Anonymous Authentication Against Man-In-The-Middle Attack

Evolving enterprise in application and data with flexible and scalable infrastructure in cloud services could improve efficiency and productivity of a business operation. Cloud services also offer resource sharing, data storage and application platform as on-demand services that could reduce the operational expenditure. Nevertheless, increasing usage and accessibility to the cloud services require strong security control to preserve user’s privacy and data integrity due to network communication vulnerabilities. There are many possible attacks that could cause security breach and abuse the user’s identity, leading to illegal access to the server. Man-inthe-middle attack is one of the attacks that can intercept communication between users and collect all users’ information. The attacker can misuse the information and act as a legal user to gain access to the system. It is a big challenge to preserve user’s privacy and provide protection from malicious attack. This paper proposes anonymous authentication scheme to preserve user’s privacy and provide protection to such possible attacks. The proposed scheme also provides secure mutual authentication, anonymity, session key establishment and non-dependency with the third party. The proposed scheme uses password-based authentication as an authentication method with anonymity feature to preserve user’s privacy. Experiment was conducted to test and validate the proposed scheme with man-in-the-middle attack. The result of the experiment shows that the proposed scheme is able to provide the privacy to mitigate and successfully preserve the user’s identity from the attack

Towards a Secure Smart Grid Storage Communications Gateway

This research in progress paper describes the role of cyber security measures undertaken in an ICT system for integrating electric storage technologies into the grid. To do so, it defines security requirements for a communications gateway and gives detailed information and hands-on configuration advice on node and communication line security, data storage, coping with backend M2M communications protocols and examines privacy issues. The presented research paves the road for developing secure smart energy communications devices that allow enhancing energy efficiency. The described measures are implemented in an actual gateway device within the HORIZON 2020 project STORY, which aims at developing new ways to use storage and demonstrating these on six different demonstration sites.Comment: 6 pages, 2 figure

Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed

An authentic-based privacy preservation protocol for smart e-healthcare systems in iot

© 2013 IEEE. Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient\u27s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols

Shibboleth and the challenge of authentication in multiple servers on a e-learning environment

L' objectiu d’aquest treball és l’estudi, implementació i prova d'un sistema de autentificació compartida per a múltiples servidors. Encara que des d'un principi es sabia que es treballaria amb Shibboleth també s’han tingut en compte altres possibles solucions. Shibboleth és un projecte desenvolupat per els membres de les universitats que formen el consorci Internet2 amb l’ objectiu de desenvolupar un nou middleware per a realitzar les funcions d’autentificació compartida en múltiples servidors i pensat específicament per facilitar la col·laboració entre institucions i l’accés a continguts digitals. Shibboleth és una solució complerta ja que contempla des de l’autentificació , autorització i accounting, fins al sistema de login i els atributs a emprar. La qual cosa fa que es converteixi en un entorn de treball molt segur però amb l’avantatge d’aportar privacitat als usuaris. El primer objectiu ha estat identificar les peculiaritats i requeriments dels entorns de elearning distribuïts, per això s’ha estudiat conceptes específics de seguretat així com la manera d’adaptar-los a l’entorn requerit. Desprès s’ha fet una comparativa de les solucions existents al mercat amb una funcionalitat similar a Shibboleth, per tal de presentar els avantatges i desavantatges de Shibboleth vers aquests. Posteriorment, el treball ha consistit en entendre la estructura i els principis de funcionament de Shibboleth, quin tipus de requeriments tenia, el funcionament i objectius de cada part, estudiar els requeriments de l’entorn específic per al qual ha estat dissenyat (e-learning) i donar una idea general de com s’ hauria de fer la implementació. També s’han estudiat totes les tecnologies i requeriments necessaris per desenvolupar Shibboleth. Una vegada estudiat Shibboleth i l'entorn específic en el que s’hauria d’integrar, s’ha muntat un escenari per a la posada en marxa i proves d’aquest, provant específicament cada part i entenent amb les proves reals el funcionament. Amb l’escenari en funcionament, la idea era integrar Shibboleth amb Sakai i Blackboard, els CMS (Course Management System) utilitzats a on-campus, el campus virtual de la Fachhochschule Lübeck. Per a finalitzar i a mode de conclusions s'ha fet una petita explicació dels resultats obtinguts, una valoració de com Shibboleth resoldria les necessitats plantejades i algunes propostes de millora

Decentralizing Custodial Wallets with MFKDF

The average cryptocurrency user today faces a difficult choice between centralized custodial wallets, which are notoriously prone to spontaneous collapse, or cumbersome self-custody solutions, which if not managed properly can cause a total loss of funds. In this paper, we present a "best of both worlds" cryptocurrency wallet design that looks like, and inherits the user experience of, a centralized custodial solution, while in fact being entirely decentralized in design and implementation. In our design, private keys are not stored on any device, but are instead derived directly from a user's authentication factors, such as passwords, soft tokens (e.g., Google Authenticator), hard tokens (e.g., YubiKey), or out-of-band authentication (e.g., SMS). Public parameters (salts, one-time pads, etc.) needed to access the wallet can be safely stored in public view, such as on a public blockchain, thereby providing strong availability guarantees. Users can then simply "log in" to their decentralized wallet on any device using standard credentials and even recover from lost credentials, thereby providing the usability of a custodial wallet with the trust and security of a decentralized approach

On the Use of Key Assignment Schemes in Authentication Protocols

Key Assignment Schemes (KASs) have been extensively studied in the context of cryptographically-enforced access control, where derived keys are used to decrypt protected resources. In this paper, we explore the use of KASs in entity authentication protocols, where we use derived keys to encrypt challenges. This novel use of KASs permits the efficient authentication of an entity in accordance with an authentication policy by associating entities with security labels representing specific services. Cryptographic keys are associated with each security label and demonstrating knowledge of an appropriate key is used as the basis for authentication. Thus, by controlling the distribution of such keys, restrictions may be efficiently placed upon the circumstances under which an entity may be authenticated and the services to which they may gain access. In this work, we explore how both standardized protocols and novel constructions may be developed to authenticate entities as members of a group associated to a particular security label, whilst protecting the long-term secrets in the system. We also see that such constructions may allow for authentication whilst preserving anonymity, and that by including a trusted third party we can achieve the authentication of individual identities and authentication based on timestamps without the need for synchronized clocks

Middle Man: An Efficient Two-Factor Authentication Framework

Two-factor authentication (TFA) is increasingly becoming a go-to for user security and identification. With an increase in cyber crimes each year more and more businesses (ranging from financial institutions to retail) are implementing TFA mechanisms as a way to ensure user credibility within their systems which in turn decreases the risk of any malicious users infiltrating their systems. In this invited paper, we describe a lightweight two-factor authentication system where legitimate users are using their mobile devices in order to get access to certain services. In addition to that, our service can be used as a single-sign-on framework since our system allows many different services to connect to our platform and give the option to their users to connect to their services via our TFA framework. To achieve that, we have built an Application Programming Interface (API) that can receive requests from authorised (i.e. registered) businesses. Finally, users are able to login to a server by using an iOS app, that we have developed, to receive a dynamic one-time-password (OTP). The OTP generated in a dynamic and random way with high entropy and it is valid only for a short period of time