Biblio

People increasingly rely on mobile devices for banking transactions or two-factor authentication (2FA) and thus trust in the security provided by the underlying operating system. Simultaneously, jailbreaks gain tremendous popularity among regular users for customizing their devices. In this paper, we show that both do not go well together: Jailbreaks remove vital security mechanisms, which are necessary to ensure a trusted environment that allows to protect sensitive data, such as login credentials and transaction numbers (TANs). We find that all but one banking app, available in the iOS App Store, can be fully compromised by trivial means without reverse-engineering, manipulating the app, or other sophisticated attacks. Even worse, 44% of the banking apps do not even try to detect jailbreaks, revealing the prevalent, errant trust in the operating system's security. This study assesses the current state of security of banking apps and pleads for more advanced defensive measures for protecting user data.

MAC using a counter value in message authentication for in-vehicle network prevents replay attack. When synchronization deviation of the counter value occurs between the sender and receiver, a message cannot be authenticated correctly because the generated MACs are different. Thus, a counter synchronization method has been proposed. In addition, injection and replay attack of a synchronization message for the synchronization method have been performed. However, DoS attack on the synchronization method has not been conducted. This study performs DoS attack in order to evaluate security of the synchronization method. Experimental results reveal the vulnerability of the synchronization method against DoS attack.

Considering the security of message exchange between service robot and cloud, we propose to authenticate the message integrity based on RSA algorithm and digital signature. In the process of message transmission, RSA algorithm is used to encrypt message for service robot and decrypt message for cloud. The digital signature algorithm is used to authenticate the source of the message. The results of experiment have proved that the proposed scheme can guarantee the security of message transmission.

Hash message authentication is a fundamental building block of many networking security protocols such as SSL, TLS, FTP, and even HTTPS. The sponge-based SHA-3 hashing algorithm is the most recently developed hashing function as a result of a NIST competition to find a new hashing standard after SHA-1 and SHA-2 were found to have collisions, and thus were considered broken. We used Xilinx High-Level Synthesis to develop an optimized and pipelined version of the post-quantum-secure SHA-3 hash message authentication code (HMAC) which is capable of computing a HMAC every 280 clock-cycles with an overall throughput of 604 Mbps. We cover the general security of sponge functions in both a classical and quantum computing standpoint for hash functions, and offer a general architecture for HMAC computation when sponge functions are used.

The use of information systems is a solutions to support the operations of the institution. In order to access information systems in accordance with their access rights, usually the user will enter a username and password as the authentication process. However, this has a weakness if the other side is cheating by sniffing or tapping user passwords. This makes the password unsafe to use for access information systems. If the username and password if it is stolen, abuse will occur for the crime or theft of the owner's identity accounts like name, email, telephone number, biological mother's name, account number and others. One solution is to apply two factor authentication method which is Time-Based One Time Password (TOTP) and Secure Algorithm Hash Algorithm 1 (SHA1). With this method, the system Authentication of a website or site does not only depend on the username and password to enter the account user but the user will get a token or code which is used to log in to the user's account. After testing hundred times, the authentication process who use Two Factor Authentication can tackle possible attacks on abuse o user access rights. Time Based Application One Time Password and Secure Hash Algorithm 1 Generate code that can't be the same because of the code it can only be used once with a time limit certain so it is difficult to guess. SHA1 with long input different strings will produce output with a fixed length string of 160 bits. Test results are obtained the results that 30 seconds is enough to prevent hackers log in and take over the account without permission and also prove that two-factor authentication can increase the security of the authentication process well. The time above is the result of testing the process user authentication until the hacker sniffing against tokens to try to take over the account.

Cryptographic hash functions play a crucial role in information security. Cryptographic hash functions are used in various cryptographic applications to verify the message authenticity and integrity. In this paper we propose a Cellular Automata Based Hashing Algorithm (CABHA) for generating strong cryptographic hash function. The proposed CABHA algorithm uses the cellular automata rules and a custom transformation function to create a strong hash from an input message and a key.

