Biblio

Fueled by the emergence of IoT-enabled medical sensors and big data analytics, nations all over the world are widely adopting digitalization of healthcare systems. This is certainly a positive trend for improving the entire spectrum of quality of care, but this convenience is also posing a huge challenge on the security of healthcare data. For ensuring privacy and protection of healthcare data, access control is regarded as one of the first-line-of-defense mechanisms. As none of the traditional enterprise access control models can completely cater to the need of the healthcare domain which includes a myriad of contexts, in this paper, we present a context-policy-based access control scheme. Our scheme relies on the eTRON cybersecurity architecture for tamper-resistance and cryptographic functions, and leverages a context-specific blend of classical discretionary and role-based access models for incorporation into legacy systems. Moreover, our scheme adheres to key recommendations of prominent statutory and technical guidelines including HIPAA and HL7. The protocols involved in the proposed access control system have been delineated, and a proof-of-concept implementation has been carried out - along with a comparison with other systems, which clearly suggests that our approach is more responsive to different contexts for protecting healthcare data.

Wireless Sensor Network (WSN) is considered as the backbone of Internet of Things (IoT) networks. Authentication is the most important phase that guarantees secure access to such networks but it is more critical than that in traditional Internet because the communications are established between constrained devices that could not compute heavy cryptographic primitives. In this paper, we are studying with real experimentation the efficiency of HIP Diet EXchange header (HIP DEX) protocol over IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) in IoT. The adopted application layer protocol is Constrained Application Protocol (CoAP) and as a routing protocol, the Routing Protocol for Low power and lossy networks (RPL). The evaluation concerns the total End-to-End transmission delays during the authentication process between the communicating peers regarding the processing, propagation, and queuing times' overheads results. Most importantly, we propose an efficient handshake packets' compression header, and we detailed a comparison of the above evaluation's criteria before and after the proposed compression. Obtained results are very encouraging and reinforce the efficiency of HIP DEX in IoT networks during the handshake process of constrained nodes.

The paper addresses the issue of providing information security to wireless sensor networks using Security Information and Event Management (SIEM) methodology along with multi-agent approach. The concept of wireless sensor networks and providing their information security, including construction of SIEM system architecture, SIEM analysis methodologies and its main features, are considered. The proposed approach is to integrate SIEM system methodology with a multi-agent architecture which includes data collecting agents, coordinating agent (supervisor) and local Intrusion Detection Systems (IDSs) based on artificial immune system mechanisms. Each IDS is used as an agent that performs a primary analysis and sends information about suspicious activity to the server. The server performs correlation analysis, identifies the most significant incidents, and helps to prioritize the incident response. The presented results of computational experiments confirm the effectiveness of the proposed approach.

The following topics are dealt with: learning (artificial intelligence); neural nets; feature extraction; pattern classification; convolutional neural nets; computer network security; security of data; recurrent neural nets; data privacy; and cloud computing.

The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.

As a general interface for chip system testing and on-chip debugging, JTAG is facing serious security threats. By analyzing the typical JTAG attack model and security protection measures, this paper designs a secure JTAG debugging model based on Schnorr identity authentication protocol, and takes RISCV as an example to build a set of SoC prototype system to complete functional verification. Experiments show that this secure JTAG debugging model has high security, flexible implementation, and good portability. It can meet the JTAG security protection requirements in various application scenarios. The maximum clock frequency can reach 833MHZ, while the hardware overhead is only 47.93KGate.

Owing to the advancements in communication media and devices all over the globe, there has arisen a dire need for to limit the alarming number of attacks targeting these and to enhance their security. Multiple techniques have been incorporated in different researches and various protocols and schemes have been put forward to cater security issues of session initiation protocol (SIP). In 2008, Qiu et al. presented a proposal for SIP authentication which while effective than many existing schemes, was still found vulnerable to many security attacks. To overcome those issues, Zhang et al. proposed an authentication protocol. This paper presents the analysis of Zhang et al. authentication scheme and concludes that their proposed scheme is susceptible to user traceablity. It also presents an improved SIP authentication scheme that eliminates the possibility of traceability of user's activities. The proposed scheme is also verified by contemporary verification tool, ProVerif and it is found to be more secure, efficient and practical than many similar SIP authetication scheme.

