SECURED ROUTING PROTOCOL FOR AD HOC NETWORKS

Venkatraman, Lakshmi

11 October 2001

No description available.

AODV

Authentication

Routing-table consistency

Heirararchical

Replay

Authentication of User in the Cloud Using Homomorphic Encryption

Kosaraju, Harika

21 October 2013

No description available.

Information Technology

authentication

homomorphic

encryption

saltkey

performance

Solutions for Internet of Things Security Challenges: Trust and Authentication

McGinthy, Jason M.

12 July 2019

The continuing growth of Internet-connected devices presents exciting opportunities for future technology. These Internet of Things (IoT) products are being manufactured and interleaved with many everyday activities, which is creating a larger security concern. Sensors will collect previously unimaginable amounts of private and public data and transmit all of it through an easily observable wireless medium in order for other devices to perform data analytics. As more and more devices are produced, many are lacking a strong security foundation in order to be the "first to market." Moreover, current security techniques are based on protocols that were designed for more-capable devices such as desktop computers and cellular phones that have ample power, computational ability, and memory storage. Due to IoT's technological infancy, there are many security challenges without proper solutions. As IoT continues to grow, special considerations and protections must be in place to properly secure this data and protect the privacy of its users. This dissertation highlights some of the major challenges related to IoT and prioritizes their impacts to help identify where gaps are that must be filled. Focusing on these high priority concerns, solutions are presented that are tailored to IoT's constraints. A security feature-based framework is developed to help characterize classes of devices to help manage the heterogeneous nature of IoT devices and networks. A novel physical device authentication method is presented to show the feasibility in IoT devices and networks. Additional low-power techniques are designed and evaluated to help identify different security features available to IoT devices as presented in the aforementioned framework. / Doctor of Philosophy / The Internet has been gaining a foothold in our everyday lives. Smart homes, smart cars, and smart cities are becoming less science fiction and more everyday realities. In order to increase the public’s general quality of life, this new Internet of Things (IoT) technological revolution is adding billions of devices around us. These devices aim to collect unforeseen amounts of data to help better understand environments and improve numerous aspects of life. However, IoT technology is still in its infancy, so there are still many challenges still remaining. One major issue in IoT is the questionable security for many devices. Recent cyber attacks have highlighted the shortcomings of many IoT devices. Many of these device manufacturers simply wanted to be the first in a niche market, ignoring the importance of security. Proper security implementation in IoT has only been done by a minority of designers and manufacturers. Therefore, this document proposes a secure design for all IoT devices to be based. Numerous security techniques are presented and shown to properly protect the data that will pass through many of these devices. The overall goal for this proposed work aims to have an overall security solution that overcomes the current shortfalls of IoT devices, lessening the concern for IoT’s future use in our everyday lives.

Security

Internet of Things

Standardization

Authentication

Lightweight

Next-generation user authentication schemes for IoT applications

Gupta, Sandeep

27 October 2020

The unprecedented rise of IoT has revolutionized every business vertical enthralling people to embrace IoT applications in their day-to-day lives to accrue multifaceted benefits. It is absolutely fair to say that a day without connected IoT systems, such as smart devices, smart enterprises, smart homes or offices, etc., would hamper our conveniences, drastically. Many IoT applications for these connected systems are safety-critical, and any unauthorized access could have severe consequences to their consumers and society. In the overall IoT security spectrum, human-to-machine authentication for IoT applications is a critical and foremost challenge owing to highly prescriptive characteristics of conventional user authentication schemes, i.e., knowledge-based or token-based authentication schemes, currently used in them. Furthermore, studies have reported numerous users’ concerns, from both the security and usability perspectives, that users are facing in using available authentication schemes for IoT applications. Therefore, an impetus is required to upgrade user authentication schemes for new IoT age applications to address any unforeseen incidents or unintended consequences. This dissertation aims at designing next-generation user authentication schemes for IoT applications to secure connected systems, namely, smart devices, smart enterprises, smart homes, or offices. To accomplish my research objectives, I perform a thorough study of ways and types of user authentication mechanisms emphasizing their security and usability ramifications. Subsequently, based on the substantive findings of my studies, I design, prototype, and validate our proposed user authentication schemes. I exploit both physiological and behavioral biometrics to design novel schemes that provide implicit (frictionless), continuous (active) or risk-based (non-static) authentication for multi-user scenarios. Afterward, I present a comparative analysis of the proposed schemes in terms of accuracy against the available state-of-the-art user authentication solutions. Also, I conduct SUS surveys to evaluate the usability of user authentication schemes.

