Spelling suggestions: "subject:"mutual authentication"" "subject:"vutual authentication""
1 |
An Anonymous Authentication Protocol with Chargeability and Fair Privacy for Mobile Network EnvironmentsHuang, Shi-Ming 26 July 2006 (has links)
Mobile network equipments are widely popularized and advanced mobile communication services are provided increasingly such that ubiquitous computing environments will come true soon. It is a pleasure for mobile users to work or get recreations in the mobile network environments. However, just as the cases in wireline environments, there are a lot of security threats to mobile network systems and their impact on the security is more serious than that in wireline environments owing to the feature of wireless transmissions and the ubiquity property in mobile network systems. The secret personal information, important data, or classified missives which mobile users carry may be stolen by malicious entities. In order to guarantee the quality of the advanced communication services, the security and privacy would be the important issues when mobile users roam to the mobile networks. In this thesis, an anonymous authentication protocol will be proposed to protect both the security of the mobile network system and the privacy of mobile users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also the identity of each user can be kept secret against anyone else including the system. Although the users are anonymously authenticated by the system, it can still make correct bills to charge these anonymous users. Finally, our protocol also achieves the goal of fair privacy which allows the judge to be able to revoke the anonymity and trace the illegal users when they misused the anonymity property such as they committed crimes.
|
2 |
MUTUAL AUTHENTICATION SCHEME FOR MOBILE RFID SYSTEMSAllahem, Hisham 28 March 2013 (has links)
Radio Frequency Identification (RFID) systems are rapidly becoming popular in a variety of applications such as supply chain management, storage management and healthcare. Such a system consists of a tag with a unique identifier, a tag reader and a backend server. Due to the system's limited computational resources, it can be subject to various types of attacks. This can exacerbate when the reader itself is mobile. The objective of this thesis is to propose a mutual authentication scheme for mobile RFID systems. Our proposed scheme uses a shared encryption key generated and updated by the mobile reader to authenticate the system entities. The encryption keys are updated at the end of each authentication session. Experimental results show that the proposed scheme meets the security and privacy goals, and resists known attacks on mobile RFID systems
|
3 |
Evaluating intrusion detection points in an end-to-end solutionPankaczi, Lilla January 2023 (has links)
Evaluating all intrusion detection points in an end-to-end cyber-physical system can be challenging. This master thesis focuses on evaluating the security of the most exposed part of such systems, Radio Frequency Identification (RFID) communication. As both the RFID reader and tag can be located outside of secure premises, RFID communication can be a target of several cyber threats. Common cyber-attacks such as replay attacks, eavesdropping, or tag cloning can be associated with the lack of security of the communication channel between the reader and the tag or flaws of the implemented authentication protocols and encryption algorithms. This thesis briefly summarizes parts 4 and 3 of the ISO/IEC 14443 standard, which specify the initialization, selection, and transmission protocols in high-frequency RFID smart-card and reader communication. A formal security analysis was conducted to evaluate these protocols using a tool called Scyther. Then, an improved authentication protocol was proposed utilizing a commercially available feature, the Random Unique Identifier of the card (RID). The Scyther protocol verification results showed that implementing RID can prevent many RFID attacks such as, eavesdropping or replay attacks, and protect the cardholder's privacy.
|
4 |
Provably Secure Nested One-Time Secret Mechanisms for Fast Mutual Authentication and Key Exchange in Mobile CommunicationsHo, Pei-hsiu 10 February 2011 (has links)
Wireless communication has played a very important role in people communication activities due to the properties of fast mobility and high
portability. Many security mechanisms for mobile communications have been introduced in the literature.
Among these mechanisms,
authentication is a quite important task in the entire mobile network system and acts as the first defense against attackers
since it ensures the correctness of the identities of distributed communication entities before they engage in any other communication
activity. Some schemes have similar drawbacks, such as high bandwidth consumption between VLR and HLR, storage overhead in VLR, and lack of
VLR authentication.
On the other hand, some protocols are efficient, but they are not based on rational assumptions.
Ideally, a mobile authentication scheme should achieve mutual entity authentication, low storage cost in VLR, and
light-weight computation and communication for each entity, to provide secure and fast communication services.
Therefore, in order to guarantee the quality of this advanced technology, an efficient (especially, user efficient) and secure
authentication scheme is urgently desired, and moreover, it should be under reasonable assumptions.
In this dissertation, we come up with a novel authentication mechanism, called the nested
one-time secret mechanism, tailored for mobile communication environments. Through maintaining inner and outer synchronously changeable
common secrets, respectively, every mobile user can be rapidly authenticated by VLR and HLR, respectively, in the proposed scheme based on
rational assumptions.
