Biblio

In recent years, cross-domain roaming through Wi-Fi is ubiquitous, and the number of roaming users has increased dramatically. It is essential to authenticate users belonging to different institutes to ensure network privacy and security. Existing systems, such as eduroam, have centralized and hierarchical structure on indorse accounts that create privacy and security issues. We have proposed UniRoam, a blockchain-based cross-domain authentication scheme that provides accountability and anonymity without any trusted authority. Unlike traditional centralized approaches, UniRoam provides access authentication for its servers and users to provide anonymity and accountability without any privacy leakage issues efficiently. By using the sovrin identifier as an anonymous identity, we integrate our system with Hyperledger and Intel SGX to authenticate users that preserves both anonymity and trust when the user connects to the network. Therefore, UniRoam is highly “faulted-tolerant” to deal with different attacks and provides an effective solution that can be deployed easily in different environments.

Authentication is a challenging and emerging issue for Fog-IoT security paradigms. The fog nodes toward large-scale end-users offer various interacted IoT services. The authentication process usually involves expressing users' personal information such as username, email, and password to the Authentication Server (AS). However, users are not intended to express their identities or information over the fog or cloud servers. Hence, we have proposed an Anonymous User Authentication Scheme for Fog-IoT (AUASF) to keep the anonymity existence of the IoT users and detect the intruders. To provide anonymity, the user can send encrypted credentials such as username, email, and mobile number through the Cloud Service Provider (CSP) for registration. IoT user receives the response with a default password and a secret Id from the CSP. After that, the IoT user submits the default password for first-time access to Fog Service Provider (FSP). The FSP assigns a One Time Password (OTP) to each user for further access. The developed scheme is equipped with hash functions, symmetric encryptions, and decryptions for security perceptions across fog that serves better than the existing anonymity schemes.

In vehicular cyber-physical systems, the mounted cameras on the vehicles, together with the fixed roadside cameras, can produce pictorial data for multiple purposes. In this process, ensuring the security and privacy of vehicles while guaranteeing efficient data transmission among vehicles is critical. This motivates us to propose a trusted anonymous authentication scheme for vehicular cyber-physical systems and Internet-of-Things. Our scheme is designed based on a three-tier architecture which contains cloud layer, fog layer, and user layer. It utilizes bilinear-free certificateless signcryption to realize a secure and trusted anonymous authentication efficiently. We verify its effectiveness through theoretical analyses in terms of correctness, security, and efficiency. Furthermore, our simulation results demonstrate that the communication overhead, the computation overhead, and the packet loss rate of the proposed scheme are significantly better than those of the state-of-the-art techniques. Particularly, the proposed scheme can speed up the computation process at least 10× compared to all the state-of-the-art approaches.

Named Data Networking (NDN) is a new kind of architecture for future Internet, which is exactly satisfied with the rapidly increasing mobile requirement and information-depended applications that dominate today's Internet. However, the current verification-data accessed system is not safe enough to prevent data leakage because no strongly method to resist any device or user to access it. We bring up a lightweight verification based on hash functions and a fine-grained access control based on Schnorr Signature to address the issue seamlessly. The proposed scheme is scalable and protect data confidentiality in a NDN network.

This paper has firstly introduced big data services and cloud computing model based on different process forms, and analyzed the authentication technology and security services of the existing big data to understand their processing characteristics. Operation principles and complexity of the big data services and cloud computing have also been studied, and summary about their suitable environment and pros and cons have been made. Based on the Cloud Computing, the author has put forward the Model of Big Data Cloud Computing based on Extended Subjective Logic (MBDCC-ESL), which has introduced Jφsang's subjective logic to test the data credibility and expanded it to solve the problem of the trustworthiness of big data in the cloud computing environment. Simulation results show that the model works pretty well.

Traditional security solutions that rely on public key infrastructure present scalability and transparency challenges when deployed in Internet of Things (IoT). In this paper, we develop a blockchain based authentication mechanism for IoT that can be integrated into the traditional transport layer security protocols such as Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Our proposed mechanism is an alternative to the traditional Certificate Authority (CA)-based Public Key Infrastructure (PKI) that relies on x.509 certificates. Specifically, the proposed solution enables the modified TLS/DTLS a viable option for resource constrained IoT devices where minimizing memory utilization is critical. Experiments show that blockchain based authentication can reduce dynamic memory usage by up to 20%, while only minimally increasing application image size and time of execution of the TLS/DTLS handshake.

