Biblio

Keystroke dynamics is one solution to enhance the security of password authentication without adding any disruptive handling for users. Industries are looking for more security without impacting too much user experience. Considered as a friction-less solution, keystroke dynamics is a powerful solution to increase trust during user authentication without adding charge to the user. In this paper, we address the problem of user authentication considering the keystroke dynamics modality. We proposed a new approach based on the conversion of behavioral biometrics data (time series) into a 3D image. This transformation process keeps all the characteristics of the behavioral signal. The time series do not receive any filtering operation with this transformation and the method is bijective. This transformation allows us to train images based on convolutional neural networks. We evaluate the performance of the authentication system in terms of Equal Error Rate (EER) on a significant dataset and we show the efficiency of the proposed approach on a multi-instance system.

With the development of IT technology and the generalization of the Internet of Things, smart grid systems combining IoT for efficient power grid construction are being widely deployed. As a form of development for this, edge computing and blockchain technology are being combined with the smart grid. Wang et al. proposed a user authentication scheme to strengthen security in this environment. In this paper, we describe the scheme proposed by Wang et al. and security faults. The first is that it is vulnerable to a side-channel attack, an impersonation attack, and a key material change attack. In addition, their scheme does not guarantee the anonymity of a participant in the smart grid system.

The following topics are dealt with: authorisation; data privacy; mobile computing; security of data; cryptography; Internet of Things; message authentication; invasive software; Android (operating system); vectors.

Technology advancement also increases the risk of a computer's security. As we can have various mechanisms to ensure safety but still there have flaws. The main concerned area is user authentication. For authentication, various biometric applications are used but once authentication is done in the begging there was no guarantee that the computer system is used by the authentic user or not. The intrusion detection system (IDS) is a particular procedure that is used to identify intruders by analyzing user behavior in the system after the user logged in. Host-based IDS monitors user behavior in the computer and identify user suspicious behavior as an intrusion or normal behavior. This paper discusses how an expert system detects intrusions using a set of rules as a pattern recognized engine. We propose a PIDE (Pattern Based Intrusion Detection) model, which is verified previously implemented SBID (Statistical Based Intrusion Detection) model. Experiment results indicate that integration of SBID and PBID approach provides an extensive system to detect intrusion.

Security for authentication is required to give a superlative secure users' personal information. This paper presents a model of the Graphical password scheme under the impact of security and ease of use for user authentication. We integrate the concept of recognition with re-called and cued-recall based schemes to offer superior security compared to existing schemes. Click Symbols (CS) Alphabet combine into one entity: Alphanumeric (A) and Visual (V) symbols (CS-AV) is Captcha-based password scheme, we integrate it with recall-based n ×n grid points, where a user can draw the shape or pattern by the intersection of the grid points as a way to enter a graphical password. Next scheme, the combination of CS-AV with grid cells allows very large password space ( 2.4 ×104 bits of entropy) and provides reasonable usability results by determining an empirical study of memorable password space. Proposed schemes support most applicable platform for input devices and promising strong resistance to shoulder surfing attacks on a mobile device which can be occurred during unlocking (pattern) the smartphone.

In this paper, we consider a novel method of mining biometric data for user authentication by replacing traditional captchas with game-like captchas. The game-like captchas present the user with a short game in which they attempt to get a high score. The data produced from a user's game play will be used to produce a behavior biometric based on user interactions, such as mouse movement, click patterns and game choices. The baseline expectation of interactive behavior will be used as a single factor in an intrusion detection system providing continuous authentication, considering the factors such as IP address, location, time of use, website interactions, and behavior anomalies. In addition to acting as a source of data, game-like captchas are expected to deter bots and automated systems from accessing web-based services and improving the user experience for the end-users who have become accustomed to monotonous alternatives, such as Google's re-captcha.

The internet of things (IoT) is consisting of many complementary elements which have their own specificities and capacities. These elements are gaining new application and use cases in our lives. Nevertheless, they open a negative horizon of security and privacy issues which must be treated delicately before the deployment of any IoT. Recently, different works emerged dealing with the same branch of issues, like the work of Yuwen Chen et al. that is called LightPriAuth. LightPriAuth has several drawbacks and weakness against various popular attacks such as Insider attack and stolen smart card. Our objective in this paper is to propose a novel solution which is “authentication scheme with three factor using ECC and fuzzy extractor” to ensure security and privacy. The obtained results had proven the superiority of our scheme's performances compared to that of LightPriAuth which, additionally, had defeated the weaknesses left by LightPriAuth.