Not only does the proposed solution achieve mutual authentication, but also it greatly reduces the computation and communication cost
of the mobile users as compared with the existing authentication schemes.
Finally, we formally prove that the proposed scheme is a secure mutual authentication and key exchange scheme under the assumptions of semantic
security of encryption, indistinguishability of a pseudorandom function and a random function, and indistinguishability
of a pseudorandom permutation and a random permutation.
|
5 |
One-Round Mutual Authentication Mechanism Based on Symmetric-Key Cryptosystems with Forward Secrecy and Location Privacy for Wireless NetworksCheng, Yen-hung 12 August 2009 (has links)
In recent years, the development of mobile networks is thriving or flourishing from 2G GSM,
2.5G GPRS, 3G UMTS to All-IP 4G, which integrates all heterogeneous networks and becomes
mature and popular nowadays. Using mobile devices for voice transferring and multimedia
sharing is also a part of our life. Mobile networks provide us an efficient way to
exchange messages easily. However, these messages often contain critical personal data or
private information. Transferring these messages freely in mobile network is dangerous since
they can be eavesdropped easily by malicious mobile users for some illegal purposes, such as
committing a crime.
Hence, to avoid the exposure of the transmitted messages, robust security mechanisms are
required. In this thesis, we will propose a one-round mutual authentication protocol which is
computation and communication efficient and secure such that the privacy of mobile users¡¦
identities and the confidentiality of their transmitted data are guaranteed. In computation
complexity, the protocol only employs symmetric encryption and hash-mac functions. Due
to the possession of forward secrecy, the past encrypted messages are secure, even under the
exposure of long-term keys. Furthermore, our scheme achieves the goal of user privacy and
location privacy by changing TMSI in every session. Therefore, the third party cannot link
two different sessions by eavesdropping the communication. Finally, our scheme also can
prevent false base attacks which make use of a powerful base station to redirect mobile users¡¦
messages to a fake base station to obtain certain advantages.
|
6 |
Role of Cryptographic Welch-Gong (WG-5) Stream Cipher in RFID SecurityMota, Rajesh Kumar 22 May 2012 (has links)
The purpose of this thesis is to design a secure and optimized cryptographic stream cipher for passive type Radio Frequency Identification (RFID) tags.
RFID technology is a wireless automatic tracking and identification device. It has become an integral part of our daily life and it is used in many applications such as electronic passports, contactless payment systems, supply chain management and so on. But the information carried on RFID tags are vulnerable to unauthorized access (or various threats) which raises the security
and privacy concern over RFID devices. One of the possible solutions to protect the confidentiality, integrity and to provide authentication is, to use a cryptographic stream cipher which encrypts the original information with a pseudo-random bit sequence. Besides that RFID tags
require a resource constrained environment such as efficient area, power and high performance cryptographic systems with large security margins. Therefore, the architecture of stream cipher
provides the best trade-off between the cryptographic security and the hardware efficiency.
In this thesis, we first described the RFID technology and explain the design requirements for passive type RFID tags. The hardware design for passive tags is more challenging due to its stringent requirements like power consumption and the silicon area. We presented different design measures and some of the optimization techniques required to achieve low-resource
cryptographic hardware implementation for passive tags.
Secondly, we propose and implement a lightweight WG-5 stream cipher, which has good proven cryptographic mathematical properties. Based on these properties we measured the security analysis of WG-5 and showed that the WG-5 is immune to different types of attacks such as algebraic attack, correlation attack, cube attack, differential attack, Discrete Fourier Transform attack (DFT), Time-Memory-Data trade-off attack. The implementation of WG-5 was carried out using 65 nm and 130 nm CMOS technologies. We achieved promising results of WG-5 implementation in terms of area, power, speed and optimality. Our results outperforms most of the other stream ciphers which are selected in eSTREAM project.
Finally, we proposed RFID mutual authentication protocol based on WG-5. The security and privacy analysis of the proposed protocol showed that it is resistant to various RFID attacks such
as replay attacks, Denial-of-service (DoS) attack, ensures forward privacy and impersonation attack.