In the Internet of Things (IoT), devices can interconnect and communicate autonomously, which requires devices to authenticate each other to exchange meaningful information. Otherwise, these things become vulnerable to various attacks. The conventional security protocols are not suitable for IoT applications due to the high computation and storage demand. Therefore, we proposed a blockchain-enabled secure storage and communication scheme for IoT applications, called BSS. The scheme ensures identification, authentication, and data integrity. Our scheme uses the security advantages of blockchain and helps to create safe zones (trust batch) where authenticated objects interconnect securely and do communication. A secure and robust trust mechanism is employed to build these batches, where each device has to authenticate itself before joining the trust batch. The obtained results satisfy the IoT security requirements with 60% reduced computation, storage and communication cost compared with state-of-the-art schemes. BSS also withstands various cyberattacks such as impersonation, message replay, man-in-the-middle, and botnet attacks.

A neural key exchange is a secret key exchange technique based on neural synchronization of the neural network. Since the neural key exchange is based on synchronizing weights within the neural network structure, the security of the algorithm does not depend on the attacker's computational capabilities. However, due to the neural key exchange's repetitive mutual-learning processes, using explicit user authentication methods -such as a public key certificate- is inefficient due to high communication overhead. Implicit authentication based on information that only authorized users know can significantly reduce overhead in communications. However, there was a lack of realistic methods to distribute secret information for authentication among authorized users. In this paper, we propose the concept idea of distributing shared secret values for implicit authentication based on the randomness of the public blockchain. Moreover, we present a method to prevent the unintentional disclosure of shared secret values to third parties in the network due to the transparency of the blockchain.

Session management is a fundamental component of web applications: despite the apparent simplicity, correctly implementing web sessions is extremely tricky, as witnessed by the large number of existing attacks. This motivated the design of formal methods to rigorously reason about web session security which, however, are not supported at present by suitable automated verification techniques. In this paper we introduce the first security type system that enforces session security on a core model of web applications, focusing in particular on server-side code. We showcase the expressiveness of our type system by analyzing the session management logic of HotCRP, Moodle, and phpMyAdmin, unveiling novel security flaws that have been acknowledged by software developers.

Password-based authentication is the most common authentication method for either online or offline system. Password composition policies become too burdensome and put the user in a state of struggle to remember their password. Thus, most of the user save their password on the browser or even list it down in their personal gadgets. Therefore, a multi agent-based password management application have been developed to helps user in keeping their password safely. However, multi-agent system facing security issues such as man in the middle attack, data modification and eavesdropping. This paper proposed a security protocol for multi agent-based architecture in order to reduce potential threats. The security protocol focuess on the authentication of mobile agents, data transmission and the data local protection. The communication channels are secured using cryptography techniques.

File sharing applications using cloud storage are increasingly popular for personal and business use. Due to data protection concerns, end-to-end encryption is often a desired feature of these applications. Many attempts at designing cryptographic solutions fail to be adopted due to missing relevant features. We present SeGShare, a new architecture for end-to-end encrypted, group-based file sharing using trusted execution environments (TEE), e.g., Intel SGX. SeGShare is the first solution to protect the confidentiality and integrity of all data and management files; enforce immediate permission and membership revocations; support deduplication; and mitigate rollback attacks. Next to authentication, authorization and file system management, our implementation features an optimized TLS layer that enables high throughput and low latency. The encryption overhead of our implementation is extremely small in computation and storage resources. Our enclave code comprises less than 8500 lines of code enabling efficient mitigation of common pitfalls in deploying code to TEEs.

Information Security in cloud storage is a key trepidation with regards to Degree of Trust and Cloud Penetration. Cloud user community needs to ascertain performance and security via QoS. Numerous models have been proposed [2] [3] [6][7] to deal with security concerns. Detection and prevention of insider threats are concerns that also need to be tackled. Since the attacker is aware of sensitive information, threats due to cloud insider is a grave concern. In this paper, we have proposed an authentication mechanism, which performs authentication based on verifying facial features of the cloud user, in addition to username and password, thereby acting as two factor authentication. New QoS has been proposed which is capable of monitoring and detection of insider threats using Machine Learning Techniques. KNN Classification Algorithm has been used to classify users into legitimate, possibly legitimate, possibly not legitimate and not legitimate groups to verify image authenticity to conclude, whether there is any possible insider threat. A threat detection model has also been proposed for insider threats, which utilizes Facial recognition and Monitoring models. Security Method put forth in [6] [7] is honed to include threat detection QoS to earn higher degree of trust from cloud user community. As a recommendation, Threat detection module should be harnessed in private cloud deployments like Defense and Pharma applications. Experimentation has been conducted using open source Machine Learning libraries and results have been attached in this paper.

