1,013 research outputs found

    User impersonation in key certification schemes

    Get PDF
    In this note we exhibit some weakness in two key certification schemes. We show how a legitimate user can impersonate any other user in an ElGamal-based certification scheme, even if hashing is applied first. Furthermore, we show how anybody can impersonate users of the modular square root key certification scheme, if no hashing occurs before the certification. This shows that it is essential for this certification scheme to hash a message before signing it

    Beyond the Hype: On Using Blockchains in Trust Management for Authentication

    Full text link
    Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

    BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

    Full text link
    This paper describes BlockPKI, a blockchain-based public-key infrastructure that enables an automated, resilient, and transparent issuance of digital certificates. Our goal is to address several shortcomings of the current TLS infrastructure and its proposed extensions. In particular, we aim at reducing the power of individual certification authorities and make their actions publicly visible and accountable, without introducing yet another trusted third party. To demonstrate the benefits and practicality of our system, we present evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application

    Impersonation Challenges Associated With E-Assessment of University Students

    Get PDF
    Online examination (E-assessment) is an increasingly important component of online courses, and student authentication is widely seen as one of the major concerns for online examinations. Due to the inherent anonymity of being online, compared to taking an examination in a classroom environment, students may attempt to artificially boost their scores in online examination. This may occur by having another individual take the exam for them, which a typical user/password authentication scheme cannot detect. This research aims to investigate authentication challenges to online examinations, review benefits, constraints of existing authentication traits, and discuss alternative techniques. This will lead to the use of a profile based authentication framework (PBAF) together with user-id and password for the authentication of students during online examinations. The proposed –solution will utilize profile based challenge questions, user-id and password, which will be verified by development of PBAF in a virtual learning environment. The sample size will be obtained from a group of E-learning University students. Descriptive method of research will be used in order to develop better understanding of finding out what is happening, to seek new insight, to ask questions and to assess phenomena in a new light with the use of questionnaires. Data will be analyzed through descriptive statistics where graphs, pie charts, frequency distribution tables and histograms will be used, factor analysis will be employed. Statistical Package for the Social Sciences (SPSS) will also be used as software to analyze data. As a result of this research e-assessment will be deemed more secure in terms of the authentication process. Key Words: Authentication, E-Learning,E-Assessment, Impersonatio

    Secure Routing Protocol for Integrated UMTS and WLAN Ad Hoc Networks

    Get PDF
    The integrated UMTS and WLAN ad hoc networks are getting more and more popular as they hold substantial advantages by next generation networks. We introduce a new secure, robust routing protocol specifically designed for next generation technologies and evaluated its performance. The design of the SNAuth_SPERIPv2 secure routing protocol takes advantage to the integrated network, maintaining Quality of Service (QoS) under Wormhole Attack (WHA). This paper compares performance of newly developed secure routing protocol with other security schemes for CBR video streaming service under WHA
    • …
    corecore