Novel, robust and cost-effective authentication techniques for online services

Norrington, Peter

January 2009

This thesis contributes to the study of the usability and security of visuo-cognitive authentication techniques, particularly those relying on recognition of abstract images, an area little researched. Many usability and security problems with linguistic passwords (including traditional text-based passwords) have been known for decades. Research into visually-based techniques intends to overcome these by using the extensive human capacity for recognising images, and add to the range of commercially viable authentication solutions. The research employs a mixed methodology to develop several contributions to the field. A novel taxonomy of visuo-cognitive authentication techniques is presented. This is based on analysis and synthesis of existing partial taxonomies, combined with new and extensive analysis of features of existing visuo-cognitive and other techniques. The taxonomy advances consistent terminology, and coherent and productive classification (cognometric, locimetric, graphimetric and manipulometric, based respectively on recognition of, location in, drawing of and manipulation of images) and discussion of the domain. The taxonomy is extensible to other classes of cognitive authentication technique (audio-cognitive, spatio-cognitive, biometric and token-based, etc.). A revised assessment process of the usability and security of visuo-cognitive techniques is proposed (employing three major assessment categories – usability, memorability and security), based on analysis, synthesis and refinement of existing models. The revised process is then applied to the features identified in the novel taxonomy to prove the process‘s utility as a tool to clarify both the what and the why of usability and security issues. The process is also extensible to other classes of authentication technique. iii Cognitive psychology experimental methods are employed, producing new results which show with statistical significance that abstract images are harder to learn and recall than face or object images. Additionally, new experiments and a new application of the chi-squared statistic show that users‘ choices of abstract images are not necessarily random over a group, and thus, like other cognitive authentication techniques, can be attacked by probabilistic dictionaries. A new authentication prototype is designed and implemented, embodying the usability and security insights gained. Testing of this prototype shows good usability and user acceptance, although speed of use remains an issue. A new experiment shows that abstract image authentication techniques are vulnerable to phishing attacks. Further, the testing shows two new results: that abstract image visuo-cognitive techniques are usable on mobile phones; and that such phones are not, currently, necessarily a threat as part of observation attacks on visual passwords.

621.382

Opening the Web for all : inclusive and secure design of an online authentication system

Gibson, Marcia

January 2012

Effective use of the World Wide Web grants users increased power over people, time and space. However, its growing ubiquity also means these powers tend to become eroded in non-users. Growth of the Web as a marketplace and as a channel to deliver e-services, results in an ever increasing volume of sensitive information being transacted and stored online. As a result, authentication systems are now being used extensively on the Web. Unfortunately the profusion of Web sites and the large numbers of associated passwords reduces their efficacy and puts severe strain on users’ limited cognitive resources. Authentication systems themselves therefore can act as an additional source of exclusion. However, this step of authentication has up until now, been largely overlooked when considering inclusive design. People may experience a variety of barriers to Internet access: Psychological, Material, Skills and Usage. Existing models of these barriers within the literature are discussed, and a unified model of exclusion is developed and used to identify a series of potential solutions to the various aspects of each barrier. These solutions are classified into 4 separate design goals: Enhanced Usability, Enhanced Accessibility, Reduced End-user Cost and Robust Security. A number of groups who are especially at risk of Web exclusion are also identified. The design goals are used to evaluate existing traditional and image-based passwords. The accessibility component is assessed in terms of twenty-two use scenarios, consisting of a particular user group’s limiting characteristic and strategies the groups are known to use when accessing the Web. The accessibility analysis shows traditional passwords to be less accessible for several groups: • Novice users who experience reduced comparative learnability, efficiency and increased errors. • Mobile phone users, head wand users, eye gaze tracker users, those with reduced manual dexterity/and or tremors accessing principally via a mouse or keyboard, those with impaired ability to select and filter relevant sensory information and low-literacy users accessing via a normal or text to speech browsers. These groups experience reduced comparative efficiency and increased errors. • Users with impaired ability to remember information or sequences and illiterate users accessing via a text-to-speech browser or normal browser. These groups have the most significant issues with passwords, experiencing reduced comparative learnability, memorability, efficiency and increased errors. Image based passwords are found to be more accessible for some of these groups, but are unusable by blind users and less usable by those with visual impairments. Just as Web users are not a uniform, homogenous group, so too is there no homogenous solution to creating usable security. Even so, there may be solutions that are usable and secure given the particular scenario within which they will be used. For this reason, it is important to supply a number of alternatives because as one modality or model of interaction is locked out, another group becomes excluded. One such alternative, a novel scheme called “Musipass”, is trialled in lab-based and large-scale online user participation experiments. Musipass is found to offer superior long-term memorability to a traditional password and users report enjoying the experience of authenticating with music. A security analysis is conducted which shows Musipass to offer comparative or enhanced security compared to a traditional password against a number of well-known attacks.

