Biblio
Filters: Keyword is human factors [Clear All Filters]
On Development of a Game‐Theoretic Model for Deception‐Based Security. Modeling and Design of Secure Internet of Things. :123–140.
.
2020. This chapter presents a game‐theoretic model to analyze attack–defense scenarios that use fake nodes (computing devices) for deception under consideration of the system deploying defense resources to protect individual nodes in a cost‐effective manner. The developed model has important applications in the Internet of Battlefield Things (IoBT). Our game‐theoretic model illustrates how the concept of the Nash equilibrium can be used by the defender to intelligently choose which nodes should be used for performing a computation task while deceiving the attacker into expending resources for attacking fake nodes. Our model considers the fact that defense resources may become compromised under an attack and suggests that the defender, in a probabilistic manner, may utilize unprotected nodes for performing a computation while the attacker is deceived into attacking a node with defense resources installed. The chapter also presents a deception‐based strategy to protect a target node that can be accessed via a tree network. Numerical results provide insights into the strategic deception techniques presented in this chapter.
Optimal Secure Two-Layer IoT Network Design. IEEE Transactions on Control of Network Systems. 7:398–409.
.
2020. With the remarkable growth of the Internet and communication technologies over the past few decades, Internet of Things (IoTs) is enabling the ubiquitous connectivity of heterogeneous physical devices with software, sensors, and actuators. IoT networks are naturally two layers with the cloud and cellular networks coexisting with the underlaid device-to-device communications. The connectivity of IoTs plays an important role in information dissemination for mission-critical and civilian applications. However, IoT communication networks are vulnerable to cyber attacks including the denial-of-service and jamming attacks, resulting in link removals in the IoT network. In this paper, we develop a heterogeneous IoT network design framework in which a network designer can add links to provide additional communication paths between two nodes or secure links against attacks by investing resources. By anticipating the strategic cyber attacks, we characterize the optimal design of the secure IoT network by first providing a lower bound on the number of links a secure network requires for a given budget of protected links, and then developing a method to construct networks that satisfy the heterogeneous network design specifications. Therefore, each layer of the designed heterogeneous IoT network is resistant to a predefined level of malicious attacks with minimum resources. Finally, we provide case studies on the Internet of Battlefield Things to corroborate and illustrate our obtained results.
A Review of Moving Target Defense Mechanisms for Internet of Things Applications. Modeling and Design of Secure Internet of Things. :563–614.
.
2020. The chapter presents a review of proactive Moving Target Defense (MTD) paradigm and investigates the feasibility and potential of specific MTD approaches for the resource‐constrained Internet of Things (IoT) applications. The aim is not only to provide taxonomy of various MTD approaches but also to advocate MTD techniques in the dynamic network domain in conjunction with the emerging Software Defined Networking (SDN) for more effective proactive IoT defense. The Internet of Battlefield Things (IoBT) and Industrial IoT (IIoT), which subject to more attacks, are identified as two critical IoT domains that can reap from the SDN‐based MTD approaches. Finally, the chapter also discusses potential future research challenges of the MTD approaches in the IoT domain.
ECG-Based Authentication Using Timing-Aware Domain-Specific Architecture. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. 39:3373–3384.
.
2020. Electrocardiogram (ECG) biometric authentication (EBA) is a promising approach for human identification, particularly in consumer devices, due to the individualized, ubiquitous, and easily identifiable nature of ECG signals. Thus, computing architectures for EBA must be accurate, fast, energy efficient, and secure. In this article, first, we implement an EBA algorithm to achieve 100% accuracy in user authentication. Thereafter, we extensively analyze the algorithm to show the distinct variance in execution requirements and reveal the latency bottleneck across the algorithm's different steps. Based on our analysis, we propose a domain-specific architecture (DSA) to satisfy the execution requirements of the algorithm's different steps and minimize the latency bottleneck. We explore different variations of the DSA, including one that features the added benefit of ensuring constant timing across the different EBA steps, in order to mitigate the vulnerability to timing-based side-channel attacks. Our DSA improves the latency compared to a base ARM-based processor by up to 4.24×, while the constant timing DSA improves the latency by up to 19%. Also, our DSA improves the energy by up to 5.59×, as compared to the base processor.