To better protect users' privacy, various authentication mechanisms have been applied on smartphones. Android pattern lock has been widely used because it is easy to memorize, however, simple ones are more vulnerable to attack such as shoulder surfing attack. In this paper, we propose a security rating evaluation scheme based on pattern lock. In particular, an entropy function of a pattern lock can be calculated, which is decided by five kinds of attributes: size, length, angle, overlap and intersection for quantitative evaluation of pattern lock. And thus, the security rating thresholds will be determined by the distribution of entropy values. Finally, we design and develop an APP based on Android Studio, which is used to verify the effectiveness of our proposed security rating evaluation scheme.

Multi-factor user authentication (MFUA) becomes increasingly popular due to its superior security comparing with single-factor user authentication. However, existing MFUAs require multiple interactions between users and different authentication components when sensing the multiple factors, leading to extra overhead and bad use experiences. In this paper, we propose a secure and user-friendly MFUA system, namely BioDraw, which utilizes four categories of biometrics (impedance, geometry, composition, and behavior) of human hand plus the pattern-based password to identify and authenticate users. A user only needs to draw a pattern on a RFID tag array, while four biometrics can be simultaneously collected. Particularly, we design a gradient-based pattern recognition algorithm for pattern recognition and then a CNN-LSTM-based classifier for user recognition. Furthermore, to guarantee the systemic security, we propose a novel anti-spoofing scheme, called Binary ALOHA, which utilizes the inhabit randomness of RFID systems. We perform extensive experiments over 21 volunteers. The experiment result demonstrates that BioDraw can achieve a high authentication accuracy (with a false reject rate less than 2%) and is effective in defending against various attacks.

Attacks targeting several millions of non-internet based application users are on the rise. These applications such as SMS and USSD typically do not benefit from existing multi-factor authentication methods due to the nature of their interaction interfaces and mode of operations. To address this problem, we propose an approach that augments blockchain with multi-factor authentication based on evidence from blockchain transactions combined with risk analysis. A profile of how a user performs transactions is built overtime and is used to analyse the risk level of each new transaction. If a transaction is flagged as high risk, we generate n-factor layers of authentication using past endorsed blockchain transactions. A demonstration of how we used the proposed approach to authenticate critical financial transactions in a blockchain-based asset financing platform is also discussed.

E-learning enables the transfer of skills, knowledge, and education to a large number of recipients. The E-Learning platform has the tendency to provide face-to-face learning through a learning management system (LMS) and facilitated an improvement in traditional educational methods. The LMS saves organization time, money and easy administration. LMS also saves user time to move across the learning place by providing a web-based environment. However, a few students could be willing to exploit such a system's weakness in a bid to cheat if the conventional authentication methods are employed. In this scenario user authentication and surveillance of end user is more challenging. A system with the simultaneous authentication is put forth through multifactor adaptive authentication methods. The proposed system provides an efficient, low cost and human intervention adaptive for e-learning environment authentication and monitoring system.

Multi-factor authentication (MFA) systems are being deployed for user authentication in online and personal device systems, whereas physical spaces mostly rely on single-factor authentication; examples are entering offices and homes, airport security, and classroom attendance. The Internet of Things (IoT) growth and market interest has created a diverse set of low-cost and flexible sensors and actuators that can be used for MFA. However, combining multiple authentication factors in a physical space adds several challenges, such as complex deployment, reduced usability, and increased energy consumption. We introduce MAFIA (Multi-layered Architecture For IoT-based Authentication), a novel architecture for co-located user authentication composed of multiple IoT devices. In MAFIA, we improve the security of physical spaces while considering usability, privacy, energy consumption, and deployment complexity. MAFIA is composed of three layers that define specific purposes for devices, guiding developers in the authentication design while providing a clear understanding of the trade-offs for different configurations. We describe a case study for an Automated Classroom Attendance System, where we evaluated three distinct types of authentication setups and showed that the most secure setup had a greater usability penalty, while the other two setups had similar attributes in terms of security, privacy, complexity, and usability but varied highly in their energy consumption.

Authenticate on the system using only the authentication method based on username and password is not enough to ensure an acceptable level of information security for a critical system. It has been used in a multi factor authentication to increase the information security during the authentication process. However factors like what you have cause an inconvenience to the users, because the users during the authentication process always will need to have a device in their possession that complements the authentication process. By the other side of the biometric factor might change during the time, it needs an auxiliary device that will increase the costs and it also might be dependent from environmental conditions to work appropriately. To avoid some problems that exist in multi factor authentication, this work purposes authentication through semantic representation in OWL (web Ontology Language) tuples of recognized concepts in images as a form to increase the security in the authentication process. A proof of the concept was modeled and implemented, it has a demonstration that the robustness of this authentication system depends on the complexity of relationship in the semantic base (ontology) and in the simplicity of the relationship identified in the images.