|
7 |
Provably Secure Privacy Mechanism for Authentication, Billing and Payment in Mobile CommunicationsShi-Ming, Vincent 23 August 2010 (has links)
Mobile communication is very mature today due to the powerful computation and communication capabilities of mobile devices, the flourishing of mobile networks, the popularity of electronic commerce, and the completeness of e-payment mechanisms. It is a pleasure for mobile users to roam around the mobile networks and enjoy the mobile network services. However, there are a lot of security threats in the mobile networks, and thus we need an anonymous mutual authentication and key exchange scheme to guarantee the security and privacy for mobile users in the networks. A payment protocol is also required for charging the mobile users after using the mobile services. However, the existing payment schemes do not support anonymity
and credit-based chargeability at the same time. In this dissertation, we propose a secure authentication scheme such that the mobile users can be anonymously authenticated by the system and the system can still make correct charge to these anonymous mobile users via a credit-based way simultaneously. We also propose a novel e-cash scheme which can support each mobile user to withdraw a generic e-cash and decide to spend it as an on-line e-cash or an off-line e-cash according to the payment requirement of the anonymous authentication scheme. Our proposed schemes are convenient and flexible for the mobile users, the system operator, and the bank. Besides, full privacy can be achieved for mobile users owing to the combination of our proposed schemes, which can be performed in current mobile devices efficiently with few battery energy consumptions. Furthermore, we provide anonymity control, no swindling, tamper resistance, secure mutual authentication, secure key exchange, and secure forward secrecy in the proposed anonymous authentication scheme and the e-cash scheme, where these security features are demonstrated by formal security models and theoretical proofs.
|
8 |
Role of Cryptographic Welch-Gong (WG-5) Stream Cipher in RFID SecurityMota, Rajesh Kumar 22 May 2012 (has links)
The purpose of this thesis is to design a secure and optimized cryptographic stream cipher for passive type Radio Frequency Identification (RFID) tags.
RFID technology is a wireless automatic tracking and identification device. It has become an integral part of our daily life and it is used in many applications such as electronic passports, contactless payment systems, supply chain management and so on. But the information carried on RFID tags are vulnerable to unauthorized access (or various threats) which raises the security
and privacy concern over RFID devices. One of the possible solutions to protect the confidentiality, integrity and to provide authentication is, to use a cryptographic stream cipher which encrypts the original information with a pseudo-random bit sequence. Besides that RFID tags
require a resource constrained environment such as efficient area, power and high performance cryptographic systems with large security margins. Therefore, the architecture of stream cipher
provides the best trade-off between the cryptographic security and the hardware efficiency.
In this thesis, we first described the RFID technology and explain the design requirements for passive type RFID tags. The hardware design for passive tags is more challenging due to its stringent requirements like power consumption and the silicon area. We presented different design measures and some of the optimization techniques required to achieve low-resource
cryptographic hardware implementation for passive tags.
Secondly, we propose and implement a lightweight WG-5 stream cipher, which has good proven cryptographic mathematical properties. Based on these properties we measured the security analysis of WG-5 and showed that the WG-5 is immune to different types of attacks such as algebraic attack, correlation attack, cube attack, differential attack, Discrete Fourier Transform attack (DFT), Time-Memory-Data trade-off attack. The implementation of WG-5 was carried out using 65 nm and 130 nm CMOS technologies. We achieved promising results of WG-5 implementation in terms of area, power, speed and optimality. Our results outperforms most of the other stream ciphers which are selected in eSTREAM project.
Finally, we proposed RFID mutual authentication protocol based on WG-5. The security and privacy analysis of the proposed protocol showed that it is resistant to various RFID attacks such
as replay attacks, Denial-of-service (DoS) attack, ensures forward privacy and impersonation attack.
|
9 |
Analysis of Methods for Chained Connections with Mutual Authentication Using TLS / Analys av metoder för kedjade anslutningar med ömsesidig autentisering användandes TLSPetersson, Jakob January 2015 (has links)
TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS.
|
10 |
Framework to Secure Cloud-based Medical Image Storage and Management System CommunicationsRostrom, Timothy James 12 December 2011 (has links) (PDF)
Picture Archiving and Communication Systems (PACS) have been traditionally constrained to the premises of the healthcare provider. This has limited the availability of these systems in many parts of the world and mandated major costs in infrastructure for those who employ them. Public cloud services could be a solution that eases the cost of ownership and provides greater flexibility for PACS implementations. This could make it possible to bring medical imaging services to places where it was previously unavailable and reduce the costs associated with these services for those who utilize them. Moving these systems to public cloud infrastructure requires that an authentication and encryption policy for communications is established within the PACS environment to mitigate the risks incurred by using the Internet for the communication of medical data. This thesis proposes a framework which can be used to create an authenticated and encrypted channel to secure the communications with a cloud-based PACS. This framework uses the Transport Layer Security (TLS) protocol and X.509 certificates to create a secured channel. An enterprise style PKI is used to provide a trust model to authorize endpoints to access the system. The validity of this framework was tested by creating a prototype cloud-based PACS with secured communications. Using this framework will provide a system based on trusted industry standards which will protect the confidentiality and integrity of medical data in transit when using a cloud-based PACS service.
|
Page generated in 0.0916 seconds