Webová aplikace využívající vícefaktorovou autentizaci / Web application utilizing multi-factor authentication

Humpolík, Jan

January 2013

In the thesis are described and implemented 5 methods (some with their own proposal) of multifactor authentication in web application environment. The results of the work is the web application and individual authentication methods (which are attached separately) for use in your own web application.

Continuous Authentication using Stylometry

Brocardo, Marcelo Luiz

30 April 2015

Static authentication, where user identity is checked once at login time, can be circumvented no matter how strong the authentication mechanism is. Through attacks such as man-in-the-middle and its variants, an authenticated session can be hijacked later after the initial login process has been completed. In the last decade, continuous authentication (CA) using biometrics has emerged as a possible remedy against session hijacking. CA consists of testing the authenticity of the user repeatedly throughout the authenticated session as data becomes available. CA is expected to be carried out unobtrusively, due to its repetitive nature, which means that the authentication information must be collectible without any active involvement of the user and without using any special purpose hardware devices (e.g. biometric readers). Stylometry analysis, which consists of checking whether a target document was written or not by a specific individual, could potentially be used for CA. Although stylometric techniques can achieve high accuracy rates for long documents, it is still challenging to identify an author for short documents, in particular when dealing with large author populations. In this dissertation, we propose a new framework for continuous authentication using authorship verification based on the writing style. Authorship verification can be checked using stylometric techniques through the analysis of linguistic styles and writing characteristics of the authors. Different from traditional authorship verification that focuses on long texts, we tackle the use of short messages. Shorter authentication delay (i.e. smaller data sample) is essential to reduce the window size of the re-authentication period in CA. We validate our method using different block sizes, including 140, 280, and 500 characters, and investigate shallow and deep learning architectures for machine learning classification. Experimental evaluation of the proposed authorship verification approach based on the Enron emails dataset with 76 authors yields an Equal Error Rate (EER) of 8.21% and Twitter dataset with 100 authors yields an EER of 10.08%. The evaluation of the approach using relatively smaller forgery samples with 10 authors yields an EER of 5.48%. / Graduate

Continuous authentication

Stylometry

Deep Belief Network

short message verification

Study on Telemetry Data Authentication Protocol in Arms Control Verification

Qiang, Huang, Fan, Yang

10 1900

International Telemetering Conference Proceedings / October 25-28, 1999 / Riviera Hotel and Convention Center, Las Vegas, Nevada / The arms control verification activity is executed between countries, so various telemetry data will be remote-transmitted in the public signal channel and can be easily tampered. In order to secure this data’s authenticity and integrality, the paper has established a Multi-layer Data Authentication Protocol (MDAP) in which the key cryptographic technologies are digital signature and authentication. Meanwhile, overall evaluations of MDAP have been presented. We proved the MDAP is secure.

Telemetry Data

Data Authentication Protocol

Arms Control Verification

Digital Signature

FLIGHT TERMINATION COMMAND AUTHENTICATION USING BLOCK ENCRYPTION

Arce, Dennis

10 1900

International Telemetering Conference Proceedings / October 21, 2002 / Town & Country Hotel and Conference Center, San Diego, California / Next generation flight termination systems (FTSs) will use digital technologies to verify the authenticity of range safety commands by command receiver-decoders located on each vehicle. This paper will discuss the general principles behind simplex message authentication using a block encryption cipher, and presents examples for demonstration.

Range Safety

Flight Termination

Authentication

Encryption

Block Cipher

The application of hash chains and hash structures to cryptography

Page, Thomas

January 2009

In this thesis we study how hash chains and other hash structures can be used in various cryptographic applications. In particular we focus on the applications of entity authentication, signatures and key establishment. We study recursive application of hash functions to create hash chains, hash trees and other hash structures. We collate all these to form a catalogue of structures that we apply to various cryptographic applications. We study existing work on authentication and create many entity authentication schemes based on structures from our catalogue. We present a novel algorithm to find efficient signature schemes from any given hash structure. We study some suggestions for suitable hash structures and define a particular scalable hash structure complete with a simple message to signature map that is the most efficient such scheme of which we know. We explore k-time signature schemes and identify two new properties, which we call perforated and porous. We look at the application of hash structures to key establishment schemes. We compare the existing schemes and make improvements on many. We present a new key establishment scheme, and show a link between certain k-time signatures and certain key establishment schemes. We look at the other applications of hash structures, and suggest areas in which our catalogue could be used for further development.

500

建立一個以服務多代理者系統為主的公鑰匙架構 / Building a Public Key Infrastructure for Multi-Agent Systems

唐朝緯, Chao-Wei Tang

Unknown Date

代理者（Agent）是一個自主性的軟體程式，可以幫助代表人類在網際網路上從事各種的電子化服務（E-Service）。由於目前多代理者系統缺少了安全管理的機制，以致於目前為止代理者代表人類在網上從事活動的行為還不被大家接受。因此，我們提出了一套以代理者為導向的公鑰匙架構（Agent-Oriented Public Key Infrastructure, APKI），各式各樣的數位憑證被產生、儲存、註銷及驗證，以滿足不同存取控制的需求。例如，代理者的認證是以代理者身份憑證為基礎，而授權的部分則以授權憑證或屬性憑證來做驗證。透過這些數位憑證，我們可以在虛擬網路上的代理者之間建立一條信任路徑，一個安全的電子化服務的實際應用範例將會以此架構實作及呈現出來，以驗證我們所提架構的可行性。 / Agent is autonomous software that mediates e-service for human on the Internet. The acceptance of agent-mediated e-service (AMES) is very slow for the lacking of security management infrastructure for multi-agent system. Therefore we proposed an agent-oriented public key infrastructure (APKI) for multi-agent e-service. In this APKI, a taxonomy of digital certificates are generated, stored, verified, and revoked to satisfy different access and delegation control purposes. Agent identity certificate was designed for agent’s authentication whereas attributed and agent authorization certificates were proposed for agent’s authorization and delegation. Using these digital certificates, we establish agent trust relationships on the cyberspace. A trusted agent-mediated e-service scenario will be shown to demonstrate the feasibility of our APKI.

