Authentication under Constraints

Authentication has become a critical step to gain access to services such as on-line banking, e-commerce, transport systems and cars (contact-less keys). In several cases, however, the authentication process has to be performed under challenging conditions. This thesis is essentially a compendium of five papers which are the result of a two-year study on authentication in constrained settings. The two major constraints considered in this work are: (1) the noise and (2) the computational power. For what concerns authentication under noisy conditions, Paper A and Paper B ad- dress the case in which the noise is in the authentication credentials. More precisely, the aforementioned papers present attacks against biometric authentication systems, that exploit the inherent variant nature of biometric traits to gain information that should not be leaked by the system. Paper C and Paper D study proximity- based authentication, i.e., distance-bounding protocols. In this case, both of the constraints are present: the possible presence of noise in the channel (which affects communication and thus the authentication process), as well as resource constraints on the computational power and the storage space of the authenticating party (called the prover, e.g., an RFID tag). Finally, Paper E investigates how to achieve reliable verification of the authenticity of a digital signature, when the verifying party has limited computational power, and thus offloads part of the computations to an untrusted server. Throughout the presented research work, a special emphasis is given to privacy concerns risen by the constrained conditions

Be More and be Merry: Enhancing Data and User Authentication in Collaborative Settings

Cryptography is the science and art of keeping information secret to un-intended parties. But, how can we determine who is an intended party and who is not? Authentication is the branch of cryptography that aims at confirming the source of data or at proving the identity of a person. This Ph.D. thesis is a study of different ways to perform cryptographic authentication of data and users. The main contributions are contained in the six papers included in this thesis and cover the following research areas: (i) homomorphic authentication; (ii) server-aided verification of signatures; (iii) distance-bounding authentication; and (iv) biometric authentication. The investigation flow is towards collaborative settings, that is, application scenarios where different and mutually distrustful entities work jointly for a common goal. The results presented in this thesis allow for secure and efficient authentication when more entities are involved, thus the title “be more and be merry”. Concretely, the first two papers in the collection are on homomorphic authenticators and provide an in-depth study on how to enhance existing primitives with multi- key functionalities. In particular, the papers extend homomorphic signatures and homomorphic message authentication codes to support computations on data authenticated using different secret keys. The third paper explores signer anonymity in the area of server-aided verification and provides new secure constructions. The fourth paper is in the area of distance-bounding authentication and describes a generic method to make existing protocols not only authenticate direct-neighbors, but also entities located two-hop away. The last two papers investigate the leakage of information that affects a special family of biometric authentication systems and how to combine verifiable computation techniques with biometric authentication in order to mitigate known attacks

Multi-Hop Distance Estimation: How Far are You?

Several access control systems are based on the users’ physical location/proximity to the access point. Distance- Bounding (DB) protocols constitute a classical solution to calculate the distance between a trusted verifier (e.g., an access point) and an untrusted prover (e.g., a pervasive device). The main limitation of DB is that the prover and the verifier need to lie in each other’s communication range. In this paper, we introduce the concept of Multi-Hop Distance-Estimation (MHDE) protocols, which enable a verifier to authenticate a possibly far-away prover and estimate its distance to this prover, when they are not in the communication range of each other, using an ad-hoc network of pervasive devices. More precisely, our contributions are three-fold, since we provide: (1) a formal definition for MHDE; (2) a threat model for MHDE that considers a powerful and distributed adversary; and (3) implementation of MHDE protocols with different settings. Additionally, we demonstrate our protocol to be secure in the considered threat model, and we provide a performance analysis regarding the accuracy of the distance estimation and the tolerance of limited mobility of the nodes. The results are promising in order to adopt MHDE in a distributed setting

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Asioiden Internetin tietoturva: ratkaisuja, standardeja ja avoimia ongelmia

