05-22

With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people's lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size.

An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks

PubMed Central

Zhu, Hongfei; Tan, Yu-an; Zhu, Liehuang; Wang, Xianmin; Zhang, Quanxin; Li, Yuanzhang

2018-01-01

With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people’s lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size. PMID:29789475

An Authentication Protocol for Future Sensor Networks.

PubMed

Bilal, Muhammad; Kang, Shin-Gak

2017-04-28

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.

An Authentication Protocol for Future Sensor Networks

PubMed Central

Bilal, Muhammad; Kang, Shin-Gak

2017-01-01

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols. PMID:28452937

How strong are passwords used to protect personal health information in clinical trials?

PubMed

El Emam, Khaled; Moreau, Katherine; Jonker, Elizabeth

2011-02-11

Findings and statements about how securely personal health information is managed in clinical research are mixed. The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices.

How Strong are Passwords Used to Protect Personal Health Information in Clinical Trials?

PubMed Central

Moreau, Katherine; Jonker, Elizabeth

2011-01-01

Background Findings and statements about how securely personal health information is managed in clinical research are mixed. Objective The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Methods Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. Results We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. Conclusion If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices. PMID:21317106

One-Time Password Tokens | High-Performance Computing | NREL

Science.gov Websites

One-Time Password Tokens One-Time Password Tokens For connecting to NREL's high-performance computing (HPC) systems, learn how to set up a one-time password (OTP) token for remote and privileged a one-time pass code from the HPC Operations team. At the sign-in screen Enter your HPC Username in

Simpler and Safer: One Password Opens Many Online Doors

ERIC Educational Resources Information Center

Carnevale, Dan

2007-01-01

Going online nowadays often requires more log-ins and passwords than most people can remember. Faculty and staff members will sometimes write their various passwords on yellow sticky notes and post them on their computer monitors--leaving confidential data wide open to any passer-by. What if there were just one password? A single log-on for e-mail…

Calculation of key reduction for B92 QKD protocol

NASA Astrophysics Data System (ADS)

Mehic, Miralem; Partila, Pavol; Tovarek, Jaromir; Voznak, Miroslav

2015-05-01

It is well known that Quantum Key Distribution (QKD) can be used with the highest level of security for distribution of the secret key, which is further used for symmetrical encryption. B92 is one of the oldest QKD protocols. It uses only two non-orthogonal states, each one coding for one bit-value. It is much faster and simpler when compared to its predecessors, but with the idealized maximum efficiencies of 25% over the quantum channel. B92 consists of several phases in which initial key is significantly reduced: secret key exchange, extraction of the raw key (sifting), error rate estimation, key reconciliation and privacy amplification. QKD communication is performed over two channels: the quantum channel and the classical public channel. In order to prevent a man-in-the-middle attack and modification of messages on the public channel, authentication of exchanged values must be performed. We used Wegman-Carter authentication because it describes an upper bound for needed symmetric authentication key. We explained the reduction of the initial key in each of QKD phases.

A Fingerprint Encryption Scheme Based on Irreversible Function and Secure Authentication

PubMed Central

Yu, Jianping; Zhang, Peng; Wang, Shulan

2015-01-01

A fingerprint encryption scheme based on irreversible function has been designed in this paper. Since the fingerprint template includes almost the entire information of users' fingerprints, the personal authentication can be determined only by the fingerprint features. This paper proposes an irreversible transforming function (using the improved SHA1 algorithm) to transform the original minutiae which are extracted from the thinned fingerprint image. Then, Chinese remainder theorem is used to obtain the biokey from the integration of the transformed minutiae and the private key. The result shows that the scheme has better performance on security and efficiency comparing with other irreversible function schemes. PMID:25873989

A fingerprint encryption scheme based on irreversible function and secure authentication.

