60,749 research outputs found
Security Schemes for Hack Resilient Applications Using “SNHA” (Securing Network, Host, and Application) Service
The very nature of web applications - their ability to collate, process and disseminate information over the Internet - exposes them in two ways. First and most obviously, they have total exposure by nature of being publicly accessible. Second, they process data elements from within HTTP requests - a protocol that can employ a myriad of encoding and encapsulation techniques. Any service available on the Internet requires authentication. Simple, one factor authentication schemes are vulnerable to hacking and require lot of discipline among authorized users - in the form of complying with strong password, One Time Password and password salt. The challenges start from making the authentication setup of the network services as secure and as simple as possible. In order to overcome this problem, we will develop a portal and authentication setup to address the problem of the directly making the authentication setup and the web services of the organization accessible from the internet. For our purposes we will concentrate on the combination of web servers and application servers interfacing to provide user authentication as multi-tenant applications. Keyword: - Network security, Web-Security, Multi tenant, Web-service, SAAS, SOP, WCF, multilevel authentication, one time password (OTP), Salt password
Biometrics-as-a-Service: A Framework to Promote Innovative Biometric Recognition in the Cloud
Biometric recognition, or simply biometrics, is the use of biological
attributes such as face, fingerprints or iris in order to recognize an
individual in an automated manner. A key application of biometrics is
authentication; i.e., using said biological attributes to provide access by
verifying the claimed identity of an individual. This paper presents a
framework for Biometrics-as-a-Service (BaaS) that performs biometric matching
operations in the cloud, while relying on simple and ubiquitous consumer
devices such as smartphones. Further, the framework promotes innovation by
providing interfaces for a plurality of software developers to upload their
matching algorithms to the cloud. When a biometric authentication request is
submitted, the system uses a criteria to automatically select an appropriate
matching algorithm. Every time a particular algorithm is selected, the
corresponding developer is rendered a micropayment. This creates an innovative
and competitive ecosystem that benefits both software developers and the
consumers. As a case study, we have implemented the following: (a) an ocular
recognition system using a mobile web interface providing user access to a
biometric authentication service, and (b) a Linux-based virtual machine
environment used by software developers for algorithm development and
submission
The CAMOMILE collaborative annotation platform for multi-modal, multi-lingual and multi-media documents
In this paper, we describe the organization and the implementation of the CAMOMILE collaborative annotation framework for multimodal, multimedia, multilingual (3M) data. Given the versatile nature of the analysis which can be performed on 3M data, the structure of the server was kept intentionally simple in order to preserve its genericity, relying on standard Web technologies. Layers of annotations, defined as data associated to a media fragment from the corpus, are stored in a database and can be managed through standard interfaces with authentication. Interfaces tailored specifically to the needed task can then be developed in an agile way, relying on simple but reliable services for the management of the centralized annotations. We then present our implementation of an active learning scenario for person annotation in video, relying on the CAMOMILE server; during a dry run experiment, the manual annotation of 716 speech segments was thus propagated to 3504 labeled tracks. The code of the CAMOMILE framework is distributed in open source.Peer ReviewedPostprint (author's final draft
Outflanking and securely using the PIN/TAN-System
The PIN/TAN-system is an authentication and authorization scheme used in
e-business. Like other similar schemes it is successfully attacked by
criminals. After shortly classifying the various kinds of attacks we accomplish
malicious code attacks on real World Wide Web transaction systems. In doing so
we find that it is really easy to outflank these systems. This is even
supported by the users' behavior. We give a few simple behavior rules to
improve this situation. But their impact is limited. Also the providers support
the attacks by having implementation flaws in their installations. Finally we
show that the PIN/TAN-system is not suitable for usage in highly secure
applications.Comment: 7 pages; 2 figures; IEEE style; final versio
TrusNet: Peer-to-Peer Cryptographic Authentication
Originally, the Internet was meant as a general purpose communication protocol, transferring primarily text documents between interested parties. Over time, documents expanded to include pictures, videos and even web pages. Increasingly, the Internet is being used to transfer a new kind of data which it was never designed for. In most ways, this new data type fits in naturally to the Internet, taking advantage of the near limit-less expanse of the protocol. Hardware protocols, unlike previous data types, provide a unique set security problem. Much like financial data, hardware protocols extended across the Internet must be protected with authentication. Currently, systems which do authenticate do so through a central server, utilizing a similar authentication model to the HTTPS protocol. This hierarchical model is often at odds with the needs of hardware protocols, particularly in ad-hoc networks where peer-to-peer communication is prioritized over a hierarchical model. Our project attempts to implement a peer-to-peer cryptographic authentication protocol to be used to protect hardware protocols extending over the Internet.
The TrusNet project uses public-key cryptography to authenticate nodes on a distributed network, with each node locally managing a record of the public keys of nodes which it has encountered. These keys are used to secure data transmission between nodes and to authenticate the identities of nodes. TrusNet is designed to be used on multiple different types of network interfaces, but currently only has explicit hooks for Internet Protocol connections.
As of June 2016, TrusNet has successfully achieved a basic authentication and communication protocol on Windows 7, OSX, Linux 14 and the Intel Edison. TrusNet uses RC-4 as its stream cipher and RSA as its public-key algorithm, although both of these are easily configurable. Along with the library, TrusNet also enables the building of a unit testing suite, a simple UI application designed to visualize the basics of the system and a build with hooks into the I/O pins of the Intel Edison allowing for a basic demonstration of the system
: Open Identity Certification with OpenID Connect
OpenID Connect (OIDC) is a widely used authentication standard for the Web.
In this work, we define a new Identity Certification Token (ICT) for OIDC. An
ICT can be thought of as a JSON-based, short-lived user certificate for
end-to-end user authentication without the need for cumbersome key management.
A user can request an ICT from his OpenID Provider (OP) and use it to prove his
identity to other users or services that trust the OP. We call this approach
and compare it to other well-known end-to-end authentication methods.
Unlike certificates, does not require installation and can be easily
used on multiple devices, making it more user-friendly. We outline protocols
for implementing based on existing standards. We discuss the trust
relationship between entities involved in , propose a classification of
OPs' trust level, and propose authentication with multiple ICTs from different
OPs. We explain how different applications such as videoconferencing, instant
messaging, and email can benefit from ICTs for end-to-end authentication and
recommend validity periods for ICTs. To test , we provide a simple
extension to existing OIDC server software and evaluate its performance
Using semantics for automating the authentication of Web APIs
Recent technology developments in the area of services on the Web are marked by the proliferation of Web applications and APIs. The implementation and evolution of applications based on Web APIs is, however, hampered by the lack of automation that can be achieved with current technologies. Research on semantic Web services is there fore trying to adapt the principles and technologies that were devised for traditional Web services, to deal with this new kind of services. In this paper we show that currently more than 80% of the Web APIs require some form of authentication. Therefore authentication plays a major role for Web API invocation and should not be neglected in the context of mashups and composite data applications. We present a thorough analysis carried out over a body of publicly available APIs that determines the most commonly used authentication approaches. In the light of these results, we propose an ontology for the semantic annotation of Web API authentication information and demonstrate how it can be used to create semantic Web API descriptions. We evaluate the applicability of our approach by providing a prototypical implementation, which uses authentication annotations as the basis for automated service invocation
- …