User evaluation indicates high quality of the Surveillance Outbreak Response Management and Analysis System (SORMAS) after field deployment in Nigeria in 2015 and 2018

During the West African Ebola virus disease outbreak in 2014-15, health agencies had severe challenges with case notification and contact tracing. To overcome these, we developed the Surveillance, Outbreak Response Management and Analysis System (SORMAS). The objective of this study was to measure perceived quality of SORMAS and its change over time. We ran a 4-week-pilot and 8-week-implementation of SORMAS among hospital informants in Kano state, Nigeria in 2015 and 2018 respectively. We carried out surveys after the pilot and implementation asking about usefulness and acceptability. We calculated the proportions of users per answer together with their 95% confidence intervals (CI) and compared whether the 2015 response distributions differed from those from 2018. Total of 31 and 74 hospital informants participated in the survey in 2015 and 2018, respectively. In 2018, 94% (CI: 89-100%) of users indicated that the tool was useful, 92% (CI: 86-98%) would recommend SORMAS to colleagues and 18% (CI: 10-28%) had login difficulties. In 2015, the proportions were 74% (CI: 59-90%), 90% (CI: 80-100%), and 87% (CI: 75-99%) respectively. Results indicate high usefulness and acceptability of SORMAS. We recommend mHealth tools to be evaluated to allow repeated measurements and comparisons between different versions and users

Continuous multibiometric authentication for online exam with machine learning

Multibiometric authentication has been received great attention over the past decades with the growing demand of a robust authentication system. Continuous authentication system verifies a user continuously once a person is login in order to prevent intruders from the impersonation. In this study, we propose a continuous multibiometric authentication system for the identification of the person during online exam using two modalities, face recognition and keystrokes. Each modality is separately processed to generate matching scores, and the fusion method is performed at the score level to improve the accuracy. The EigenFace and support vector machine (SVM) approach are applied to the facial recognition and keystrokes dynamic accordingly. The matching score calculated from each modality is combined using the classification by the decision tree with the weighted sum after the score is split into three zones of interes

Securing One Time Password (OTP) for Multi-Factor Out-of-Band Authentication through a 128-bit Blowfish Algorithm

Authentication and cryptography have been used to address security issues on various online services. However, researchers discovered that even the most commonly used multi-factor out-of-band authentication mechanism was vulnerable to attacks and traditional crypto-algorithms were characterized to have some drawbacks making it crucial to choose desirable algorithms for a particular purpose. This study introduces an innovative modification of the Blowfish algorithm designed to capitalize on its strengths but supports 128-bits block size text input using dynamic selection encryption method and reduction of cipher function execution through randomly determined rounds. Experimentation results on 128-bit input text revealed significant performance improvements with utmost 5.91 % in terms of avalanche effect, 38.97 % for integrity, and 41.02 % in terms of execution time. Results also showed that the modification introduced extra security layer, thus, displaying higher complexity and stronger diffusion at faster execution time making it more difficult and complex for an unauthorized individual to decipher the information and desirable to be used for applications with multiple users respectively. This is a good contribution to the continuous developments in the field of information security particularly in cryptography and towards providing a secure OTP for multifactor out-of-band authentication

2FYSH: two-factor authentication you should have for password replacement

Password has been the most used authentication system these days. However, strong passwords are hard to remember and unique to every account. Unfortunately, even with the strongest passwords, password authentication system can still be breached by some kind of attacks. 2FYSH is two tokens-based authentication protocol designed to replace the password authentication entirely. The two tokens are a mobile phone and an NFC card. By utilizing mobile phones as one of the tokens, 2FYSH is offering third layer of security for users that lock their phone with some kind of security. 2FYSH is secure since it uses public and private key along with challenge-response protocol. 2FYSH protects the user from usual password attacks such as man-in-the-middle attack, phishing, eavesdropping, brute forcing, shoulder surfing, key logging, and verifier leaking. The secure design of 2FYSH has made 90% of the usability test participants to prefer 2FYSH for securing their sensitive information. This fact makes 2FYSH best applied to secure sensitive data needs such as bank accounts and corporate secrets