This paper is focused on the topic of the use of biometrics framework and strategy for secure access identity management of cloud computing services. This paper present's a description of cloud computing security issues and explored a review of previous works that represented various ideas for a cloud access framework. This paper discusses threats like a malicious insider, data breaches, and describes ways to protect them. It describes an innovative way portrayed a framework that fingerprint access-based authentication to protect Cloud services from unauthorized access and DOS, DDoS attacks. This biometrics-based framework as an extra layer of protection, added then it can be robust to prevent unauthorized access to cloud services.

Radio frequency identification system (RFID) is a wireless technology based on radio waves. These radio waves transmit data from the tag to a reader, which then transmits the information to a server. RFID tags have several advantages, they can be used in merchandise, to track vehicles, and even patients. Connecting RFID tags to internet terminal or server it called Internet of Things (IoT). Many people have shown interest in connected objects or the Internet of Things (IoT). The IoT is composed of many complementary elements each having their own specificities. The RFID is often seen as a prerequisite for the IoT. The main challenge of RFID is the security issues. Connecting RFID with IoT poses security threats and challenges which are needed to be discussed properly before deployment. In this paper, we proposed a new distributed encryption algorithm to be used in the IoT structure in order to reduce the security risks that are confronted in RFID technology.

In recent years, the Internet of Things technology has developed rapidly. RFID technology, as an important branch of the Internet of Things technology, is widely used in logistics, medical, military and other fields. RFID technology not only brings convenience to people's production and life, but also hides many security problems. However, the current research on RFID technology mainly focuses on the technology application, and there are relatively few researches on its security analysis. This paper firstly studies the authentication mechanism and storage mechanism of RFID technology, then analyzes the common vulnerabilities of RFID, and finally gives the security protection suggestions.

Recently, with the increase of smart factories, smart cities, and the 4th industrial revolution, internal user authentication is emerging as an important issue. The existing user authentication and Access Control architecture can use the centralized system to forge access history by the service manager, which can cause problems such as evasion of responsibility and internal corruption. In addition, the user must independently manage the ID or physical authentication medium for authentication of each service, it is difficult to manage the subscribed services. This paper proposes a Hybrid blockchain-based integrated ID model to solve the above problems. The user creates authentication information based on the electronic signature of the Ethereum Account, a public blockchain, and provides authentication to a service provider composed of a Hyperledger Fabric, a private blockchain. The service provider ensures the integrity of the information by recording the Access History and authentication information in the Internal-Ledger. Through the proposed architecture, we can integrate the physical pass or application for user authentication and authorization into one Unification ID. Service providers can prevent non-Repudiation of responsibility by recording their authority and access history in ledger.

Ensuring security to IoT devices is important in order to provide privacy and quality of services. Proposing a security solution is considered an important step towards achieving protection, however, proving the soundness of the solution is also crucial. In this paper, we propose a methodology for the performance evaluation of lightweight IoT-based authentication protocols based on execution time. Then, a formal verification test is conducted on a lightweight protocol proposed in the literature. The formal verification test conducted with Scyther tool proofs that the model provides mutual authentication, authorization, integrity, confidentiality, non-repudiation, and accountability. The protocol also was proven to provide protection from various attacks.

The recent advancement in the automotive sector has led to a technological explosion. As a result, the modern car provides a wide range of features supported by state of the art hardware and software. Unfortunately, while this is the case of most major components, in the same vehicle we find dozens of sensors and sub-systems built over legacy hardware and software with limited computational capabilities. This paper presents LOKI, a lightweight cryptographic key distribution scheme applicable in the case of the classical invehicle communication systems. The LOKI protocol stands out compared to already proposed protocols in the literature due to its ability to use only a single broadcast message to initiate the generation of a new cryptographic key across a group of nodes. It's lightweight key derivation algorithm takes advantage of a reverse hash chain traversal algorithm to generate fresh session keys. Experimental results consisting of a laboratory-scale system based on Vector Informatik's CANoe simulation environment demonstrate the effectiveness of the developed methodology and its seamless impact manifested on the network.

