4,651 research outputs found
A PUF-and biometric-based lightweight hardware solution to increase security at sensor nodes
Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure storage of secret keys is required. In this work, a low-cost solution is presented to obfuscate secret keys with Physically Unclonable Functions (PUFs), which exploit the hardware identity of the node. In addition, a lightweight fingerprint recognition solution is proposed, which can be implemented in low-cost sensor nodes. Since biometric data of individuals are sensitive, they are also obfuscated with PUFs. Both solutions allow authenticating the origin of the sensed data with a proposed dual-factor authentication protocol. One factor is the unique physical identity of the trusted sensor node that measures them. The other factor is the physical presence of the legitimate individual in charge of authorizing their transmission. Experimental results are included to prove how the proposed PUF-based solution can be implemented with the SRAMs of commercial Bluetooth Low Energy (BLE) chips which belong to the communication module of the sensor node. Implementation results show how the proposed fingerprint recognition based on the novel texture-based feature named QFingerMap16 (QFM) can be implemented fully inside a low-cost sensor node. Robustness, security and privacy issues at the proposed sensor nodes are discussed and analyzed with experimental results from PUFs and fingerprints taken from public and standard databases.Ministerio de Economía, Industria y Competitividad TEC2014-57971-R, TEC2017-83557-
Deep Learning-Based Dynamic Watermarking for Secure Signal Authentication in the Internet of Things
Securing the Internet of Things (IoT) is a necessary milestone toward
expediting the deployment of its applications and services. In particular, the
functionality of the IoT devices is extremely dependent on the reliability of
their message transmission. Cyber attacks such as data injection,
eavesdropping, and man-in-the-middle threats can lead to security challenges.
Securing IoT devices against such attacks requires accounting for their
stringent computational power and need for low-latency operations. In this
paper, a novel deep learning method is proposed for dynamic watermarking of IoT
signals to detect cyber attacks. The proposed learning framework, based on a
long short-term memory (LSTM) structure, enables the IoT devices to extract a
set of stochastic features from their generated signal and dynamically
watermark these features into the signal. This method enables the IoT's cloud
center, which collects signals from the IoT devices, to effectively
authenticate the reliability of the signals. Furthermore, the proposed method
prevents complicated attack scenarios such as eavesdropping in which the cyber
attacker collects the data from the IoT devices and aims to break the
watermarking algorithm. Simulation results show that, with an attack detection
delay of under 1 second the messages can be transmitted from IoT devices with
an almost 100% reliability.Comment: 6 pages, 9 figure
Samba Openldap: An Evolution And Insight
Directory services facilitate access to information
organized under a variety of frameworks and applications. The
Lightweight Directory Access Protocol is a promising technology
that provides access to directory information using a data
structure similar to that of the X.500 protocol. IBM Tivoli,
Novell, Sun, Oracle, Microsoft, and many other vendor features
LDAP-based implementations. The technology’s increasing
popularity is due both to its flexibility and its compatibility with
existing applications. A directory service is a searchable
database repository that lets authorized users and services find
information related to people, computers, network devices, and
applications. Given the increasing need for information —
particularly over the Internet — directory popularity has grown
over the last decade and is now a common choice for distributed
applications. Lightweight Directory Access Protocol (LDAP)
accommodates the need of high level of security, single sign-on,
and centralized user management. This protocol offers security
services and integrated directory with capability of storage
management user information in a directory. Therefore at the
same time the user can determine application, service, server to
be accessed, and user privileges. It is necessary to realize files
sharing between different operating systems in local area
network. Samba software package, as the bridge across Windows
and Linux, can help us resolve the problem. In this paper, we try
to explore previous literature on this topic and also consider
current authors work then come out with our views on the
subject matter of discussion based on our understanding
A cancelable iris- and steganography-based user authentication system for the Internet of Things
Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques
ZETA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Reliable authentication requires the devices and
channels involved in the process to be trustworthy; otherwise
authentication secrets can easily be compromised. Given the
unceasing efforts of attackers worldwide such trustworthiness
is increasingly not a given. A variety of technical solutions,
such as utilising multiple devices/channels and verification
protocols, has the potential to mitigate the threat of untrusted
communications to a certain extent. Yet such technical solutions
make two assumptions: (1) users have access to multiple
devices and (2) attackers will not resort to hacking the human,
using social engineering techniques. In this paper, we propose
and explore the potential of using human-based computation
instead of solely technical solutions to mitigate the threat of
untrusted devices and channels. ZeTA (Zero Trust Authentication
on untrusted channels) has the potential to allow people to
authenticate despite compromised channels or communications
and easily observed usage. Our contributions are threefold:
(1) We propose the ZeTA protocol with a formal definition
and security analysis that utilises semantics and human-based
computation to ameliorate the problem of untrusted devices
and channels. (2) We outline a security analysis to assess
the envisaged performance of the proposed authentication
protocol. (3) We report on a usability study that explores the
viability of relying on human computation in this context
- …