Shake well before use: Authentication based on Accelerometer Data

Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider