1,110 research outputs found
Security of two recent constant-round password authenticated group key exchange schemes
When humans interact with machines in their daily networks, it is important that security of the communications is offered, and where the involved shared secrets used to achieve this are easily remembered by humans. Password-based authenticated group key exchange (PAGKE) schemes allow group users to share a session key based on a human-memorizable password. In this paper, we consider two PAGKE schemes that build on the seminal scheme of Burmester and Desmedt. Weshow an undetectable online dictionary attack on the first scheme, and exploit the partnering definition to break the key indistinguishability of the second scheme
A Scalable Model for Secure Multiparty Authentication
Distributed system architectures such as cloud computing or the emergent
architectures of the Internet Of Things, present significant challenges for
security and privacy. Specifically, in a complex application there is a need to
securely delegate access control mechanisms to one or more parties, who in turn
can govern methods that enable multiple other parties to be authenticated in
relation to the services that they wish to consume. We identify shortcomings in
an existing proposal by Xu et al for multiparty authentication and evaluate a
novel model from Al-Aqrabi et al that has been designed specifically for
complex multiple security realm environments. The adoption of a Session
Authority Cloud ensures that resources for authentication requests are
scalable, whilst permitting the necessary architectural abstraction for myriad
hardware IoT devices such as actuators and sensor networks, etc. In addition,
the ability to ensure that session credentials are confirmed with the relevant
resource principles means that the essential rigour for multiparty
authentication is established
Recommended from our members
Decentralized Access Control in Distributed File Systems
The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are intended for machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizations. We provide a survey of decentralized access control mechanisms in distributed file systems intended for large scale, in both administrative domains and users. We identify essential properties of such access control mechanisms. We analyze both popular production and experimental distributed file systems in the context of our survey
Shibboleth and the challenge of authentication in multiple servers on a e-learning environment
L' objectiu d’aquest treball és l’estudi, implementació i prova d'un sistema de
autentificaciĂł compartida per a mĂşltiples servidors. Encara que des d'un principi es
sabia que es treballaria amb Shibboleth també s’han tingut en compte altres possibles
solucions. Shibboleth Ă©s un projecte desenvolupat per els membres de les universitats
que formen el consorci Internet2 amb l’ objectiu de desenvolupar un nou middleware
per a realitzar les funcions d’autentificació compartida en múltiples servidors i pensat
especĂficament per facilitar la col·laboraciĂł entre institucions i l’accĂ©s a continguts
digitals.
Shibboleth és una solució complerta ja que contempla des de l’autentificació ,
autoritzaciĂł i accounting, fins al sistema de login i els atributs a emprar. La qual cosa fa
que es converteixi en un entorn de treball molt segur però amb l’avantatge d’aportar
privacitat als usuaris.
El primer objectiu ha estat identificar les peculiaritats i requeriments dels entorns de elearning
distribuĂŻts, per això s’ha estudiat conceptes especĂfics de seguretat aixĂ com la
manera d’adaptar-los a l’entorn requerit. Desprès s’ha fet una comparativa de les
solucions existents al mercat amb una funcionalitat similar a Shibboleth, per tal de
presentar els avantatges i desavantatges de Shibboleth vers aquests.
Posteriorment, el treball ha consistit en entendre la estructura i els principis de
funcionament de Shibboleth, quin tipus de requeriments tenia, el funcionament i
objectius de cada part, estudiar els requeriments de l’entorn especĂfic per al qual ha
estat dissenyat (e-learning) i donar una idea general de com s’ hauria de fer la
implementació. També s’han estudiat totes les tecnologies i requeriments necessaris
per desenvolupar Shibboleth.
Una vegada estudiat Shibboleth i l'entorn especĂfic en el que s’hauria d’integrar, s’ha
muntat un escenari per a la posada en marxa i proves d’aquest, provant especĂficament
cada part i entenent amb les proves reals el funcionament. Amb l’escenari en
funcionament, la idea era integrar Shibboleth amb Sakai i Blackboard, els CMS (Course
Management System) utilitzats a on-campus, el campus virtual de la Fachhochschule
LĂĽbeck.
Per a finalitzar i a mode de conclusions s'ha fet una petita explicaciĂł dels resultats
obtinguts, una valoraciĂł de com Shibboleth resoldria les necessitats plantejades i
algunes propostes de millora
Authentication for mobile computing
Host mobility is becoming an increasingly important feature with the recent arrival of laptop and palmtop computers, the development of wireless network interfaces and the implementation of global networks. Unfortunately, this mobile environment is also much more vulnerable to penetration by intruders. A possible means of protection can be authentication. This guarantees the identity of a communication peer.
This thesis studies the constraints imposed on the mobile environment with respect to authentication. It compares the two prevailing authentication mechanisms, Kerberos and SPX, and tries to make suggestions of how a mechanism can be adapted to the mobile environment
WI-FI ALLIANCE HOTSPOT 2.0 SPECIFICATION BASED NETWORK DISCOVERY, SELECTION, AUTHENTICATION, DEPLOYMENT AND FUNCTIONALITY TESTS.
The demand for high mobile data transmission has been dramatically enlarged since there is a significant increase at the number of mobile communication devices that capable of providing high data rates. It is clearly observed that even the next generation cellular networks are not able to respond to this demand to provide the required level of mobile data transmission capacity. Although, WLAN responses to this demand by providing upwards of 600 Mbps data rates it is not convenient in terms of cellular like mobility and requires user intervention anytime of reconnection to a hotspot. Therefore, the need for a new technology took place and IEEE has introduced a new amendment to IEEE 802.11 standards family which is called as IEEE 802.11u. Based on IEEE 802.11u amendment, WFA developed WFA Hotspot 2.0 Specification and started to certify the Wi-Fi devices under Passpoint certification program. This new technology developed to provide Wi-Fi capable devices simply identify, select and associate to a Hotspot without any user intervention in a highly secure manner.
As Hotspot 2.0 Specification is quite new in the market it has been a challenging work to reach some academic papers; however, IEEE 802.11u standard, Internet sources, white papers published by different companies/organizations and discussions with telecommunication experts have made this master thesis to achieve its goals.
This thesis work provides a great resource for the network operators to have a great understanding of the Hotspot 2.0 Specification in terms of theory, network element requirements and deployment by providing a good understanding of the system functionality. In this paper, a comprehensive theoretical background that addresses to WLAN technology, Passpoint elements, and IEEE 802.11u based network discovery, selection and authentication is provided. Besides, Hotspot 2.0 network deployment scenarios with network core element requirements are designed and Passpoint functionality tests are performed under different scenarios by describing a comprehensive setup for the testing.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format
- …