Blockchain technology is attracting attention as an innovative system for decentralized payments in fields such as financial area. On the other hand, in a decentralized environment, management of a secret key used for user authentication and digital signature becomes a big issue because if a user loses his/her secret key, he/she will also lose assets on the blockchain. This paper describes the secret key management issues in blockchain systems and proposes a solution using a biometrics-based digital signature scheme. In our proposed system, a secret key to be used for digital signature is generated from the user's biometric information each time and immediately deleted from the memory after using it. Therefore, our blockchain system has the advantage that there is no need for storage for storing secret keys throughout the system. As a result, the user does not have a risk of losing the key management devices and can prevent attacks from malware that steals the secret key.

In the Internet of Things architecture, devices are frequently connected to the Internet either directly or indirectly. However, many IoT devices lack built-in security features such as device level encryption, user authentication and basic firewall protection. This paper discusses security risks in the layers of general Internet of Things architecture and shows examples of potential risks at each level of the architecture. The paper also compares IoT security solutions provided by three major vendors and shows that the solutions are mutually complementary. Nevertheless, none of the examined IoT solutions provides security at the device level of the IoT architecture model. In order to address risks at the device level of the architecture, an implementation of Trusted Platform Module and Unique Device Identifier on IoT devices and gateways for encryption, authentication and device management is advocated in the paper.

Road accidents are challenging threat in the present scenario. In India there are 5, 01,423 road accidents in 2015. A day 400 hundred deaths are forcing to India to take car safety sincerely. The common cause for road accidents is driver's distraction. In current world the people are dominated by the tablet PC and other hand held devices. The VANET technology is a vehicle-to-vehicle communication; here the main challenge will be to deliver qualified communication during mobility. The paper proposes a standard new restricted lightweight authentication protocol utilizing key agreement theme for VANETs. Inside the planned topic, it has three sorts of validations: 1) V2V 2) V2CH; and 3) CH and RSU. Aside from this authentication, the planned topic conjointly keeps up mystery keys between RSUs for the safe communication. Thorough informal security analysis demonstrates the planned subject is skilled to guard different malicious attack. In addition, the NS2 Simulation exhibits the possibility of the proposed plan in VANET background.

Examines the shortcomings of existing methods of user authentication when accessing remote information systems. Proposed method of multi-factor authentication based on validation of knowledge of a secret password and verify that the habits and preferences of Internet user's interests, defined by registration in the system. Identifies the language and tools implementation of the proposed authentication algorithm.

Nowadays, some workplaces have adopted the policy of BYOD (bring your own device) that permits employees to bring personally owned devices, and to use those devices to access company information and applications. Especially, small devices like smartphones are widely used due to the greater mobility and connectivity. A majority of organizations provide the wireless local area network which is necessary for small devices and business data transmission. The resources access through Wi-Fi network of the organization needs intense restriction. WPA2 Enterprise with 802.1X standard is typically introduced to handle user authentication on the network using the EAP framework. However, credentials management for all users is a hassle for administrators. Strong authentication provides higher security whereas the difficulty of deployment is still open issues. This research proposes the utility of Near Field Communication to securely transmit certificate data that rely on the hybrid cryptosystem. The approach supports enterprise Wi-Fi hotspot authentication based on WPA2-802.1X model with the EAP-TLS method. It also applies multi-factor authentication for enhancing the security of networks and users. The security analysis and experiment on establishing connection time were conducted to evaluate the presented approach.

The QoS performance of MANET routing protocols is significantly affected by the mobility conditions in network. Secondly, as MANET open nature network, there is strong possibility of different types of vulnerabilities such as blackhole attack, malicious attack, DoS attacks etc. In this research work, we are designing the novel opportunistic routing protocol in order to address the challenges of network security as well as QoS improvement. There two algorithms designed in this paper. First we proposed and designed novel QoS improvement algorithm based on optimization scheme called Ant Colony Optimization (ACO) with swarm intelligence approach. This proposed method used the RSSI measurements to determine the distance between two mobile nodes in order to select efficient path for communication. This new routing protocol is named as QoS Mobility Aware ACO (QMAA) Routing Protocol. Second, we designed security algorithm for secure communication and user's authentication in MANET under the presence attackers in network. With security algorithm the QoS aware protocol is proposed named as Secure-QMAA (SQMAA). The SQMAA achieved secure communications while guaranteed QoS performance against existing routing protocols. The simulation results shows that under the presence of malicious attackers, the performance of SQMAA are efficient as compared to QMAA and state-of-art routing protocol.