PubMed

Yang, Yijun; Yu, Jianping; Zhang, Peng; Wang, Shulan

2015-01-01

A fingerprint encryption scheme based on irreversible function has been designed in this paper. Since the fingerprint template includes almost the entire information of users' fingerprints, the personal authentication can be determined only by the fingerprint features. This paper proposes an irreversible transforming function (using the improved SHA1 algorithm) to transform the original minutiae which are extracted from the thinned fingerprint image. Then, Chinese remainder theorem is used to obtain the biokey from the integration of the transformed minutiae and the private key. The result shows that the scheme has better performance on security and efficiency comparing with other irreversible function schemes.

A CoAP-Based Network Access Authentication Service for Low-Power Wide Area Networks: LO-CoAP-EAP.

PubMed

Garcia-Carrillo, Dan; Marin-Lopez, Rafael; Kandasamy, Arunprabhu; Pelov, Alexander

2017-11-17

The Internet-of-Things (IoT) landscape is expanding with new radio technologies. In addition to the Low-Rate Wireless Personal Area Network (LR-WPAN), the recent set of technologies conforming the so-called Low-Power Wide Area Networks (LP-WAN) offers long-range communications, allowing one to send small pieces of information at a reduced energy cost, which promotes the creation of new IoT applications and services. However, LP-WAN technologies pose new challenges since they have strong limitations in the available bandwidth. In general, a first step prior to a smart object being able to gain access to the network is the process of network access authentication. It involves authentication, authorization and key management operations. This process is of vital importance for operators to control network resources. However, proposals for managing network access authentication in LP-WAN are tailored to the specifics of each technology, which could introduce interoperability problems in the future. In this sense, little effort has been put so far into providing a wireless-independent solution for network access authentication in the area of LP-WAN. To fill this gap, we propose a service named Low-Overhead CoAP-EAP (LO-CoAP-EAP), which is based on previous work designed for LR-WPAN. LO-CoAP-EAP integrates the use of Authentication, Authorization and Accounting (AAA) infrastructures and the Extensible Authentication Protocol (EAP) protocol. For this integration, we use the Constrained Application Protocol (CoAP) to design a network authentication service independent of the type of LP-WAN technology. LO-CoAP-EAP represents a trade-off between flexibility, wireless technology independence, scalability and performance in LP-WAN.

A CoAP-Based Network Access Authentication Service for Low-Power Wide Area Networks: LO-CoAP-EAP

PubMed Central

Garcia-Carrillo, Dan; Marin-Lopez, Rafael; Kandasamy, Arunprabhu; Pelov, Alexander

2017-01-01

The Internet-of-Things (IoT) landscape is expanding with new radio technologies. In addition to the Low-Rate Wireless Personal Area Network (LR-WPAN), the recent set of technologies conforming the so-called Low-Power Wide Area Networks (LP-WAN) offers long-range communications, allowing one to send small pieces of information at a reduced energy cost, which promotes the creation of new IoT applications and services. However, LP-WAN technologies pose new challenges since they have strong limitations in the available bandwidth. In general, a first step prior to a smart object being able to gain access to the network is the process of network access authentication. It involves authentication, authorization and key management operations. This process is of vital importance for operators to control network resources. However, proposals for managing network access authentication in LP-WAN are tailored to the specifics of each technology, which could introduce interoperability problems in the future. In this sense, little effort has been put so far into providing a wireless-independent solution for network access authentication in the area of LP-WAN. To fill this gap, we propose a service named Low-Overhead CoAP-EAP (LO-CoAP-EAP), which is based on previous work designed for LR-WPAN. LO-CoAP-EAP integrates the use of Authentication, Authorization and Accounting (AAA) infrastructures and the Extensible Authentication Protocol (EAP) protocol. For this integration, we use the Constrained Application Protocol (CoAP) to design a network authentication service independent of the type of LP-WAN technology. LO-CoAP-EAP represents a trade-off between flexibility, wireless technology independence, scalability and performance in LP-WAN. PMID:29149040

Pursuing Authenticity From Process to Outcome in a Community-Based Participatory Research Study of Intimate Partner Violence and HIV Vulnerability in North Karnataka, India

