Comparative Study of Eight Formal Specifications of the Message Authenticator Algorithm

The Message Authenticator Algorithm (MAA) is one of the first cryptographic functions for computing a Message Authentication Code. Between 1987 and 2001, the MAA was adopted in international standards (ISO 8730 and ISO 8731-2) to ensure the authenticity and integrity of banking transactions. In 1990 and 1991, three formal, yet non-executable, specifications of the MAA (in VDM, Z, and LOTOS) were developed at NPL. Since then, five formal executable specifications of the MAA (in LOTOS, LNT, and term rewrite systems) have been designed at INRIA Grenoble. This article provides an overview of the MAA and compares its formal specifications with respect to common-sense criteria, such as conciseness, readability, and efficiency of code generation.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866

Strong authentication based on mobile application

The user authentication in online services has evolved over time from the old username and password-based approaches to current strong authentication methodologies. Especially, the smartphone app has become one of the most important forms to perform the authentication. This thesis describes various authentication methods used previously and discusses about possible factors that generated the demand for the current strong authentication approach. We present the concepts and architectures of mobile application based authentication systems. Furthermore, we take closer look into the security of the mobile application based authentication approach. Mobile apps have various attack vectors that need to be taken under consideration when designing an authentication system. Fortunately, various generic software protection mechanisms have been developed during the last decades. We discuss how these mechanisms can be utilized in mobile app environment and in the authentication context. The main idea of this thesis is to gather relevant information about the authentication history and to be able to build a view of strong authentication evolution. This history and the aspects of the evolution are used to state hypothesis about the future research and development. We predict that the authentication systems in the future may be based on a holistic view of the behavioral patterns and physical properties of the user. Machine learning may be used in the future to implement an autonomous authentication concept that enables users to be authenticated with minimal physical or cognitive effort

A Survey of Parallel Message Authentication and Hashing Methods

مقدمة: الإنترنت، وتبادل المعلومات، والتواصل الاجتماعي، وغيرها من الأنشطة التي ازدادت بشكل كبير في السنوات الأخيرة. لذلك، يتطلب الأمر زيادة السرية والخصوصية. في الأيام الأخيرة، كان الاحتيال عبر الإنترنت واحدًا من العوائق الرئيسية لنشر استخدام تطبيقات الأعمال. وبالتالي، تحدث الثلاث مخاوف الأمنية الهامة بشكل يومي في عالم الأزياء الشفافة لدينا، وهي: الهوية، والمصادقة، والترخيص. التعرف هو إجراء يسمح بتحديد هوية كيان ما، والذي يمكن أن يكون شخصًا أو جهاز كمبيوتر أو أصل آخر مثل مبرمج برامج. طرق العمل: في أنظمة الأمان، المصادقة والترخيص هما إجراءان مكملان لتحديد من يمكنه الوصول إلى موارد المعلومات عبر الشبكة. تم تقديم العديد من الحلول في الأدبيات. وللحصول على أداء أفضل في خوارزميات المصادقة، استخدم الباحثون التوازي لزيادة الإنتاجية لخوارزمياتهم. من جهة، تم استخدام مجموعة من الطرق لزيادة مستوى الأمان في الأنظمة التشفيرية، بما في ذلك زيادة عدد الجولات، واستخدام جداول الاستبدال ودمج آليات الأمان الأخرى لتشفير الرسائل والمصادقة عليها. النتائج: أظهرت الدراسات الحديثة حول مصادقة الرسائل المتوازية وخوارزميات التجزئة أن وحدات معالجة الرسومات تتفوق في الأداء على الأنظمة الأساسية المتوازية الأخرى من حيث الأداء. الاستنتاجات: يقدم هذا العمل تنفيذًا متوازيًا لتقنيات مصادقة الرسائل على العديد من الأنظمة الأساسية. تدرس وتعرض الأعمال التي تناقش المصادقة والتجزئة وتنفيذها على منصة موازية كهدف رئيسي.Background: Currently, there are approximately 4.95 billion people who use the Internet. This massive audience desires internet shopping, information exchange, social networking, and other activities that have grown dramatically in recent years. Therefore, it creates the need for greater confidentiality and privacy. In recent days, fraud via the Internet has been one of the key impediments to the dissemination of the use of business apps. Therefore, the three important security concerns actually occur daily in our world of transparent fashion, more accurately: identity, authentication, and authorization. Identification is a procedure that permits the recognition of an entity, which may be a person, a computer, or another asset such as a software programmer. Materials and Methods: In security systems, authentication and authorization are two complementary procedures for deciding who may access the information resources across a network. Many solutions have been presented in the literature. To get more performance on the authentication algorithmic, researchers used parallelism to increase the throughput of their algorithms.  On the one hand, various approaches have been employed to enhance the security of cryptographic systems, including increasing the number of rounds, utilizing substitution tables, and integrating other security primitives for encryption and message authentication. Results: Recent studies on parallel message authentication and hashing algorithms have demonstrated that GPUs outperform other parallel platforms in terms of performance. Conclusion: This work presents a parallel implementation of message authentication techniques on several platforms. It is studying and demonstrating works which discuss authentication, hashing, and their implementation on a parallel platform as a main objective

