1,013 research outputs found
User impersonation in key certification schemes
In this note we exhibit some weakness in two key certification schemes. We show how a legitimate user can impersonate any other user in an ElGamal-based certification scheme, even if hashing is applied first. Furthermore, we show how anybody can impersonate users of the modular square root key certification scheme, if no hashing occurs before the certification. This shows that it is essential for this certification scheme to hash a message before signing it
Beyond the Hype: On Using Blockchains in Trust Management for Authentication
Trust Management (TM) systems for authentication are vital to the security of
online interactions, which are ubiquitous in our everyday lives. Various
systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage
trust in this setting. In recent years, blockchain technology has been
introduced as a panacea to our security problems, including that of
authentication, without sufficient reasoning, as to its merits.In this work, we
investigate the merits of using open distributed ledgers (ODLs), such as the
one implemented by blockchain technology, for securing TM systems for
authentication. We formally model such systems, and explore how blockchain can
help mitigate attacks against them. After formal argumentation, we conclude
that in the context of Trust Management for authentication, blockchain
technology, and ODLs in general, can offer considerable advantages compared to
previous approaches. Our analysis is, to the best of our knowledge, the first
to formally model and argue about the security of TM systems for
authentication, based on blockchain technology. To achieve this result, we
first provide an abstract model for TM systems for authentication. Then, we
show how this model can be conceptually encoded in a blockchain, by expressing
it as a series of state transitions. As a next step, we examine five prevalent
attacks on TM systems, and provide evidence that blockchain-based solutions can
be beneficial to the security of such systems, by mitigating, or completely
negating such attacks.Comment: A version of this paper was published in IEEE Trustcom.
http://ieeexplore.ieee.org/document/8029486
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
Impersonation Challenges Associated With E-Assessment of University Students
Online examination (E-assessment) is an increasingly important component of online courses, and student authentication is widely seen as one of the major concerns for online examinations. Due to the inherent anonymity of being online, compared to taking an examination in a classroom environment, students may attempt to artificially boost their scores in online examination. This may occur by having another individual take the exam for them, which a typical user/password authentication scheme cannot detect. This research aims to investigate authentication challenges to online examinations, review benefits, constraints of existing authentication traits, and discuss alternative techniques. This will lead to the use of a profile based authentication framework (PBAF) together with user-id and password for the authentication of students during online examinations. The proposed –solution will utilize profile based challenge questions, user-id and password, which will be verified by development of PBAF in a virtual learning environment. The sample size will be obtained from a group of E-learning University students. Descriptive method of research will be used in order to develop better understanding of finding out what is happening, to seek new insight, to ask questions and to assess phenomena in a new light with the use of questionnaires. Data will be analyzed through descriptive statistics where graphs, pie charts, frequency distribution tables and histograms will be used, factor analysis will be employed. Statistical Package for the Social Sciences (SPSS) will also be used as software to analyze data. As a result of this research e-assessment will be deemed more secure in terms of the authentication process. Key Words: Authentication, E-Learning,E-Assessment, Impersonatio
Secure Routing Protocol for Integrated UMTS and WLAN Ad Hoc Networks
The integrated UMTS and WLAN ad hoc networks are getting more and more popular as they hold substantial advantages by next generation networks. We introduce a new secure, robust routing protocol specifically designed for next generation technologies and evaluated its performance. The design of the SNAuth_SPERIPv2 secure routing protocol takes advantage to the integrated network, maintaining Quality of Service (QoS) under Wormhole Attack (WHA). This paper compares performance of newly developed secure routing protocol with other security schemes for CBR video streaming service under WHA
- …