• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 28
  • 8
  • 2
  • 2
  • 2
  • 1
  • Tagged with
  • 56
  • 36
  • 30
  • 21
  • 18
  • 17
  • 13
  • 13
  • 12
  • 12
  • 12
  • 11
  • 11
  • 7
  • 7
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
21

Password-authenticated two-party key exchange with long-term security

Unknown Date (has links)
In the design of two-party key exchange it is common to rely on a Die-Hellman type hardness assumption in connection with elliptic curves. Unlike the case of nite elds, breaking multiple instances of the underlying hardness assumption is here considered substantially more expensive than breaking a single instance. Prominent protocols such as SPEKE [12] or J-PAKE [8, 9, 10] do not exploit this, and here we propose a password-authenticated key establishment where the security builds on the intractability of solving a specied number of instances v of the underlying computational problem. Such a design strategy seems particularly interesting when aiming at long-term security guarantees for a protocol, where expensive special purpose equipment might become available to an adversary. In this thesis, we give one protocol for the special case when v = 1 in the random oracle model, then we provide the generalized protocol in the random oracle model and a variant of the generalized protocol in the standard model for v being a polynomial of the security parameter `. / by WeiZheng Gao. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web.
22

Critical analyses of some public-key cryptosystems for high-speed satellite transmission applications

Ma, Moses Hsingwen January 1981 (has links)
Thesis (M.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1981. / MICROFICHE COPY AVAILABLE IN ARCHIVES AND ENGINEERING. / Vita. / Bibliography: leaves 83-86. / by Moses Hsingwen Ma. / M.S.
23

Remote Password Authentication Scheme with Smart Cards and Biometrics

Lin, Yi-Hui 26 July 2006 (has links)
More and more researchers combine biometrics with passwords and smart cards to design remote authentication schemes for the purpose of high-degree security. However, in most of these authentication schemes proposed in the literatures so far, biometric characteristics are verified in the smart cards only, not in the remote servers, during the authentication processes. Although this kind of design can prevent the biometric data of the users from being known to the servers, it will result in that they are not real three-factor authentication schemes and therefore some security flaws may occur since the remote servers do not indeed verify the security factor of biometrics. In this thesis we propose a truly three-factor remote authentication scheme where all of the three security factors, passwords, smart cards, and biometric characteristics, are examined in the remote servers. Especially, the proposed scheme fully preserves the privacy of the biometric data of every user, that is, the scheme does not reveal the biometric data to anyone else, including the remote servers. Furthermore, we also demonstrate that the proposed scheme is immune to both the replay attacks and the offline-dictionary attacks and it achieves the requirement of low-computation cost for smart-card users. Finally, we give a formal analysis based on the GNY logic to prove that our goals are achieved.
24

Leveraging an Active Directory for the Generation of Honeywords

Lundström, Johan January 2018 (has links)
Honeywords, fake passwords that when used by an adversary are set to trigger an alarm, is one way of detecting security breaches. For them to be effective, however, they must resemble real passwords as closely as possible and thus, the construction of the honeywords is crucial. In this thesis, a new model for generating honeywords, PII-Syntax, is presented that was built in part on a previous model but reworked and adapted to meet new requirements. The purpose of the study was to investigate whether an Active Directory, (AD) could be used as a resource in the construction of honeywords. The assumption was that the AD contains information about real system users that could be leveraged to create high-quality honeywords because of the very fact that they are based on actual users. It is a well-known fact that many users have a natural inclination towards incorporating personal information when choosing their passwords, information that can be leveraged by an adversary making the passwords easier to retrieve. The proposed model capitalizes on this fact and bases the honeyword generation process on users’ personally identifiable information, PII. The motivation for this is to enhance the quality of the honeywords, i.e. making them more plausible from the perspective of the adversary. The resulting model performed equally well or better than all existing honeyword generation algorithms to which it was compared with regard to flatness, DoS resistivity, multiple system vulnerability and storage cost. The most important contribution, however, is the inclusion of users’ personal information in the generation of the honeywords that ultimately help strengthen the security of password-based authentication systems. Contributions from this thesis include a novel manner in which to approach a well-known problem, both in a theoretical as well as a practical sense: PII-Syntax is a new honeyword generation algorithm that apart from performing equally well or better than previous algorithms brings an added value of believability to the generated honeywords because of the inclusion of users’ personal information found in an AD.
25

Cued Click-Point Memorability

Svensson, Rickard January 2015 (has links)
The Safety of passwords has been in question for over 40 years, long before the Internet. While improvements have been made to ensure security nothing has changed with passwords since the emergence of the Internet. Passwords need to be long and complex to be secure and users should not reuse their passwords. In a world where there are thousands of services on the internet requiring authentication to keep passwords safe users will have to remember a lot of passwords. Studies show however that users are prone to both create bad passwords but to also reuse their passwords on different sites. A lot of different alternatives to passwords has been proposed but none has become dominant. Is there a good alternative to text-based passwords? Can a graphical password be that alternative? The purpose of this thesis is to create a prototype of a CCP-like system and to conduct a memorability and usability test with it. The test results suggest that CCP is easy to use for users new to the concept of graphical passwords. A CCP-password also seems memorable with most participants recalling their passwords after a week with ease. PCCP can be a good substitute for passwords since it is easy to use, easy to remember and potentially more secure than text-based passwords.
26

