IMPLEMENTASI CHALLENGE RESPONSE AUTHENTICATION MECHANISM (CRAM) UNTUK KEAMANAN TRANSAKSI PERANGKAT IoT

This research aims to secure data transaction in Internet of Things (IoT)devices using the challenge-response authentication mechanism (CRAM). The research choose uses ESP 8266 and ESP 32 to develop the system for their ability to run micropython programming language. Using a random challenge to grant authentication protects the system from replay attack from intruders. In each authentication process, the client receives a 10 digit random number to be encrypted using a shared key and sent back to the server. The server then checks if the client posses the correct key by decrypting the encrypted challenge using the same shared key. Access is granted if the decryption result is equal to the original challenge

Artificial-Noise-Aided Physical Layer Phase Challenge-Response Authentication for Practical OFDM Transmission

Recently, we have developed a PHYsical layer Phase Challenge-Response Authentication Scheme (PHY-PCRAS) for independent multicarrier transmission. In this paper, we make a further step by proposing a novel artificial-noise-aided PHY-PCRAS (ANA-PHY-PCRAS) for practical orthogonal frequency division multiplexing (OFDM) transmission, where the Tikhonov-distributed artificial noise is introduced to interfere with the phase-modulated key for resisting potential key-recovery attacks whenever a static channel between two legitimate users is unfortunately encountered. Then, we address various practical issues for ANA-PHY-PCRAS with OFDM transmission, including correlation among subchannels, imperfect carrier and timing recoveries. Among them, we show that the effect of sampling offset is very significant and a search procedure in the frequency domain should be incorporated for verification. With practical OFDM transmission, the number of uncorrelated subchannels is often not sufficient. Hence, we employ a time-separated approach for allocating enough subchannels and a modified ANA-PHY-PCRAS is proposed to alleviate the discontinuity of channel phase at far-separated time slots. Finally, the key equivocation is derived for the worst case scenario. We conclude that the enhanced security of ANA-PHY-PCRAS comes from the uncertainty of both the wireless channel and introduced artificial noise, compared to the traditional challenge-response authentication scheme implemented at the upper layer.Comment: 33 pages, 13 figures, submitted for possible publicatio

Attack Resilience and Recovery using Physical Challenge Response Authentication for Active Sensors Under Integrity Attacks

Embedded sensing systems are pervasively used in life- and security-critical systems such as those found in airplanes, automobiles, and healthcare. Traditional security mechanisms for these sensors focus on data encryption and other post-processing techniques, but the sensors themselves often remain vulnerable to attacks in the physical/analog domain. If an adversary manipulates a physical/analog signal prior to digitization, no amount of digital security mechanisms after the fact can help. Fortunately, nature imposes fundamental constraints on how these analog signals can behave. This work presents PyCRA, a physical challenge-response authentication scheme designed to protect active sensing systems against physical attacks occurring in the analog domain. PyCRA provides security for active sensors by continually challenging the surrounding environment via random but deliberate physical probes. By analyzing the responses to these probes, and by using the fact that the adversary cannot change the underlying laws of physics, we provide an authentication mechanism that not only detects malicious attacks but provides resilience against them. We demonstrate the effectiveness of PyCRA through several case studies using two sensing systems: (1) magnetic sensors like those found wheel speed sensors in robotics and automotive, and (2) commercial RFID tags used in many security-critical applications. Finally, we outline methods and theoretical proofs for further enhancing the resilience of PyCRA to active attacks by means of a confusion phase---a period of low signal to noise ratio that makes it more difficult for an attacker to correctly identify and respond to PyCRA's physical challenges. In doing so, we evaluate both the robustness and the limitations of PyCRA, concluding by outlining practical considerations as well as further applications for the proposed authentication mechanism.Comment: Shorter version appeared in ACM ACM Conference on Computer and Communications (CCS) 201

Authentication Algorithm for Portable Embedded Systems using PUFs

Physical Unclonable Functions (PUFs) are circuits that exploit chip-unique features to be used as signatures which can be used as good silicon biometrics. These signatures are based on semiconductor fabrication variations that are very difficult to control or reproduce. These chipunique signatures together with strong challenge-response authentication algorithm can be used to authenticate and secure chips. This paper expands the security avenues covered by PUF and FPGAs by introducing a new class of concept called 201C;Soft PUFs.201D; This scheme propose robust challenge- response authentication solution based on a PUF device that provides stronger security guarantees to the user than what previously could be achieved. By exploiting the silicon uniqueness of each FPGA device and incorporating a special authentication algorithms in existing FPGA fabric, FPGA based embedded systems can be used for new security-oriented and network- oriented applications that were not previously possible or thought of