In the past, two main approaches for the purpose of authentication, including information-theoretic authentication codes and complexity-theoretic message authentication codes (MACs), were almost independently developed. In this paper, we consider to construct new MACs, which are both computationally secure and information-theoretically secure. Essentially, we propose a new cryptographic primitive, namely, artificial-noise-aided MACs (ANA-MACs), where artificial noise is used to interfere with the complexity-theoretic MACs and quantization is further employed to facilitate packet-based transmission. With a channel coding formulation of key recovery in the MACs, the generation of standard authentication tags can be seen as an encoding process for the ensemble of codes, where the shared key between Alice and Bob is considered as the input and the message is used to specify a code from the ensemble of codes. Then, we show that artificial noise in ANA-MACs can be well employed to resist the key recovery attack even if the opponent has an unlimited computing power. Finally, a pragmatic approach for the analysis of ANA-MACs is provided, and we show how to balance the three performance metrics, including the completeness error, the false acceptance probability, and the conditional equivocation about the key. The analysis can be well applied to a class of ANA-MACs, where MACs with Rijndael cipher are employed.

Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.

Using the blockchain technology to store the privatedocuments of individuals will help make data more reliable and secure, preventing the loss of data and unauthorized access. The Consensus algorithm along with the hash algorithms maintains the integrity of data simultaneously providing authentication and authorization. The paper incorporates the block chain and the Identity Based Encryption management concept. The Identity based Management system allows the encryption of the user's data as well as their identity and thus preventing them from Identity theft and fraud. These two technologies combined will result in a more secure way of storing the data and protecting the privacy of the user.

Internet of Things (IoT) systems are becoming widely used, which makes them to be a high-value target for both hackers and crackers. From gaining access to sensitive information to using them as bots for complex attacks, the variety of advantages after exploiting different security vulnerabilities makes the security of IoT devices to be one of the most challenging desideratum for cyber security experts. In this paper, we will propose a new IoT system, designed to ensure five data principles: confidentiality, integrity, availability, authentication and authorization. The innovative aspects are both the usage of a web-based communication and a custom dynamic data request structure.

Lin et al.'s scheme is a hash function Message Authentication Codes (MAC) block cipher based scheme that's composed of the compression function. Fixed point messages have been found on SMALLPRESENT-[s] algorithm. The vulnerability of block cipher algorithm against fixed point attacks can affect the vulnerability of block cipher based hash function schemes. This paper applies fixed point attack against Lin et al.'s modified scheme based on SMALLPRESENT-[8] algorithm. Fixed point attack was done using fixed point message from SMALLPRESENT-[8] algorithm which used as Initial Value (IV) on the scheme branch. The attack result shows that eight fixed point messages are successfully discovered on the B1 branch. The fixed point messages discovery on B1 and B2 branches form 18 fixed point messages on Lin et al.'s modified scheme with different IVs and keys. The discovery of fixed point messages shows that Lin et al.'s modified scheme is vulnerable to fixed point attack.

Security for authentication is required to give a superlative secure users' personal information. This paper presents a model of the Graphical password scheme under the impact of security and ease of use for user authentication. We integrate the concept of recognition with re-called and cued-recall based schemes to offer superior security compared to existing schemes. Click Symbols (CS) Alphabet combine into one entity: Alphanumeric (A) and Visual (V) symbols (CS-AV) is Captcha-based password scheme, we integrate it with recall-based n ×n grid points, where a user can draw the shape or pattern by the intersection of the grid points as a way to enter a graphical password. Next scheme, the combination of CS-AV with grid cells allows very large password space ( 2.4 ×104 bits of entropy) and provides reasonable usability results by determining an empirical study of memorable password space. Proposed schemes support most applicable platform for input devices and promising strong resistance to shoulder surfing attacks on a mobile device which can be occurred during unlocking (pattern) the smartphone.