004.01

A secure quorum based multi-tag RFID system

Al-Adhami, Ayad

January 2018

Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.

Protection and Authentication of Digital Image

Lin, Chih-Hung

09 November 2006

In this dissertation, the methods of protection and authentication for digital images are presented. In the study of fragile image authentication, the method that can thwart the counterfeit attack is proposed in Chapter 2, and we analyze this method in order to prove the effect. In the study of semi-fragile image authentication, two image authentication methods with digital signature-based and digital watermark-based are presented in Chapter 3 and Chapter 4 respectively. These two methods can improve the disadvantages of related works, and the main contributions are: (1) can adjust the fragile degree by assigning the least authenticable bound of image and (2) the related theorems about the proposed methods are analyzed completely. Finally, a new issue and solution about semi-fragile image authentication are presented in Chapter 5. The main contributions of this method are: (1) only the spatial domain is adopted during feature generation and verification, making domain transformation process is unnecessary, (2) more reasonable non-malicious manipulated images (JPEG, JPEG2000 compressed and scaled images) than related studies can be authenticated, achieving a good trade-off of image authentication between fragile and robust under practical image processing, and (3) non-malicious manipulation is clearly defined to meet closely the requirements of sending them over the Internet or storing images.

digital watermark

semi-fragile image authentication

fragile image authentication

JPEG compression

digital signature

An EAP Method with Biometrics Privacy Preserving in IEEE 802.11 Wireless LANs

Chen, Yung-Chih

15 August 2009

It is necessary to authenticate users when they want to access services in WLANs. Extensible Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLAN authentication have been defined in RFC 4017. Besides, low computation cost and forward secrecy, excluded in RFC 4017, are noticeable requirements in WLAN authentication. However, all EAP methods and authentication schemes designed for WLANs so far do not satisfy all of the above requirements. Therefore, we will propose an EAP method which utilizes three factors, stored secrets, passwords, and biometrics, to verify users. Our proposed method fully satisfies 1) the requirements of RFC 4017, 2) forward secrecy, and 3) lightweight computation. Moreover, the privacy of biometrics is protected against the authentication server, and the server can flexibly decide whether passwords and biometrics are verified in each round or not.

Extensible Authentication Protocol (EAP)

Lightweight Computation

Wireless Local Area Networks (WLANs)

Three-Factor Authentication

Forward Secrecy

Leveraging an Active Directory for the Generation of Honeywords

Lundström, Johan

January 2018

Honeywords, fake passwords that when used by an adversary are set to trigger an alarm, is one way of detecting security breaches. For them to be effective, however, they must resemble real passwords as closely as possible and thus, the construction of the honeywords is crucial. In this thesis, a new model for generating honeywords, PII-Syntax, is presented that was built in part on a previous model but reworked and adapted to meet new requirements. The purpose of the study was to investigate whether an Active Directory, (AD) could be used as a resource in the construction of honeywords. The assumption was that the AD contains information about real system users that could be leveraged to create high-quality honeywords because of the very fact that they are based on actual users. It is a well-known fact that many users have a natural inclination towards incorporating personal information when choosing their passwords, information that can be leveraged by an adversary making the passwords easier to retrieve. The proposed model capitalizes on this fact and bases the honeyword generation process on users’ personally identifiable information, PII. The motivation for this is to enhance the quality of the honeywords, i.e. making them more plausible from the perspective of the adversary. The resulting model performed equally well or better than all existing honeyword generation algorithms to which it was compared with regard to flatness, DoS resistivity, multiple system vulnerability and storage cost. The most important contribution, however, is the inclusion of users’ personal information in the generation of the honeywords that ultimately help strengthen the security of password-based authentication systems. Contributions from this thesis include a novel manner in which to approach a well-known problem, both in a theoretical as well as a practical sense: PII-Syntax is a new honeyword generation algorithm that apart from performing equally well or better than previous algorithms brings an added value of believability to the generated honeywords because of the inclusion of users’ personal information found in an AD.

honeywords

passwords

authentication

password-based authentication

password cracking

deception techniques

Information Systems