Two-Factor Authentication Based Automobile Keyless Entry System

Mechanical keys have traditionally been used to restrict unauthorized access to automobiles. In recent times, microcontrollers were embedded into cars for various applications such as passive keyless entry systems and vehicle immobilizer systems to prevent circumventing the mechanical lock to open the door and then start the engine via short-circuiting the ignition. The embedded electronic systems are very convenient to users but the security of the system can be easily breached for unauthorized access either through theft or lost and found of the car key fob, relay attacks by impostors or if the embedded code is revealed through the wireless interface scanning. In this paper, the development of an Automobile Keyless Entry System using Two-Factor Authentication is described where, the automobile would autonomously verify the usersrsquo alongside the conventional mono-factor (i.e., device-based) automobile key fob authentication framework, thus achieving a two-factor authentication system. In addition, the new framework can prevent the three kinds of security breach scenarios. Furthermore, the car owner may allow new persons to drive the car using their voiceprints. The significance of this new framework is that it has provided high level of comfort and convenience and has eliminated the probability of theft. This paper will provide the understanding of the system to the designer of key-less systems. It will also provide designers with some ideas of how to make vehicle more secure. This paper will also benefit many people in terms of saving time and effort that would be required for them to collect the information presented in this paper by reading many published papers

A Comparative Usability Study of Two-Factor Authentication

Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces non-negligible costs for service providers and requires users to carry out additional actions during the authentication process. In this paper, we present an exploratory comparative study of the usability of 2F technologies. First, we conduct a pre-study interview to identify popular technologies as well as contexts and motivations in which they are used. We then present the results of a quantitative study based on a survey completed by 219 Mechanical Turk users, aiming to measure the usability of three popular 2F solutions: codes generated by security tokens, one-time PINs received via email or SMS, and dedicated smartphone apps (e.g., Google Authenticator). We record contexts and motivations, and study their impact on perceived usability. We find that 2F technologies are overall perceived as usable, regardless of motivation and/or context of use. We also present an exploratory factor analysis, highlighting that three metrics -- ease-of-use, required cognitive efforts, and trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201

Implementing two-factor authentication

Two-factor authentication is a part of modern authentication technologies. It is also called multifactor authentication or shortly 2FA. Traditional one-factor authentication method process provides only one factor, typically a password. This is quite easy possible to hack. Two-factor authentication is based in the assumption, that two of the three factors of authentication are used. Satakunta University of Applied Sciences, later called SAMK, operates with modern ICT environment. Administrative portals and management systems needs better security. To find the best possible way is to implement secure two-factor authentication method and bring it to production use in SAMK environments. At least more complex authentication is needed with administrative systems, but the solution must be implementable also to whole staff everyday use e.g. with VPN. A first pilot environment will be made and after that the solution can be extended to heavier use. The research type used will be case study research. That research type will be best suitable to match any needs of the wanted solution. The most benefit for this thesis is Satakunta University of Applied Sciences, it will get a modern secure authentication layer for its systems and get documentation how it will work and need to be published. This is really needed in SAMK environment so benefit for the company will be good. The thesis will include two-factor authentication methods, use in on premise environment, use in cloud systems and different usage surveys and doing the implementing action in SAMK environment

Loc-Auth: Location-Enabled Authentication Through Attribute-Based Encryption

Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.Comment: Accepted at International Conference on Computing, Networking and Communications (ICNC 2015

Minimizing information leakage of tree-based RFID authentication protocols using alternate tree-walking

The privacy of efficient tree-based RFID authentication protocols is heavily dependent on the branching factor on the top layer. Indefinitely increasing the branching factor, however, is not a viable option. This paper proposes the alternate-tree walking scheme as well as two protocols to circumvent this problem. The privacy of the resulting protocols is shown to be comparable to that of linear-time protocols, where there is no leakage of information, whilst reducing the computational load of the database by one-third of what is required of tree-based protocols during authentication. We also identify and address a limitation in quantifying privacy in RFID protocols

Multi-factor Authentication and Their Approaches

A multi-factor authentication is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence factor ("something the user is"). Two-factor authentication seeks to decrease the probability that the requestor is presenting false evidence of its identity. In reality, there are more variables to consider when establishing the relative assurance of truthfulness in an identity assertion than simply how many "factors" are used. The U.S. Federal Financial Institutions Examination Council issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors