Biblio

Filters: Author is Ruggeri, Armando  [Clear All Filters]
2022-08-01
Catalfamo, Alessio, Ruggeri, Armando, Celesti, Antonio, Fazio, Maria, Villari, Massimo.  2021.  A Microservices and Blockchain Based One Time Password (MBB-OTP) Protocol for Security-Enhanced Authentication. 2021 IEEE Symposium on Computers and Communications (ISCC). :1—6.
Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.
2021-09-16
Ruggeri, Armando, Celesti, Antonio, Fazio, Maria, Galletta, Antonino, Villari, Massimo.  2020.  BCB-X3DH: A Blockchain Based Improved Version of the Extended Triple Diffie-Hellman Protocol. 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :73–78.
The Extended Triple Diffie-Hellman (X3DH) protocol has been used for years as the basis of secure communication establishment among parties (i.e, humans and devices) over the Internet. However, such a protocol has several limits. It is typically based on a single trust third-party server that represents a single point of failure (SPoF) being consequently exposed to well- known Distributed Denial of Service (DDOS) attacks. In order to address such a limit, several solutions have been proposed so far that are often cost expensive and difficult to be maintained. The objective of this paper is to propose a BlockChain-Based X3DH (BCB-X3DH) protocol that allows eliminating such a SPoF, also simplifying its maintenance. Specifically, it combines the well- known X3DH security mechanisms with the intrinsic features of data non-repudiation and immutability that are typical of Smart Contracts. Furthermore, different implementation approaches are discussed to suits both human-to-human and device-to-device scenarios. Experiments compared the performance of both X3DH and BCB-X3DH.