Global ETD Search

1	Graphical one-time password authentication Alsaiari, Hussain January 2016 (has links) Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords appears difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. One-Time Passwords (OTPs) aim to overcome such problems; however, most implemented OTP techniques require special hardware, which not only adds costs, but also raises issues regarding availability. This type of authentication mechanism is mostly adopted by online banking systems to secure their clients’ accounts. However, carrying around authentication tokens was found to be an inconvenient experience for many customers. Not only the inconvenience, but if the token was unavailable, for any reason, this would prevent customers from accessing their accounts securely. In contrast, there is the potential to use graphical passwords as an alternative authentication mechanism designed to aid memorability and ease of use. The idea of this research is to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. A new multi-level user-authentication solution known as: Graphical One-Time Password (GOTPass) was proposed and empirically evaluated in terms of usability and security aspects. The usability experiment was conducted during three separate sessions, which took place over five weeks, to assess the efficiency, effectiveness, memorability and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Eighty-one participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5 seconds. With regard to the security evaluation, the research simulated three common types of graphical password attacks (guessing, intersection, and shoulder-surfing). The participants’ task was to act as attackers to try to break into the system. The GOTPass scheme showed a high resistance capability against the attacks, as only 3.3% of the 690 total attempts succeeded in compromising the system. 005.8
2	The Use of One-Time Password and RADIUS Authentication in a GSS-API Architecture Yang, Xi January 2006 (has links) The Generic Security Service Application Program Interface (GSS-API) is an architecture that facilitates applications using distributed security services in a mechanism-independent fashion. GSS-API is supported by various underlying mechanisms and technologies such as Kerberos version 5 and public-key technologies. However, no one-time password based GSS-API mechanism existed. This thesis focuses on an investigation using one-time passwords together with RADIUS authentication as a protection facility for a GSS-API mechanism. This thesis presents a security architecture using one-time passwords to establish a GSS-API security context between two communicating peers. The proposed one-time password based GSS-API mechanism could be used to enhance the security of user authentication. Moreover, the mechanism can greatly facilitate static-password based system’s transition to stronger authentication. / IETF GSS-API är ett applikationsgränssnitt (API) som tillhandahåller distribuerade säkerhetstjänster för autentisering och datakonfidentialitet oberoende av den underliggande säkerhetarkitekturen. Applikationer som skrivs mot detta API kan på detta sätt flyttas eller porteras utan att västentligen skrivas om. GSS-API stöds av ett flertal undrliggande säkerhetsarkitekturer som tex Kerberos 5, Windows NTLM och PKI. API har också sk bindings för "C" och Java. I dagsläget finns det dock ingen lösning som baseras på engångslösenord. Denna magisteruppsats har som mål att undersöka möjligheten att använda engångslösenord tillsammans med RADIUS för att implementera en ny GSS-API mechanism. Denna uppsats presenterar ett förslag för hur RADIUS och engångslösenord kan användas för att säkra kommunikationen mellan två GSS-API entiteter. Den föreslagna mekanismen kan också användas för att förbättra säkerheten för användarautentisering och möjliggöra en övergång från statiska lösenord till stark autentisering. GSS-API one-time password RADIUS authentication Communication Systems Kommunikationssystem
