Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

Three-Dimensional Password for More Secure Authentication

Current authentication systems suffer from many weaknesses. Textual passwords are commonly used; however, users do not follow their requirements. Users tend to choose meaningful words from dictionaries, which make textual passwords easy to break and vulnerable to dictionary or brute force attacks. Many available graphical passwords have a password space that is less than or equal to the textual password space. Smart cards or tokens can be stolen. Many biometric authentications have been proposed; however, users tend to resist using biometrics because of their intrusiveness and the effect on their privacy. Moreover, biometrics cannot be revoked. In this paper, we present and evaluate our contribution, i.e., the 3-D password. The 3-D password is a multifactor authentication scheme. To be authenticated, we present a 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environment constructs the user's 3-D password. The 3-D password can combine most existing authentication schemes such as textual passwords, graphical passwords, and various types of biometrics into a 3-D virtual environment. The design of the 3-D virtual environment and the type of objects selected determine the 3-D password key space.      

Assessing Secure OpenID-Based EAAA Protocol to Prevent MITM and Phishing Attacks in Web Apps

To secure web applications from Man-In-The-Middle (MITM) and phishing attacks is a challenging task nowadays. For this purpose, authentication protocol plays a vital role in web communication which securely transfers data from one party to another. This authentication works via OpenID, Kerberos, password authentication protocols, etc. However, there are still some limitations present in the reported security protocols. In this paper, the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method. The proposed OpenID-based encrypted Email’s Authentication, Authorization, and Accounting (EAAA) protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String (SSEAS). This string is deployed on both the relying party and the email server, which is unique and trustworthy. The first authentication, OpenID Uniform Resource Locator (URL) identity, is performed on the identity provider side. A second authentication is carried out by the hidden Email’s server side and receives a third authentication link. This Email’s third SSEAS authentication link manages on the relying party (RP). Compared to existing cryptographic single sign-on protocols, the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks. This study manages two attacks such as MITM and phishing attacks and gives 339 ms response time which is higher than the already reported methods, such as Single Sign-On (SSO) and OpenID. The experimental sites were examined by 72 information technology (IT) specialists, who found that 88.89% of respondents successfully validated the user authorization provided to them via Email. The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.     

Continuous Mobile User Authentication Using a Hybrid CNN-Bi-LSTM Approach

Internet of Things (IoT) devices incorporate a large amount of data in several fields, including those of medicine, business, and engineering. User authentication is paramount in the IoT era to assure connected devices’ security. However, traditional authentication methods and conventional biometrics-based authentication approaches such as face recognition, fingerprints, and password are vulnerable to various attacks, including smudge attacks, heat attacks, and shoulder surfing attacks. Behavioral biometrics is introduced by the powerful sensing capabilities of IoT devices such as smart wearables and smartphones, enabling continuous authentication. Artificial Intelligence (AI)-based approaches introduce a bright future in refining large amounts of homogeneous biometric data to provide innovative user authentication solutions. This paper presents a new continuous passive authentication approach capable of learning the signatures of IoT users utilizing smartphone sensors such as a gyroscope, magnetometer, and accelerometer to recognize users by their physical activities. This approach integrates the convolutional neural network (CNN) and recurrent neural network (RNN) models to learn signatures of human activities from different users. A series of experiments are conducted using the MotionSense dataset to validate the effectiveness of the proposed method. Our technique offers a competitive verification accuracy equal to 98.4%. We compared the proposed method with several conventional machine learning and CNN models and found that our proposed model achieves higher identification accuracy than the recently developed verification systems. The high accuracy achieved by the proposed method proves its effectiveness in recognizing IoT users passively through their physical activity patterns.     

A Lightweight Three-Factor User Authentication Protocol for the Information Perception of IoT

With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.     

CM-Droid: Secure Container for Android Password Misuse Vulnerability

Android applications are associated with a large amount of sensitive data, therefore application developers use encryption algorithms to provide user data encryption, authentication and data integrity protection. However, application developers do not have the knowledge of cryptography, thus the cryptographic algorithm may not be used correctly. As a result, security vulnerabilities are generated. Based on the previous studies, this paper summarizes the characteristics of password misuse vulnerability of Android application software, establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability. And on this basis, this paper designs and implements a secure container for Android application software password misuse vulnerability: CM-Droid.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

Secure authentication system that generates seed from biometric information

As biometric recognition techniques are gradually improved, the stability of biometric authentication systems are enhanced. Although bioinformation has properties that make it resistant to fraud, biometric authentication systems are not immune to hacking. We show a secure biometric authentication system (1) to guarantee the integrity of biometric information by mixing data by use of a biometric key and (2) to raise recognition rates by use of bimodal biometrics.     