Internet of Things (IoT) extends the Internet to our everyday objects, which enables new kind of applications and services. These IoT applications face demanding technical challenges: the number of ‘things’ or objects can be very large, they can be very con-strained devices, and may need to operate on challenging and dynamic environments. However, the architecture of today’s Internet is based on many legacy protocols and technology that were not originally designed to support features like mobility or the huge and growing number of objects the Internet consists of today. Similarly, many security features of today’s Internet are additional layers built to fill up flaws in the un-derlying design. Fulfilling new technical requirements set by IoT applications requires efficient solutions designed for the IoT use from the ground up. Moreover, the imple-mentation of this new IoT technology requires interoperability and integration with tra-ditional Internet. Due to considerable technical challenges, the security is an often over-looked aspect in the emerging new IoT technology. This thesis surveys general security requirements for the entire field of IoT applica-tions. Out of the large amount of potential applications, this thesis focuses on two major IoT application fields: wireless sensor networks and vehicular ad-hoc networks. The thesis introduces example scenarios and presents major security challenges related to these areas. The common standards related to the areas are examined in the security perspective. The thesis also examines research work beyond the area of standardization in an attempt to find solutions to unanswered security challenges. The thesis aims to give an introduction to the security challenges in the IoT world and review the state of the security research through these two major IoT areas

Intelligent spectrum management techniques for wireless cognitive radio networks

PhD ThesisThis thesis addresses many of the unique spectrum management chal- lenges in CR networks for the rst time. These challenges have a vital e ect on the network performance and are particularly di cult to solve due to the unique characteristics of CR networks. Speci cally, this thesis proposes and investigates three intelligent spectrum management tech- niques for CR networks. The issues investigated in this thesis have a fundamental impact on the establishment, functionality and security of CR networks. First, an intelligent primary receiver-aware message exchange protocol for CR ad hoc networks is proposed. It considers the problem of alleviat- ing the interference collision risk to primary user communication, explic- itly to protect primary receivers that are not detected during spectrum sensing. The proposed protocol achieves a higher measure of safeguard- ing. A practical scenario is considered where no global network topology is known and no common control channel is assumed to exist. Second, a novel CR broadcast protocol (CRBP) to reliably disseminate the broadcast messages to all or most of the possible CR nodes in the network is proposed. The CRBP formulates the broadcast problem as a bipartite-graph problem. Thus, CRBP achieves a signi cant successful delivery ratio by connecting di erent local topologies, which is a unique feature in CR ad hoc networks. Finally, a new defence strategy to defend against spectrum sensing data falsi cation attacks in CR networks is proposed. In order to identify malicious users, the proposed scheme performs multiple veri cations of sensory data with the assistance of trusted nodes.Higher Committee For Education Devel- opment in Iraq (HCED-Iraq

A framework for evaluating countermeasures against sybil attacks in wireless sensor networks

Although Wireless Sensor Networks (WSNs) have found a niche in numerous applications, they are constrained by numerous factors. One of these important factors is security in WSNs. There are various types of security attacks that WSNs are susceptible to. The focus of this study is centred on Sybil attacks, a denial of service attack. In this type of attack, rogue nodes impersonate valid nodes by falsely claiming to possess authentic identities, thereby rendering numerous core WSN operations ineffective. The diverse nature of existing solutions poses a difficult problem for system engineers wanting to employ a best fit countermeasure. This problem is the largely unanswered question posed to all system engineers and developers alike whose goal is to design/develop a secure WSN. Resolving this dilemma proves to be quite a fascinating task, since there are numerous factors to consider and more especially one cannot assume that every application is affected by all identified factors. A framework methodology presented in this study addresses the abovementioned challenges by evaluating countermeasure effectiveness based on theoretical and practical security factors. Furthermore, a process is outlined to determine the application’s engineering requirements and the framework also suggests what security components the system engineer ought to incorporate into the application, depending on the application’s risk profile. The framework then numerically aligns these considerations, ensuring an accurate and fairly unbiased best fit countermeasure selection. Although the framework concentrates on Sybil countermeasures, the methodology can be applied to other classes of countermeasures since it answers the question of how to objectively study and compare security mechanisms that are both diverse and intended for different application environments. The report documents the design and development of a comparative framework that can be used to evaluate countermeasures against Sybil attacks in wireless sensor networks based on various criteria that will be discussed in detail. This report looks briefly at the aims and description of the research. Following this, a literature survey on the body of knowledge concerning WSN security and a discussion on the proposed methodology of a specific design approach are given. Assumptions and a short list of factors that were considered are then described. Metrics, the taxonomy for WSN countermeasures, the framework and a formal model are developed. Risk analysis and the best fit methodology are also discussed. Finally, the results and recommendations are shown for the research, after which the document is concluded.Dissertation (MEng)--University of Pretoria, 2011.Electrical, Electronic and Computer Engineeringunrestricte