740 research outputs found
A fingerprint based crypto-biometric system for secure communication
To ensure the secure transmission of data, cryptography is treated as the
most effective solution. Cryptographic key is an important entity in this
procedure. In general, randomly generated cryptographic key (of 256 bits) is
difficult to remember. However, such a key needs to be stored in a protected
place or transported through a shared communication line which, in fact, poses
another threat to security. As an alternative, researchers advocate the
generation of cryptographic key using the biometric traits of both sender and
receiver during the sessions of communication, thus avoiding key storing and at
the same time without compromising the strength in security. Nevertheless, the
biometric-based cryptographic key generation possesses few concerns such as
privacy of biometrics, sharing of biometric data between both communicating
users (i.e., sender and receiver), and generating revocable key from
irrevocable biometric. This work addresses the above-mentioned concerns.
In this work, a framework for secure communication between two users using
fingerprint based crypto-biometric system has been proposed. For this,
Diffie-Hellman (DH) algorithm is used to generate public keys from private keys
of both sender and receiver which are shared and further used to produce a
symmetric cryptographic key at both ends. In this approach, revocable key for
symmetric cryptography is generated from irrevocable fingerprint. The biometric
data is neither stored nor shared which ensures the security of biometric data,
and perfect forward secrecy is achieved using session keys. This work also
ensures the long-term security of messages communicated between two users.
Based on the experimental evaluation over four datasets of FVC2002 and NIST
special database, the proposed framework is privacy-preserving and could be
utilized onto real access control systems.Comment: 29 single column pages, 8 figure
TUSH-Key: Transferable User Secrets on Hardware Key
Passwordless authentication was first tested for seamless and secure merchant
payments without the use of passwords or pins. It opened a whole new world of
authentications giving up the former reliance on traditional passwords. It
relied on the W3C Web Authentication (WebAuthn) and Client to Authenticator
Protocol (CTAP) standards to use the public key cryptosystem to uniquely attest
a user's device and then their identity. These standards comprise of the FIDO
authentication standard. As the popularity of passwordless is increasing, more
and more users and service providers are adopting to it. However, the concept
of device attestation makes it device-specific for a user. It makes it
difficult for a user to switch devices. FIDO Passkeys were aimed at solving the
same, synchronizing the private cryptographic keys across multiple devices so
that the user can perform passwordless authentication even from devices not
explicitly enrolled with the service provider. However, passkeys have certain
drawbacks including that it uses proprietary end to end encryption algorithms,
all keys pass through proprietary cloud provider, and it is usually not very
seamless when dealing with cross-platform key synchronization. To deal with the
problems and drawbacks of FIDO Passkeys, the paper proposes a novel private key
management system for passwordless authentication called Transferable User
Secret on Hardware Key (TUSH-Key). TUSH-Key allows cross-platform
synchronization of devices for seamless passwordless logins with FIDO2
specifications
Recommended from our members
Security challenges and solutions for e-business
The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated
PTTS: Zero-Knowledge Proof-based Private Token Transfer System on Ethereum Blockchain and its Network Flow Based Balance Range Privacy Attack Analysis
Blockchains are decentralized and immutable databases that are shared among
the nodes of the network. Although blockchains have attracted a great scale of
attention in the recent years by disrupting the traditional financial systems,
the transaction privacy is still a challenging issue that needs to be addressed
and analysed. We propose a Private Token Transfer System (PTTS) for the
Ethereum public blockchain in the first part of this paper. For the proposed
framework, zero-knowledge based protocol has been designed using Zokrates and
integrated into our private token smart contract. With the help of web user
interface designed, the end users can interact with the smart contract without
any third-party setup. In the second part of the paper, we provide security and
privacy analysis including the replay attack and the balance range privacy
attack which has been modelled as a network flow problem. It is shown that in
case some balance ranges are deliberately leaked out to particular
organizations or adversial entities, it is possible to extract meaningful
information about the user balances by employing minimum cost flow network
algorithms that have polynomial complexity. The experimental study reports the
Ethereum gas consumption and proof generation times for the proposed framework.
It also reports network solution times and goodness rates for a subset of
addresses under the balance range privacy attack with respect to number of
addresses, number of transactions and ratio of leaked transfer transaction
amounts
A comprehensive survey of wireless body area networks on PHY, MAC, and network layers solutions
Recent advances in microelectronics and integrated circuits, system-on-chip design, wireless communication and intelligent low-power sensors have allowed the realization of a Wireless Body Area Network (WBAN). A WBAN is a collection of low-power, miniaturized, invasive/non-invasive lightweight wireless sensor nodes that monitor the human body functions and the surrounding environment. In addition, it supports a number of innovative and interesting applications such as ubiquitous healthcare, entertainment, interactive gaming, and military applications. In this paper, the fundamental mechanisms of WBAN including architecture and topology, wireless implant communication, low-power Medium Access Control (MAC) and routing protocols are reviewed. A comprehensive study of the proposed technologies for WBAN at Physical (PHY), MAC, and Network layers is presented and many useful solutions are discussed for each layer. Finally, numerous WBAN applications are highlighted
Key-Based Cookie-Less Session Management Framework for Application Layer Security
The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors
The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach
Wireless sensor networks consist of a large number of distributed sensor
nodes so that potential risks are becoming more and more unpredictable. The new
entrants pose the potential risks when they move into the secure zone. To build
a door wall that provides safe and secured for the system, many recent research
works applied the initial authentication process. However, the majority of the
previous articles only focused on the Central Authority (CA) since this leads
to an increase in the computation cost and energy consumption for the specific
cases on the Internet of Things (IoT). Hence, in this article, we will lessen
the importance of these third parties through proposing an enhanced
authentication mechanism that includes key management and evaluation based on
the past interactions to assist the objects joining a secured area without any
nearby CA. We refer to a mobility dataset from CRAWDAD collected at the
University Politehnica of Bucharest and rebuild into a new random dataset
larger than the old one. The new one is an input for a simulated authenticating
algorithm to observe the communication cost and resource usage of devices. Our
proposal helps the authenticating flexible, being strict with unknown devices
into the secured zone. The threshold of maximum friends can modify based on the
optimization of the symmetric-key algorithm to diminish communication costs
(our experimental results compare to previous schemes less than 2000 bits) and
raise flexibility in resource-constrained environments.Comment: 27 page
A Lightweight Multifactor Authentication Scheme for Wireless Sensor Networks in the Internet of Things
Internet of Things (IoT) has become an information bridge between societies. Wireless sensor networks (WSNs) are one of the emergent technologies that work as themain force in IoT. Applications based on WSN includeenvironment monitoring, smart healthcare, user legitimacy authentication, and data security. Recently, many multifactoruser authentication schemes for WSNs have been proposedusing smart cards, passwords, as well as biometric features. Unfortunately, these schemes are shown to be susceptibletowards several attacks and these includes password guessing attack, impersonation attack, and Man-in-the-middle (MITM) attack due to non-uniform security evaluation criteria. In this paper, we propose a lightweight multifactor authentication scheme using only hash function of the timestamp (TS) and One Time Password (OTP). Furthermore, public key and private key is incorporated to secure the communication channel. The security analysis shows that the proposed scheme satisfies all the security requirement and insusceptible towards some wellknown attack (password guessing attack, impersonation attack and MITM)
- …