14,367 research outputs found
Smart card authentication for mobile devices
While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorized use and access to a device’s contents. This paper describes two novel types of smart card with unconventional form factors, designed to take advantage of common interfaces built into many current handheld devices
Mobile Identity, Credential, and Access Management Framework
Organizations today gather unprecedented quantities of data from their operations. This data is coming from transactions made by a person or from a connected system/application. From personal devices to industry including government, the internet has become the primary means of modern communication, further increasing the need for a method to track and secure these devices. Protecting the integrity of connected devices collecting data is critical to ensure the trustworthiness of the system. An organization must not only know the identity of the users on their networks and have the capability of tracing the actions performed by a user but they must trust the system providing them with this knowledge. This increase in the pace of usage of personal devices along with a lack of trust in the internet has driven demand for trusted digital identities. As the world becomes increasingly mobile with the number of smart phone users growing annually and the mobile web flourishing, it is critical to implement strong security on mobile devices. To manage the vast number of devices and feel confident that a machine’s identity is verifiable, companies need to deploy digital credentialing systems with a strong root of trust. As passwords are not a secure method of authentication, mobile devices and other forms of IoT require a means of two-factor authentication that meets NIST standards. Traditionally, this has been done with Public Key Infrastructure (PKI) through the use of a smart card. Blockchain technologies combined with PKI can be utilized in such a way as to provide an identity and access management solution for the internet of things (IoT). Improvements to the security of Radio Frequency Identification (RFID) technology and various implementations of blockchain make viable options for managing the identity and access of IoT devices. When PKI first began over two decades ago, it required the use of a smart card with a set of credentials known as the personal identity verification (PIV) card. The PIV card (something you have) along with a personal identification number (PIN) (something you know) were used to implement two-factor authentication. Over time the use of the PIV cards has proven challenging as mobile devices lack the integrated smart card readers found in laptop and desktop computers. Near Field Communication (NFC) capability in most smart phones and mobile devices provides a mechanism to allow a PIV card to be read by a mobile device. In addition, the existing PKI system must be updated to meet the demands of a mobile focused internet. Blockchain technology is the key to modernizing PKI. Together, blockchain-based PKI and NFC will provide an IoT solution that will allow industry, government, and individuals a foundation of trust in the world wide web that is lacking today
Secure spontaneous emergency access to personal health record
We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The
access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the
unavailability of the user's password to access the PHR. The
proposed system includes a smart card carried by the user
at all time and it is personalized with a pseudo secret, an
URL to the PHR Server, a secret key shared with the PHR
Server and a number of redemption tokens generated using
a hash chain. In each emergency session, a one-time use
redemption token is issued by the smart card, allowing the
emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the
redemption token. The server returns the PHR encrypted
with a one-time session key which can only be decrypted by
the emergency doctor. The devised interaction protocol to
facilitate emergency access to the user's PHR is secure and
efficient
Security Implications of Fog Computing on the Internet of Things
Recently, the use of IoT devices and sensors has been rapidly increased which
also caused data generation (information and logs), bandwidth usage, and
related phenomena to be increased. To our best knowledge, a standard definition
for the integration of fog computing with IoT is emerging now. This integration
will bring many opportunities for the researchers, especially while building
cyber-security related solutions. In this study, we surveyed about the
integration of fog computing with IoT and its implications. Our goal was to
find out and emphasize problems, specifically security related problems that
arise with the employment of fog computing by IoT. According to our findings,
although this integration seems to be non-trivial and complicated, it has more
benefits than the implications.Comment: 5 pages, conference paper, to appear in Proceedings of the ICCE 2019,
IEEE 37th International Conference on Consumer Electronics (ICCE), Jan 11-
13, 2019, Las Vegas, NV, US
S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard
Nowadays, mobile banking becomes a popular tool which consumers can conduct
financial transactions such as shopping, monitoring accounts balance,
transferring funds and other payments. Consumers dependency on mobile needs,
make people take a little bit more interest in mobile banking. The use of the
one-time password which is sent to the user mobile phone by short message
service (SMS) is a vulnerability which we want to solve with proposing a new
scheme called S-Mbank. We replace the authentication using the one-time
password with the contactless smart card to prevent attackers to use the
unencrypted message which is sent to the user's mobile phone. Moreover, it
deals vulnerability of spoofer to send an SMS pretending as a bank's server.
The contactless smart card is proposed because of its flexibility and security
which easier to bring in our wallet than the common passcode generators. The
replacement of SMS-based authentication with contactless smart card removes the
vulnerability of unauthorized users to act as a legitimate user to exploit the
mobile banking user's account. Besides that, we use public-private key pair and
PIN to provide two factors authentication and mutual authentication. We use
signcryption scheme to provide the efficiency of the computation. Pair based
text authentication is also proposed for the login process as a solution to
shoulder-surfing attack. We use Scyther tool to analyze the security of
authentication protocol in S-Mbank scheme. From the proposed scheme, we are
able to provide more security protection for mobile banking service.Comment: 6 page
- …