Blockchain-Assisted UAV-Employed Casualty Detection Scheme in Search and Rescue Mission in the Internet of Battlefield Things. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :412–416.
.
2020. As the unmanned aerial vehicle (UAV) can play a vital role to collect information remotely in a military battlefield, researchers have shown great interest to reveal the domain of internet of battlefield Things (IoBT). In a rescue mission on a battlefield, UAV can collect data from different regions to identify the casualty of a soldier. One of the major challenges in IoBT is to identify the soldier in a complex environment. Image processing algorithm can be helpful if proper methodology can be applied to identify the victims. However, due to the limited hardware resources of a UAV, processing task can be handover to the nearby edge computing server for offloading the task as every second is very crucial in a battlefield. Furthermore, to avoid any third-party interaction in the network and to store the data securely, blockchain can help to create a trusted network as it forms a distributed ledger among the participants. This paper proposes a UAV assisted casualty detection scheme based on image processing algorithm where data is protected using blockchain technology. Result analysis has been conducted to identify the victims on the battlefield successfully using image processing algorithm and network issues like throughput and delay has been analyzed in details using public-key cryptography.
Decentralized Latency-aware Edge Node Grouping with Fault Tolerance for Internet of Battlefield Things. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :420–423.
.
2020. In this paper, our objective is to focus on the recent trend of military fields where they brought Internet of Things (IoT) to have better impact on the battlefield by improving the effectiveness and this is called Internet of Battlefield Things(IoBT). Due to the requirements of high computing capability and minimum response time with minimum fault tolerance this paper proposed a decentralized IoBT architecture. The proposed method can increase the reliability in the battlefield environment by searching the reliable nodes among all the edge nodes in the environment, and by adding the fault tolerance in the edge nodes will increase the effectiveness of overall battlefield scenario. This suggested fault tolerance approach is worth for decentralized mode to handle the issue of latency requirements and maintaining the task reliability of the battlefield. Our experimental results ensure the effectiveness of the proposed approach as well as enjoy the requirements of latency-aware military field while ensuring the overall reliability of the network.
A Hypergame‐Based Defense Strategy Toward Cyber Deception in Internet of Battlefield Things (IoBT). Modeling and Design of Secure Internet of Things. :59–77.
.
2020. In this chapter, we develop a defense strategy to secure Internet of Battlefield Things (IoBT) based on a hypergame employing deceptive techniques. The hypergame is played multiple rounds. At each round, the adversary updates its perception of the attack graph and chooses the next node to compromise. The defender updates its perceived list of compromised nodes and actively feeds false signals to the adversary to create deception. The hypergame developed in this chapter provides an important theoretical framework for us to model how a cyberattack spreads on a network and the interaction between the adversary and the defender. It also provides quantitative metrics such as the time it takes the adversary to explore the network and compromise the target nodes. Based on these metrics, the defender can reboot the network devices and reset the network topology in time to clean up all potentially compromised devices and to protect the critical nodes. The hypergame provides useful guidance on how to create cyber deceptions so that the adversary cannot obtain information about the correct network topology and can be deterred from reaching the target critical nodes on a military network while it is in service.
The Internet-of-Battlefield-Things (IoBT)-Based Enemy Localization Using Soldiers Location and Gunshot Direction. IEEE Internet of Things Journal. 7:11725–11734.
.