PubMed Central

Blanchard, Andrea Katryn; Sangha, Chaitanya AIDS Tadegattuva Mahila; Nair, Sapna G.; Thalinja, Raghavendra; Srikantamurthy, H.S.; Ramanaik, Satyanaryana; Javalkar, Prakash; Pillai, Priya; Isac, Shajy; Collumbien, Martine; Heise, Lori; Bhattacharjee, Parinita; Bruce, Sharon Gail

2016-01-01

Community-based participatory research has been seen to hold great promise by researchers aiming to bridge research and action in global health programs and practice. However, there is still much debate around whether achieving authenticity in terms of in-depth collaboration between community and academic partners is possible while pursuing academic expectations for quality. This article describes the community-based methodology for a qualitative study to explore intimate partner violence and HIV/AIDS among women in sex work, or female sex workers, and their male partners in Karnataka, South India. Developed through collaborative processes, the study methodology followed an interpretive approach to qualitative inquiry, with three key components including long-term partnerships, knowledge exchange, and orientation toward action. We then discuss lessons learned on how to pursue authenticity in terms of truly collaborative processes with inherent value that also contribute to, rather than hinder, the instrumental goal of enhancing the quality and relevance of the research outcomes. PMID:27378133

Design and implementation of face recognition system based on Windows

NASA Astrophysics Data System (ADS)

Zhang, Min; Liu, Ting; Li, Ailan

2015-07-01

In view of the basic Windows login password input way lacking of safety and convenient operation, we will introduce the biometrics technology, face recognition, into the computer to login system. Not only can it encrypt the computer system, also according to the level to identify administrators at all levels. With the enhancement of the system security, user input can neither be a cumbersome nor worry about being stolen password confidential.

Authentic Assessment: Creating a Blueprint for Course Design

ERIC Educational Resources Information Center

Villarroel, Verónica; Bloxham, Susan; Bruna, Daniela; Bruna, Carola; Herrera-Seda, Constanza

2018-01-01

Authenticity has been identified as a key characteristic of assessment design which promotes learning. Authentic assessment aims to replicate the tasks and performance standards typically found in the world of work, and has been found to have a positive impact on student learning, autonomy, motivation, self-regulation and metacognition; abilities…

Information security system based on virtual-optics imaging methodology and public key infrastructure

NASA Astrophysics Data System (ADS)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

Access and accounting schemes of wireless broadband

NASA Astrophysics Data System (ADS)

Zhang, Jian; Huang, Benxiong; Wang, Yan; Yu, Xing

2004-04-01

In this paper, two wireless broadband access and accounting schemes were introduced. There are some differences in the client and the access router module between them. In one scheme, Secure Shell (SSH) protocol is used in the access system. The SSH server makes the authentication based on private key cryptography. The advantage of this scheme is the security of the user's information, and we have sophisticated access control. In the other scheme, Secure Sockets Layer (SSL) protocol is used the access system. It uses the technology of public privacy key. Nowadays, web browser generally combines HTTP and SSL protocol and we use the SSL protocol to implement the encryption of the data between the clients and the access route. The schemes are same in the radius sever part. Remote Authentication Dial in User Service (RADIUS), as a security protocol in the form of Client/Sever, is becoming an authentication/accounting protocol for standard access to the Internet. It will be explained in a flow chart. In our scheme, the access router serves as the client to the radius server.

Authentication of digital video evidence

NASA Astrophysics Data System (ADS)

Beser, Nicholas D.; Duerr, Thomas E.; Staisiunas, Gregory P.

2003-11-01

In response to a requirement from the United States Postal Inspection Service, the Technical Support Working Group tasked The Johns Hopkins University Applied Physics Laboratory (JHU/APL) to develop a technique tha will ensure the authenticity, or integrity, of digital video (DV). Verifiable integrity is needed if DV evidence is to withstand a challenge to its admissibility in court on the grounds that it can be easily edited. Specifically, the verification technique must detect additions, deletions, or modifications to DV and satisfy the two-part criteria pertaining to scientific evidence as articulated in Daubert et al. v. Merrell Dow Pharmaceuticals Inc., 43 F3d (9th Circuit, 1995). JHU/APL has developed a prototype digital video authenticator (DVA) that generates digital signatures based on public key cryptography at the frame level of the DV. Signature generation and recording is accomplished at the same time as DV is recorded by the camcorder. Throughput supports the consumer-grade camcorder data rate of 25 Mbps. The DVA software is implemented on a commercial laptop computer, which is connected to a commercial digital camcorder via the IEEE-1394 serial interface. A security token provides agent identification and the interface to the public key infrastructure (PKI) that is needed for management of the public keys central to DV integrity verification.