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

Today, Smartphone is a necessary device for people connected to the Internet world. But user privacy and security are still playing important roles in the usage of mobile devices. The user was asked to enter related characters, numbers or drawing a simple graphic on the touch screen as passwords for unlocking the screensaver. Although it could provide the user with a simple and convenient security authentication mechanism, the process is hard to protect against the privacy information leakage under the strict security policy. Nowadays, various keypad lock screen Apps usually provides different type of schemes in unlocking the mobile device screen, such as simple-customized pattern, swipe-to-unlock with a static image and so on. But the vulnerability could provide a chance to hijacker to find out the leakage of graphic pattern information that influences in user information privacy and security.This paper proposes a new graphic pattern authentication mechanism to enhance the strength of that in the keypad lock screen Apps. It integrates random digital graphics and handwriting graphic input track recognition technologies to provide better and more diverse privacy protection and reduce the risk of vulnerability. The proposed mechanism is based on two factor identification scheme. First of all, it randomly changes digital graphic position based on unique passwords every time to increase the difficulty of the stealer's recording. Second, the input track of handwriting graphics is another identification factor for enhancing the complex strength of user authentication as well.

Digital Multifactor authentication is one of the best ways to make secure authentication. It covers many different areas of a Cyber-connected world, including online payments, communications, access right management, etc. Most of the time, Multifactor authentication is little complex as it require extra step from users. With two-factor authentication, along with the user-ID and password, user also needs to enter a special code which they normally receive by short message service or some special code which they got in advance. This paper will discuss the evolution from single authentication to Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). In addition, this paper presents five high-level categories of features of user authentication in the gadget-free world including security, privacy, and usability aspects. These are adapted and extended from earlier research on web authentication methods. In conclusion, this paper gives future research directions and open problems that stem from our observations.

User Authentication is a difficult problem yet to be addressed accurately. Little or no work is reported in literature dealing with clustering-based anomaly detection techniques for user authentication for keystroke data. Therefore, in this paper, Modified Differential Evolution (MDE) based subspace anomaly detection technique is proposed for user authentication in the context of behavioral biometrics using keystroke dynamics features. Thus, user authentication is posed as an anomaly detection problem. Anomalies in CMU's keystroke dynamics dataset are identified using subspace-based and distance-based techniques. It is observed that, among the proposed techniques, MDE based subspace anomaly detection technique yielded the highest Area Under ROC Curve (AUC) for user authentication problem. We also performed a Wilcoxon Signed Rank statistical test to corroborate our results statistically.

The future fifth-generation (5G) mobile communications system has already become a focus around the world. A large number of late-model services and applications including high definition visual communication, internet of vehicles, multimedia interaction, mobile industry automation, and etc, will be added to 5G network platform in the future. Different application services have different security requirements. However, the current user authentication for services and applications: Extensible Authentication Protocol (EAP) suggested by the 3GPP committee, is only a unitary authentication model, which is unable to meet the diversified security requirements of differentiated services. In this paper, we present a new diversified identity management as well as a flexible and composable three-factor authentication mechanism for different applications in 5G multi-service systems. The proposed scheme can provide four identity authentication methods for different security levels by easily splitting or assembling the proposed three-factor authentication mechanism. Without a design of several different authentication protocols, our proposed scheme can improve the efficiency, service of quality and reduce the complexity of the entire 5G multi-service system. Performance analysis results show that our proposed scheme can ensure the security with ideal efficiency.

This paper presents a possible implementation of progressive authentication using the Android pattern lock. Our key idea is to use one pattern for two access levels to the device; an abridged pattern is used to access generic applications and a second, extended and higher-complexity pattern is used less frequently to access more sensitive applications. We conducted a user study of 89 participants and a consecutive user survey on those participants to investigate the usability of such a pattern scheme. Data from our prototype showed that for unlocking lowsecurity applications the median unlock times for users of the multiple pattern scheme and conventional pattern scheme were 2824 ms and 5589 ms respectively, and the distributions in the two groups differed significantly (Mann-Whitney U test, p-value less than 0.05, two-tailed). From our user survey, we did not find statistically significant differences between the two groups for their qualitative responses regarding usability and security (t-test, p-value greater than 0.05, two-tailed), but the groups did not differ by more than one satisfaction rating at 90% confidence.

Access to information and data is becoming an essential part of nearly every aspect of modern business operation. Unfortunately, accessing information systems comes with increased chances of intrusion and unauthorized access. Acquiring and maintaining evidence from a computer or networks in the current high-tech world is essential in any comprehensive forensic investigation. Software and hardware tools are used to easily manage the evidence and view all relevant files. In an effort to enhance computer access security, keystroke authentication, is one of the biometric solutions that were proposed as a solution for enhancing users' identification. This research proposes using user's keystroke errors to determine guilt during forensics investigations, where it was found that individuals keystroke patters are repeatable and variant from those of others, and that keystroke patterns are impossible to steal or imitate. So, in this paper, we investigate the effectiveness of relying on ``user's mistakes'' as another behavioral biometric keystroke dynamic.