Authentication techniques for secure Internet commerce

Ndaba, Sipho Lawrence 23 August 2012 (has links)
M.Sc.(Computer Science) / The aim of this dissertation (referred to as thesis in the rest of the document) is to present authentication techniques that can be used to provide secure Internet commerce. The thesis presents techniques that can be used to authenticate human users at logon, as well as techniques that are used to authenticate user's PC and the host system during communication. In so doing, the thesis presents cryptography as the most popular approach to provide information security. Chapter 1 introduces the authentication problem, the purpose and the structure of the thesis. The inadequate security of the Internet prevents companies and users to conduct commerce over the Internet. Authentication is one of the means of providing secure Internet commerce. - Chapter 2 provides an overview of the Internet by presenting the Internet history, Internet infrastructure and the current services that are available on the Internet. The chapter defines Internet commerce and presents some of the barriers to the Internet commerce. Chapter 3 provides an overview of network and internetwork security model. The purpose of this chapter is to put authentication into perspective, in relation to the overall security model. Security attacks, security services and security mechanisms are defined in this chapter. The IBM Security Architecture is also presented. Chapter 4 presents cryptography as the popular approach to information security. The conventional encryption and public-key encryption techniques are used to provide some of the security services described in chapter 3. Chapter 5 presents various schemes that can be used to provide computer-to-computer authentication. These schemes are grouped into the following authentication functions: message encryption, cryptographic checksums, hash functions and digital signatures. Chapter 6 differentiates between one-way authentication schemes and mutual authentication schemes. The applicability of each approach depends on the communicating parties. Chapter 7 presents some of the popular and widely used open-systems technologies Internet protocols, which employ some of the schemes discussed in chapter 5 and chapter 6. These include the SSL, PCT, SHTTP, Kerberos, SESAME and SET. Chapter 8 discusses some of the enabling technologies that are used to provide human user authentication in a computer system. The password technology, the biometric technologies and the smart card technology are discussed. The considerations of selecting a specific technology are also discussed. Chapter 9 presents some of the techniques that can be used to authentication Internet users (human users) over the Internet. The techniques discussed are passwords, knowledge-based technique, voice recognition, smart cards, cellular based technique, and the technique that integrates Internet banking. Chapter 10 defines criteria on which the Internet user authentication techniques presented in chapter 9 can be measured against. The evaluation of each of the techniques is made against the specified criteria. In fact, this chapter concludes the thesis. Chapter 11 provides case studies on two of the techniques evaluated in chapter 10. Specifically, the insurance case study and the medical aid case studies are presented.
27

Usability : low tech, high security / Utilisabilité : haute sécurité en basse technologie

Blanchard, Enka 21 June 2019 (has links)
Cette thèse est consacrée au domaine de l’utilisabilité de la sécurité, en particulier dans le contexte de l’authentification en ligne et du vote vérifiable.Le rôle toujours plus important de nos identifiants en ligne, qu’ils soient utilisés pour accéder aux réseaux sociaux, aux services bancaires ou aux systèmes de vote, a débouché sur des solutions faisant plus de mal que de bien. Le problème n’est pas juste technique mais a une forte composante psycho-sociale, qui se révèle dans l’usage des mots de passe --- objet central d'étude de cette thèse. Les utilisateurs font quotidiennement face à des compromis, souvent inconscients, entre sécuriser leurs données et dépenser les ressources mentales limitées et déjà trop sollicitées. Des travaux récents ont montré que l'absence de règles communes, les contraintes ad-hoc si fréquentes et les recommandations contradictoires compliquent ce choix, mais ces recherches sont généralement ignorées, victimes d'une probable incompréhension entre chercheurs, développeurs et utilisateurs. Cette thèse vise à résoudre ces problèmes avec des solutions inspirées par la cryptographie, la psychologie, ainsi que sept études utilisateurs, afin d'obtenir des outils simplifiés non seulement pour l'utilisateur final mais aussi pour le développeur.La première partie des contributions se concentre sur le fournisseur de service, avec deux outils permettant d'améliorer l'expérience utilisateur sans effort de sa part. Nous commençons par une étude sur la facilité de transcription de différents types de codes, afin d'obtenir un design réduisant les erreurs tout en augmentant la vitesse de frappe. Nous montrons aussi comment accepter les fautes de frappe dans les mots de passe peut améliorer la sécurité, en offrant un protocole compatible avec les méthodes de hachage standard.La deuxième partie offre des outils directement aux utilisateurs, avec un gestionnaire de mot de passe mental qui ne nécessite que la mémorisation d'une phrase et d'un code PIN, avec des garanties sur la sécurité des mots de passe si certains sont compromis. Nous proposons aussi une méthode de création de phrase de passe à la fois plus facile et sécurisée, et terminons en montrant empiriquement des failles dans le principal modèle de calcul mental utilisé aujourd'hui dans le domaine.Enfin, nous nous consacrons aux nouveaux protocoles de vote, en commençant par les difficultés à les faire accepter en pratique. Nous répondons à une demande pour des systèmes non-électroniques en proposant plusieurs implémentations de vote vérifiable en papier, une panoplie de primitives et un protocole de vote pour les très petites élections. / This dissertation deals with the field of usable security, particularly in the contexts of online authentication and verifiable voting systems.The ever-expanding role of online accounts in our lives, from social networks to banking or online voting, has led to some initially counterproductive solutions. As recent research has shown, the problem is not just technical but has a very real psychosocial component. Password-based authentication, the subject of most of this thesis, is intrinsically linked to the unconscious mechanisms people use when interacting with security systems. Everyday, users face trade-offs between protecting their security and spending valuable mental resources, with a choice made harder by conflicting recommendations, a lack of standards, and the ad-hoc constraints still frequently encountered. Moreover, as recent results from usable security are often ignored, the problem might stem from a fundamental disconnect between the users, the developers and the researchers. We try to address those problems with solutions that are not only simplified for the user's sake but also for the developer's. To this end, we use tools from cryptography and psychology, and report on seven usability experiments.The first part of the contributions uses a service provider's point of view, with two tools to improve the end-user's experience without requiring their cooperation. We start by analysing how easily codes of different structures can be transcribed, with a proposal that reduces error rates while increasing speed. We then look at how servers can accept typos in passwords without changing the general hashing protocol, and how this could improve security. The second part focuses on end-users, starting by a proposed mental password manager that only depends on remembering only a single passphrase and PIN, with guarantees on the mutual security of generated passwords if some get stolen. We also provide a better way to create such passphrases. As mental computing models are central to expanding this field, we finish by empirically showing why the main model used today is not adapted to the purpose.In the third part, we focus on voting protocols, and investigate why changing the ones used in practice is an uphill battle. We try to answer a demand for simple paper-based systems by providing low-tech versions of the first paper-based verifiable voting scheme. To conclude, we propose a set of low-tech primitives combined in a protocol that allows usable verifiable voting with no electronic means in small elections.
28

Multi-factor Authentication Mechanism Based on Browser Fingerprinting and Graphical HoneyTokens

Jonsson, Dillon, Marteni, Amin January 2022 (has links)
Multi-factor authentication (MFA) offers a wide range of methods and techniques available today. The security benefits of using MFA are almost indisputable, however, users are reluctant to adopt the technology. While many new MFA solutions are being proposed, there is a lack of consideration for user sentiment in the early stages of development. In an attempt to balance security and usability, this report investigates the feasibility of a new authentication mechanism that uses browser fingerprinting, graphical passwords, and honeytokens. This was evaluated by conducting a limited literature review, producing a prototype, interviews with test users, and security experts, as well as ensuring feasibility through a requirements checklist. The results of this research provides evidence that this mechanism is feasible, and appealing to end users. However, more investigation is required in order to ensure the mechanism's viability in a real-world deployment.
29

Modeling Rational Adversaries: Predicting Behavior and Developing Deterrents

Benjamin D Harsha (11186139) 26 July 2021 (has links)
In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utility-optimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated Application-Specific Integrated Circuits (ASICs) to store passwords.
30

Convenient Decentralized Authentication Using Passwords

Van Der Horst, Timothy W. 10 March 2010 (has links) (PDF)
Passwords are a very convenient way to authenticate. In terms of simplicity and portability they are very difficult to match. Nevertheless, current password-based login mechanisms are vulnerable to phishing attacks and typically require users to create and manage a new password for each of their accounts. This research investigates the potential for indirect/decentralized approaches to improve password-based authentication. Adoption of a decentralized authentication mechanism requires the agreement between users and service providers on a trusted third party that vouches for users' identities. Email providers are the de facto trusted third parties on the Internet. Proof of email address ownership is typically required to both create an account and to reset a password when it is forgotten. Despite its shortcomings (e.g., latency, vulnerability to passive attack), this approach is a practical solution to the difficult problem of authenticating strangers on the Internet. This research utilizes this emergent, lightweight relationship with email providers to offload primary user authentication from service providers; thus reducing the need for service provider-specific passwords. Our goal is to provide decentralized authentication that maintains the convenience and portability of passwords, while improving its assurances (especially against phishing). Our first step to leverage this emergent trust, Simple Authentication for the Web (SAW), improves the security and convenience of email-based authentications and moves them from the background into the forefront, replacing need for an account-specific password. Wireless Authenticationg using Remote Passwords (WARP) adapts the principles of SAW to authentication in wireless networks. Lightweight User AUthentication (Luau) improves upon WARP and unifies user authentication across the application and network (especially wireless) layers. Our final protocol, pwdArmor, started as a simple wrapper to facilitate the use of existing databases of password verifiers in Luau, but grew into a generic middleware framework that augments the assurances of conventional password protocols.

Page generated in 0.0475 seconds