2020. The real-time information of enemy locations is capable to transform the outcome of combat operations. Such information gathered using connected soldiers on the Internet of Battlefield Things (IoBT) is highly beneficial to create situational awareness (SA) and to plan an effective war strategy. This article presents the novel enemy localization method that uses the soldier's own locations and their gunshot direction. The hardware prototype has been developed that uses a triangulation for an enemy localization in two soldiers and a single enemy scenario. 4.24±1.77 m of average localization error and ±4° of gunshot direction error has been observed during this prototype testing. This basic model is further extended using three-stage software simulation for multiple soldiers and multiple enemy scenarios with the necessary assumptions. The effective algorithm has been proposed, which differentiates between the ghost and true predictions by analyzing the groups of subsequent shooting intents (i.e., frames). Four different complex scenarios are tested in the first stage of the simulation, around three to six frames are required for the accurate enemy localization in the relatively simple cases, and nine frames are required for the complex cases. The random error within ±4° in gunshot direction is included in the second stage of the simulation which required almost double the number of frames for similar four cases. As the number of frames increases, the accuracy of the proposed algorithm improves and better ghost point elimination is observed. In the third stage, two conventional clustering algorithms are implemented to validate the presented work. The comparative analysis shows that the proposed algorithm is faster, computationally simple, consistent, and reliable compared with others. Detailed analysis of hardware and software results for various scenarios has been discussed in this article.
IoBTChain: an Integration Framework of Internet of Battlefield Things (IoBT) and Blockchain. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). 1:607–611.
.
2020. As a typical representative of a new generation military information technology, the value and significance of Internet of Battlefield Things (IoBT) has been widely recognized by the world's military forces. At the same time, Internet of Battlefield Things (IoBT) is facing serious scalability and security challenges. This paper presents the basic concept and six-domain model of IoBT, explains the integration security framework of IoBT and blockchain. Furthermore, we design and build a novel IoT framework called IoBTChain based on blockchain and smart contracts, which adopts a credit-based resource management system to control the amount of resources that an IoBT device can obtain from a cloud server based on pre-defined priority rules, application types, and behavior history. We illustrate the deployment procedure of blockchain and smart contracts, the device registration procedure on blockchain, the IoBT behavior regulation workflow and the pricing-based resource allocation algorithm.
Development and Implementation of a Relay Switch Based on WiFi Technology. 2020 17th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE). :1—6.
.
2020. This article presents the design and development of a relay switch (RS) to handle electrical loads up to 20A using WiFi technology. The hardware design and the implementation methodology are explained, both for the power supply and for the wireless communication that are embedded in the same small printed circuit board. In the same way, the design of the implemented firmware to operate the developed RS is shown. An ESP-12E module is used to achieve wireless communication of the RS, which can be manipulated through a web page using an MQTT protocol or via and iOS or Arduino app. The developed RS presents at least three differentiators in relation to other similar devices on the market: it can handle a higher electrical load, has a design in accordance with national and international security standards and can use different cybersecurity strategies for wireless communication with the purpose of safe and reliable use. Experimental results using a lamp and a single-phase motor as electrical loads demonstrate an excellent performance and reliability of the developed relay switch.
5G QoS: Impact of Security Functions on Latency. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—9.
.
2020. Network slicing is considered a key enabler to 5th Generation (5G) communication networks. Mobile network operators may deploy network slices-complete logical networks customized for specific services expecting a certain Quality of Service (QoS). New business models like Network Slice-as-a-Service offerings to customers from vertical industries require negotiated Service Level Agreements (SLA), and network providers need automated enforcement mechanisms to assure QoS during instantiation and operation of slices. In this paper, we focus on ultra-reliable low-latency communication (URLLC). We propose a software architecture for security functions based on off-the-shelf hardware and open-source software and demonstrate, through a series of measurements, that the strict requirements of URLLC services can be achieved. As a real-world example, we perform our experiments using the intrusion prevention system (IPS) Snort to demonstrate the impact of security functions on latency. Our findings lead to the creation of a model predicting the system load that still meets the URLLC latency requirement. We fully disclose the artifacts presented in this paper including pcap traces, measurement tools, and plotting scripts at https://gallenmu.github.io/low-latency.
Operating System Classification: A Minimalist Approach. 2020 International Conference on Machine Learning and Cybernetics (ICMLC). :143—150.
.
