A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices

Since touch screen handheld mobile devices have become widely used, people are able to access various data and information anywhere and anytime. Most user authentication methods for these mobile devices use PIN-based (Personal Identification Number) authentication, since they do not employ a standard QWERTY keyboard for conveniently entering text-based passwords. However, PINs provide a small password space size, which is vulnerable to attacks. Many studies have employed the KDA (Keystroke Dynamic-based Authentication) system, which is based on keystroke time features to enhance the security of PIN-based authentication. Unfortunately, unlike the text-based password KDA systems in QWERTY keyboards, different keypad sizes or layouts of mobile devices affect the PIN-based KDA system utility. This paper proposes a new graphical-based password KDA system for touch screen handheld mobile devices. The graphical password enlarges the password space size and promotes the KDA utility in touch screen handheld mobile devices. In addition, this paper explores a pressure feature, which is easy to use in touch screen handheld mobile devices, and applies it in the proposed system. The experiment results show: (1) EER is 12.2% in the graphical-based password KDA proposed system. Compared with related schemes in mobile devices, this effectively promotes KDA system utility; (2) EER is reduced to 6.9% when the pressure feature is used in the proposed system. The accuracy of authenticating keystroke time and pressure features is not affected by inconsistent keypads since the graphical passwords are entered via an identical size (50 mm × 60 mm) human–computer interface for satisfying the lowest touch screen size and a GUI of this size is displayed on all mobile devices.     

Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments

Recently, Wang et al. showed that two new verifier-free remote user password authentication schemes, Ku-Chen's scheme and Yoon et al.'s scheme, are vulnerable to an off-line password guessing attack, a forgery attack, and a denial-of-service attack, and then proposed an improved scheme for the real application in resource-limited environments. Unfortunately, we find that Wang et al.'s scheme is still vulnerable to an impersonation attack and an off-line password guessing attack. In addition, Wang et al.'s scheme is not easily reparable and is unable to provide perfect forward secrecy. Finally, we propose an improved scheme with better security strength.     

A password based authentication scheme for wireless multimedia systems

In this digital era, where Internet of Things (IoT) is increasing day by day, use of resource constrained devices is also increasing. Indeed, the features such as low cost, less maintenance, more adaptive to hostile environment, etc. make the wireless multimedia devices to be the best choice as the resource constrained devices. For the security, the end user device requires to establish the session key with the server before transferring the data. Mobile is one of the device having more and more usage as wireless multimedia device in recent years. In 2013, Li et al. proposed an efficient scheme for the wireless mobile communications and claimed it to be secure against various attacks. Recently, Shen et al. claimed that the scheme of Li et al. is still vulnerable to the privileged insider attack, the stolen verifier attack and finally proposed a scheme to withstand the mentioned and other attacks. However, in this paper we claim that the scheme of Shen et al. is still susceptible to the user anonymity, the session specific temporary information attack and the replay attack. In addition, Shen et al.’s scheme requires more time due to many operations. Further, we propose an efficient scheme that is secure against various known attacks and due to reduced time complexity our scheme is a preferred choice for the wireless mobile networks and hence for wireless multimedia systems.     

基于路由器的动态口令身份认证系统

身份认证网络安全技术的一个重要组成部分。介绍了动态认证原理,描述了在TCP／IP网络中,如何通过路由器对入网的主机采用动态口令进行安全认证,并分析了其安全性。分析表明此基于路由器的动态口令身份认证系统具有较好的安全性,并且具有广泛的应用前景。     

基于表情图像变形的动态口令认证系统

为解决当前身份认证系统存在的安全性问题,分析和比较了传统身份认证和一次性口令的相关技术,指出其在开发式网间进行传输时,容易受到截取和重放攻击以及伪造服务器的恶意欺骗.在分析了人脸表情变形技术特点的基础上,针对现有OTP系统对智能硬件过于依赖以及无法有效防伪服务器恶意欺骗等不安全因素,结合人脸表情变形的特点,提出将变形图像及其隐含的变形参数序列作为可变因子,取代现有OTP口令系统中的传统可变因子,以解决现有OTP系统在传输安全及服务器恶意欺骗防伪等方面的不足.最后设计完成了一个可实用化的基于人脸表情图像变形技术的一次性口令认证系统原型.     