Public Key Infrastructure

Multi-Agent Systems

Security

Authentication

Authorization

Recognizing User Identity by Touch on Tabletop Displays: An Interactive Authentication Method

Torres Peralta, Raquel

January 2012

Multi-touch tablets allow users to interact with computers through intuitive, natural gestures and direct manipulation of digital objects. One advantage of these devices is that they can offer a large, collaborative space where several users can work on a task at the same time. However the lack of privacy in these situations makes standard password-based authentication easily compromised. This work presents a new gesture-based authentication system based on users' unique signature of touch motion. This technique has two key features. First, at each step in authentication the system prompts the user to make a specific gesture selected to maximize the expected long-term information gain. Second, each gesture is integrated using a hierarchical probabilistic model, allowing the system to accept or reject a user after a variable number of gestures. This touch-based approach would allow the user to accurately authenticate without the need to cover their hand or look over their shoulder. This method has been tested using a set of samples collected under real-world conditions in a business office, with a touch tablet that was used on a near daily basis by users familiar with the device. Despite the lack of sophisticated, high-precision equipment, the system is able to achieve high user recognition accuracy with relatively few gestures, demonstrating that human touch patterns have a distinctive signature" that can be used as a powerful biometric measure for user recognition and personalization.

Multitouch

User Recognition

Computer Science

Authentication

Machine Learning

Unfinished Business: Toward a Reformational Conception of Truth

Zuidervaart, Lambert

January 2009

This essay presents an emerging conception of truth and shows how it appropriates Herman Dooyeweerd’s conception. First I compare my “critical hermeneutics” with other reformational models of critique. Then I propose to think of truth as a dynamic correlation between (1) human fidelity to societal principles and (2) a life-giving disclosure of society. This conception recontextualizes the notion of propositional truth, and it links questions of intersubjective validity with Dooyeweerd’s emphasis on “standing in the truth.” While abandoning his idea of transcendent truth, I seek to preserve the holism and normativity of Dooyeweerd’s radical conception.

Truth

Dooyeweerd, Herman

Reformational philosophy

Societal principles

Heidegger, Martin

Authentication

Behaviour profiling for mobile devices

Li, Fudong

January 2012

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many multimedia services through a wide range of applications over multiple networks as well as on the handheld device itself. These services are predominantly driven by data, which is increasingly associated with sensitive information. Such a trend raises the security requirement for reliable and robust verification techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel Behaviour Profiling security framework for mobile devices. The research starts with a critical review of existing mobile technologies, security threats and mechanisms, and highlights a broad range of weaknesses. Therefore, attention is given to biometric verification techniques which have the ability to offer better security. Despite a large number of biometric works carried out in the area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a specific behaviour to enable the system to function or only capable of providing security for network based services. To this end, the behaviour profiling technique is identified as a potential candidate to provide high level security from both authentication and IDS aspects, operating in a continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users general applications usage, telephone, text message and multi-instance application usage with the best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively. Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is proposed. The framework is able to provide a robust, continuous and non-intrusive verification mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The framework is able to utilise user behaviour to continuously evaluate the system security status of the device. With a high system security level, users are granted with instant access to sensitive services and data, while with lower system security levels, users are required to reassure their identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a simulation system. A series of security scenarios are designed to demonstrate the effectiveness of the novel framework to verify legitimate and imposter activities. By employing the smoothing function of three applications, verification time of 3 minutes and a time period of 60 minutes of the degradation function, the Behaviour Profiling framework achieved the best performance with False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09% for their counterparts.

004

Managing near field communication (NFC) payment applications through cloud computing

Pourghomi, Pardis

January 2014

The Near Field Communication (NFC) technology is a short-range radio communication channel which enables users to exchange data between devices. NFC provides a contactless technology for data transmission between smart phones, Personal Computers (PCs), Personal Digital Assistants (PDAs) and such devices. It enables the mobile phone to act as identification and a credit card for customers. However, the NFC chip can act as a reader as well as a card, and also be used to design symmetric protocols. Having several parties involved in NFC ecosystem and not having a common standard affects the security of this technology where all the parties are claiming to have access to client’s information (e.g. bank account details). The dynamic relationships of the parties in an NFC transaction process make them partners in a way that sometimes they share their access permissions on the applications that are running in the service environment. These parties can only access their part of involvement as they are not fully aware of each other’s rights and access permissions. The lack of knowledge between involved parties makes the management and ownership of the NFC ecosystem very puzzling. To solve this issue, a security module that is called Secure Element (SE) is designed to be the base of the security for NFC. However, there are still some security issues with SE personalization, management, ownership and architecture that can be exploitable by attackers and delay the adaption of NFC payment technology. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compared to the use of SE as a single entity in an NFC enabled mobile phone. We believe cloud computing can solve many issues in regards to NFC application management. Therefore, in the first contribution of part of this thesis we propose a new payment model called “NFC Cloud Wallet". This model demonstrates a reliable structure of an NFC ecosystem which satisfies the requirements of an NFC payment during the development process in a systematic, manageable, and effective way.

004.1675