When Sharing Is a Bad Idea: The Effects of Online Social Network Engagement and Sharing Passwords with Friends on Cyberbullying Involvement.

PubMed

Meter, Diana J; Bauman, Sheri

2015-08-01

Every day, children and adolescents communicate online via social networking sites (SNSs). They also report sharing passwords with peers and friends, a potentially risky behavior in regard to cyber safety. This longitudinal study tested the hypotheses that social network engagement in multiple settings would predict more cyberbullying involvement over time, and that youth who reported sharing passwords would also experience an increase in cyberbullying involvement. Data were collected at two time points one year apart from 1,272 third through eighth grade students. In line with the first study hypothesis, participating in more online SNSs was associated with increased cyberbullying involvement over time, as well as sharing passwords over time. Cyberbullying involvement at T1 predicted decreases in sharing passwords over time, suggesting that youth become aware of the dangers of sharing passwords as a result of their experience. Sharing passwords at T1 was unrelated to cyberbullying involvement at T2. Although it seems that youth may be learning from their previous mistakes, due to the widespread use of social media and normality of sharing passwords among young people, it is important to continue to educate youth about cyber safety and risky online behavior.

Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

DOEpatents

Strait, Robert S.; Pearson, Peter K.; Sengupta, Sailes K.

2000-01-01

A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced value is not a codeword, the nearest codeword to it is found, and the bits that were corrected to produce the codeword to it is found, and the bits that were corrected to produce the codeword are also toggled in the biometric measurement taken and the codeword generated during enrollment. The correction scheme can be implemented by any conventional error correction code such as Reed-Muller code R(m,n). In the implementation using a hand geometry device an R(2,5) code has been used in this invention. Such codeword and biometric measurement can then be used to see if the individual is an authorized user. Conventional Diffie-Hellman public key encryption schemes and hashing procedures can then be used to secure the communications lines carrying the biometric information and to secure the database of authorized users.

Secure Authentication for Remote Patient Monitoring with Wireless Medical Sensor Networks †

PubMed Central

Hayajneh, Thaier; Mohd, Bassam J; Imran, Muhammad; Almashaqbeh, Ghada; Vasilakos, Athanasios V.

2016-01-01

There is broad consensus that remote health monitoring will benefit all stakeholders in the healthcare system and that it has the potential to save billions of dollars. Among the major concerns that are preventing the patients from widely adopting this technology are data privacy and security. Wireless Medical Sensor Networks (MSNs) are the building blocks for remote health monitoring systems. This paper helps to identify the most challenging security issues in the existing authentication protocols for remote patient monitoring and presents a lightweight public-key-based authentication protocol for MSNs. In MSNs, the nodes are classified into sensors that report measurements about the human body and actuators that receive commands from the medical staff and perform actions. Authenticating these commands is a critical security issue, as any alteration may lead to serious consequences. The proposed protocol is based on the Rabin authentication algorithm, which is modified in this paper to improve its signature signing process, making it suitable for delay-sensitive MSN applications. To prove the efficiency of the Rabin algorithm, we implemented the algorithm with different hardware settings using Tmote Sky motes and also programmed the algorithm on an FPGA to evaluate its design and performance. Furthermore, the proposed protocol is implemented and tested using the MIRACL (Multiprecision Integer and Rational Arithmetic C/C++) library. The results show that secure, direct, instant and authenticated commands can be delivered from the medical staff to the MSN nodes. PMID:27023540

Secure Authentication for Remote Patient Monitoring with Wireless Medical Sensor Networks.