2020. Operating system (OS) classification is of growing importance to network administrators and cybersecurity analysts alike. The composition of OSs on a network allows for a better quality of device management to be achieved. Additionally, it can be used to identify devices that pose a security risk to the network. However, the sheer number and diversity of OSs that comprise modern networks have vastly increased this management complexity. We leverage insights from social networking theory to provide an encryption-invariant OS classification technique that is quick to train and widely deployable on various network configurations. In particular, we show how an affiliation graph can be used as an input to a machine learning classifier to predict the OS of a device using only the IP addresses for which the device communicates with.We examine the effectiveness of our approach through an empirical analysis of 498 devices on a university campus’ wireless network. In particular, we show our methodology can classify different OS families (i.e., Apple, Windows, and Android OSs) with an accuracy of 99.3%. Furthermore, we extend this study by: 1) examining distinct OSs (e.g., iOS, OS X, and Windows 10); 2) investigating the interval of time required to make an accurate prediction; and, 3) determining the effectiveness of our approach after six months.
Forensic Considerations for the High Efficiency Image File Format (HEIF). 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1—8.
.
2020. The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the Galaxy S10 providing support more recently. The format is positioned to replace JPEG as the de facto image compression file type, touting many modern features and better compression ratios over the aging standard. However, while millions of devices across the world are already able to produce HEIF files, digital forensics research has not given the format much attention. As HEIF is a complex container format, much different from traditional still picture formats, this leaves forensics practitioners exposed to risks of potentially mishandling evidence. This paper describes the forensically relevant features of the HEIF format, including those which could be used to hide data, or cause issues in an investigation, while also providing commentary on the state of software support for the format. Finally, suggestions for current best-practice are provided, before discussing the requirements of a forensically robust HEIF analysis tool.
A GDPR Compliant Proposal to Provide Security in Android and iOS Devices. 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE). :1—8.
.
2020. The Security available in personal computers and laptops are not possible in mobile communication, since there is no controlling software such as an operating system. The European Union General Data Protection Regulation (GDPR) will require many organisations throughout the European Union to comply with new requirements that are intended to protect their user's personal data. The responsibilities of the organizations and the penalties related to the protection of personal data of the users are proved to be both organisationally and technically challenging. Under the GDPR's 'privacy by design' and 'privacy by default' requirements, organizations need to prove that they are in control of user data and have taken steps to protect it. There are a large number of organizations that makes use of mobile devices to process personal data of their customers. GDPR mandates that the organization shall be able to manage all devices that handles sensitive data so that the company can implement group updates, restrict apps and networks, and enforce security measures. In this work, we propose a Mobile Device Management solution using the built-in frameworks of Android and iOS mobile platforms which is compatible and incorporates GDPR articles relevant to a small to medium sized organization.
An Empirical Study on Developing Secure Mobile Health Apps: The Developers' Perspective. 2020 27th Asia-Pacific Software Engineering Conference (APSEC). :208—217.
.
2020. Mobile apps exploit embedded sensors and wireless connectivity of a device to empower users with portable computations, context-aware communication, and enhanced interaction. Specifically, mobile health apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services. Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health-critical data that is produced and consumed by the app. Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed. The objectives of this study are to empirically (a) investigate the challenges that hinder development of secure mHealth apps, (b) identify practices to develop secure apps, and (c) explore motivating factors that influence secure development. We conducted this study by collecting responses of 97 developers from 25 countries - across 06 continents - working in diverse teams and roles to develop mHealth apps for Android, iOS, and Windows platform. Qualitative analysis of the survey data is based on (i) 8 critical challenges, (ii) taxonomy of best practices to ensure security, and (iii) 6 motivating factors that impact secure mHealth apps. This research provides empirical evidence as practitioners' view and guidelines to develop emerging and next generation of secure mHealth apps.
Research on Information Security Technology of Mobile Application in Electric Power Industry. 2020 Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). :51—54.
.