In order to improve the security of data stored in the USB memory, a secure USB has appeared on the consumer market. The secure USB protects data stored into the device by user authentication, data encryption, and access control. However, in several products, there is a problem in that the data can be stolen due to authentication bypass or key exposure. To solve this problem, a method for enhancing user authentication has been studied, and product B, which typically provides user authentication with biometric authentication, has emerged. In this paper, we analyze the vulnerability of product B that provides a biometric authentication, and we verified the possibility of bypassing the authentication and the incident of potential stealing of the data. Consequently, we consider that it will be possible to develop a more secure USB product based on counteracting analyzed vulnerability as described in this paper.

Secret passwords are very widely used for user authentication to websites, despite their known shortcomings. Most websites using passwords also implement password recovery to allow users to re-establish a shared secret if the existing value is forgotten; many such systems involve sending a password recovery email to the user, e.g. containing a secret link. The security of password recovery, and hence the entire user-website relationship, depends on the email being acted upon correctly; unfortunately, as we show, such emails are not always designed to maximise security and can introduce vulnerabilities into recovery. To understand better this serious practical security problem, we surveyed password recovery emails for 50 of the top English language websites. We investigated a range of security and usability issues for such emails, covering their design, structure and content (including the nature of the user instructions), the techniques used to recover the password, and variations in email content from one web service to another. Many well-known web services, including Facebook, Dropbox, and Microsoft, suffer from recovery email design, structure and content issues. This is, to our knowledge, the first study of its type reported in the literature. This study has enabled us to formulate a set of recommendations for the design of such emails.

The goal of this work is to enable user authentication via finger inputs on ubiquitous surfaces leveraging low-cost physical vibration. We propose VibWrite that extends finger-input authentication beyond touch screens to any solid surface for smart access systems (e.g., access to apartments, vehicles or smart appliances). It integrates passcode, behavioral and physiological characteristics, and surface dependency together to provide a low-cost, tangible and enhanced security solution. VibWrite builds upon a touch sensing technique with vibration signals that can operate on surfaces constructed from a broad range of materials. It is significantly different from traditional password-based approaches, which only authenticate the password itself rather than the legitimate user, and the behavioral biometrics-based solutions, which usually involve specific or expensive hardware (e.g., touch screen or fingerprint reader), incurring privacy concerns and suffering from smudge attacks. VibWrite is based on new algorithms to discriminate fine-grained finger inputs and supports three independent passcode secrets including PIN number, lock pattern, and simple gestures by extracting unique features in the frequency domain to capture both behavioral and physiological characteristics such as contacting area, touching force, and etc. VibWrite is implemented using a single pair of low-cost vibration motor and receiver that can be easily attached to any surface (e.g., a door panel, a desk or an appliance). Our extensive experiments demonstrate that VibWrite can authenticate users with high accuracy (e.g., over 95% within two trials), low false positive rate (e.g., less 3%) and is robust to various types of attacks.

Membership revocation is essential for cryptographic applications, from traditional PKIs to group signatures and anonymous credentials. Of the various solutions for the revocation problem that have been explored, dynamic accumulators are one of the most promising. We propose Braavos, a new, RSA-based, dynamic accumulator. It has optimal communication complexity and, when combined with efficient zero-knowledge proofs, provides an ideal solution for anonymous revocation. For the construction of Braavos we use a modular approach: we show how to build an accumulator with better functionality and security from accumulators with fewer features and weaker security guarantees. We then describe an anonymous revocation component (ARC) that can be instantiated using any dynamic accumulator. ARC can be added to any anonymous system, such as anonymous credentials or group signatures, in order to equip it with a revocation functionality. Finally, we implement ARC with Braavos and plug it into Idemix, the leading implementation of anonymous credentials. This work resolves, for the first time, the problem of practical revocation for anonymous credential systems.

Motivated by the need to automatically generate behavior-based security challenges to improve user authentication for web services, we consider the problem of large-scale construction of realistic-looking names to serve as aliases for real individuals. We aim to use these names to construct security challenges, where users are asked to identify their real contacts among a presented pool of names. We seek these look-alike names to preserve name characteristics like gender, ethnicity, and popularity, while being unlinkable back to the source individual, thereby making the real contacts not easily guessable by attackers. To achive this, we introduce the technique of distributed name embeddings, representing names in a high-dimensional space such that distance between name components reflects the degree of cultural similarity between these strings. We present different approaches to construct name embeddings from contact lists observed at a large web-mail provider, and evaluate their cultural coherence. We demonstrate that name embeddings strongly encode gender and ethnicity, as well as name popularity. We applied this algorithm to generate imitation names in email contact list challenge. Our controlled user study verified that the proposed technique reduced the attacker's success rate to 26.08%, indistinguishable from random guessing, compared to a success rate of 62.16% from previous name generation algorithms. Finally, we use these embeddings to produce an open synthetic name resource of 1 million names for security applications, constructed to respect both cultural coherence and U.S. census name frequencies.