Efficient Hierarchical Multi-Server Authentication Protocol for Mobile Cloud Computing

With the development of communication technologies, various mobile devices and different types of mobile services became available. The emergence of these services has brought great convenience to our lives. The multi-server architecture authentication protocols for mobile cloud computing were proposed to ensure the security and availability between mobile devices and mobile services. However, most of the protocols did not consider the case of hierarchical authentication. In the existing protocol, when a mobile user once registered at the registration center, he/she can successfully authenticate with all mobile service providers that are registered at the registration center, but real application scenarios are not like this. For some specific scenarios, some mobile service providers want to provide service only for particular users. For this reason, we propose a new hierarchical multi-server authentication protocol for mobile cloud computing. The proposed protocol ensures only particular types of users can successfully authenticate with certain types of mobile service providers. The proposed protocol reduces computing and communication costs by up to 42.6% and 54.2% compared to two superior protocols. The proposed protocol can also resist the attacks known so far.     

Authentication mechanism over the integrated UMTS network and WLAN platform using the cross-layer bootstrap

The 3G mobile data network provides always-on and ubiquitous connectivity for subscribers. Although the service coverage area in wireless local area network (WLAN) is much smaller than that in a 3G mobile data network, the data transmission rate in WLAN can be from 2 to 54 Mbps, which is much faster than 3G mobile network. Obviously, the relationship between the 3G mobile data network and WLAN is complementary in terms of service coverage and data transmission rate. Therefore integration of 3G mobile network and WLAN can offer subscribers higher speed wireless service in hot spots and ubiquitous connectivity in 3G mobile data network. An authentication mechanism over the loose coupled integration mechanism using a cross-layer bootstrap is proposed. The benefits of the proposed mechanism are (a) integrating Universal Mobile Telecommunication System network and WLAN using the existing protocols denned in 3GPP, IETF and IEEE 802. Hi, (b) the use of the Extension Authentication Protocol authentication method is flexible, (c) reduction of the authentication signalling when a subscriber roams from one access point (AP) to another AP and (d) user identity privacy protection.     

A Quantum Authorization Management Protocol Based on EPR-Pairs

Quantum authorization management (QAM) is the quantum scheme for privilege management infrastructure (PMI) problem. Privilege management (authorization management) includes authentication and authorization. Authentication is to verify a user’s identity. Authorization is the process of verifying that a authenticated user has the authority to perform a operation, which is more fine-grained. In most classical schemes, the authority management center (AMC) manages the resources permissions for all network nodes within the jurisdiction. However, the existence of AMC may be the weakest link of the whole scheme. In this paper, a protocol for QAM without AMC is proposed based on entanglement swapping. In this protocol, Bob (the owner of resources) authenticates the legality of Alice (the user) and then shares the right key for the resources with Alice. Compared with the other existed QAM protocols, this protocol not only implements authentication, but also authorizes the user permissions to access certain resources or carry out certain actions. The authority division is extended to fin-grained rights division. The security is analyzed from the four aspects: the outsider’s attack, the user’s attack, authentication and comparison with the other two QAM protocols.     

A Secure Three-Factor Authenticated Key Agreement Scheme for Multi-Server Environment

Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years. However, traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service. Moreover, it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party. In order to overcome these difficulties, we designed a secure threefactor multi-server authenticated key agreement protocol based on elliptic curve cryptography, which needs the user to register only once at the registration center in order to access all semi-trusted servers. The proposed scheme can not only against various known attacks but also provides high computational efficiency. Besides, we have proved our scheme fulfills mutual authentication by using the authentication test method.     

Blockzone: A Decentralized and Trustworthy Data Plane for DNS

The domain name system (DNS) provides a mapping service between memorable names and numerical internet protocol addresses, and it is a critical infrastructure of the Internet. The authenticity of DNS resolution results is crucial for ensuring the accessibility of Internet services. Hundreds of supplementary specifications of protocols have been proposed to compensate for the security flaws of DNS. However, DNS security incidents still occur frequently. Although DNS is a distributed system, for a specified domain name, only authorized authoritative servers can resolve it. Other servers must obtain the resolution result through a recursive or iterative resolving procedure, which renders DNS vulnerable to various attacks, such as DNS cache poisoning and distributed denial of service (DDoS) attacks. This paper proposes a novel decentralized architecture for a DNS data plane, which is called Blockzone. First, Blockzone utilizes novel mechanisms, which include on-chain authorization and off-chain storage, to implement a decentralized and trustworthy DNS data plane. Second, in contrast to the hierarchical authentication and recursive query of traditional DNS, Blockzone implements a decentralized operation model. This model significantly increases the efficiency of domain name resolution and verification and enhances the security of DNS against DDoS and cache poisoning attacks. In addition, Blockzone is fully compatible with the traditional DNS implementation and can be incrementally deployed as a plug-in service of DNS without changing the DNS protocol or system architecture. The Blockzone scheme can also be generalized to address security issues in other areas, such as the Internet of things and edge computing.     

Providing multimodal biometric authentication using five competent traits

Abstract

Recognition accuracy of a single biometric authentication system is often much limited; hence, a multimodal biometric approach for identity verification is proposed. A new way of person authentication based on five-competent traits, namely, iris, ear, palm print, fingerprint and retina, is proposed in this paper. Each metric is analysed individually to get the matching scores from the corresponding feature sets. These scores are then combined using weighted sum fusion rule. In order to provide liveness verification for our authentication system, we employ the retinal blood vessel pattern recognition. To validate our approach, several experiments were conducted on the images obtained from five different datasets. The experimental results reveal that this multimodal biometric verification system is much more reliable and precise than the single biometric approaches.     

