Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

VibHead: An Authentication Scheme for Smart Headsets through Vibration

Recent years have witnessed the fast penetration of Virtual Reality (VR) and Augmented Reality (AR) systems into our daily life, the security and privacy issues of the VR/AR applications have been attracting considerable attention. Most VR/AR systems adopt head-mounted devices (i.e., smart headsets) to interact with users and the devices usually store the users' private data. Hence, authentication schemes are desired for the head-mounted devices. Traditional knowledge-based authentication schemes for general personal devices have been proved vulnerable to shoulder-surfing attacks, especially considering the headsets may block the sight of the users. Although the robustness of the knowledge-based authentication can be improved by designing complicated secret codes in virtual space, this approach induces a compromise of usability. Another choice is to leverage the users' biometrics; however, it either relies on highly advanced equipments which may not always be available in commercial headsets or introduce heavy cognitive load to users. In this paper, we propose a vibration-based authentication scheme, VibHead, for smart headsets. Since the propagation of vibration signals through human heads presents unique patterns for different individuals, VibHead employs a CNN-based model to classify registered legitimate users based the features extracted from the vibration signals. We also design a two-step authentication scheme where the above user classifiers are utilized to distinguish the legitimate user from illegitimate ones. We implement VibHead on a Microsoft HoloLens equipped with a linear motor and an IMU sensor which are commonly used in off-the-shelf personal smart devices. According to the results of our extensive experiments, with short vibration signals ($\leq 1s$), VibHead has an outstanding authentication accuracy; both FAR and FRR are around 5%

Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity

Dynamic ID-based remote user authentication schemes ensure efficient and anonymous mutual authentication between entities. In 2013, Khan et al. proposed an improved dynamic ID-based authentication scheme to overcome the security flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that Khan et al. does not satisfies the claim of the user's privacy and proposed an efficient authentication scheme with user anonymity. The Sun and Cao's scheme achieve improvement over Khan et al.'s scheme in both privacy and performance point of view. Unfortunately, we identify that Sun and Cao's scheme does not resist password guessing attack. Additionally, Sun and Cao's scheme does not achieve forward secrecy

Challenges of Multi-Factor Authentication for Securing Advanced IoT (A-IoT) Applications

The unprecedented proliferation of smart devices together with novel communication, computing, and control technologies have paved the way for the Advanced Internet of Things~(A-IoT). This development involves new categories of capable devices, such as high-end wearables, smart vehicles, and consumer drones aiming to enable efficient and collaborative utilization within the Smart City paradigm. While massive deployments of these objects may enrich people's lives, unauthorized access to the said equipment is potentially dangerous. Hence, highly-secure human authentication mechanisms have to be designed. At the same time, human beings desire comfortable interaction with their owned devices on a daily basis, thus demanding the authentication procedures to be seamless and user-friendly, mindful of the contemporary urban dynamics. In response to these unique challenges, this work advocates for the adoption of multi-factor authentication for A-IoT, such that multiple heterogeneous methods - both well-established and emerging - are combined intelligently to grant or deny access reliably. We thus discuss the pros and cons of various solutions as well as introduce tools to combine the authentication factors, with an emphasis on challenging Smart City environments. We finally outline the open questions to shape future research efforts in this emerging field.Comment: 7 pages, 4 figures, 2 tables. The work has been accepted for publication in IEEE Network, 2019. Copyright may be transferred without notice, after which this version may no longer be accessibl