Web3 Chain Authentication and Authorization Security Standard (CAA)

Web3 is the next evolution of the internet, which uses blockchains, cryptocurrencies, and NFTs to return ownership and authority to the consumers. The potential of Web3 is highlighted by the creation of decentralized applications (dApps), which are more secure, transparent, and tamper-proof than their centralized counterparts, allowing for new business models that were previously impossible on the traditional internet.Web3 also focuses on user privacy, where users have more control over their personal data and can choose to share only what they want. The emergence of Web3 represents an exciting new frontier in blockchain technology, and its focus on decentralization, user privacy, and trustless systems has the potential to transform the way we interact with the internet.Web3 authentication is required for enhanced security, increased privacy, and simplified user interface. Traditional login procedures and an authorization flow using web3 authentication work together seamlessly. However, there are several challenges associated with Web3, including scalability and regulatory issues. Chain Authentication and Authorization (CAA) is a multi-layer security mechanism that allows users to choose the security layer that suits them, just like a heavy iron chain, where the user and CAA developers act as blacksmith and form their security protocol that suits them. CAA is a solution to the challenges associated with Web3 authentication and authorization, and it focuses on creating a secure and decentralized authentication and authorization system that is scalable, flexible, and user-friendly

Biometric Based Network Security Using MIPS Cryptography Processor

—The empowerment in network on chip (NOC) and System on chip (SOC) in Microelectronics and Sensors have developed the various wireless communication Network technologies. In the past few years, many researchers have been focusing on building system architecture of network monitoring to improve the technical requirement specially designed for network security. Less research was found in providing the strong biometric based network security system to provide bulletproof security. The popular MIPS based cryptography processor is used for hardware and software products and standards require big cryptography keys length for higher security level. The major weakness of Normal cryptography system based on asymmetric algorithms need the storage of secret keys. Stored keys are often protected by poorly selected user passwords that can either be guessed or obtained through brute force attacks. Combining biometric with MIPS cryptography processor is as a possible solution. In this paper I propose a new approach to network security using MIPS based crypto processor based on contactless palm vein biometric system. This approach takes into account NOC constraints and its topology. It provides more security with less key length and there is no need to store any private key anywhere

Implementation of AES using biometric

Mobile Adhoc network is the most advanced emerging technology in the field of wireless communication. MANETs mainly have the capacity of self-forming, self-healing, enabling peer to peer communication between the nodes, without relying on any centralized network architecture. MANETs are made applicable mainly to military applications, rescue operations and home networking. Practically, MANET could be attacked by several ways using multiple methods. Research on MANET emphasizes on data security issues, as the Adhoc network does not befit security mechanism associated with static networks. This paper focuses mainly on data security techniques incorporated in MANET. Also this paper proposes an implementation of Advanced Encryption Standard using biometric key for MANETs. AES implementation includes, the design of most robust Substitution-Box implementation which defines a nonlinear behavior and mitigates malicious attacks, with an extended security definition. The key for AES is generated using most reliable, robust and precise biometric processing. In this paper, the input message is encrypted by AES powered by secured nonlinear S-box using finger print biometric feature and is decrypted using the reverse process

Fuzzy-in-the-Loop-Driven Low-Cost and Secure Biometric User Access to Server

Fuzzy systems can aid in diminishing uncertainty and noise from biometric security applications by providing an intelligent layer to the existing physical systems to make them reliable. In the absence of such fuzzy systems, a little random perturbation in captured human biometrics could disrupt the whole security system, which may even decline the authentication requests of legitimate entities during the protocol execution. In the literature, few fuzzy logic-based biometric authentication schemes have been presented; however, they lack significant security features including perfect forward secrecy (PFS), untraceability, and resistance to known attacks. This article, therefore, proposes a novel two-factor biometric authentication protocol enabling efficient and secure combination of physically unclonable functions, a physical object analogous to human fingerprint, with user biometrics by employing fuzzy extractor-based procedures in the loop. This combination enables the participants in the protocol to achieve PFS. The security of the proposed scheme is tested using the well-known real-or-random model. The performance analysis signifies the fact that the proposed scheme not only offers PFS, untraceability, and anonymity to the participants, but is also resilient to known attacks using light-weight symmetric operations, which makes it an imperative advancement in the category of intelligent and reliable security solutions

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods

Three Factor Authentication Using Java Ring and Biometrics

Computer security is a growing field in the IT industry. One of the important aspects of the computer security is authentication. Using passwords (something you know) is one of the most common ways of authentications. But passwords have proven to provide weak level of security as they can be easily compromised. Some other ways of authenticating a user are using physical tokens, (something you possess) and biometrics, (something you are). Using any one of these techniques to secure a system always has its own set of threats. One way to make sure a system is secure is to use multiple factors to authenticate. One of the ways to use multiple factors is to use all the three factors of authentication, something you possess, something you are and something you know. This thesis discusses about different ways of authentication and implements a system using three factor authentication. It takes many security aspects of the system into consideration while implementing it, to make it secure