Recent advances in mobile touch screen security authentication methods: a systematic literature review

The security of the smartphone touch screen has attracted considerable attention from academics as well as industry and security experts. The maximum security of the mobile phone touch screen is necessary to protect the user’s stored information in the event of loss. Previous reviews in this research domain have focused primarily on biometrics and graphical passwords while leaving out PIN, gesture/pattern and others. In this paper, we present a comprehensive literature review of the recent advances made in mobile touch screen authentication techniques covering PIN, pattern/gesture, biometrics, graphical password and others. A new comprehensive taxonomy of the various multiple class authentication techniques is presented in order to expand the existing taxonomies on single class authentication techniques. The review reveals that the most recent studies that propose new techniques for providing maximum security to smartphone touch screen reveal multi-objective optimization problems. In addition, open research problems and promising future research directions are presented in the paper. Expert researchers can benefit from the review by gaining new insights into touch screen cyber security, and novice researchers may use this paper as a starting point of their inquir

Enhanced Multi-factor Out-of-Band Authentication En Route to Securing SMS-based OTP Ariel

Validation of user’s authenticity through authentication played a crucial role to address risks and security issues in today's connected world. Among different authentication methods, OTP sent via SMS was identified as the most commonly used multi-factor authentication mechanism. However, studies have shown that it has not remained attack-proof. It has been branded to be vulnerable to SMiShing, a technique comparable to Internet phishing, and Eavesdropping accomplished through keylogging, screens capturing, shoulder surfing and other social engineering practices. This study introduced an innovative approach to secure SMS-based OTP against its threats through OTP encryption using modified Blowfish algorithm. A mobile application was also employed for capturing and processing encrypted SMS-based OTP to produce new OTP for verification, thus performing end-to-end OTP. Experimentation results and analysis revealed that the proposed architecture was free against the said vulnerabilities and promote tighter security, making it a good alternative for SMS-based OTP multi-factor authentication

HANDLING WORK FROM HOME SECURITY ISSUES IN SALESFORCE

Security is a vital component when it is identified with an endeavor record or our genuine materials. To protect our home or valuable things like gold, cash we use bank storage administrations or underground secret storage spaces at home. Similarly, IT enterprises put tremendous measure of capital in expanding security to its business and the archives. Associations use cryptography procedures to get their information utilizing progressed encryption calculations like SHA-256, SHA-512, RSA-1024, RSA-2048 pieces’ key encryption and Elliptic Curve Cryptography (ECC) calculations. These industry standard calculations are difficult to break. For instance, to break RSA-2048-piece encryption key, an old-style PC needs around 300 trillion years. As indicated by the continuous examination, a quantum PC can break it in 10seconds, yet such a quantum PC doesn\u27t yet exist. Despite the fact that these cryptographic calculations guarantee an awesome degree of safety, there will be dependably a space for breaking the security. Programmers will attempt new techniques to break the security. Thus, the association likewise should continue to utilize new strategies to build the level and nature of the security. Now it is time to check how the security aspect is taken care of when the IT employees are at work from home. The 2020 year has made many professionals work from home because of the Covid-19 pandemic. The Covid-19 has transformed almost all organizations to work from home, this has become standard advice, and technology plays an important role during work from home to monitor the employee works and provide security when the work is being carried away from their respective organization. Employees\u27 information security awareness will become one of the most important parts of safeguarding against nefarious information security practices during this work from home. Most of the workers like the expediency of work from home and the flexibility provided for the employees. But in this situation, workers need guarantees that their privacy is secured when using company laptops and phones. Cyber security plays an important role in maintaining a secured environment when working from home. This work focusses on managing the security break attack in the course of work from home. The focus of the study is on dealing with security breaches that occur when salespeople operate from home. The problem of security isn\u27t new. Security issues existed prior to the lockdown or pandemic, but because the staff was working from the office at the time, the system administrator was available to address them. However, how can an employee\u27s laptop and account be secured when working from home? MFH\u27s salesforce has leveraged a variety of innovative technologies to address security concerns during their tenure. Because the IT behemoth Salesforce has made it possible for all employees, including freshly hired ones, to seek WFH on a permanent basis. To address the security breach difficulties faced by employees, the organization used a number of new approaches, including tracking working hours, raising password difficulty, employing VPN (virtual private network), mandating video during meetings, continuously checking right to use control, and MFA (multi-factor authentication). Improvement of existing multi-factor authentication (MFA) is the focused topic discussed in the thesis. To add an additional step of protection to the login process Blockchain technology is proposed and to identify the employee identification a hybrid recognition model is proposed using face and fingerprint recognition. This leads to the employee going through multiple processes to authenticate his or her identity in numerous ways in order to access the business laptop. This procedure entails connecting his or her laptop to his or her mobile phone or email account. Keywords: MFA, WFH, Cyber Security, Encryption, Decryption

