11,547 research outputs found
Secure and Usable Behavioural User Authentication for Resource-Constrained Devices
Robust user authentication on small form-factor and resource-constrained smart devices, such as smartphones, wearables and IoT remains an important problem, especially as such devices are increasingly becoming stores of sensitive personal data, such as daily digital payment traces, health/wellness records and contact e-mails. Hence, a secure, usable and practical authentication mechanism to restrict access to unauthorized users is a basic requirement for such devices. Existing user authentication methods based on passwords pose a mental demand on the user's part and are not secure. Behavioural biometric based authentication provides an attractive means, which can replace passwords and provide high security and usability. To this end, we devise and study novel schemes and modalities and investigate how behaviour based user authentication can be practically realized on resource-constrained devices.
In the first part of the thesis, we implemented and evaluated the performance of touch based behavioural biometric on wearables and smartphones. Our results show that touch based behavioural authentication can yield very high accuracy and a small inference time without imposing huge resource requirements on the wearable devices. The second part of the thesis focus on designing a novel hybrid scheme named BehavioCog. The hybrid scheme combined touch gestures (behavioural biometric) with challenge-response based cognitive authentication. Touch based behavioural authentication is highly usable but is prone to observation attacks. While cognitive authentication schemes are highly resistant to observation attacks but not highly usable. The hybrid scheme improves the usability of cognitive authentication and improves the security of touch based behavioural biometric at the same time.
Next, we introduce and evaluate a novel behavioural biometric modality named BreathPrint based on an acoustics obtained from individual's breathing gestures. Breathing based authentication is highly usable and secure as it only requires a person to breathe and low observability makes it secure against spoofing and replay attacks. Our investigation with BreathPrint showed that it could be used for efficient real-time authentication on multiple standalone smart devices especially using deep learning models
The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach
Wireless sensor networks consist of a large number of distributed sensor
nodes so that potential risks are becoming more and more unpredictable. The new
entrants pose the potential risks when they move into the secure zone. To build
a door wall that provides safe and secured for the system, many recent research
works applied the initial authentication process. However, the majority of the
previous articles only focused on the Central Authority (CA) since this leads
to an increase in the computation cost and energy consumption for the specific
cases on the Internet of Things (IoT). Hence, in this article, we will lessen
the importance of these third parties through proposing an enhanced
authentication mechanism that includes key management and evaluation based on
the past interactions to assist the objects joining a secured area without any
nearby CA. We refer to a mobility dataset from CRAWDAD collected at the
University Politehnica of Bucharest and rebuild into a new random dataset
larger than the old one. The new one is an input for a simulated authenticating
algorithm to observe the communication cost and resource usage of devices. Our
proposal helps the authenticating flexible, being strict with unknown devices
into the secured zone. The threshold of maximum friends can modify based on the
optimization of the symmetric-key algorithm to diminish communication costs
(our experimental results compare to previous schemes less than 2000 bits) and
raise flexibility in resource-constrained environments.Comment: 27 page
Authenticated key agreement mediated by a proxy re-encryptor for the Internet of Things
International audienceThe Internet of Things (IoT) is composed of a wide range of heterogeneous network devices that communicate with their users and the surrounding devices. The secure communications between these devices are still essential even with little or no previous knowledge about each other and regardless of their resource capabilities. This particular context requires appropriate security mechanisms which should be wellsuited for the heterogeneous nature of IoT devices, without pre-sharing a secret key for each secure connection. In this work, we first propose a novel symmetric cipher proxy re-encryption scheme. Such a primitive allows a user to delegate her decryption rights to another with the help of a semi-trusted proxy, but without giving this latter any information on the transmitted messages and the user's secret keys. We then propose AKAPR, an Authenticated Key Agreement mediated by a Proxy Re-encryptor for IoT. The mechanism permits any two highly resource-constrained devices to establish a secure communication with no prior trust relationship. AKAPR is built upon our proposed proxy re-encryption scheme. It has been proved by ProVerif to provide mutual authentication for participants while preserving the secrecy of the generated session key. In addition, the scheme benefits from the lightness of our proxy re-encryption algorithm as it requires no expensive cryptographic operations such as pairing or modular exponentiatio
Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices
open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)
SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices
The simplicity of deployment and perpetual operation of energy harvesting
devices provides a compelling proposition for a new class of edge devices for
the Internet of Things. In particular, Computational Radio Frequency
Identification (CRFID) devices are an emerging class of battery-free,
computational, sensing enhanced devices that harvest all of their energy for
operation. Despite wireless connectivity and powering, secure wireless firmware
updates remains an open challenge for CRFID devices due to: intermittent
powering, limited computational capabilities, and the absence of a supervisory
operating system. We present, for the first time, a secure wireless code
dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic
hardware security primitive Static Random Access Memory Physical Unclonable
Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i)
overcomes the resource-constrained and intermittently powered nature of the
CRFID devices; ii) is fully compatible with existing communication protocols
employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is
built upon a standard and industry compliant firmware compilation and update
method realized by extending a recent framework for firmware updates provided
by Texas Instruments. We build an end-to-end SecuCode implementation and
conduct extensive experiments to demonstrate standards compliance, evaluate
performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
- …