Global ETD Search

91	Processus sécurisés de dématérialisation de cartes sans contact / Secure processes of dematerialization of contactless cards Bouazzouni, Mohamed Amine 08 November 2017 (has links) Au fil des années, la technologie sans contact NFC s'est imposée dans notre quotidien au travers des différents services proposés. Les cas d'utilisation sont nombreux allant des cartes de fidélité, des cartes de transport, des cartes de paiement sans contact jusqu'aux cartes de contrôle d'accès. Cependant, les premières générations des cartes NFC ont une sécurité minimale reposant sur l'hypothèse de leur non-clonabilité. De multiples vulnérabilités ont été découvertes et leur exploitation a permis des copies frauduleuses. Afin de remédier à ces vulnérabilités, une nouvelle génération de cartes à la sécurité augmentée a vu le jour. Ces cartes permettent une authentification avec un lecteur basée sur des algorithmes de chiffrements symétriques tels qu'AES, DES, et 3DES. Elles sont plus robustes que la première génération mais ont subi des également une attaque en reverse-engineering. Pour garantir et améliorer le niveau de sécurité du système de contrôle d'accès, nous proposons dans le cadre de l'opération neOCampus, la dématérialisation sécurisée de la carte sans contact sur un smartphone muni de la technologie NFC. Cette dématérialisation nous permet d'exploiter la puissance de calcul et la capacité de stockage du smartphone afin de déployer des algorithmes d'authentification plus robustes. Cependant, l'OS du smartphone ne peut être considéré comme un environnement de confiance. Afin de répondre à la problématique du stockage et du traitement sécurisés sur un smartphone, plusieurs solutions ont été proposées : les Secure Elements (SE), les Trusted Platform Module (TPM), les Trusted Execution Environment (TEE) et la virtualisation. Afin de stocker et de traiter de manière sécurisée les données d'authentification, le TEE apparait comme la solution idéale avec le meilleur compromis sécurité/performances. Cependant, de nombreux smartphones n'embarquent pas encore de TEE. Pour remédier à cette contrainte, nous proposons une architecture basée sur l'utilisation de TEEs déportés sur le Cloud. Le smartphone peut le contacter via une liaison Wi-Fi ou 4G. Pour se faire, un protocole d'authentification basé sur IBAKE est proposé. En plus de ce scénario nominal, deux autres scenarii complémentaires ont été proposés permettant d'accompagner le développement et la démocratisation des TEE non seulement dans le monde des smartphones mais aussi sur des dispositifs peu onéreux comme le Raspberry Pi 3. Ces architectures déploient le même algorithme d'authentification que le scénario nominal. Nous proposons aussi une architecture hors ligne permettant à un utilisateur de s'authentifier à l'aide d'un jeton de connexion en cas d'absence de réseaux sans fil. Cette solution permet de relâcher la contrainte sur la connectivité du smartphone à son Cloud. Nous procédons à une évaluation de l'architecture de dématérialisation et de l'algorithme d'authentification en terme de performances et de sécurité. Les opérations cryptographiques du protocole d'authentification sont les plus coûteuses. Nous avons alors procédé à leur évaluation en nous intéressant en particulier aux opérations de chiffrement IBE et à la génération de challenges ECC. Nos implémentations ont été évaluées pour l'infrastructure Cloud et l'environnement mobile. Nous avons ensuite procédé à une validation du protocole d'authentification sur les trois architectures sélectionnées à l'aide de l'outil Scyther. Nous avons montré, que pour les trois scenarii, la clé de session négociée via le protocole d'authentification restait secrète durant tout le protocole. Cette caractéristique nous garantit que les données d'authentification chiffrées avec cette clé resteront secrètes et que la phase d'identification de la personne est protégée tout en préservant l'ergonomie du système existant. / Over the years, the Near Field Communication technology has emerged in our daily lives through a variety of services. There are several use cases for contactless cards : loyalty cards, metro and bus cards, payment cards and access control cards. However, the first version of these cards has a low security level that is based on the assumption that the cards can not be cloned. To address this issue, a new version of NFC cards has been developed. It allows an authentication with the NFC reader through symmetric encryption algorithms such as AES, DES or 3DES. These cards are more robust that the previous ones. However, these cards have also undergone a reverseengineering attack. We propose, in the context of the neOCampus project, to replace the contactless cards with a smartphone equipped with the NFC capabilities. This process, called dematerialization, allows us to take advantage of the computational power and the storage capabilities of the smartphone to deploy more complex and robust authentication algorithms. However, the OS of the smartphone can not be considered as a trusted environment for the storage and the processing of sensitive data. To address these issues, several solutions were proposed : Secure Elements (SE), Trusted Platform Module (TPM), Trusted Execution Environment (TEE) and Virtualization. In order to store and process securely authentication data, the TEE seems to be the best trade-off between security and performances. Nevertheless, many smartphones do not embeed TEE and it is necessary to negotiate agreements with the TEE manufacturers in order to deploy a secure application on it. In order to figure out these issues, we propose to set up an architecture with a TEE in the Cloud. The smartphone has a secure Cloud that can be reached through a Wi-Fi or 4G connection. The reader has