20,490 research outputs found
Conceivable security risks and authentication techniques for smart devices
With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques
VibHead: An Authentication Scheme for Smart Headsets through Vibration
Recent years have witnessed the fast penetration of Virtual Reality (VR) and
Augmented Reality (AR) systems into our daily life, the security and privacy
issues of the VR/AR applications have been attracting considerable attention.
Most VR/AR systems adopt head-mounted devices (i.e., smart headsets) to
interact with users and the devices usually store the users' private data.
Hence, authentication schemes are desired for the head-mounted devices.
Traditional knowledge-based authentication schemes for general personal devices
have been proved vulnerable to shoulder-surfing attacks, especially considering
the headsets may block the sight of the users. Although the robustness of the
knowledge-based authentication can be improved by designing complicated secret
codes in virtual space, this approach induces a compromise of usability.
Another choice is to leverage the users' biometrics; however, it either relies
on highly advanced equipments which may not always be available in commercial
headsets or introduce heavy cognitive load to users.
In this paper, we propose a vibration-based authentication scheme, VibHead,
for smart headsets. Since the propagation of vibration signals through human
heads presents unique patterns for different individuals, VibHead employs a
CNN-based model to classify registered legitimate users based the features
extracted from the vibration signals. We also design a two-step authentication
scheme where the above user classifiers are utilized to distinguish the
legitimate user from illegitimate ones. We implement VibHead on a Microsoft
HoloLens equipped with a linear motor and an IMU sensor which are commonly used
in off-the-shelf personal smart devices. According to the results of our
extensive experiments, with short vibration signals (), VibHead has an
outstanding authentication accuracy; both FAR and FRR are around 5%
Cryptanalysis of Sun and Cao's Remote Authentication Scheme with User Anonymity
Dynamic ID-based remote user authentication schemes ensure efficient and
anonymous mutual authentication between entities. In 2013, Khan et al. proposed
an improved dynamic ID-based authentication scheme to overcome the security
flaws of Wang et al.'s authentication scheme. Recently, Sun and Cao showed that
Khan et al. does not satisfies the claim of the user's privacy and proposed an
efficient authentication scheme with user anonymity. The Sun and Cao's scheme
achieve improvement over Khan et al.'s scheme in both privacy and performance
point of view. Unfortunately, we identify that Sun and Cao's scheme does not
resist password guessing attack. Additionally, Sun and Cao's scheme does not
achieve forward secrecy
Challenges of Multi-Factor Authentication for Securing Advanced IoT (A-IoT) Applications
The unprecedented proliferation of smart devices together with novel
communication, computing, and control technologies have paved the way for the
Advanced Internet of Things~(A-IoT). This development involves new categories
of capable devices, such as high-end wearables, smart vehicles, and consumer
drones aiming to enable efficient and collaborative utilization within the
Smart City paradigm. While massive deployments of these objects may enrich
people's lives, unauthorized access to the said equipment is potentially
dangerous. Hence, highly-secure human authentication mechanisms have to be
designed. At the same time, human beings desire comfortable interaction with
their owned devices on a daily basis, thus demanding the authentication
procedures to be seamless and user-friendly, mindful of the contemporary urban
dynamics. In response to these unique challenges, this work advocates for the
adoption of multi-factor authentication for A-IoT, such that multiple
heterogeneous methods - both well-established and emerging - are combined
intelligently to grant or deny access reliably. We thus discuss the pros and
cons of various solutions as well as introduce tools to combine the
authentication factors, with an emphasis on challenging Smart City
environments. We finally outline the open questions to shape future research
efforts in this emerging field.Comment: 7 pages, 4 figures, 2 tables. The work has been accepted for
publication in IEEE Network, 2019. Copyright may be transferred without
notice, after which this version may no longer be accessibl
- …