物联网中移动Sensor节点漫游的组合安全认证协议

物联网包含感知子网和传输骨干网,其感知子网中节点能力受限,往往利用移动的传感器节点跨区域访问来获取信息;而其传输骨干网络需要依托现有Internet的基础设施,并利用其提供的强大服务.在这种情况下,移动节点的漫游带来了新的安全问题,一方面移动节点在感知子网间跨区域漫游,虽和MANET中一样需要保证移动节点漫游时高效安全地加入新的拜访域,但因传感节点资源极端受限而对轻量级有更高数量级的要求;另一方面资源受限的感知子网间移动节点漫游仅能提供轻量级安全,但是在接入骨干传输网时,不可因此降低骨干网络已有的安全性,即轻量级的安全协议和传统骨干网协议综合运用时,需具有组合安全性.本文针对这种基于骨干传输网的移动节点漫游问题,提出了一个新的随机漫游认证协议(RMRAP),兼顾安全性和实际应用的可行性,实现了漫游的轻量级身份认证,保护了漫游节点的隐私,同时实现了具有前向安全性,会话密钥对;并针对衔接骨干网和感知子网的基站进行了组合安全性的认证测试,验证了RMRAP的安全性;最后,从理论分析和实验仿真两个方面,分析了RMRAP协议的性能,并和相近工作进行了对比,对比表明,具有组合安全性的RMRAP在计算、通信开销方面,依然具有和同类协议可比较的相近性能.     

Enhanced authentication scheme with anonymity for roaming service in global mobility networks

User authentication is an important security mechanism for recognizing legal roaming users. In 2006, Lee, Hwang, and Liao proposed an enhanced authentication scheme with user anonymity for roaming environments. This article shows that Lee–Hwang–Liao’s scheme cannot provide anonymity under the forgery attack. Moreover, the heavy computation cost may consume battery power expeditiously for mobile devices. Therefore, we propose a novel authentication scheme to overcome these weaknesses that is efficient, secure, and suitable for battery-powered mobile devices in global mobility networks.     

A novel transparent user authentication approach for mobile applications

ABSTRACT

With the rapid growth of smartphones and tablets in our daily lives, securing the sensitive data stored upon them makes authentication of paramount importance. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after accessing a mobile phone. Accordingly, there is a security benefit if authentication can be applied continually and transparently (i.e., without obstructing the user’s activities) to authenticate legitimate users, which is maintained beyond the point of entry. To this end, this paper suggests a novel transparent user authentication method for mobile applications by applying biometric authentication on each service within a single application in a secure and usable manner based on the risk level. A study involving data collected from 76 users over a one-month period using 12 mobile applications was undertaken to examine the proposed approach. The experimental results show that this approach achieved desirable outcomes for applying a transparent authentication system at an intra-process level, with an average of 6% intrusive authentication requests. Interestingly, when the participants were divided into three levels of usage (high, medium and low), the average intrusive authentication request was 3% which indicates a clear enhancement and suggests that the system would add a further level of security without imposing significant inconvenience upon the user.     

A provably secure lightweight authentication protocol in mobile edge computing environments

The Journal of Supercomputing - Mobile edge computing can meet the needs of users in real time by pushing cloud resources, such as computing, network, and storage, to the edge of a mobile network....     

A remote password authentication scheme based on the digital signature method

Conventional password authentication schemes require password files or verification tables to validate the legitimacy of the login user. In addition, for remote access, these schemes cannot withstand an attack by replaying a previously intercepted login request. In this paper, we propose a remote password authentication scheme based on the digital signature methods. This scheme does not require the system to maintain a password file, and it can withstand attacks based on message replaying.     

Remote scheme for password authentication based on theory of quadratic residues

We propose a remote password authentication scheme based on quadratic residues. In our scheme, any legal user can freely choose his own password in the card initialization phase. Using his password and smart card which contains identity and other information, he can then log into the system successfully. According to our analysis, intruders cannot obtain any secret information from the public information, or derive any password from intercepted messages. In addition, our scheme can withstand the attack of replaying previously intercepted log-in requests.     

A new mobile payment scheme for roaming services

Due to the advance of mobile network technologies, mobile personal devices are used to perform electronic payment. This paper proposes a new on-line payment scheme for mobile network. The proposed scheme is not only performed in the home domain, but also can be performed in visited domain. Our scheme provides consumer anonymity, authentication, non-repudiation and data integrity properties. The consumer can make transaction with shop, vendor machine and WAP site based on our scheme. Our scheme only includes symmetric encryption and one-way hash function, it takes lower computation cost and is more suitable for mobile device.     