PubMed

Hayajneh, Thaier; Mohd, Bassam J; Imran, Muhammad; Almashaqbeh, Ghada; Vasilakos, Athanasios V

2016-03-24

There is broad consensus that remote health monitoring will benefit all stakeholders in the healthcare system and that it has the potential to save billions of dollars. Among the major concerns that are preventing the patients from widely adopting this technology are data privacy and security. Wireless Medical Sensor Networks (MSNs) are the building blocks for remote health monitoring systems. This paper helps to identify the most challenging security issues in the existing authentication protocols for remote patient monitoring and presents a lightweight public-key-based authentication protocol for MSNs. In MSNs, the nodes are classified into sensors that report measurements about the human body and actuators that receive commands from the medical staff and perform actions. Authenticating these commands is a critical security issue, as any alteration may lead to serious consequences. The proposed protocol is based on the Rabin authentication algorithm, which is modified in this paper to improve its signature signing process, making it suitable for delay-sensitive MSN applications. To prove the efficiency of the Rabin algorithm, we implemented the algorithm with different hardware settings using Tmote Sky motes and also programmed the algorithm on an FPGA to evaluate its design and performance. Furthermore, the proposed protocol is implemented and tested using the MIRACL (Multiprecision Integer and Rational Arithmetic C/C++) library. The results show that secure, direct, instant and authenticated commands can be delivered from the medical staff to the MSN nodes.

Authentic leadership: develop the leader within.

PubMed

Yasinski, Lesia

2014-03-01

Great leadership usually starts with a willing heart, a positive attitude, and a desire to make a difference. Strong leadership is important, in today's health care climate, to ensure optimal patient outcomes and the fostering of future generations of knowledgeable, motivated and enthusiastic perioperative nurses. This article will explore key elements necessary for the development of authentic leadership. While highlighting the role that personal development plays in leadership skills, this article will also discuss ways to cultivate authenticity in leadership. The following questions will be addressed: What is authentic leadership? How does one become an authentic leader?

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

PubMed

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

PubMed Central

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-01-01

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes. PMID:24721764

Security Enhancement Using Cache Based Reauthentication in WiMAX Based E-Learning System

PubMed Central

Rajagopal, Chithra; Bhuvaneshwaran, Kalaavathi

2015-01-01

WiMAX networks are the most suitable for E-Learning through their Broadcast and Multicast Services at rural areas. Authentication of users is carried out by AAA server in WiMAX. In E-Learning systems the users must be forced to perform reauthentication to overcome the session hijacking problem. The reauthentication of users introduces frequent delay in the data access which is crucial in delaying sensitive applications such as E-Learning. In order to perform fast reauthentication caching mechanism known as Key Caching Based Authentication scheme is introduced in this paper. Even though the cache mechanism requires extra storage to keep the user credentials, this type of mechanism reduces the 50% of the delay occurring during reauthentication. PMID:26351658

Security Enhancement Using Cache Based Reauthentication in WiMAX Based E-Learning System.

PubMed

Rajagopal, Chithra; Bhuvaneshwaran, Kalaavathi

2015-01-01

WiMAX networks are the most suitable for E-Learning through their Broadcast and Multicast Services at rural areas. Authentication of users is carried out by AAA server in WiMAX. In E-Learning systems the users must be forced to perform reauthentication to overcome the session hijacking problem. The reauthentication of users introduces frequent delay in the data access which is crucial in delaying sensitive applications such as E-Learning. In order to perform fast reauthentication caching mechanism known as Key Caching Based Authentication scheme is introduced in this paper. Even though the cache mechanism requires extra storage to keep the user credentials, this type of mechanism reduces the 50% of the delay occurring during reauthentication.

Locking it down

PubMed Central

Grindrod, Kelly; Boersema, Jonathan; Waked, Khrystine; Smith, Vivian; Yang, Jilan; Gebotys, Catherine

2016-01-01

Objective: To explore the privacy and security of free medication applications (apps) available to Canadian consumers. Methods: The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen’s Kappa statistic was used to measure interrater agreement. Results: Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Conclusion: Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps. PMID:28286594

Locking it down: The privacy and security of mobile medication apps.

