Cryptanalysis and improvement of chen-hsiang-shih's remote user authentication scheme using smart cards

Recently, Chen-Hsiang-Shih proposed a new dynamic ID-based remote user authentication scheme. The authors claimed that their scheme was more secure than previous works. However, this paper demonstrates that theirscheme is still unsecured against different kinds of attacks. In order to enhance the security of the scheme proposed by Chen-Hsiang-Shih, a new scheme is proposed. The scheme achieves the following security goals: without verification table, each user chooses and changes the password freely, each user keeps the password secret, mutual authentication, the scheme establishes a session key after successful authentication, and the scheme maintains the user's anonymity. Security analysis and comparison demonstrate that the proposed scheme is more secure than Das-Saxena-Gulati's scheme, Wang et al.'s scheme and Chen-Hsiang-Shih.Peer ReviewedPostprint (published version

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Internet of Things Security Using Proactive WPA/WPA2

The Internet of Things (IoT) is a natural evolution of the Internet and is becoming more ubiquitous in our everyday home, business, health, education, and many other aspects. The data gathered and processed by IoT networks might be sensitive whichcallsforfeasibleandadequatesecuritymeasures.This paper describes the use of the Wi-Fi technology in the IoT connectivity, then proposes a new approach, the Proactive Wire- less Protected Access (PWPA), to protect the access networks. Then a new end to end (e2e) IoT security model is suggested to include the PWPA scheme. To evaluate the solution?s security and performance, firstly, the cybersecurity triad: confidentiality, integrity, and availability aspects were discussed, secondly, the solution?s performance was compared to a counterpart e2e security solution, the Secure Socket Layer security. A small IoT network was set up to simulate a real environment that uses HTTP protocol. Packets were then collected and analyzed. Data analysis showed a bandwidth efficiency increase by 2% (Internet links) and 12% (access network), and by 344% (Internet links) and 373% (access network) when using persistent and non- persistent HTTP respectively. On the other hand, the analysis showed a reduction in the average request-response delay of 25% and 53% when using persistent and non-persistent HTTP respectively. This scheme is possibly a simple and feasible solution that improves the IoT network security performance by reducing the redundancy in the TCP/IP layers security implementation

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

Cryptanalysis of a More Secure Remote User Authentication Scheme

[[abstract]]Recently, Kim and Chung proposed a more secure remote user authentication scheme, which is an improvement over Yoon-Yoo's scheme to remedy their security flaws, such as leak of password and vulnerabilities to the masquerading user attack, the masquerading server attack, and the stolen-verifier attack. In this paper, we will show that Kim-Chung's improved scheme is vulnerable to the offline password guessing attack. In addition, the scheme does not possess the feature of secret key forward secrecy as they claimed. Hence, Kim-Chung's scheme is also subject to the masquerading user attack and the masquerading server attack as well. Moreover, their scheme does not generate session keys for secure communications.[[conferencedate]]20101216~20101218[[iscallforpapers]]Y[[conferencelocation]]Tainan, Taiwa

Formal Analysis of ISO/IEC 9798-2 Authentication Standard using AVISPA

International audienceUse of formal methods is considered as a useful and efficient technique for the validation of security properties of the protocols. In this paper, we analyze the protocols of ISO/IEC 9798-2 entity authentication standard using a state-of-the-art tool for automated analysis named AVISPA. Our analysis of the standard using AVISPA's OFMC and CL-AtSe back-ends shows that the two party protocols are secure against the specified security properties while the back-ends are able to find attacks against unilateral and mutual authentication protocols involving a trusted third party

Human abnormal behavior impact on speaker verification systems

Human behavior plays a major role in improving human-machine communication. The performance must be affected by abnormal behavior as systems are trained using normal utterances. The abnormal behavior is often associated with a change in the human emotional state. Different emotional states cause physiological changes in the human body that affect the vocal tract. Fear, anger, or even happiness we recognize as a deviation from a normal behavior. The whole spectrum of human-machine application is susceptible to behavioral changes. Abnormal behavior is a major factor, especially for security applications such as verification systems. Face, fingerprint, iris, or speaker verification is a group of the most common approaches to biometric authentication today. This paper discusses human normal and abnormal behavior and its impact on the accuracy and effectiveness of automatic speaker verification (ASV). The support vector machines classifier inputs are Mel-frequency cepstral coefficients and their dynamic changes. For this purpose, the Berlin Database of Emotional Speech was used. Research has shown that abnormal behavior has a major impact on the accuracy of verification, where the equal error rate increase to 37 %. This paper also describes a new design and application of the ASV system that is much more immune to the rejection of a target user with abnormal behavior.Web of Science6401274012

An Enhanced Authentication System using Multi-Level Security for web Services

With growing use of internet and its services, a large number of organizations are making use of password to provide security. A password is a secret word or combination of alphabet used for user authentication. Authentication to user account to access internet services on-line is achieved victimization password. The password is most convenient means of authentication. But now a day’s password becomes hacked by the attacker. To provide more security, we are using Kerberos and the video CAPTCHA as authentication technique. Kerberos is a authentication protocol and CAPTCHA is a (Completely Automated Public Turing Test to tell Computer and Human Apart) test which provide a way to differentiate user into a human and malicious program. CAPTCHA become the most widely used standard security technique to prevent automated computer program attack. Our aim is to proposed a system which can be a better than existing CAPTCHA and provide higher level of authentication. DOI: 10.17762/ijritcc2321-8169.150511

Weaknesses of Password Authentication Scheme Based on Geometric Hashing

We show that a recently proposed password authentication scheme based on geometric hashing has several security weaknesses, and that the use of this scheme should be avoided in practice