also its own secure Cloud reachable with an Ethernet link. An authentication protocol based on IBAKE is also proposed. In addition to this scenario, two other scenarios were proposed to follow the development and democratization of the TEE on the smartphones and on some inexpensive devices such as Raspberry Pi 3. These alternative architectures deploy the same authentication protocol as the main scenario. We propose an offline architecture allowing a user to authenticate using a connection token. This solution relaxes the connectivity constraint between the smartphone and its secure Cloud. We perform an evaluation of our architecture and of the authentication algorithm in terms of performances and security. The cryptographical operations of the authentication protocol are the most consuming operations in term of performance. We have chosen to target these operations especially the encryption with the IBE and the ECC challenges generation. Our implementations have been evaluated for a Cloud infrastructure and a mobile-like environment. We also perform a formal verification of the authentication protocol through the three considered architectures with Scyther. We showed that, for the three scenarios, that the session key negotiated through the authentication protocol remains secret during the overall execution of the protocol. These characteristic guarantee that the authentication data encrypted with this key will remain secret and that this step of the algorithm will be secure while preserving the ergonomy of the existing system. TEE Dématérialisation Contrôle d'accès Authentication NFC Cloud sécurisé TEE Dematerializaion Access control Authentication NFC Secure Cloud
92	Identity Authentication and Near Field Device Authentication for Smart Devices January 2014 (has links) abstract: The widespread adoption of mobile devices gives rise to new opportunities and challenges for authentication mechanisms. Many traditional authentication mechanisms become unsuitable for smart devices. For example, while password is widely used on computers as user identity authentication, inputting password on small smartphone screen is error-prone and not convenient. In the meantime, there are emerging demands for new types of authentication. Proximity authentication is an example, which is not needed for computers but quite necessary for smart devices. These challenges motivate me to study and develop novel authentication mechanisms specific for smart devices. In this dissertation, I am interested in the special authentication demands of smart devices and about to satisfy the demands. First, I study how the features of smart devices affect user identity authentications. For identity authentication domain, I aim to design a continuous, forge-resistant authentication mechanism that does not interrupt user-device interactions. I propose a mechanism that authenticates user identity based on the user's finger movement patterns. Next, I study a smart-device-specific authentication, proximity authentication, which authenticates whether two devices are in close proximity. For prox- imity authentication domain, I aim to design a user-friendly authentication mechanism that can defend against relay attacks. In addition, I restrict the authenticated distance to the scale of near field, i.e., a few centimeters. My first design utilizes a user's coherent two-finger movement on smart device screen to restrict the distance. To achieve a fully-automated system, I explore acoustic communications and propose a novel near field authentication system. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2014 Computer science acoustic communications Identity Mobile Authentication Proximity Authentication Smartphones touch screen
93	Architectural Design of a Conformative Authentication Service for Security Platforms Hermansson, Mikael January 2013 (has links) Authentication services in security platforms often need to handle different types of systems which have various requirements regarding the authentication. These requirements can often interfere with each other and the issue here is that the authentication service often needs to be manually adjusted to comply with these requirements. Therefore there is a need for a flexible architectural design which enables changes and could open up for new emerging technologies and possibilities. This thesis presents an architectural design of a conformative authentication service based on SAML 2.0 to be used in security platforms. In this thesis a requirements analysis was performed and an architectural design was developed. The architectural design presented in this thesis is conformative in various aspects, e.g. usage of various authentication methods, versatile handling of attributes, handling of various SAML 2.0 profiles, possibilities to participate in various identity federations and handling of legacy systems not supporting SAML. In addition, an evaluation comparing the candidate architectural design presented in this thesis with a currently active architectural design was performed. This evaluation showed that the candidate architectural design was considered better for more usage scenarios. Authentication Service Software Architecture Security Architecture Identity Management Electronic Authentication SAML Computer Engineering Datorteknik
