Identity Authentication and Near Field Device Authentication for Smart Devices

January 2014

abstract: The widespread adoption of mobile devices gives rise to new opportunities and challenges for authentication mechanisms. Many traditional authentication mechanisms become unsuitable for smart devices. For example, while password is widely used on computers as user identity authentication, inputting password on small smartphone screen is error-prone and not convenient. In the meantime, there are emerging demands for new types of authentication. Proximity authentication is an example, which is not needed for computers but quite necessary for smart devices. These challenges motivate me to study and develop novel authentication mechanisms specific for smart devices. In this dissertation, I am interested in the special authentication demands of smart devices and about to satisfy the demands. First, I study how the features of smart devices affect user identity authentications. For identity authentication domain, I aim to design a continuous, forge-resistant authentication mechanism that does not interrupt user-device interactions. I propose a mechanism that authenticates user identity based on the user's finger movement patterns. Next, I study a smart-device-specific authentication, proximity authentication, which authenticates whether two devices are in close proximity. For prox- imity authentication domain, I aim to design a user-friendly authentication mechanism that can defend against relay attacks. In addition, I restrict the authenticated distance to the scale of near field, i.e., a few centimeters. My first design utilizes a user's coherent two-finger movement on smart device screen to restrict the distance. To achieve a fully-automated system, I explore acoustic communications and propose a novel near field authentication system. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2014

Computer science

acoustic communications

Identity

Mobile Authentication

Proximity Authentication

Smartphones

touch screen

Architectural Design of a Conformative Authentication Service for Security Platforms

Hermansson, Mikael

January 2013

Authentication services in security platforms often need to handle different types of systems which have various requirements regarding the authentication. These requirements can often interfere with each other and the issue here is that the authentication service often needs to be manually adjusted to comply with these requirements. Therefore there is a need for a flexible architectural design which enables changes and could open up for new emerging technologies and possibilities. This thesis presents an architectural design of a conformative authentication service based on SAML 2.0 to be used in security platforms. In this thesis a requirements analysis was performed and an architectural design was developed. The architectural design presented in this thesis is conformative in various aspects, e.g. usage of various authentication methods, versatile handling of attributes, handling of various SAML 2.0 profiles, possibilities to participate in various identity federations and handling of legacy systems not supporting SAML. In addition, an evaluation comparing the candidate architectural design presented in this thesis with a currently active architectural design was performed. This evaluation showed that the candidate architectural design was considered better for more usage scenarios.

Authentication Service

Software Architecture

Security Architecture

Identity Management

Electronic Authentication

SAML

Computer Engineering

Datorteknik

Flexible Digital Authentication Techniques

Ge, He

05 1900

Abstract This dissertation investigates authentication techniques in some emerging areas. Specifically, authentication schemes have been proposed that are well-suited for embedded systems, and privacy-respecting pay Web sites. With embedded systems, a person could own several devices which are capable of communication and interaction, but these devices use embedded processors whose computational capabilities are limited as compared to desktop computers. Examples of this scenario include entertainment devices or appliances owned by a consumer, multiple control and sensor systems in an automobile or airplane, and environmental controls in a building. An efficient public key cryptosystem has been devised, which provides a complete solution to an embedded system, including protocols for authentication, authenticated key exchange, encryption, and revocation. The new construction is especially suitable for the devices with constrained computing capabilities and resources. Compared with other available authentication schemes, such as X.509, identity-based encryption, etc, the new construction provides unique features such as simplicity, efficiency, forward secrecy, and an efficient re-keying mechanism. In the application scenario for a pay Web site, users may be sensitive about their privacy, and do not wish their behaviors to be tracked by Web sites. Thus, an anonymous authentication scheme is desirable in this case. That is, a user can prove his/her authenticity without revealing his/her identity. On the other hand, the Web site owner would like to prevent a bunch of users from sharing a single subscription while hiding behind user anonymity. The Web site should be able to detect these possible malicious behaviors, and exclude corrupted users from future service. This dissertation extensively discusses anonymous authentication techniques, such as group signature, direct anonymous attestation, and traceable signature. Three anonymous authentication schemes have been proposed, which include a group signature scheme with signature claiming and variable linkability, a scheme for direct anonymous attestation in trusted computing platforms with sign and verify protocols nearly seven times more efficient than the current solution, and a state-of-the-art traceable signature scheme with support for variable anonymity. These three schemes greatly advance research in the area of anonymous authentication. The authentication techniques presented in this dissertation are based on common mathematical and cryptographical foundations, sharing similar security assumptions. We call them flexible digital authentication schemes.

Computer networks -- Security measures.

Computer security.