We consider a setup in which the channel from Alice to Bob is less noisy than the channel from Eve to Bob. We show that there exist encoding and decoding which accomplish error correction and authentication simultaneously; that is, Bob is able to correctly decode a message coming from Alice and reject a message coming from Eve with high probability. The system does not require any secret key shared between Alice and Bob, provides information theoretic security, and can safely be composed with other protocols in an arbitrary context.

Examines the shortcomings of existing methods of user authentication when accessing remote information systems. Proposed method of multi-factor authentication based on validation of knowledge of a secret password and verify that the habits and preferences of Internet user's interests, defined by registration in the system. Identifies the language and tools implementation of the proposed authentication algorithm.

Passwords are still the most widespread means for authenticating users, even though they have been shown to create huge security problems. This motivated the use of additional authentication mechanisms used in so-called multi-factor authentication protocols. In this paper we define a detailed threat model for this kind of protocols: while in classical protocol analysis attackers control the communication network, we take into account that many communications are performed over TLS channels, that computers may be infected by different kinds of malwares, that attackers could perform phishing, and that humans may omit some actions. We formalize this model in the applied pi calculus and perform an extensive analysis and comparison of several widely used protocols - variants of Google 2-step and FIDO's U2F. The analysis is completely automated, generating systematically all combinations of threat scenarios for each of the protocols and using the P ROVERIF tool for automated protocol analysis. Our analysis highlights weaknesses and strengths of the different protocols, and allows us to suggest several small modifications of the existing protocols which are easy to implement, yet improve their security in several threat scenarios.

Mobile ad hoc network (MANET) does not have fixed infrastructure centralized server which manage the connections between the nodes. Rather, the nodes in MANET move randomly. Thus, it is risky to exchange data between nodes because there is a high possibility of having malicious node in the path. In this paper, we will describe a new authentication technique using message digest 5 (MD5), hashing for dynamic MANET on demand protocol (DYMO) based on reinforcement learning. In addition, we will describe an encryption technique that can be used without the need for a third party to distribute a secret key. After implementing the suggested model, results showed a remarkable enhancement in securing the path by increasing the packet delivery ratio and average throughput. On the other hand, there was an increase in end to end delay due to time spent in cryptographic operations.

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administrators. For this reason, we present ongoing work on a Byzantine fault tolerant configuration management system (CMS) that provides control over administrators, restrains their rights, and enforces separation of concerns. We reach this goal by conducting a configuration management process that requires multi-party authorization for critical configurations to prevent individual malicious administrators from performing undesired actions. Only after a configuration has been authorized by multiple experts, it is applied to the targeted devices. For the whole configuration management process, our CMS guarantees accountability and traceability. Lastly, our system is tamper-resistant as we leverage Hyperledger Fabric, which provides a distributed execution environment for our CMS and a blockchain-based distributed ledger that we use to store the configurations. A beneficial side effect of this approach is that our CMS is also suitable to manage configurations for infrastructure shared across different organizations that do not need to trust each other.

Fully connected autonomous vehicles are more vulnerable than ever to hacking and data theft. The controller area network (CAN) protocol is used for communication between in-vehicle control networks (IVN). The absence of basic security features of this protocol, like message authentication, makes it quite vulnerable to a wide range of attacks including spoofing attacks. As traditional cybersecurity methods impose limitations in ensuring confidentiality and integrity of transmitted messages via CAN, a new technique has emerged among others to approve its reliability in fully authenticating the CAN messages. At the physical layer of the communication system, the method of fingerprinting the messages is implemented to link the received signal to the transmitting electronic control unit (ECU). This paper introduces a new method to implement the security of modern electric vehicles. The lumped element model is used to characterize the channel-specific step response. ECU and channel imperfections lead to a unique transfer function for each transmitter. Due to the unique transfer function, the step response for each transmitter is unique. In this paper, we use control system parameters as a feature-set, afterward, a neural network is used transmitting node identification for message authentication. A dataset collected from a CAN network with eight-channel lengths and eight ECUs to evaluate the performance of the suggested method. Detection results show that the proposed method achieves an accuracy of 97.4% of transmitter detection.

