122 research outputs found
Establishing a Trust-Worthy Social Authentications
Among the several backup authentication mechanisms, authenticating users with the help of their friends (i.e., trustee-based social authentication) has been shown to be a promising backup authentication mechanism. A user in this system is associated with a few trustees that were selected from the user’s friends. When the user wants to regain access to the account, the service provider sends different verification codes to the user’s trustees. The user must obtain at least k (i.e., recovery threshold) verification codes from the trustees before being directed to reset his or her password. In this paper, we provide the first systematic study about the security of trusteebased social authentications. In particular, we first introduce a novel framework of attacks, which we call forest fire attacks. In these attacks, an attacker initially obtains a small number of compromised users, and then the attacker iteratively attacks the rest of users by exploiting trustee-based social authentications. Then, we construct a probabilistic model to formalize the threats of forest fire attacks and their costs for attackers. Moreover, we introduce various defense strategies. Finally, we apply our framework to extensively evaluate various concrete attack and defense strategies using three real-world social network datasets. Our results have strong implications for the design of more secure trustee-based social authentications
An Owner-managed Indirect-Permission Social Authentication Method for Private Key Recovery
In this paper, we propose a very secure and reliable owner-self-managed
private key recovery method. In recent years, Public Key Authentication (PKA)
method has been identified as the most feasible online security solution.
However, losing the private key also implies the risk of losing the ownership
of the assets associated with the private key. For key protection, the commonly
adopted something-you-x solutions require a new secret to protect the target
secret and fall into a circular protection issue as the new secret has to be
protected too. To resolve the circular protection issue and provide a truly
secure and reliable solution, we propose separating the permission and
possession of the private key. Then we create secret shares of the permission
using the open public keys of selected trustees while having the owner possess
the permission-encrypted private key. Then by applying the social
authentication method, one may easily retrieve the permission to recover the
private key. Our analysis shows that our proposed indirect-permission method is
six orders of magnitude more secure and reliable tha
A Authentication model to Trustees based Social Networks
authenticating users with the help of their friends has been shown to be a promising backup authentication mechanism. A user in this system is associated with a few trustees that were selected from the user’s friends. When the user wants to regain access to the account, the service provider sends different verification codes to user’s trustees. The user must obtain at least k reset his or her password. In this paper, we provide the first systematic study about the security of trustee based social authentications. In particular, we first introduce verification codes from the trustees before being directed to small framework of attacks, which attacks. In these attacks, an attacker initially obtains we call forest fire iteratively, attacks the rest of users by exploiting trustee-based social authentications. Then, we construct a probabilistic model to for attackers. Moreover, we introduce number of compromised users, and then the attacker a novel various defense formalize the threats of forest fire attacks and their costs strategies. Evaluate various concrete attack and defense our results have finally, we apply our framework to strategies using three real world social network datasets. Extensively strong implications for the design of more secure trustee-based social authentications
Are All Commercial Websites Created Equal? Web Vendor Reputation and Security on Third Party Payment Use
New web vendors emerge daily as business-to-consumer e-commerce grows substantially over the years. However, new webvendors may be regarded with skepticism in an existing marketplace, and may require third party support to reduceuncertainty. This study investigates the effect of consumer’s perceived security and reputation of web vendors on consumer’spurchase intention and third party payment choice. Our study examines under what condition adopting a reputable third partypayment system is beneficial to web vendors. Applying trust transference theory, we found that website with high reputationand high security may not benefit from having a third party payment presence, while website with low reputation and lowsecurity will benefit the most for having an alternative financial payment mechanism. Our study also found that onlineconsumers tend not to choose to use third party payment system when the website is perceived as high security regardless ofthe reputation of the website
Trust aware system for social networks: A comprehensive survey
Social networks are the platform for the users to get connected with other social network users based on their interest and life styles. Existing social networks have millions of users and the data generated by them are huge and it is difficult to differentiate the real users and the fake users. Hence a trust worthy system is recommended for differentiating the real and fake users. Social networking enables users to send friend requests, upload photos and tag their friends and even suggest them the web links based on the interest of the users. The friends recommended, the photos tagged and web links suggested may be a malware or an untrusted activity. Users on social networks are authorised by providing the personal data. This personal raw data is available to all other users online and there is no protection or methods to secure this data from unknown users. Hence to provide a trustworthy system and to enable real users activities a review on different methods to achieve trustworthy social networking systems are examined in this paper
Blockchain Technology and Trust Relationships in Trade Finance
Blockchain technology has been advocated as a possible solution to enduring trust issues among trading partners in trade finance. We conducted in-depth interviews with industry experts to examine how blockchain technology influences the trust relationships among trading partners. Our results show that the technology enhances trust relationships by (1) improving the security of transactions and data exchanges, (2) facilitating the expression of benevolence, (3) enhancing the efficiency and the quality of communication, and (4) increasing the predictability of trading partners. The paper concludes with implications for both research and practice
Web services for rural areas-Security challenges in development and use
Web services (WS) are the modern response of traders and online service providers to satisfying the increasing needs and demands of the digital communities. WS formation and operation is based on a software system designed to support interoperable machine-to-machine interaction over a network. Security is of paramount importance to WS and the ability to measure and evaluate the level of security available is key to establishing and continuing to develop the level of trust based on reputation developed by the provider of the WS. The greatest challenge in offering secure WS is to groups of people where the level of expertise of the user is low and the need for transparency of the service provision quite high, such as the case with services offered primarily to people in rural areas. Providers of such services face many challenges in balancing the requirements for performance, interoperability, and security against the cost of implementing secure systems and running profitable operations through low income generating WS. A review of services offered, of the users and the challenges in building online trust among providers and users are discussed for the case of rural areas in the United Kingdom. © 2009 Elsevier B.V. All rights reserved
Recommended from our members
Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust
This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS.
The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique.
The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS.
Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work.Petroleum Technology Development Fund (PTDF), Abuja, Nigeria
- …