Channel Based Relay Attack Detection Protocol

A relay attack is a potentially devastating form of a man-in-the-middle attack, that can circumvent any challenge-response authentication protocol. A relay attack also has no known cryptographic solution. This thesis proposes the usage of reciprocal channel state information in a wireless system to detect the presence of a relay attack. Through the usage of an open source channel state information tool, a challenge-response authentication Channel Based Relay Attack Detection Protocol is designed and implemented using IEEE 802.11n (WiFi) in detail. The proposed protocol adapts ideas from solutions to other problems, to create a novel solution to the relay attack problem. Preliminary results are done to show the practicality of using channel state information for randomness extraction. As well, two novel attacks are proposed that could be used to defeat the protocol and other similar protocols. To handle these attacks, two modifications are given that only work with the Channel Based Relay Attack Detection Protocol

Improving Vehicular Authentication in VANET Using

In the last several years, many types of research are focusing on Vehicular Ad-hoc Networks (VANETs) field due to the lifesaving factor. VANETs are defined as a set of vehicles in the road interact with other vehicles or with the Road Side Unit (RSU) through wireless Local Area Network (WLAN) technologies. The fundamental advantages of VANETs are enhancing the road and driver's safety and improving the vehicle security against adversaries’ attacks. Security is the most difficult issue belonging to VANETs since messages are exchanged through open wireless environments. Especially in the authentication process, the vehicles need to be authenticated before accessing or sending messages through the network. Any violation of the authentication process will open the whole network for the attack. In this paper, we applied security algorithms to improve authentication in VANETs with four stages of cryptography techniques: challenge-response authentication, digital signature, timestamping, and encryption/decryption respectively. Also, we also proposed an algorithm model and framework. Finally, we implemented the challenge-response authentication technique, and then measured and evaluated the result from the implementatio

Q-Class Authentication System for Double Arbiter PUF

Physically Unclonable Function (PUF) is a cryptographic primitive that is based on physical property of each entity or Integrated Circuit (IC) chip. It is expected that PUF be used in security applications such as ID generation and authentication. Some responses from PUF are unreliable, and they are usually discarded. In this paper, we propose a new PUF-based authentication system that exploits information of unreliable responses. In the proposed method, each response is categorized into multiple classes by its unreliability evaluated by feeding the same challenges several times. This authentication system is named Q-class authentication, where Q is the number of classes. We perform experiments assuming a challenge-response authentication system with a certain threshold of errors. Considering 4-class separation for 4-1 Double Arbiter PUF, it is figured out that the advantage of a legitimate prover against a clone is improved form 24% to 36% in terms of success rate. In other words, it is possible to improve the tolerance of machine-learning attack by using unreliable information that was previously regarded disadvantageous to authentication systems

A Low-Cost Unified Experimental FPGA Board for Cryptography Applications

This paper describes the evaluation of available experimental boards, the comparison of their supported set of experiments and other aspects. The second part of this evaluation is focused on the design process of the PCB (Printed Circuit Board) for an FPGA (Field Programmable Gate Array) based cryptography environment suitable for evaluating the latest trends in the IC (Integrated Circuit) security like Side–Channel Attacks (SCA) or Physically Unclonable Function (PUF). It leads to many criteria affecting the design process and also the suitability for evaluating and measuring results of the attacks and their countermeasures. The developed system should be open, versatile and unrestricted by the U.S. law [1]

A Cloud Authentication Protocol using One-Time Pad

There is a significant increase in the amount of data breaches in corporate servers in the cloud environments. This includes username and password compromise in the cloud and account hijacking, thus leading to severe vulnerabilities of the cloud service provisioning. Traditional authentication schemes rely on the users to use their credentials to gain access to cloud service. However once the credential is compromised, the attacker will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant

Flexible Authentication in Vehicular Ad hoc Networks

A Vehicular Ad-Hoc Network (VANET) is a form of Mobile ad-hoc network, to provide communications among nearby vehicles and between vehicles and nearby fixed roadside equipment. The key operation in VANETs is the broadcast of messages. Consequently, the vehicles need to make sure that the information has been sent by an authentic node in the network. VANETs present unique challenges such as high node mobility, real-time constraints, scalability, gradual deployment and privacy. No existent technique addresses all these requirements. In particular, both inter-vehicle and vehicle-to-roadside wireless communications present different characteristics that should be taken into account when defining node authentication services. That is exactly what is done in this paper, where the features of inter-vehicle and vehicle-to-roadside communications are analyzed to propose differentiated services for node authentication, according to privacy and efficiency needs