The massive proliferation of state of the art interfaces into the automotive sector has triggered a revolution in terms of the technological ecosystem that is found in today's modern car. Accordingly, on the one hand, we find dozens of Electronic Control Units (ECUs) running several hundred MB of code, and more and more sophisticated dashboards with integrated wireless communications. On the other hand, in the same vehicle we find the underlying communication infrastructure struggling to keep up with the pace of these radical changes. This paper presents MixCAN (MIXed data authentication for Control Area Networks), an approach for mixing different message signatures (i.e., authentication tags) in order to reduce the overhead of Controller Area Network (CAN) communications. MixCAN leverages the attributes of Bloom Filters in order to ensure that an ECU can sign messages with different CAN identifiers (i.e., mix different message signatures), and that other ECUs can verify the signature for a subset of monitored CAN identifiers. Extensive experimental results based on Vectors Informatik's CANoe/CANalyzer simulation environment and the data set provided by Hacking and Countermeasure Research Lab (HCRL) confirm the validity and applicability of the developed approach. Subsequent experiments including a test bed consisting of Raspberry Pi 3 Model B+ systems equipped with CAN communication modules demonstrate the practical integration of MixCAN in real automotive systems.

A quantum high secure direct communication with authentication protocol is proposed by using single photons. The high security of the protocol is achieved on levels. The first level involves the verification of the quantum channel security by using fake photons. The authentication process is also ensured by the fake photons. The second level of security is given by the use of multiple polarization bases. The secret message is encoded in groups of photons; each single character of the message is associated with m (m≥7) photons. Thus, at least 27 (128) characters will be encoded. In order to defeat the quantum teleportation attack, the string of bits associated to the secret message is encrypted with a secret string of bits by using XOR operator. Encryption of the sender's identity string and the receiver's identity string by the XOR operator with a random string of fake photons defends quantum man-in-the-middle attack efficiently. Quantum memory is required to implement our protocol. Storage of quantum information is a key element in quantum information processing and provides a more flexible, effective and efficient communication. Our protocol is feasible with current technologies.

Two-Dimensional barcodes are used as data authentication storage tool on several cryptographic architectures. This article describes a novel meaningful image authentication method for data validation using the Meaningless Reversible Degradation concept and QR Codes. The system architecture use the Meaningless Reversible Degradation algorithm, systematic Reed-Solomon error correction codes, meaningful images, and QR Codes. The encoded images are the secret key for visual validation. The proposed work encodes any secret image file up to 3.892 Bytes and is decoded using data stored in a QR Code and a digital file retrieved through a wireless connection on a mobile device. The QR Code carries partially distorted and stream ciphered bits. The QR Code version is defined in conformity with the secret image file size. Once the QR Code data is decoded, the authenticating party retrieves a previous created Reed-Solomon redundancy file to correct the QR Code stored data. Finally, the secret image is decoded for user visual identification. A regular QR Code reader cannot decode any meaningful information when the QR Code is scanned. The presented cryptosystem improves the redundancy download file size up to 50% compared to a plaintext image transmission.

In order to solve the problems of inconvenient carrying and management of the access card used in the existing market access control system, a set of intelligent access control system based on DES encrypted two-dimensional code is designed. The system consists of Android smart phone, embedded access controller and server. By sending and receiving QR code via smart phone, access to the door is obtained, which realizes centralized management of office buildings, companies, senior office buildings, luxury residences and other middle and high-rise places, effectively preventing unauthorized people from entering the high security area. In order to ensure information security, the two-dimensional code is encrypted by DES algorithm. This system has the characteristics of low cost, high security and flexible operation. It is still blank in the application field and has certain promotion value.

This paper presents a new incremental parallelizable message authentication code (MAC) scheme adaptable to lightweight block ciphers for memory integrity verification. The highlight of the proposed scheme is to achieve both incremental update capability and sufficient security bound with lightweight block ciphers, which is a novel feature. We extend the conventional parallelizable MAC to realize the incremental update capability while keeping the original security bound. We prove that a comparable security bound can be obtained even if this change is incorporated. We also present a hardware architecture for the proposed MAC scheme with lightweight block ciphers and demonstrate the effectiveness through FPGA implementation. The evaluation results indicate that the proposed MAC hardware achieves 3.4 times improvement in the latency-area product for the tag update compared with the conventional MAC.

The following topics are dealt with: authorisation; data privacy; mobile computing; security of data; cryptography; Internet of Things; message authentication; invasive software; Android (operating system); vectors.