94	Flexible Digital Authentication Techniques Ge, He 05 1900 (has links) Abstract This dissertation investigates authentication techniques in some emerging areas. Specifically, authentication schemes have been proposed that are well-suited for embedded systems, and privacy-respecting pay Web sites. With embedded systems, a person could own several devices which are capable of communication and interaction, but these devices use embedded processors whose computational capabilities are limited as compared to desktop computers. Examples of this scenario include entertainment devices or appliances owned by a consumer, multiple control and sensor systems in an automobile or airplane, and environmental controls in a building. An efficient public key cryptosystem has been devised, which provides a complete solution to an embedded system, including protocols for authentication, authenticated key exchange, encryption, and revocation. The new construction is especially suitable for the devices with constrained computing capabilities and resources. Compared with other available authentication schemes, such as X.509, identity-based encryption, etc, the new construction provides unique features such as simplicity, efficiency, forward secrecy, and an efficient re-keying mechanism. In the application scenario for a pay Web site, users may be sensitive about their privacy, and do not wish their behaviors to be tracked by Web sites. Thus, an anonymous authentication scheme is desirable in this case. That is, a user can prove his/her authenticity without revealing his/her identity. On the other hand, the Web site owner would like to prevent a bunch of users from sharing a single subscription while hiding behind user anonymity. The Web site should be able to detect these possible malicious behaviors, and exclude corrupted users from future service. This dissertation extensively discusses anonymous authentication techniques, such as group signature, direct anonymous attestation, and traceable signature. Three anonymous authentication schemes have been proposed, which include a group signature scheme with signature claiming and variable linkability, a scheme for direct anonymous attestation in trusted computing platforms with sign and verify protocols nearly seven times more efficient than the current solution, and a state-of-the-art traceable signature scheme with support for variable anonymity. These three schemes greatly advance research in the area of anonymous authentication. The authentication techniques presented in this dissertation are based on common mathematical and cryptographical foundations, sharing similar security assumptions. We call them flexible digital authentication schemes. Computer networks -- Security measures. Computer security. Authentication. authentication anonymity digital signature cryptographic protocols
95	Multiplatformní autentizační systém / Multiplatform authentication system Pokorný, Lukáš January 2015 (has links) This thesis describes the design of a multiplatform authentication system that enables user authentication by using a wide variety of authentication tokens. The theoretical part is devoted to an overview of authentication interfaces with focus on modern methods of verification. There is also an overview of authentication schemes. The practical part gives requirements for an authentication terminal and sets a specific hardware structure, including the specification of individual functional blocks. The implementation of the software logic uses Java and JavaScript programming languages. Attention is also paid to the used authentication schemes including details and comparison of used platforms. Finally, we evaluate the user and security aspects of the proposed solution. It is also given the possibility of additional hardware and software optimization.
96	Adding bandwidth specification to a AAA Sever Zhou, Jia January 2008 (has links) Authentication, authorization, and accounting (AAA) are key elements in network security. In many networks, clients can use resources only after they have been authenticated by an authentication server and authorized to use these resources. In some cases the server will also maintain accounting records in order for an operator (a provider of resources) to charge the account/subscriber for using the service. There are four main AAA protocols being used today. Of these RADIUS is the mostly widely used. This thesis starts with an introduction to AAA protocols, and then goes in the details of RADIUS. In order to perform a practical evaluation of how the AAA could be improved, FreeRADIUS was selected as the base code for this project; because this implementation is one of the most widely used RADIUS servers. A proposal for how to improve AAA performance is introduced and the implementation steps needed to realize these improvements are shown. Additionally, some experiments have been conducted to show both the correct functioning of the resulting implementation and to examine if there is a performance improvement. Following this some conclusions are drawn based upon a comparison with a traditional AAA server. A key element of the change in AAA which is proposed is the use of a non-binary IEEE 802.1x process. This new non-binary solution introduces a new type of AAA server and requires the re-thinking of a number of traditional AAA design decisions. It is expected that this change will have a significant impact, but will require some time for exposure, implementation by others, and a more extensive evaluation that was possible during the period of this thesis project. One of the most important conclusions drawn during this thesis is the difficulty of making a change in authentication and authorization, because of the large amount of interaction between both the various protocols and the standards which have been developed for these protocols. Thus one of the difficult aspects of the task is how to introduce a change in a protocol while maintaining backward compatibility for others who have not adopted this change -- without requiring the addition of a protocol version field. A second important conclusion is that doing this implementation in three separate parts with different students being responsible for the different parts revealed just how complex the interaction of protocol design decisions are. While a working version of the entire set of changes proved to be impossible, it was observed that the different parts could be decoupled more than initially expected. AAA RADIUS FreeRADIUS authentication non-binary authentication IEEE 802.1x Communication Systems Kommunikationssystem
