BIOMETRIC CRYPTOGRAPHY AND NETWORK AUTHENTICATION

In this paper we will present some schemes for strengthening network authentification over insecure channels with biometric concepts or how to securely transfer or use biometric characteristics as cryptographic keys. We will show why some current authentification schemes are insufficient and we will present our concepts of biometric hashes and authentification that rely on unimodal and multimodal biometrics. Our concept can be applied on any biometric authentification scheme and is universal for all systems

Adaptive authentication and key agreement mechanism for future cellular systems

Since the radio medium can be accessed by anyone, authentication of users is a very important element of a mobile network. Nowadays, in GSM/GPRS a challenge response protocol is used to authenticate the user to the mobile network. Similarly, in third generation mobile systems [3] a challenge response protocol was chosen in such a way as to achieve maximum compatibility with the current GSM security architecture. Both authentication mechanisms use symmetric key cryptography because of the limited processing power of the mobile devices. However, recent research [6] has shown that asymmetric, or public, key cryptography can be enabled successfully in future mobile terminals. In this paper, we propose a new adaptive authentication and key agreement protocol (AAKA) for future mobile communication systems. The novelty of AAKA and its main advantage over other challenge response protocols is that can be adaptive to the mobile environment and use symmetric and/or public key cryptography for user and network authentication

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Captive Portal Network Authentication Based on WebAuthn Security Keys

[Abstract]: Network authentication is performed via different technologies, which have evolved together with authentication systems in other environments. In all these environments, the authentication paradigm during the last decades has been the well known password. However, passwords have some important security problems, like phishing or keylogging. In 2019, the WebAuthn standard from the W3C started a new authentication paradigm based on hardware devices known as security keys. Although they are already being used in many web authentication services, they have not yet been integrated with network authentication mechanisms. This work successfully developed and integrated an authentication server based on WebAuthn security keys with a captive portal system. With this solution, users can be authenticated using security keys within a web-based captive portal network authentication system that gives clients access to network resources. The resulting authentication server is compatible with major operating systems like Windows 10 and Ubuntu 20.04, browsers like Firefox and Google Chrome and security keys like the Solokey and the Yubikey.[Resumo]: A autenticación de rede realízase a través de diferentes tecnoloxías, que evolucionaron xunto con sistemas de autenticación noutros escenarios. En todos estes escenarios, o paradigma de autenticación durante as últimas décadas foi o coñecido contrasinal. Porén, os contrasinais teñen algúns problemas de seguridade importantes, como o phishing ou o keylogging. En 2019, o estándar WebAuthn da W3C comezou un novo paradigma da autenticación baseado en dispositivos físicos coñecidos como chaves de seguridade. Aínda que estas xa se están usando en moitos servizos de autenticación web, aínda non foron integradas en mecanismos de autenticación de rede. Este traballo desenvolveu e integrou con éxito un servidor de autenticación baseado en chaves de seguridade WebAuthn cun sistema de portal cativo. Con esta solución, os usuarios poden autenticarse usando chaves de seguridade nun sistema de autenticación de rede con portal cativo baseado en web que da acceso aos clientes a recursos de rede. O servidor de autenticación resultante é compatible con sistemas operativos relevantes como Windows 10 ou Ubuntu 20.04, navegadores como Firefox e Google Chrome e chaves de seguridade como a Solokey e a Yubikey.Traballo fin de mestrado (UDC.FIC). Ciberseguridade. Curso 2021/202

Data analytics for modeling and visualizing attack behaviors: A case study on SSH brute force attacks

In this research, we explore a data analytics based approach for modeling and visualizing attack behaviors. To this end, we employ Self-Organizing Map and Association Rule Mining algorithms to analyze and interpret the behaviors of SSH brute force attacks and SSH normal traffic as a case study. The experimental results based on four different data sets show that the patterns extracted and interpreted from the SSH brute force attack data sets are similar to each other but significantly different from those extracted from the SSH normal traffic data sets. The analysis of the attack traffic provides insight into behavior modeling for brute force SSH attacks. Furthermore, this sheds light into how data analytics could help in modeling and visualizing attack behaviors in general in terms of data acquisition and feature extraction

Authentication System based on ID-Network Smart Cards (ID-NSCards) for Critical Environments

Researchers in the Information Security area in the Carlos III University of Madrid (Spain) are interested to exploit the potential of an emerging technology: network smart cards. These new devices have a number of additional advantages for communications security in networked systems, comparing with the traditional smart cards. These interesting features could be applied to individuals identification procedures in environments where critical tasks or operations take place. The required collaboration would be focused in the development and implementation of an authentication system for critical environments based on this technology