Authentication.

authentication

anonymity

digital signature

cryptographic protocols

Multiplatformní autentizační systém / Multiplatform authentication system

Pokorný, Lukáš

January 2015

This thesis describes the design of a multiplatform authentication system that enables user authentication by using a wide variety of authentication tokens. The theoretical part is devoted to an overview of authentication interfaces with focus on modern methods of verification. There is also an overview of authentication schemes. The practical part gives requirements for an authentication terminal and sets a specific hardware structure, including the specification of individual functional blocks. The implementation of the software logic uses Java and JavaScript programming languages. Attention is also paid to the used authentication schemes including details and comparison of used platforms. Finally, we evaluate the user and security aspects of the proposed solution. It is also given the possibility of additional hardware and software optimization.

Adding bandwidth specification to a AAA Sever

Zhou, Jia

January 2008

Authentication, authorization, and accounting (AAA) are key elements in network security. In many networks, clients can use resources only after they have been authenticated by an authentication server and authorized to use these resources. In some cases the server will also maintain accounting records in order for an operator (a provider of resources) to charge the account/subscriber for using the service. There are four main AAA protocols being used today. Of these RADIUS is the mostly widely used. This thesis starts with an introduction to AAA protocols, and then goes in the details of RADIUS. In order to perform a practical evaluation of how the AAA could be improved, FreeRADIUS was selected as the base code for this project; because this implementation is one of the most widely used RADIUS servers. A proposal for how to improve AAA performance is introduced and the implementation steps needed to realize these improvements are shown. Additionally, some experiments have been conducted to show both the correct functioning of the resulting implementation and to examine if there is a performance improvement. Following this some conclusions are drawn based upon a comparison with a traditional AAA server. A key element of the change in AAA which is proposed is the use of a non-binary IEEE 802.1x process. This new non-binary solution introduces a new type of AAA server and requires the re-thinking of a number of traditional AAA design decisions. It is expected that this change will have a significant impact, but will require some time for exposure, implementation by others, and a more extensive evaluation that was possible during the period of this thesis project. One of the most important conclusions drawn during this thesis is the difficulty of making a change in authentication and authorization, because of the large amount of interaction between both the various protocols and the standards which have been developed for these protocols. Thus one of the difficult aspects of the task is how to introduce a change in a protocol while maintaining backward compatibility for others who have not adopted this change -- without requiring the addition of a protocol version field. A second important conclusion is that doing this implementation in three separate parts with different students being responsible for the different parts revealed just how complex the interaction of protocol design decisions are. While a working version of the entire set of changes proved to be impossible, it was observed that the different parts could be decoupled more than initially expected.

AAA

RADIUS

FreeRADIUS

authentication

non-binary authentication

IEEE 802.1x

Communication Systems

Kommunikationssystem

Some Improvements to Social Authentication and Bot Detection and Their Applications in IoT

Krzciok, Jacob James

19 April 2023

No description available.

Computer Science

IoT

Social Authentication

Bot Detection

Trustee-based social authentication

Handover optimised authentication scheme for high mobility wireless multicast

Mapoka, Trust T., Shepherd, Simon J., Abd-Alhameed, Raed, Anoh, Kelvin O.O.

January 2015

No / In this paper a distributed handover optimized authentication scheme based on independent session key per access network (HOISKA) is developed for the decentralized multi-service group key management scheme over wireless mobile multicast. It enables a handover user Mi involved in multiple multicast service subscriptions to securely reuse the long term credential initially issued by the trusted authentication server (As) for deriving unique session keys per access network as it performs handover authentication across various access networks. The distributed nature of the scheme enables offloading the authentication function to the area network controllers (AKDs) such that As is not involved during handover exchange authentication signaling. This simplifies handover by reducing handover exchange signalling constituting to handover delays. Handover Access authentication (HAA) phase in HOISKA is presented then analyzed using the delay analytical model. The model proves efficacy by inducing minimum delays with less handover blocking probability while providing same level of security to the widely deployed handover authentication scheme.

Transmitter Authentication in Dynamic Spectrum Sharing

Kumar, Vireshwar

02 February 2017

Recent advances in spectrum access technologies, such as software-defined radios, have made dynamic spectrum sharing (DSS) a viable option for addressing the spectrum shortage problem. However, these advances have also contributed to the increased possibility of "rogue" transmitter radios which may cause significant interference to other radios in DSS. One approach for countering such threats is to employ a transmitter authentication scheme at the physical (PHY) layer. In PHY-layer authentication, an authentication signal is generated by the transmitter, and embedded into the message signal. This enables a regulatory enforcement entity to extract the authentication signal from the received signal, uniquely identify a transmitter, and collect verifiable evidence of a rogue transmission that can be used later during an adjudication process. There are two primary technical challenges in devising a transmitter authentication scheme for DSS: (1) how to generate and verify the authentication signal such that the required security and privacy criteria are met; and (2) how to embed and extract the authentication signal without negatively impacting the performance of the transmitters and the receivers in DSS. With regard to dealing with the first challenge, the authentication schemes in the prior art, which provide privacy-preserving authentication, have limited practical value for use in large networks due to the high computational complexity of their revocation check procedures. In this dissertation, the novel approaches which significantly improve scalability of the transmitter authentication with respect to revocation, are proposed. With regard to dealing with the second challenge, in the existing PHY-layer authentication techniques, the authentication signal is embedded into the message signal in such a way that the authentication signal appears as noise to the message signal and vice versa. Hence, existing schemes are constrained by a fundamental tradeoff between the message signal's signal to interference and noise ratio (SINR) and the authentication signal's SINR. In this dissertation, the novel approaches which are not constrained by the aforementioned tradeoff between message and authentication signals, are proposed. / Ph. D.