2020. With the continuous popularization of smart terminals, Android and IOS systems are the most mainstream mobile operating systems in the market, and their application types and application numbers are constantly increasing. As an open system, the security issues of Android application emerge in endlessly, such as the reverse decompilation of installation package, malicious code injection, application piracy, interface hijacking, SMS hijacking and input monitoring. These security issues will also appear on mobile applications in the power industry, which will not only result in the embezzlement of applied knowledge copyrights but also lead to serious leakage of users' information and even economic losses. It may even result in the remote malicious control of key facilities, which will cause serious social issues. Under the background of the development of smart grid information construction, also with the application and promotion of power services in mobile terminals, information security protection for mobile terminal applications and interactions with the internal system of the power grid has also become an important research direction. While analyzing the risks faced by mobile applications, this article also enumerates and analyzes the necessary measures for risk resolution.
GPS-based Mobile Cross-platform Cargo Tracking System with Web-based Application. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1—7.
.
2020. Cross-platform development is becoming widely used by developers, and writing for separate platforms is being replaced by developing a single code base that will work across multiple platforms simultaneously, while reducing cost and time. The purpose of this paper is to demonstrate cross-platform development by creating a cargo tracking system that will work on multiple platforms with web application by tracking cargo using Global Positioning System (GPS), since the transport business has played a vital role in the evolution of human civilization. In this system, Google Flutter technology is used to create a mobile application that works on both Android and iOS platforms at the same time, by providing maps to clients showing their cargo location using Google Map API, as well as providing a web-based application.
What is Mobile Operation System Quality? 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT QM IS). :145—147.
.
2020. There are some modern mobile operation systems. The main two of them are iOS and Android. However, in the past, there were two more commonly used ones: Windows Mobile and Symbian. Each of these systems has its own pros and cons, whereas none of them is the best or the worst one in different criterions. In this paper the main criterions of operation system quality are discussed. The paper defines what the mobile operating system quality is.
Analysis of iOS SQLite Schema Evolution for Updating Forensic Data Extraction Tools. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1—7.
.
2020. Files in the backup of iOS devices can be a potential source of evidentiary data. Particularly, the iOS backup (obtained through a logical acquisition technique) is widely used by many forensic tools to sift through the data. A significant challenge faced by several forensic tool developers is the changes in the data organization of the iOS backup. This is due to the fact that the iOS operating system is frequently updated by Apple Inc. Many iOS application developers release periodical updates to iOS mobile applications. Both these reasons can cause significant changes in the way user data gets stored in the iOS backup files. Moreover, approximately once every couple years, there could be a major iOS release which can cause the reorganization of files and folders in the iOS backup. Directories in the iOS backup contain SQLite databases, plist files, XML files, text files, and media files. Android/iOS devices generally use SQLite databases since it is a lightweight database. Our focus in this paper is to analyze the SQLite schema evolution specific to iOS and assist forensic tool developers in keeping their tools compatible with the latest iOS version. Our recommendations for updating the forensic data extraction tools is based on the observation of schema changes found in successive iOS versions.
Sentiment Analysis for Smartphone Operating System: Privacy and Security on Twitter Data. 2020 IEEE International Conference on Electro Information Technology (EIT). :366—369.
.
2020. The aim of the study was to investigate the privacy and security of the user data on Twitter. For gathering the essential information, more than two million relevant tweets through the span of two years were used to conduct the study. In addition, we are classifying sentiment of Twitter data by exhibiting results of a machine learning by using the Naive Bayes algorithm. Although this algorithm is time consuming compared to the listing method yet can lead to effective estimation relatively. The tweets are extracted and pre-processed and then categorized them in neutral, negative and positive sentiments. By applying the chosen methodology, the study would end up in identifying the most effective mobile operating systems according to the sentiments of social media users. Additionally, the application of the algorithm needs to meet the privacy and security needs of Twitter users in order to optimize the use of social media intelligence. The approach will help in assessing the competitive intelligence of the Twitter data and the challenges in the form of privacy and- security of the user content and their contextual information simultaneously. The findings of the empirical research show that users are more concerned about the privacy and security of iOS compared to Android and Windows phone.
A secure and lightweight three-factor authentication and key generation scheme for direct communication between healthcare professionals and patient’s WMSN. 2020 IEEE Symposium on Computers and Communications (ISCC). :1—6.
.