Confidentiality, authentication, privacy and integrity are the pillars of securing data. The most generic way of providing security is setting up passwords and usernames collectively known as login credentials. Operating systems use different techniques to ensure security of login credentials yet brute force attacks and dictionary attacks along with various other types which leads to success in passing or cracking passwords.The objective of proposed HS model is to enhance the protection of SAM file used by Windows Registry so that the system is preserved from intruders.

Technological advancements have made smartphones to provide wide range of applications that enable users to perform many of their tasks easily and conveniently, anytime and anywhere. For this reason, many users are tend to store their private data in their smart phones. Since conventional methods for security of smartphones, such as passwords, personal identification numbers, and pattern locks are prone to many attacks, this research paper proposes a novel method for authenticating smartphone users based on performing seven different daily physical activity as behavioral biometrics, using smartphone embedded sensor data. This authentication scheme builds a machine learning model which recognizes users by performing those daily activities. Experimental results demonstrate the effectiveness of the proposed framework.

Nowadays mobile devices have become the majority terminals used by people for social activities so that carrying business data and private information in them have become normal. Accordingly, the risk of data related cyber attacks has become one of the most critical security concerns. The main purpose of this work is to mitigate the risk of data breaches and damages caused by malware and the lost of mobile devices. In this paper, we propose an encrypted QR code based optical challenge-response authentication by mobile devices for mounting concealed file systems. The concealed file system is basically invisible to the users unless being successfully mounted. The proposed authentication scheme practically applies cryptography and QR code technologies to challenge-response scheme in order to secure the concealed file system. The key contribution of this work is to clarify a possibility of a mounting authentication scheme involving two mobile devices using a special optical communication way (QR code exchanges) which can be realizable without involving any network accesses. We implemented a prototype system and based on the preliminary feature evaluations results we confirmed that encrypted QR code based optical challenge-response is possible between a laptop and a smart phone and it can be applied to authentication for mounting concealed file systems.

Vehicular Ad-hoc Network (VANET) can provide vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communications for efficient and safe transportation. The vehicles features high mobility, thus undergoing frequent handovers when they are moving, which introduces the significant overload on the network entities. To address the problem, the distributed mobility management (DMM) protocol for next generation mobile network has been proposed, which can be well combined with VANETs. Although the existing DMM solutions can guarantee the smooth handovers of vehicles, the security has not been fully considered in the mobility management. Moreover, the most of existing schemes cannot support group communication scenario. In this paper, we propose an efficient and secure group mobility management scheme based on the blockchain. Specifically, to reduce the handover latency and signaling cost during authentication, aggregate message authentication code (AMAC) and one-time password (OTP) are adopted. The security analysis and the performance evaluation results show that the proposed scheme can not only enhance the security functionalities but also support fast handover authentication.

Smart Farming is driven by the emergence of precise positioning systems and Internet of Things technologies which have already enabled site-specific applications, sustainable resource management, and interconnected machinery. Nowadays, so-called Farm Management Information Systems (FMISs) enable farm-internal interconnection of agricultural machines and implements and, thereby, allow in-field data exchange and the orchestration of collaborative agricultural processes. Machine data is often directly logged during task execution. Moreover, interconnection of farms, agricultural contractors, and marketplaces ease the collaboration. However, current FMISs lack in security and particularly in user authentication. In this paper, we present a security architecture for a decentralized, manufacturer-independent, and open-source FMIS. Special attention is turned on the Radio Frequency Identification (RFID)-based continuous user authentication which greatly improves security and credibility of automated documentation, while at the same time preserves usability in practice.

With the increasing prevalence of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is verifying the legitimacy of devices when they share no secrets in advance. Previous research addressed the problem with device authentication and pairing schemes based on user intervention or exploiting physical properties of the radio or acoustic channels. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present Nhuth, a nonlinearity-enhanced, location-sensitive authentication mechanism for such communication. Especially, we target at the secure authentication within a limited range such as 20 cm, which is the common case for face-to-face scenarios. Nhuth contains averification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based-validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the security of Nhuth theoretically and evaluate its performance experimentally. Results show that Nhuth can verify the device legitimacy in the presence of nearby attackers.