Steganography is a data hiding technique, which is generally used to hide the data within a file to avoid detection. It is used in the police department, detective investigation, and medical fields as well as in many more fields. Various techniques have been proposed over the years for Image Steganography and also attackers or hackers have developed many decoding tools to break these techniques to retrieve data. In this paper, CAPTCHA codes are used to ensure that the receiver is the intended receiver and not any machine. Here a randomized CAPTCHA code is created to provide additional security to communicate with the authenticated user and used Image Steganography to achieve confidentiality. For achieving secret and reliable communication, encryption and decryption mechanism is performed; hence a machine cannot decode it using any predefined algorithm. Once a secure connection has been established with the intended receiver, the original message is transmitted using the LSB algorithm, which uses the RGB color spectrum to hide the image data ensuring additional encryption.

In this paper, we consider a novel method of mining biometric data for user authentication by replacing traditional captchas with game-like captchas. The game-like captchas present the user with a short game in which they attempt to get a high score. The data produced from a user's game play will be used to produce a behavior biometric based on user interactions, such as mouse movement, click patterns and game choices. The baseline expectation of interactive behavior will be used as a single factor in an intrusion detection system providing continuous authentication, considering the factors such as IP address, location, time of use, website interactions, and behavior anomalies. In addition to acting as a source of data, game-like captchas are expected to deter bots and automated systems from accessing web-based services and improving the user experience for the end-users who have become accustomed to monotonous alternatives, such as Google's re-captcha.

Nowadays, the emerging Internet-of-Things (IoT) emphasize the need for the security of network-connected devices. Additionally, there are two types of services in IoT devices that are easily exploited by attackers, weak authentication services (e.g., SSH/Telnet) and exploited services using command injection. Based on this observation, we propose IoTCMal, a hybrid IoT honeypot framework for capturing more comprehensive malicious samples aiming at IoT devices. The key novelty of IoTC-MAL is three-fold: (i) it provides a high-interactive component with common vulnerable service in real IoT device by utilizing traffic forwarding technique; (ii) it also contains a low-interactive component with Telnet/SSH service by running in virtual environment. (iii) Distinct from traditional low-interactive IoT honeypots[1], which only analyze family categories of malicious samples, IoTCMal primarily focuses on homology analysis of malicious samples. We deployed IoTCMal on 36 VPS1 instances distributed in 13 cities of 6 countries. By analyzing the malware binaries captured from IoTCMal, we discover 8 malware families controlled by at least 11 groups of attackers, which mainly launched DDoS attacks and digital currency mining. Among them, about 60% of the captured malicious samples ran in ARM or MIPs architectures, which are widely used in IoT devices.

This paper deals with novel group-based Authentication and Key Agreement protocol for Internet of Things(IoT) enabled LTE/LTE-A network to overcome the problems of computational overhead, complexity and problem of heterogeneous devices, where other existing methods are lagging behind in attaining security requirements and computational overhead. In this work, two Groups are created among Machine Type Communication Devices (MTCDs) on the basis of device type to reduce complexity and problems of heterogeneous devices. This paper fulfills all the security requirements such as preservation, mutual authentication, confidentiality. Bio-metric authentication has been used to enhance security level of the network. The security and performance analysis have been verified through simulation results. Moreover, the performance of the proposed Novel Group-Based Authentication and key Agreement(AKA) Protocol is analyzed with other existing IoT enabled LTE/LTE-A protocol.

Electronic voting systems have enhanced efficiency in student elections management in universities, supporting such elections to become less expensive, logistically simple, with higher accuracy levels as compared to manually conducted elections. However, e-voting systems that are confined to campus hall voting inhibits access to eligible voters who are away from campus. This study examined the challenges of lack of wide access and impersonation of voter in the student elections of 2018 in Kabarak University. The main objective of this study was therefore to upgrade the offline electronic voting system through developing a secure online voting system and deploying the system for use in the 2019 student elections at Kabarak University. The resultant system and development process employed demonstrate the applicability of a secure online voting not only in the higher education context, but also in other democracies where infusion of online access and authentication in the voting processes is a requisite.

With the emergence of advanced technology, the user authentication methods have also been improved. Authenticating the user, several secure and efficient approaches have been introduced, but the biometric authentication method is considered much safer as compared to password-driven methods. In this paper, we explore the risks, concerns, and methods by installing well-known open-source software used in Unibiometric analysis by the partners of The National Institute of Standards and Technology (NIST). Not only are the algorithms used all open source but it comes with test data and several internal open source utilities necessary to process biometric data.

Security has become the vital component of today's technology. People wish to safeguard their valuable items in bank lockers. With growing technology most of the banks have replaced the manual lockers by digital lockers. Even though there are numerous biometric approaches, these are not robust. In this work we propose a new approach for personal biometric identification based on features extracted from ECG.