PubMed

Grindrod, Kelly; Boersema, Jonathan; Waked, Khrystine; Smith, Vivian; Yang, Jilan; Gebotys, Catherine

2017-01-01

To explore the privacy and security of free medication applications (apps) available to Canadian consumers. The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen's Kappa statistic was used to measure interrater agreement. Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

Development of an electronic radiation oncology patient information management system.

PubMed

Mandal, Abhijit; Asthana, Anupam Kumar; Aggarwal, Lalit Mohan

2008-01-01

The quality of patient care is critically influenced by the availability of accurate information and its efficient management. Radiation oncology consists of many information components, for example there may be information related to the patient (e.g., profile, disease site, stage, etc.), to people (radiation oncologists, radiological physicists, technologists, etc.), and to equipment (diagnostic, planning, treatment, etc.). These different data must be integrated. A comprehensive information management system is essential for efficient storage and retrieval of the enormous amounts of information. A radiation therapy patient information system (RTPIS) has been developed using open source software. PHP and JAVA script was used as the programming languages, MySQL as the database, and HTML and CSF as the design tool. This system utilizes typical web browsing technology using a WAMP5 server. Any user having a unique user ID and password can access this RTPIS. The user ID and password is issued separately to each individual according to the person's job responsibilities and accountability, so that users will be able to only access data that is related to their job responsibilities. With this system authentic users will be able to use a simple web browsing procedure to gain instant access. All types of users in the radiation oncology department should find it user-friendly. The maintenance of the system will not require large human resources or space. The file storage and retrieval process would be be satisfactory, unique, uniform, and easily accessible with adequate data protection. There will be very little possibility of unauthorized handling with this system. There will also be minimal risk of loss or accidental destruction of information.

Entity Resolution Workflow Installation Process and User Guide

DTIC Science & Technology

2013-07-01

Program Files\\PostgreSQL\\9.1\\data superuser ( postgres ), service account ( postgres ) password : "password" Port #: 5432 Add an environment variable...in this report. • Run the script found in <GG_HOME>\\ globalgraph-dist-1.4.6-final\\schema- ddl\\postgresSetup.bat. This script will set up Postgres ...Username: postgres DB Admin PWD: password GlobalGraph App User: gguser GlobalGraph App PWD: password • Restart the Postgres service using the Windows

Proteomics for the authentication of fish species.

PubMed

Mazzeo, Maria Fiorella; Siciliano, Rosa Anna

2016-09-16

Assessment of seafood authenticity and origin, mainly in the case of processed products (fillets, sticks, baby food) represents the crucial point to prevent fraudulent deceptions thus guaranteeing market transparency and consumers health. The most dangerous practice that jeopardies fish safety is intentional or unintentional mislabeling, originating from the substitution of valuable fish species with inferior ones. Conventional analytical methods for fish authentication are becoming inadequate to comply with the strict regulations issued by the European Union and with the increase of mislabeling due to the introduction on the market of new fish species and market globalization. This evidence prompts the development of high-throughput approaches suitable to identify unambiguous biomarkers of authenticity and screen a large number of samples with minimal time consumption. Proteomics provides suitable and powerful tools to investigate main aspects of food quality and safety and has given an important contribution in the field of biomarkers discovery applied to food authentication. This report describes the most relevant methods developed to assess fish identity and offers a perspective on their potential in the evaluation of fish quality and safety thus depicting the key role of proteomics in the authentication of fish species and processed products. The assessment of fishery products authenticity is a main issue in the control quality process as deceptive practices could imply severe health risks. Proteomics based methods could significantly contribute to detect falsification and frauds, thus becoming a reliable operative first-line testing resource in food authentication. Copyright © 2016 Elsevier B.V. All rights reserved.

An authentication scheme to healthcare security under wireless sensor networks.