Dynamic spectrum sharing

spectrum security and enforcement

privacy-preserving authentication

anonymous attestation

blind authentication.

Traçabilité sécurisée embarquée : authentification autonome d'objets et de systèmes embarqués / Embedded and secure traceability : autonomous authentication of objects and of embedded systems

Idrissa, Abdourhamane

20 September 2012

L'authentification homme-machine est une problématique largement développée pour les télécommunications. Une authentification dans le sens "machine-homme" permettra d'assurer l'utilisateur humain assermenté du fonctionnement intègre d'une machine lors, par exemple, d'une session de vote électronique ou d'une vérification d'objet en traçabilité sécurisée. Cette thèse se focalise sur la traçabilité sécurisée sans accès (systématique) à un canal de communication. Nous décrivons différentes techniques d'authentification de produits manufacturés en nous concentrant sur une méthode de caractérisation de motifs imprimés. Pour effectivement authentifier un objet, nous montrons qu'un agent vérifieur doit s'assurer de l'intégrité du tiers et du système électronique utilisée pour la vérification. Cependant l'authenticité du système électronique lui-même reste à vérifier. La question que nous adressons alors est la suivante : comment un être humain peut-il se convaincre de l'intégrité et de l'authenticité d'un système embarqué dans un mode hors ligne ? Nous définissons deux familles de solutions. Dans la première, l'utilisateur fait appel, pour les calculs, à un dispositif auxiliaire tandis que dans la seconde l'utilisateur ne fait usage que d'un papier et d'un crayon. Pour chacune des deux familles, nous proposons un protocole d'authentification d'un système embarqué dont la puce, typiquement un FPGA ou un microcontrôleur, dépend de la configuration ou de la programmation d'une mémoire RAM / "Human-to-Machine" authentication is widely developed for modern telecommunications. A "Machine-to-Human" authentication will ensure the trusted human user about the integrity of the machine, for example during an electronic voting session or object verification in secure traceability. This work is focused on secure traceability without any systematic access to a communication network. We depict different technics for goods authentication and we focus on a method based on the characterization of printed patterns. To completely authenticate an object, we show that a human verifier has to be confident in the integrity of the third party and the electronic system involved in the verification phase. However, the authenticity of the electronic system itself has also to be verified. We address here the following question : how a human being can convince himself about the integrity and the authenticity of an embedded system in an off-line environment ? We propose two groups of solutions. In the first one, an auxiliary electronic device is used to perform computing operations. In the second one, the human capability (memory and computational abilities) is exploited. In each group, we propose a protocol to authenticate embedded systems for which the chip (typically an FPGA (Field Programmable Gate Array) or a microcontroller) is initialized according to the configuration or programming of its RAM memory

Authentification

Authentification d'objets

Traçabilité sécurisée

Protocole d'authentification

Authentification machine-homme

FPGA

Microcontrôleur

Authentication

Object verification

Secure traceability

Authentication protocol

Human-to-machine authentication

FPGA

Microcontroller

Digital watermarking in medical images

Zain, Jasni Mohamad

January 2005

This thesis addresses authenticity and integrity of medical images using watermarking. Hospital Information Systems (HIS), Radiology Information Systems (RIS) and Picture Archiving and Communication Systems (P ACS) now form the information infrastructure for today's healthcare as these provide new ways to store, access and distribute medical data that also involve some security risk. Watermarking can be seen as an additional tool for security measures. As the medical tradition is very strict with the quality of biomedical images, the watermarking method must be reversible or if not, region of Interest (ROI) needs to be defined and left intact. Watermarking should also serve as an integrity control and should be able to authenticate the medical image. Three watermarking techniques were proposed. First, Strict Authentication Watermarking (SAW) embeds the digital signature of the image in the ROI and the image can be reverted back to its original value bit by bit if required. Second, Strict Authentication Watermarking with JPEG Compression (SAW-JPEG) uses the same principal as SAW, but is able to survive some degree of JPEG compression. Third, Authentication Watermarking with Tamper Detection and Recovery (AW-TDR) is able to localise tampering, whilst simultaneously reconstructing the original image.

616.07540285582