Security Framework for Agent-Based Cloud Computing

Agent can play a key role in bringing suitable cloud services to the customer based on their requirements. In agent based cloud computing, agent does negotiation, coordination, cooperation and collaboration on behalf of the customer to make the decisions in efficient manner. However the agent based cloud computing have some security issues like (a.) addition of malicious agent in the cloud environment which could demolish the process by attacking other agents, (b.) denial of service by creating flooding attacks on other involved agents. (c.) Some of the exceptions in the agent interaction protocol such as Not-Understood and Cancel_Meta protocol can be misused and may lead to terminating the connection of all the other agents participating in the negotiating services. Also, this paper proposes algorithms to solve these issues to ensure that there will be no intervention of any malicious activities during the agent interaction

Specifying a Cryptographical Protocol in Lustre and SCADE

We present SCADE and Lustre models of the Message Authenticator Algorithm (MAA), which is one of the first cryptographic functions for computing a message authentication code. The MAA was adopted between 1987 and 2001, in international standards (ISO 8730 and ISO 8731-2), to ensure the authenticity and integrity of banking transactions. This paper discusses the choices and the challenges of our MAA implementations. Our SCADE and Lustre models validate 201 official test vectors for the MAA.Comment: In Proceedings MARS 2020, arXiv:2004.12403. arXiv admin note: text overlap with arXiv:1703.0657

Defending secrets, sharing data: new locks and keys for electronic information

This report examines Federal policies directed at protecting information, particularly in electronic communications systems

AUTHORIZED PUBLIC AUDITING ON CLOUD DATA

A new era in Information Technology is Cloud Computing, as it provides various scalable and elastic Information Technology services in pay-as-you-use basis, where the customers of cloud can reduce huge capital investments involved in IT infrastructure.  In this aspect cloud users who use storage services no longer physically maintain direct control over the data that is stored in cloud, which makes data security as one of the major issues while using cloud. The earlier research work allows integrity data to be certified without possession of actual data file. When verification is done by a trusted third party, then such verification is known as Data Auditing and the person who does the auditing is called as Auditor. Such schemes in reality suffer from several drawbacks: 1)      A required process of Authentication/Authorization is unavailable between the cloud service provider and auditor. i.e anyone who is willing to challenge the cloud service provider to obtain the integrity of certain file, there by puts the quality of so called ‘auditing-as-a-service’ at risk. 2)      The recent research work that was carried out on BLS signature can support updates full dynamic data on constant/fixed size of data blocks, this support is only towards fixed size blocks as basic unit which I call it as Coarse-grained updates. Due to which every small update would cause re-computation and updating of the authenticator  for  an entire file block, which results in over heads like higher  usage of storage space and communication overheads. In this Project I would enable a formal analysis for all possible types of fine-grained updates and bring out a scheme that can fully support authorized auditing and fine grain update requests

Identity Theft in Cyberspace: Issues and Solutions

Cet article présente et analyse la menace grandissante que représente le vol d’identité dans le cyberespace. Le développement, dans la dernière décennie, du commerce électronique ainsi que des transactions et des communications numériques s’accélère. Cette progression non linéaire a généré une myriade de risques associés à l’utilisation des technologies de l’information et de la communication (les TIC) dans le cyberespace, dont un des plus importants est sans conteste la menace du vol d’identité. Cet article vise à donner un aperçu des enjeux et des risques relatifs au vol d’identité et cherche à offrir certaines solutions basées sur la nécessité d’opter pour une politique à trois volets qui englobe des approches stratégiques et règlementaires, techniques et culturelles.This article addresses and analyses the growing threat of identity theft in cyberspace. E-commerce and digital transactions and communications have, over the past decade, been increasingly transpiring at an accelerated rate. This non-linear progression has generated a myriad of risks associated with the utilization of information and communication technologies (ICTs) in cyberspace communications, amongst the most important of which is: the threat of identity theft. On such account, this article aims to provide an overview of the issues and risks pertinent to identity theft and seeks to offer some solutions based on the necessity of pursuing a tri-fold policy encompassing strategic and regulatory, technical, and cultural approaches