Un esquema de autenticación de usuario basado en el cliente para el entorno de la nube de las cosas

The limited capabilities of IoT devices have resulted in some of the tasks of IoT applications being distributed to a cloud server, which witnessed the arisen of the cloud of things (COT). It enables IoT applications’ development and deployment as a service, providing additional data storage, enhanced processing performance, and fast communication between devices. As COT involves communication between IoT devices, a remote server, and users, remote user authentication is crucial to meeting security demands. Therefore, this study designs a client-based user authentication scheme utilizing smartphone fingerprint recognition technology to fill the gap. The scheme comprises six phases, namely (i) configuration phase, (ii) enrolment phase, (iii) authentication phase, (iv) password update phase, (v) fingerprint revocation phase, and (vi) smartphone revocation phase. The security analysis and automated verification using ProVerif suggested that the scheme is resistant to user impersonating attacks, replay attacks, and man-in-the-middle attacks. The study’s outcome could help secure user credentials from attacks on applications that involve IoT and the cloud.Las capacidades limitadas de los dispositivos IoT han dado como resultado que algunas de las tareas de las aplicaciones IoT se distribuyan a un servidor en la nube, lo que es testigo del surgimiento de la Nube de las Cosas (COT). Esta permite el desarrollo y la implementación de aplicaciones IoT como un servicio, proporcionando almacenamiento de datos adicional, mayor rendimiento de procesamiento y comunicación rápida entre dispositivos. Dado que la COT implica la comunicación entre dispositivos IoT, un servidor remoto y usuarios, la autenticación de usuarios remotos es crucial para satisfacer las demandas de seguridad. Por lo tanto, este estudio diseña un esquema de autenticación de usuario basado en el cliente que utiliza tecnología de reconocimiento de huellas digitales en teléfonos inteligentes para colmar la brecha. El esquema consta de seis fases: (i) fase de configuración, (ii) fase de inscripción, (iii) fase de autenticación, (iv) fase de actualización de contraseña, (v) fase de revocación de huellas digitales y (vi) fase de revocación de teléfonos inteligentes. A partir del análisis de seguridad y la verificación automatizada con ProVerif surge que el esquema es resistente a diferentes ataques, por ejemplo ataques de suplantación de identidad del usuario, los ataques de repetición y los ataques manin- the-middle. El resultado del estudio podría ayudar a proteger las credenciales de los usuarios de los ataques a las aplicaciones que involucran IoT y la nube.Facultad de Informátic

two factor authentication for e government services using hardware like one time password generators

A safe and accessible authentication technique is a prerequisite for any modern e-government application. Two-factor authentication is currently widely adopted, since it alleviates many vulnerabilities of password-based authentication. The majority of e-government systems currently make use of text messages to deliver the second authentication factor, but these messages do not constitute an adequate (secure and reliable) solution. In this paper we show how to use One-Time Passwords (OTP) generated by a per-user, ad-hoc built application installed on a smartphone to support a two-factor authentication scheme specifically targeted to e-government tasks. In particular, we develop a process for the request, generation and distribution of such an application that achieves the same security of OTP hardware devices but avoids the related distribution and management costs, requiring no dedicated hardware and relying on the pre-existing administrative infrastructure. The process is designed to be accessible by any citizen who is able to perform very basic operations on a smartphone