Lattice-Based Authentication Scheme to Prevent Quantum Attack in Public Cloud Environment

Public cloud computing provides a variety of services to consumers via high-speed internet. The consumer can access these services anytime and anywhere on a balanced service cost. Many traditional authentication protocols are proposed to secure public cloud computing. However, the rapid development of high-speed internet and organizations’ race to develop quantum computers is a nightmare for existing authentication schemes. These traditional authentication protocols are based on factorization or discrete logarithm problems. As a result, traditional authentication protocols are vulnerable in the quantum computing era. Therefore, in this article, we have proposed an authentication protocol based on the lattice technique for public cloud computing to resist quantum attacks and prevent all known traditional security attacks. The proposed lattice-based authentication protocol is provably secure under the Real-Or-Random (ROR) model. At the same time, the result obtained during the experiments proved that our protocol is lightweight compared to the existing lattice-based authentication protocols, as listed in the performance analysis section. The comparative analysis shows that the protocol is suitable for practical implementation in a quantum-based environment.     

Patenting trends in biometric technology of the Big Five patent offices

We examined the overall trends in biometric technology based on patent documents. Using PATSTAT database, we extracted 37,462 patent documents applied at the Big Five patent offices between 1990 and 2016. Latent Dirichlet allocation was applied to their abstracts to observe annual trends by topic. Our results are as follows: Fingerprint-enabled car anti-theft systems have been undergoing rapid technological development since 2014. In response, biometric signal transmitting models are becoming popular owing to concerns about theft of biometric templates. While fingerprint, face, and iris authentication technologies continue to advance, finger vein, voice, and signature authentication technologies are lagging. Use of biometric technologies in financial transactions, server networks, and digital media content security are decreasing as well. A citation analysis discovered key topics and patent applicants: Surprisingly, the quantitative growth rate of topics and the effect on the knowledge network showed an inverse relationship. US firms had the most citations, but fewer backward citations of own work, unlike Japanese companies. We provide practical insights to stakeholders of biometric technology.     

An Efficient Lightweight Authentication and Key Agreement Protocol for Patient Privacy

Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers. In this system, service providers consider user authentication as a critical requirement. To address this crucial requirement, various types of validation and key agreement protocols have been employed. The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws. This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol. The secureness of the proposed protocol undergoes an informal analysis, whose findings show that different security features are provided, including perfect forward secrecy and a resistance to DoS attacks. Furthermore, it is simulated and formally analyzed using Scyther tool. Simulation results indicate the protocol’s robustness, both in perfect forward security and against various attacks. In addition, the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost. The time complexity of the proposed protocol only involves time of performing a hash function T_h, i.e.,: O(12T_h). Average time required for executing the authentication is 0.006 seconds; with number of bit exchange is 704, both values are the lowest among the other protocols. The results of the comparison point to a superior performance by the proposed protocol.     

Wavelet Distance Measure for Person Identification Using Electrocardiograms

In this paper, the authors present an evaluation of a new biometric based on electrocardiogram (ECG) waveforms. ECG data were collected from 50 subjects during three data-recording sessions on different days using a simple user interface, where subjects held two electrodes on the pads of their thumbs using their thumb and index fingers. Data from session 1 were used to establish an enrolled database, and data from the remaining two sessions were used as test cases. Classification was performed using three different quantitative measures: percent residual difference, correlation coefficient, and a novel distance measure based on wavelet transform. The wavelet distance measure has a classification accuracy of 89%, outperforming the other methods by nearly 10%. This ECG person-identification modality would be a useful supplement for conventional biometrics, such as fingerprint and palm recognition systems.     

A process for supporting risk-aware web authentication mechanism choice

Web authentication is often treated as a one-size-fits-all problem with ubiquitous use of the password. Indeed, authentication is seldom tailored to the needs of either the site or the target users. This paper does an in-depth analysis of all the vulnerabilities of authentication mechanisms, and proposes a structured and simple process which, if followed, will enable developers to choose a web authentication mechanism so that it matches the needs of their particular site.     

LWDSA: light-weight digital signature algorithm for wireless sensor networks

The essential security mechanism in wireless sensor networks (WSNs) is authentication, where nodes can authenticate each other before transmitting a valid data to a sink. There are a number of public key authentication procedures available for WSN in recent years. Due to constraints in WSN environment there is a need for light-weight authentication procedure that consumes less power during computation. This proposed work aims at developing a light-weight authentication protocol using MBLAKE2b with elliptic curve digital signature algorithm (ECDSA). The proposed protocol is also tested using the protocol verification tool Scyther and found to be secure in all claims and roles. This proposed algorithm increases the network life time and reduces the computation time, which is essential for the constrained environment like WSNs.