3	One Time Password Scheme Via Secret Sharing Techniques Miceli, Christopher 20 May 2011 (has links) Many organizations today are seeking to improve security by implementing multi-factor authentication, i.e. authentication requiring more than one independent mechanism to prove one's identity. One-time passwords in the form of hardware tokens in combination with conventional passwords have emerged as the predominant means in high security environments to satisfy the independent identification criteria for strong authentication. However, current popular public one-time passwords solutions such as HOTP, mOTP, TOTP, and S/Key depend on the computational complexity of breaking encryption or hash functions for security. This thesis will present an efficient and information-theoretically secure one-time password system called Shamir-OTP that is based upon secret sharing techniques. Shamir secret sharing Proactive secret sharing Verifiable secret sharing one-time password multi-factor authentication password
4	Protecting Telemetry Data from Compromise Learning from the Mistakes of the Breached! Kalibjian, Jeff 11 1900 (has links) Information has value and as such any network based computer (whether that network touches the Internet or not) has the potential to be hacked. Telemetry data is not immune to the threat. While there are a myriad of security sensor and analytics tools available for entities to deploy in order to protect their IT networks and assets on those networks, sometimes overlooked is also the wealth of research data available regarding the etiology of breaches that reveal fascinating, sometimes counterintuitive insights in the best ways to configure and integrate security applications to protect the organization. After reviewing the latest research data regarding computer and IT network compromise, security strategies implied in the research data appropriate to the security challenges encountered in the telemetry post processing environment will be thoroughly examined providing tangible methodologies that may be employed to better protect organization telemetry post processing and IT infrastructures. Identity management encryption two factor authentication one time password security survey
5	Usability Comparison between U2F-based Security Keys, TOTP and Plain Passwords : A Structured Literature Review Iriarte Murgiondo, Asier January 2022 (has links) Multi-factor authentication is a term that was foreign until a few years ago. But in reality, it has been around for decades in the world of computer security. In theory, has the purpose to improve the security of user authentication by adding an extra layer of security to the process. Although password authentication has been shown to be an imperfect technique, it is still the most widely used today. That is why this research has been carried out, to shed light on the issue of why multi-factor authentication is not a fundamental pillar in security. For this, two promising protocols of the second authentication factor have been chosen, Time-based One-time Password (TOTP) and Universal 2nd Factor (U2F), and the usability of these methods has been compared together with password authentication usability as well. A Systematic Literature Review has been executed to answer the raised research question. Although the setup and login processes of the protocols are excessively slow, the results show that the U2F devices are overall more usable than TOTP, as they have a more “friendly” daily usage. But not enough data has been found on TOTP to be able to make a comparison with a solid basis. / La autenticación de múltiples factores es un término que era extraño hasta hace varios años. Pero en realidad, ha existido durante décadas en el mundo de la seguridad informática. En teoría, su objetivo es mejorar la seguridad del proceso de autenticación de usuarios, agregando una capa adicional de seguridad al proceso. Aunque se ha demostrado que la autenticación de contraseña es una técnica imperfecta, sigue siendo la más utilizada en la actualidad. Esta es la razón por la que se ha realizado esta investigación, para arrojar luz sobre el tema de por qué la autenticación de múltiples factores no es un pilar fundamental en la seguridad. Para ello, se han elegido dos protocolos prometedores del segundo factor de autentificación, como son, Time-based One-time Password (TOTP) y Universal 2nd Factor (U2F), y se ha comparado la usabilidad de estos métodos junto con usabilidad de la autenticación por contraseña. Se ha realizado una Revisión Sistemática de la Literatura (Systematic Literature Review) para dar respuesta a la pregunta de investigación planteada. Aunque los procesos de configuración e inicio de sesión de los protocolos son excesivamente lentos, los resultados muestran que los dispositivos U2F son en general mas usables ya que tienen un uso diario más “amigable”. Pero no se han encontrado suficientes datos sobre TOTP para poder hacer una comparación con una sólida base. / <p><strong>Laburpena</strong> [Summary/Abstract, Basque/baskiska]</p><p>Faktore-anitzeko autentifikazioa orain dela urte gutxi arte arrotza izan den terminoetako bat da. Baina, egia esan, hamarkada batzuk daramatza segurtasun informatikoaren munduan errotua. Teorian, erabiltzaileen autentifikazio-prozesuaren segurtasuna hobetzeko helburu du, prozesuari segurtasun-geruza berri bat gehituz. Pasahitz autentifikazio teknika inperfektua dela frogatu bada ere, gaur egun oraindik erabiliena da. Horregatik egin da ikerketa hau, faktore anitzeko autentifikazioa zergatik ez den segurtasunaren oinarrizko zutabea argitzeko. Horretarako, faktore-anitzeko autentifikazio barruan aurkitzen diren bi protokolo itxaropentsu aukeratu dira, hala nola, Time-based One-time Password (TOTP) eta Universal 2nd Factor (U2F), eta hauen erabilgarritasuna konparatu da pasahitz bidezko erabilgarritasunarekin batera. Planteatutako ikerketa galderari erantzuteko Literatura Ikerketa Sistematikoa (Systematic Literature Review) burutu da, protokolo bakoitzaren onurak/eragozpenak bilduz eta hauen arteko konparaketa bat eginez. Protokoloen konfigurazio eta saioa hasteko prosezuak motelegiak badira ere, emaitzek erakusten dute U2F gailuak orokorreak TOTP baino erabilgarriagoak direla, eguneroko erabilera “lagunartekoagoa” baitute. Baina ez da datu nahikorik aurkitu TOTP-en oinarri sendo batekin konparazio bat egin ahal izateko.</p><p><strong>HITZ-GAKOAK:</strong> autentifikazioa, faktore-anitzeko autentifikazioa, Universal 2nd Factor, U2F, Time-based One-time Password, TOTP, alderaketa, erabilgarritasuna</p> authentication multi-factor authentication Universal 2nd Factor U2F Timebased One-time Password TOTP usability comparison autenticación autenticación de múltiples factores Universal 2nd Factor U2F Time-based One-time Password TOTP usabilidad Computer Sciences Datavetenskap (datalogi)
6	便捷的網路購物交易機制之研究陳逸秉 Unknown Date (has links) 在全球化的競爭下，電子商務日益蓬勃發展的同時，國內外各大企業紛紛投入各類型之網路交易的建置，但如何營造一個讓使用者方便使用且安心參與的環境，是未來網路交易成功的關鍵。目前的網路購物機制不勝楣舉，但大多是站在企業的角度加以思考，而未思索網路交易的啟動者─網路客戶的需求。雖然，一個完整的網路購物交易需要網路公司、物流業及扮演金流的銀行業者三者共同合作才算完整，但是，消費者希望感受到的不是受到「三個個別的服務」而是「一個完整的服務」，所以在規劃網路交易整體作業的流程設計時，不再只是要吻合內部管理的需要，而且必須以外部客戶的需求為導向，才不會造成網路購物速度的延宕及消費者的抱怨。本研究首先採取 AHP 研究分析方法，找出影響便捷網路購物交易的顯著因素，並透過對各業界專家的深入訪談來加以驗證後，就目前的網路購物交易機制，加強網路公司、物流公司、銀行之間的資訊流串聯，以加速整體網路交易流程；並導入實體憑證之動態密碼以提高網路交易安全，建構一個方便、安全、即時的 BtoBtoC 網路購物機制，供日後業界及學術界的參考，並讓網路無空間的理想更有實現的可能。 / Under the global competition, while e-commerce grows vigorously day by day. Most of big enterprises build all kinds of internet-shopping platform. But how to build an environment that offers more conveniences to the users? It is the key for the internet-shopping succeeds in the future. So far, there are many types of online transactional modes. These modes stand for the enterprises' inside procedure but the customers' demand. Although an intact trade of internet-shopping needs network company, logistics industry and bank to cooperate together, the consumers hope for 「an intact service」 but a 「three specific services」. That is to say, when we plan an internet transactional procedure, we must put emphasis on the customer' demand rather than the need of inside management, which will accelerate the speed of the internet-shopping and the reduction of the customers' complaint. This research takes AHP method to find out the factors that influence "The convenient internet-shopping mode", and establish the convenient internet-shopping mode, which contact the information flow among the network company, logistics company and bank in order to accelerate the internet transactional speed, and use the One-Time-Password of entity's evidence so as to raise the security of the network trading. After visiting the industry experts to verify this mechanism's practicability, this research will build a more convenient, safer and faster BtoBtoC mode, to let business and academia for reference, and let the ideal without space of the network can be realized. 網路購物流程整合動態密碼 Internet-shopping process integration One-Time-Password BtoBtoC