PubMed

Hsiao, Tsung-Chih; Liao, Yu-Ting; Huang, Jen-Yan; Chen, Tzer-Shyong; Horng, Gwo-Boa

2012-12-01

In recent years, Taiwan has been seeing an extension of the average life expectancy and a drop in overall fertility rate, initiating our country into an aged society. Due to this phenomenon, how to provide the elderly and patients with chronic diseases a suitable healthcare environment has become a critical issue presently. Therefore, we propose a new scheme that integrates healthcare services with wireless sensor technology in which sensor nodes are employed to measure patients' vital signs. Data collected from these sensor nodes are then transmitted to mobile devices of the medical staff and system administrator, promptly enabling them to understand the patients' condition in real time, which will significantly improve patients' healthcare quality. As per the personal data protection act, patients' vital signs can only be accessed by authorized medical staff. In order to protect patients', the system administrator will verify the medical staff's identity through the mobile device using a smart card and password mechanism. Accordingly, only the verified medical staff can obtain patients' vital signs data such as their blood pressure, pulsation, and body temperature, etc.. Besides, the scheme includes a time-bounded characteristic that allows the verified staff access to data without having to have to re-authenticate and re-login into the system within a set period of time. Consequently, the time-bounded property also increases the work efficiency of the system administrator and user.

Encryption for Remote Control via Internet or Intranet

NASA Technical Reports Server (NTRS)

Lineberger, Lewis

2005-01-01

A data-communication protocol has been devised to enable secure, reliable remote control of processes and equipment via a collision-based network, while using minimal bandwidth and computation. The network could be the Internet or an intranet. Control is made secure by use of both a password and a dynamic key, which is sent transparently to a remote user by the controlled computer (that is, the computer, located at the site of the equipment or process to be controlled, that exerts direct control over the process). The protocol functions in the presence of network latency, overcomes errors caused by missed dynamic keys, and defeats attempts by unauthorized remote users to gain control. The protocol is not suitable for real-time control, but is well suited for applications in which control latencies up to about 0.5 second are acceptable. The encryption scheme involves the use of both a dynamic and a private key, without any additional overhead that would degrade performance. The dynamic key is embedded in the equipment- or process-monitor data packets sent out by the controlled computer: in other words, the dynamic key is a subset of the data in each such data packet. The controlled computer maintains a history of the last 3 to 5 data packets for use in decrypting incoming control commands. In addition, the controlled computer records a private key (password) that is given to the remote computer. The encrypted incoming command is permuted by both the dynamic and private key. A person who records the command data in a given packet for hostile purposes cannot use that packet after the public key expires (typically within 3 seconds). Even a person in possession of an unauthorized copy of the command/remote-display software cannot use that software in the absence of the password. The use of a dynamic key embedded in the outgoing data makes the central-processing unit overhead very small. The use of a National Instruments DataSocket(TradeMark) (or equivalent) protocol or the User Datagram Protocol makes it possible to obtain reasonably short response times: Typical response times in event-driven control, using packets sized .300 bytes, are <0.2 second for commands issued from locations anywhere on Earth. The protocol requires that control commands represent absolute values of controlled parameters (e.g., a specified temperature), as distinguished from changes in values of controlled parameters (e.g., a specified increment of temperature). Each command is issued three or more times to ensure delivery in crowded networks. The use of absolute-value commands prevents additional (redundant) commands from causing trouble. Because a remote controlling computer receives "talkback" in the form of data packets from the controlled computer, typically within a time interval < or =1 s, the controlling computer can re-issue a command if network failure has occurred. The controlled computer, the process or equipment that it controls, and any human operator(s) at the site of the controlled equipment or process should be equipped with safety measures to prevent damage to equipment or injury to humans. These features could be a combination of software, external hardware, and intervention by the human operator(s). The protocol is not fail-safe, but by adopting these safety measures as part of the protocol, one makes the protocol a robust means of controlling remote processes and equipment by use of typical office computers via intranets and/or the Internet.

