The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity

Most user authentication methods and identity proving systems rely on a centralized database. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities. This paper proposes a decentralized authentication method, called the Horcrux protocol, in which there is no such single point of compromise. The protocol relies on decentralized identifiers (DIDs) under development by the W3C Verifiable Claims Community Group and the concept of self-sovereign identity. To accomplish this, we propose specification and implementation of a decentralized biometric credential storage option via blockchains using DIDs and DID documents within the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)

Secure spontaneous emergency access to personal health record

We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient

Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe

The GLASS project: supporting secure shibboleth-based single sign-on to campus resources

Higher and Further education institutions in the UK are in the process of migrating their IT infrastructures to exploit Shibboleth technologies for federated access management. Ease of use and secure access are paramount to the successful uptake of these technologies, both from the end user and system administrator perspective. The JISC-funded GLASS project is a one-year project investigating the use of Shibboleth to support single sign-on to a variety of campus resources at the University of Glasgow including browser-based email access; the Moodle online virtual learning environment; the WebSURF online student records facility, and a network filestore browser. This paper describes the implementation issues and experiences gained in rolling out the Shibboleth technologies to support federated access management

The Clarens Web Service Framework for Distributed Scientific Analysis in Grid Projects

Large scientific collaborations are moving towards service oriented architecutres for implementation and deployment of globally distributed systems. Clarens is a high performance, easy to deploy Web Service framework that supports the construction of such globally distributed systems. This paper discusses some of the core functionality of Clarens that the authors believe is important for building distributed systems based on Web Services that support scientific analysis