7	On The Efficiency Of Authentication Protocols, Digital Signatures And Their Applications In E-health: A Top-down Approach Bicakci, Kemal 01 September 2003 (has links) (PDF) Choosing an authentication protocol or a digital signature algorithm becomes more challenging when performance constraints are of concern. In this thesis, we discuss the possible options in a top-down approach and propose viable alternatives for the efficiency criteria. Before all the technical discussions, we argue that identifying prerequisites, threats and risks on an organizational context has utmost importance so that effective solutions can be delivered at a reasonable cost. For instance, one approach to solve the performance problem is to relax the security requirements if it is allowable and use one-time passwords as the more efficient entity authentication protocol. SCOTP is the first protocol proposed in this study which improves the security and flexibility of one-time passwords. After requirements are set up, another high-efficiency solution is based on new designs of improved protocols. These new protocols might utilize the trade-offs between efficiency of distinct system parameters such as communication versus computational load. SAOTS is our new protocol designed to improve the performance and increase the round efficiency of server-assisted signature protocols. With an example in e-health, we also demonstrate that efficiency can be provided on the implementation level as well, the last step in the chain. EVEREST is the third proposal in this thesis which improves the real-time efficiency of digital signatures concerning the fact that the medical images are huge in size and to verify the signature a considerable amount of time is spent to compute the hash of the image file.
8	A Comparative Analysis of SecurityServices Using Identity and AccessManagement (IAM) Muddychetty, Nithya Sree January 2024 (has links) Background: Identity and Access Management (IAM) is a critical IT securityframework for managing digital identities and resource access. With roots datingback to ancient civilizations, IAM has evolved from basic authentication to sophisticated methods. Okta, a leading cloud-based IAM platform founded in 2009, excelsin identity management, authentication, and access control. It is recognized for itscommitment to security and adaptability to cybersecurity challenges. As of October2023, Okta maintains its prominent position in the IAM market, acknowledged byGartner’s Magic Quadrant for Access Management, worldwide. Objectives: The objective of this thesis is to conduct a comprehensive comparative analysis of security services, specifically focusing on their integration with IAMsolutions. This investigation seeks to provide an examination of security serviceslike Multi-factor authentication (MFA) and Single Sign On (SSO) and evaluate theireffectiveness in conjunction with IAM. By doing so, we aim to determine which security approach offers the most robust protection in our digitally interconnected world. Methods: The primary goal of this methodology is to create a robust, secure,and user-friendly authentication and access management system using Okta withinan IAM framework. This involves the integration of both MFA and SSO features.To kickstart the process, we establish a controlled environment that mirrors thereal-world scenarios. Okta is chosen as the IAM tool, and its deployment involvesmanaging user identities, controlling access, and handling authentication. Results: The result of the study on the comparative analysis of security servicesusing IAM reveals distinct differences in the effectiveness and features among securityservices. Key findings highlight variations in authentication methods, authorizationmechanisms, and overall security robustness. This comprehensive examination provides valuable insights into the strengths and weaknesses of different IAM-basedsecurity services, offering a foundation for informed decision-making in selecting themost suitable solution for specific organizational needs. Conclusions: This thesis conclusively demonstrates the efficacy of integrating SSOand MFA into IAM. The incorporation of Biometric Authentication and Time basedOne Time-Password (TOTP) in MFA garnered strong user preference. SSO implementation streamlined authentication, reducing steps and enhancing ease of use.The overwhelmingly positive user feedback and robust security measures validateSSO+MFA as a valuable contribution to IAM, ensuring data security and user confidence. Access Control Lists Identity Access Management Multi-Factor Authentication One time password Single sign on System Usability Scale Virtual private network Computer Sciences Datavetenskap (datalogi)

Search results