A remote password authentication scheme for multiserverarchitecture using neural networks

Conventional remote password authentication schemes allow a serviceable server to authenticate the legitimacy of a remote login user. However, these schemes are not used for multiserver architecture environments. We present a remote password authentication scheme for multiserver environments. The password authentication system is a pattern classification system based on an artificial neural network. In this scheme, the users only remember user identity and password numbers to log in to various servers. Users can freely choose their password. Furthermore, the system is not required to maintain a verification table and can withstand the replay attack.     

User authentication and undeniable billing support for agent-based roaming service in WLAN/cellular integrated mobile networks

In this paper, a framework of authentication and undeniable billing support for an agent-based roaming service in WLAN/cellular networks interworking networks is proposed. This framework circumvents the requirement of peer-to-peer roaming agreements to provide seamless roaming service between WLAN hotspots and cellular networks operated by independent wireless network service providers. Within the framework, an adaptive authentication and an event-tracking scheme have been developed, which allow the application of undeniable billing service to cellular network even when it still uses a traditional authentication scheme. The proposed modified dual directional hash chain (MDDHC) based billing support mechanism features mutual non-repudiation. Security analysis and overhead evaluation demonstrate that the proposed framework is secure and efficient.     

A rule based knowledge transaction model for mobile environments

In this paper, we propose and formalize a rule based knowledge transaction model for mobile environments. Our model integrates the features of both mobile environments and intelligent agents. We use logic programming as a mathematic tool and formal specification method to study knowledge transaction in mobile environments. Our knowledge transaction model has the following major advantages: (1) It can be used for knowledge transaction representation, formalization and knowledge reasoning in mobile environments. (2) It is knowledge oriented and has a declarative semantics inherited from logic programming. (3) It is a formalization that can be applied to general problem domains. We show that our model can be used for knowledge transaction representation, formalization and knowledge reasoning in mobile environments.     

基于移动微信平台的二维码产品防伪认证系统

随着国家经济的发展,高新技术物质产品越来越多,种类与模式也表现出广泛化,但是在日益复杂的社会背景下,消费者对现代高新技术的产品的真伪程度不能很好进行识别,虽然现代信息产品中都编录着一维条码,但是一维条码存在很大的弊端,它容易被抄码,可能存在被盗用的风险,造成真假产品不能实现有效的识别,这就对现代防伪技术的有效实施带来了技术上阻碍。本文以此为基础,对二维码的应用进行详细的分析与研究,意在利用移动微信平台建立相应的二维条码防伪系统,并在其中编制长序的二维条码与WAP以及短信查询系统,从而实现利用移动设备对产品信息进行有效的防伪查询与界别,从本质上实现防伪信息的科学、合理化建立。     

A novel mobile recommender system for indoor shopping

With the widespread usage of mobile terminals, the mobile recommender system is proposed to improve recommendation performance, using positioning technologies. However, due to restrictions of existing positioning technologies, mobile recommender systems are still not being applied to indoor shopping, which continues to be the main shopping mode. In this paper, we develop a mobile recommender system for stores under the circumstance of indoor shopping, based on the proposed novel indoor mobile positioning approach by using received signal patterns of mobile phones, which can overcome the disadvantages of existing positioning technologies. Especially, the mobile recommender system can implicitly capture users’ preferences by analyzing users’ positions, without requiring users’ explicit inputting, and take the contextual information into consideration when making recommendations. A comprehensive experimental evaluation shows the new proposed mobile recommender system achieves much better user satisfaction than the benchmark method, without losing obvious recommendation performances.     

A new efficient authentication protocol for mobile networks

This paper proposes a new efficient authentication protocol for mobile networks. The user, service provider and key distribution center authenticate mutually in the proposed protocol. In addition, the user and service provider will generate a secret session key for communication in this protocol. We prove the proposed protocol by using BAN logic. In our protocol, the key distribution center of the networks does not need to maintain the secret key database of users by using the key derivation function. The proposed protocol is based on symmetric cryptosystem, challenge–response and hash chaining. It only needs four message exchange rounds for intra-domain initial phase and seven message exchange rounds for inter-domain initial phase. Our initial phase only takes 17% and our subsequent phase requires 26% communication cost of Chien and Jan's protocol. The proposed protocol is more efficient than the others. It is suitable to apply in the mobile networks.