4 research outputs found
A Secure Authentication Framework to Guarantee the Traceability of Avatars in Metaverse
Metaverse is a vast virtual environment parallel to the physical world in
which users enjoy a variety of services acting as an avatar. To build a secure
living habitat, it's vital to ensure the virtual-physical traceability that
tracking a malicious player in the physical world via his avatars in virtual
space. In this paper, we propose a two-factor authentication framework based on
chameleon signature and biometric-based authentication. First, aiming at
disguise in virtual space, we propose a chameleon collision signature algorithm
to achieve the verifiability of the avatar's virtual identity. Second, facing
at impersonation in physical world, we construct an avatar's identity model
based on the player's biometric template and the chameleon key to realize the
verifiability of the avatar's physical identity. Finally, we design two
decentralized authentication protocols based on the avatar's identity model to
ensure the consistency of the avatar's virtual and physical identities.
Security analysis indicates that the proposed authentication framework
guarantees the consistency and traceability of avatar's identity. Simulation
experiments show that the framework not only completes the decentralized
authentication between avatars but also achieves the virtual-physical tracking.Comment: 12 pages, 9 figure
Challenges and Opportunities in Industry 4.0 for Mechatronics, Artificial Intelligence and Cybernetics
Industry 4.0 has risen as an integrated digital manufacturing environment, and it has created a novel research perspective that has thrust research to interdisciplinarity and exploitation of ICT advances. This work presents and discusses the main aspects of Industry 4.0 and how intelligence can be embedded in manufacturing to create the smart factory. It briefly describes the main components of Industry 4.0, and it focuses on the security challenges that the fully interconnected ecosystem of Industry 4.0 has to meet and the threats for each component. Preserving security has a crucial role in Industry 4.0, and it is vital for its existence, so the main research directions on how to ensure the confidentiality and integrity of the information shared among the Industry 4.0 components are presented. Another view is in light of the security issues that come as a result of enabling new technologies. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.Acknowledgements. We thank Dawn Ernstzen, Division of Physiotherapy, Stellenbosch University, for her contextualisation work for chronic pain management in SA used in the example in this article, and Michelle Galloway for her support in finalising the submission on behalf of the author team. Funding. The authors were funded, partially or in full, by the SAGE project, a 3-year (2014 - 2017) Flagship Grant from the South African Medical Research Council. The Flagship Grant programme was not involved in the conceptualisation or conduct of this study
Killing the password and preserving privacy with device-centric and attribute-based authentication
Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication does not allow anonymity-preserving access to services. Third, users have multiple online accounts that often reflect distinct identity aspects. This makes proving combinations of identity attributes hard on the users. In this paper, we address these weaknesses by proposing a privacy-preserving architecture for device-centric and attribute-based authentication based on: 1) the seamless integration between usable/strong device-centric authentication methods and federated login solutions; 2) the separation of the concerns for Authorization, Authentication, Behavioral Authentication and Identification to facilitate incremental deployability, wide adoption and compliance with NIST assurance levels; and 3) a novel centralized component that allows end-users to perform identity profile and consent management, to prove combinations of fragmented identity aspects, and to perform account recovery in case of device loss. To the best of our knowledge, this is the first effort towards fusing the aforementioned techniques under an integrated architecture. This architecture effectively deems the password paradigm obsolete with minimal modification on the service provider's software stack
Killing the Password and Preserving Privacy With Device-Centric and Attribute-Based Authentication
Current authentication methods on the Web have serious weaknesses. First,
services heavily rely on the traditional password paradigm, which diminishes
the end-users' security and usability. Second, the lack of attribute-based
authentication does not allow anonymity-preserving access to services. Third,
users have multiple online accounts that often reflect distinct identity
aspects. This makes proving combinations of identity attributes hard on the
users.
In this paper, we address these weaknesses by proposing a privacy-preserving
architecture for device-centric and attribute-based authentication based on: 1)
the seamless integration between usable/strong device-centric authentication
methods and federated login solutions; 2) the separation of the concerns for
Authorization, Authentication, Behavioral Authentication and Identification to
facilitate incremental deployability, wide adoption and compliance with NIST
assurance levels; and 3) a novel centralized component that allows end-users to
perform identity profile and consent management, to prove combinations of
fragmented identity aspects, and to perform account recovery in case of device
loss. To the best of our knowledge, this is the first effort towards fusing the
aforementioned techniques under an integrated architecture. This architecture
effectively deems the password paradigm obsolete with minimal modification on
the service provider's software stack.Comment: This paper has been accepted for publication in IEEE Transactions on
Information Forensics and Security. Content is final as presented here, with
the exception of pagination. IEEE Copyright Notice: Copyright (c) 2019 IEEE.
Personal use is permitted. For any other purposes, permission must be
obtained from the IEEE by emailing [email protected]