Security analysis and enhancements of an improved multi-factor biometric authentication scheme

Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between a user and server over an insecure channel. By employing a secure remote user authentication scheme, a user and server can authenticate each other and utilize advanced services. In 2015, Cao and Ge demonstrated that An's scheme is also vulnerable to several attacks and does not provide user anonymity. They also proposed an improved multi-factor biometric authentication scheme. However, we review and cryptanalyze Cao and Ge's scheme and demonstrate that their scheme fails in correctness and providing user anonymity and is vulnerable to ID guessing attack and server masquerading attack. To overcome these drawbacks, we propose a security-improved authentication scheme that provides a dynamic ID mechanism and better security functionalities. Then, we show that our proposed scheme is secure against various attacks and prove the security of the proposed scheme using BAN Logic.111Ysciescopu

Technical Strategies Database Managers use to Protect Systems from Security Breaches

Healthcare organizations generate massive amounts of data through their databases that may be vulnerable to data breaches due to extensive user privileges, unpatched databases, standardized query language injections, weak passwords/usernames, and system weaknesses. The purpose of this qualitative multiple case study was to explore technical strategies database managers in Southeast/North Texas used to protect database systems from data breaches. The target population consisted of database managers from 2 healthcare organizations in this region. The integrated system theory of information security management was the conceptual framework. The data collection process included semistructured interviews with 9 database managers, including a review of 14 organizational documents. Data were put into NVivo 12 software for thematic coding. Coding from interviews and member checking was triangulated with corporate documents to produce 5 significant themes and 1 subtheme: focus on verifying the identity of users, develop and enforce security policies, implement efficient encryption, monitor threats posed by insiders, focus on safeguards against external threats, and a subtheme derived from vulnerabilities caused by weak passwords. The findings from the study showed that the implementation of security strategies improved organizations\u27 abilities to protect data from security incidents. Thus, the results may be applied to create social change, decreasing the theft of confidential data, and providing knowledge as a resource to accelerate the adoption of technical approaches to protect database systems rom security incidents