Upon the new paradigm of Cellular Internet of Things, through the usage of technologies such as Narrowband IoT (NB-IoT), a massive amount of IoT devices will be able to use the mobile network infrastructure to perform their communications. However, it would be beneficial for these devices to use the same security mechanisms that are present in the cellular network architecture, so that their connections to the application layer could see an increase on security. As a way to approach this, an identity management and provisioning mechanism, as well as an identity federation between an IoT platform and the cellular network is proposed as a way to make an IoT device deemed worthy of using the cellular network and perform its actions.

In industrial internet of things, various devices are connected to external internet. For the connected devices, the authentication is very important in the viewpoint of security; therefore, physical unclonable functions (PUFs) have attracted attention as authentication techniques. On the other hand, the risk of modeling attacks on PUFs, which clone the function of PUFs mathematically, is pointed out. Therefore, a resistant-PUF such as a lightweight PUF has been proposed. However, new analytical methods (side-channel attacks: SCAs), which use side-channel information such as power or electromagnetic waves, have been proposed. The countermeasure method has also been proposed; however, an evaluation using actual devices has not been studied. Since PUFs use small production variations, the implementation evaluation is very important. Therefore, this study proposes a SCA countermeasure of the lightweight PUF. The proposed method is based on the previous studies, and maintains power consumption consistency during the generation of response. In experiments using a field programmable gate array, the measured power consumption was constant regardless of output values of the PUF could be confirmed. Then, experimental results showed that the predicted rate of the response was about 50 %, and the proposed method had a tamper resistance against SCAs.

In order to develop a `common session secret key' though the insecure channel, cryptographic Key Agreement Protocol plays a major role. Many researchers' cryptographic protocol uses smart card as a medium to store transaction secret values. The tampered resistance property of smart card is unable to defend the secret values from side channel attacks. It means a lost smart card is an easy target for any attacker. Though password authentication helps the protocol to give secrecy but on-line as well as off-line password guessing attack can make the protocol vulnerable. The concerned paper manifested key agreement protocol based on three party authenticated key agreement protocol to defend all password related attacks. The security analysis of our paper has proven that the accurate guess of the password of a legitimate user will not help the adversary to generate a common session key.

Two-factor authentication has been widely used due to the vulnerabilities associated with the traditional password-based authentication. One-Time Password (OTP) plays an important role in authentication protocol. However, a variety of security problems have been challenging the security of OTP, and improvements are introduced to solve it. This paper reviews several schemes to implement and modify the OTP, a comparison among the popular OTP algorithms is presented. A smart grid architecture with edge computing is shown. The authentication techniques in the smart grid are analyzed.

Nowadays one-time passwords are used in a lot of areas of information technologies including e-commerce. A few vulnerabilities in authentication protocols based on one-time passwords are widely known. In current work, we analyze authentication protocols based on one-time passwords and their vulnerabilities. Both simple and complicated protocols which are implementing cryptographic algorithms are reviewed. For example, an analysis of relatively old Lamport's hash-chain protocol is provided. At the same time, we examine HOTP and TOTP protocols which are actively used nowadays. The main result of the work are conclusions about the security of reviewed protocols based on one-time passwords.

Two-factor authentication (2FA) defends against password compromise by a remote attacker. We surveyed 4,275 students, faculty, and staff at Brigham Young University to measure user sentiment about Duo 2FA one year after the university adopted it. The results were mixed. A majority of the participants felt more secure using Duo and felt it was easy to use. About half of all participants reported at least one instance of being locked out of their university account because of an inability to authenticate with Duo. We found that students and faculty generally had more negative perceptions of Duo than staff. The survey responses reveal some pain points for Duo users. In response, we offer recommendations that reduce the frequency of 2FA for users. We also suggest UI changes that draw more attention to 2FA methods that do not require WiFi, the "Remember Me" setting, and the help utility.