2020. One of the main security issues in telecare medecine information systems is the remote user authentication and key agreement between healthcare professionals and patient's medical sensors. Many of the proposed approaches are based on multiple factors (password, token and possibly biometrics). Two-factor authentication protocols do not resist to many possible attacks. As for three-factor authentication schemes, they usually come with high resource consumption. Since medical sensors have limited storage and computational capabilities, ensuring a minimal resources consumption becomes a major concern in this context. In this paper, we propose a secure and lightweight three-factor authentication and key generation scheme for securing communications between healtcare professional and patient's medical sensors. Thanks to formal verification, we prove that this scheme is robust enough against known possible attacks. A comparison with the most relevant related work's schemes shows that our protocol ensures an optimised resource consumption level.
TAES: Two-factor Authentication with End-to-End Security against VoIP Phishing. 2020 IEEE/ACM Symposium on Edge Computing (SEC). :340—345.
.
2020. In the current state of communication technology, the abuse of VoIP has led to the emergence of telecommunications fraud. We urgently need an end-to-end identity authentication mechanism to verify the identity of the caller. This paper proposes an end-to-end, dual identity authentication mechanism to solve the problem of telecommunications fraud. Our first technique is to use the Hermes algorithm of data transmission technology on an unknown voice channel to transmit the certificate, thereby authenticating the caller's phone number. Our second technique uses voice-print recognition technology and a Gaussian mixture model (a general background probabilistic model) to establish a model of the speaker to verify the caller's voice to ensure the speaker's identity. Our solution is implemented on the Android platform, and simultaneously tests and evaluates transmission efficiency and speaker recognition. Experiments conducted on Android phones show that the error rate of the voice channel transmission signature certificate is within 3.247 %, and the certificate signature verification mechanism is feasible. The accuracy of the voice-print recognition is 72%, making it effective as a reference for identity authentication.
RF-Rhythm: Secure and Usable Two-Factor RFID Authentication. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :2194—2203.
.
2020. Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user's tapping rhythm. In addition to verifying the RFID card's identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user's secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.
Two Factor Hash Verification (TFHV): A Novel Paradigm for Remote Authentication. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—4.
.
2020. Current paradigms for client-server authentication often rely on username/password schemes. Studies show such schemes are increasingly vulnerable to heuristic and brute-force attacks. This is either due to poor practices by users such as insecure weak passwords, or insecure systems by server operators. A recurring problem in any system which retains information is insecure management policies for sensitive information, such as logins and passwords, by both hosts and users. Increased processing power on the horizon also threatens the security of many popular hashing algorithms. Furthermore, increasing reliance on applications that exchange sensitive information has resulted in increased urgency. This is demonstrated by a large number of mobile applications being deemed insecure by Open Web Application Security Project (OWASP) standards. This paper proposes a secure alternative technique of authentication that retains the current ecosystem, while minimizes attack vectors without inflating responsibilities on users or server operators. Our proposed authentication scheme uses layered encryption techniques alongside a two-part verification process. In addition, it provides dynamic protection for preventing against common cyber-attacks such as replay and man-in-the-middle attacks. Results show that our proposed authentication mechanism outperform other schemes in terms of deployability and resilience to cyber-attacks, without inflating transaction's speed.
TwoChain: Leveraging Blockchain and Smart Contract for Two Factor Authentication. 2020 3rd International Seminar on Research of Information Technology and Intelligent Systems (ISRITI). :187—191.
.
2020. User identity and personal information remain to be hot targets for attackers. From recent surveys, we can categorize that 65.5% of all cyberattacks in 2018 target user information. Sadly, most of the time, the system's security depends on how secure it is the implementation from the provider-side. One defense technique that the user can take part in is applying a two-factor authentication (2FA) system for their account. However, we observe that state-of-the-art 2FAs have several weaknesses and limitations. In this paper, we propose TwoChain, a blockchain-based 2FA system for web services to overcome those issues. Our implementation facilitates an alternative 2FA system that is more secure, disposable, and decentralized. Finally, we release TwoChain for public use.