The Core of Care Management: The Role of Authentic Relationships in Caring for Patients with Frequent Hospitalizations

PubMed Central

Hawthorne, Margaret; LaNoue, Marianna; Brenner, Jeffrey

2016-01-01

Abstract In the movement to improve the health of patients with multiple chronic conditions and vulnerabilities, while reducing the need for hospitalizations, care management programs have garnered wide attention and support. The qualitative data presented in this paper sheds new light on key components of successful chronic care management programs. By going beyond a task- and temporal-based framework, this analysis identifies and defines the importance of “authentic healing relationships” in driving individual and systemic change. Drawing on the voices of 30 former clients of the Camden Coalition of Healthcare Providers, the investigators use qualitative methods to identify and elaborate the core elements of the authentic healing relationship—security, genuineness, and continuity—a relationship that is linked to patient motivation and active health management. Although not readily found in the traditional health care delivery system, these authentic healing relationships present significant implications for addressing the persistent health-related needs of patients with frequent hospitalizations. (Population Health Management 2016;19:248–256) PMID:26565379

Filtering methods for broadcast authentication against PKC-based denial of service in WSN: a survey

NASA Astrophysics Data System (ADS)

Afianti, Farah; Wirawan, Iwan; Suryani, Titiek

2017-11-01

Broadcast authentication is used to determine legitimate packet from authorized user. The received packet can be forwarded or used for the further purpose. The use of digital signature is one of the compromising methods but it is followed by high complexity especially in the verification process. That phenomenon is used by the adversary to force the user to verify a lot of false packet data. Kind of Denial of Service (DoS) which attacks the main signature can be mitigated by using pre-authentication methods as the first layer to filter false packet data. The objective of the filter is not replacing the main signature but as an addition to actual verification in the sensor node. This paper contributes in comparing the cost of computation, storage, and communication among several filters. The result shows Pre- Authenticator and Dos Attack-Resistant scheme have the lower overhead than the others. Thus followed by needing powerful sender. Moreover, the key chain is promising methods because of efficiency and effectiveness.

A DRM based on renewable broadcast encryption

NASA Astrophysics Data System (ADS)

Ramkumar, Mahalingam; Memon, Nasir

2005-07-01

We propose an architecture for digital rights management based on a renewable, random key pre-distribution (KPD) scheme, HARPS (hashed random preloaded subsets). The proposed architecture caters for broadcast encryption by a trusted authority (TA) and by "parent" devices (devices used by vendors who manufacture compliant devices) for periodic revocation of devices. The KPD also facilitates broadcast encryption by peer devices, which permits peers to distribute content, and efficiently control access to the content encryption secret using subscription secrets. The underlying KPD also caters for broadcast authentication and mutual authentication of any two devices, irrespective of the vendors manufacturing the device, and thus provides a comprehensive solution for securing interactions between devices taking part in a DRM system.

Individual differences in cyber security behaviors: an examination of who is sharing passwords.

PubMed

Whitty, Monica; Doodson, James; Creese, Sadie; Hodges, Duncan

2015-01-01

In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found younger [corrected] people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns.

Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords

PubMed Central

Doodson, James; Creese, Sadie; Hodges, Duncan

2015-01-01

Abstract In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found older people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns. PMID:25517697

Unisys Corporation OS 1100

DTIC Science & Technology

1989-09-27

a run is always the @RUN statement, which can specify user-id, account number, and project-id. The @ PASSWD statement specifies password and security...Every-Page-Label Options PASSWD password for batch; F36 User-id validation chang for demand; comp, nent set for batch LEV change Clearance Level F33...clearance level @@PASS Change password F36 Current valid password must @@ PASSWD be specified @@SEND Display a print file F16 Sym to user-id or site-id that is

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

The Key to Leadership Effectiveness--Leader Authenticity.

ERIC Educational Resources Information Center

Henderson, James E.

When an education leader develops and maintains policies that line up with the imperatives of ethical and authentic behavior, this defines the character of both the leader and the organization. Some of the questions surrounding this assertion are examined in this paper. It looks at what it means when a leader behaves in an authentic fashion, how…