4 research outputs found
A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices
Authentication is the first defence mechanism in many electronic systems,
including Internet of Things (IoT) applications, as it is essential for other
security services such as intrusion detection. As existing authentication
solutions proposed for IoT environments do not provide multi-level
authentication assurance, particularly for device-to-device authentication
scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and
Interaction based Authentication) framework to facilitate multi-factor
authentication of devices in device-to-device and device-to-multiDevice
interactions. In this paper, we extend the framework to address group
authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group
Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access
(HGA) protocol. The protocols use a combination of symmetric and asymmetric
cryptographic primitives to facilitate multifactor group authentication. The
informal analysis and formal security verification show that the protocols
satisfy the desirable security requirements and are secure against
authentication attacks
A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications
Existing authentication solutions proposed for Internet of Things (IoT)
provide a single Level of Assurance (LoA) regardless of the sensitivity levels
of the resources or interactions between IoT devices being protected. For
effective (with adequate level of protection) and efficient (with as low
overhead costs as possible) protections, it may be desirable to tailor the
protection level in response to the sensitivity level of the resources, as a
stronger protection level typically imposes a higher level of overheads costs.
In this paper, we investigate how to facilitate multi-LoA authentication for
IoT by proposing a multi-factor multi-level and interaction based (M2I)
authentication framework. The framework implements LoA linked and interaction
based authentication. Two interaction modes are investigated, P2P
(Peer-to-Peer) and O2M (One-to-Many) via the design of two corresponding
protocols. Evaluation results show that adopting the O2M interaction mode in
authentication can cut communication cost significantly; compared with that of
the Kerberos protocol, the O2M protocol reduces the communication cost by 42% ~
45%. The protocols also introduce less computational cost. The P2P and O2M
protocol, respectively, reduce the computational cost by 70% ~ 72% and 81% ~
82% in comparison with that of Kerberos. Evaluation results also show that the
two factor authentication option costs twice as much as that of the one-factor
option
A Survey on Smart Home Authentication: Toward Secure, Multi-Level and Interaction-based Identification
With the increased number and reduced cost of smart devices, Internet of Things (IoT) applications such as smart home (SHome) are increasingly popular. Owing to the characteristics of IoT environments such as resource constrained devices, existing authentication solutions may not be suitable to secure these environments. As a result, a number of authentication solutions specifically designed for IoT environments have been proposed. This paper provides a critical analysis of existing authentication solutions. The major contributions of the paper are as follows. First, it presents a generic model derived from an SHome use-case scenario. Secondly, based on the model, it performs a threat analysis to identify possible means of attacks. The analysis leads to the specification of a set of desirable security requirements for the design of authentication solutions for SHome. Thirdly, based on the requirements, existing authentication solutions are analysed and some ideas for achieving effective and efficient authentication in IoT environments are proposed
Reasoning about privacy in mobile application install decisions: Risk perception and framing
© 2020 Elsevier Ltd Data sharing has become prevalent with the rapid growth of mobile technologies. A lack of awareness and understanding of privacy practices often results in the installation of privacy-invasive applications (apps) which could potentially put users' personal data at risk. This study aimed to explore how users’ risk perception could be shifted towards more privacy-aware decisions through generation fluency and framing manipulations. It is an online study composed of three components, an experiment and two questionnaires. We manipulated the availability of privacy worries, by asking participants to generate either 2 or 10 privacy worries. Generating 10 worries was experienced as difficult, whereas generating 2 was easy. The difficult experience led to downgraded perception of risk, and consequently increased likelihood of installing a low privacy rated fictional app. Therefore, we suggest that improving generation fluency of privacy concerns could encourage users’ adoption of a more conservative judgment strategy when installing an app, safeguarding them against privacy-invasive apps