97	Some Improvements to Social Authentication and Bot Detection and Their Applications in IoT Krzciok, Jacob James 19 April 2023 (has links) No description available. Computer Science IoT Social Authentication Bot Detection Trustee-based social authentication
98	Handover optimised authentication scheme for high mobility wireless multicast Mapoka, Trust T., Shepherd, Simon J., Abd-Alhameed, Raed, Anoh, Kelvin O.O. January 2015 (has links) No / In this paper a distributed handover optimized authentication scheme based on independent session key per access network (HOISKA) is developed for the decentralized multi-service group key management scheme over wireless mobile multicast. It enables a handover user Mi involved in multiple multicast service subscriptions to securely reuse the long term credential initially issued by the trusted authentication server (As) for deriving unique session keys per access network as it performs handover authentication across various access networks. The distributed nature of the scheme enables offloading the authentication function to the area network controllers (AKDs) such that As is not involved during handover exchange authentication signaling. This simplifies handover by reducing handover exchange signalling constituting to handover delays. Handover Access authentication (HAA) phase in HOISKA is presented then analyzed using the delay analytical model. The model proves efficacy by inducing minimum delays with less handover blocking probability while providing same level of security to the widely deployed handover authentication scheme.
99	Transmitter Authentication in Dynamic Spectrum Sharing Kumar, Vireshwar 02 February 2017 (has links) Recent advances in spectrum access technologies, such as software-defined radios, have made dynamic spectrum sharing (DSS) a viable option for addressing the spectrum shortage problem. However, these advances have also contributed to the increased possibility of "rogue" transmitter radios which may cause significant interference to other radios in DSS. One approach for countering such threats is to employ a transmitter authentication scheme at the physical (PHY) layer. In PHY-layer authentication, an authentication signal is generated by the transmitter, and embedded into the message signal. This enables a regulatory enforcement entity to extract the authentication signal from the received signal, uniquely identify a transmitter, and collect verifiable evidence of a rogue transmission that can be used later during an adjudication process. There are two primary technical challenges in devising a transmitter authentication scheme for DSS: (1) how to generate and verify the authentication signal such that the required security and privacy criteria are met; and (2) how to embed and extract the authentication signal without negatively impacting the performance of the transmitters and the receivers in DSS. With regard to dealing with the first challenge, the authentication schemes in the prior art, which provide privacy-preserving authentication, have limited practical value for use in large networks due to the high computational complexity of their revocation check procedures. In this dissertation, the novel approaches which significantly improve scalability of the transmitter authentication with respect to revocation, are proposed. With regard to dealing with the second challenge, in the existing PHY-layer authentication techniques, the authentication signal is embedded into the message signal in such a way that the authentication signal appears as noise to the message signal and vice versa. Hence, existing schemes are constrained by a fundamental tradeoff between the message signal's signal to interference and noise ratio (SINR) and the authentication signal's SINR. In this dissertation, the novel approaches which are not constrained by the aforementioned tradeoff between message and authentication signals, are proposed. / Ph. D. Dynamic spectrum sharing spectrum security and enforcement privacy-preserving authentication anonymous attestation blind authentication.
100	PASSWORD SECURITY, AN ANALYSIS OF AUTHENTICATION METHODS Safder, Waqas January 2024 (has links) An era in which transactions and communication are quick and easy owing to fast-growing IT technology has commenced nowadays. Because of the extensive use of IT and its wide distribution, it is easy to access private information. Implementing more stringent computer security processes is vital to shielding this data from unlawful penetration, a never-ending battle. Data and service integrity, availability, and confidentiality are the three pillars upon which computer security stands. Password authentication is the key defense mechanism used among the systems battling security loopholes. This research selected a systematic literature review (SLR) to collect up-to-date data on different password security authentication mechanisms. A detailed review of the previous work isdone to gather all existing authentication techniques from the current literature and compare and select them for use in different settings. The result revealed the usages, benefits, and drawbacks of discovered password security and authentication methods. In the end, a framework is proposed to enhance the security of password systems. Password-Based Authentication Password Security Authentication Techniques Computer and Information Sciences Data- och informationsvetenskap

Search results