Computer Sciences Commons^™

A Novel Authentication Method That Combines Honeytokens And Google Authenticator, Vassilis Papaspirou, Maria Papathanasaki, Leandros Maglaras, Ioanna Kantzavelou, Christos Douligeris, Mohamed A. Ferrag, Helge Janicke

Research outputs 2022 to 2026

Despite the rapid development of technology, computer systems still rely heavily on passwords for security, which can be problematic. Although multi-factor authentication has been introduced, it is not completely effective against more advanced attacks. To address this, this study proposes a new two-factor authentication method that uses honeytokens. Honeytokens and Google Authenticator are combined to create a stronger authentication process. The proposed approach aims to provide additional layers of security and protection to computer systems, increasing their overall security beyond what is currently provided by single-password or standard two-factor authentication methods. The key difference is that the proposed system resembles …

An Efficient Lightweight Provably Secure Authentication Protocol For Patient Monitoring Using Wireless Medical Sensor Networks, Garima Thakur, Sunil Prajapat, Pankaj Kumar, Ashok Kumar Das, Sachin Shetty

VMASC Publications

The refurbishing of conventional medical network with the wireless medical sensor network has not only amplified the efficiency of the network but concurrently posed different security threats. Previously, Servati and Safkhani had suggested an Internet of Things (IoT) based authentication scheme for the healthcare environment promulgating a secure protocol in resistance to several attacks. However, the analysis demonstrates that the protocol could not withstand user, server, and gateway node impersonation attacks. Further, the protocol fails to resist offline password guessing, ephemeral secret leakage, and gateway-by-passing attacks. To address the security weaknesses, we furnish a lightweight three-factor authentication framework employing the …

A Survey Of Wearable Devices Pairing Based On Biometric Signals, Jafar Pourbemany, Ye Zhu, Riccardo Bettati

Electrical and Computer Engineering Faculty Publications

With the rapid growth of wearable devices, more applications require direct communication between wearable devices. To secure the communication between wearable devices, various pairing protocols have been proposed to generate common keys for encrypting the communication. Since the wearable devices are attached to the same body, the devices can generate common keys based on the same context by utilizing onboard sensors to capture a common biometric signal such as body motion, gait, heartbeat, respiration, and EMG signals. The context-based pairing does not need prior information to generate common keys. As context-based pairing does not need any human involvement in the …

Design Of Robust Blockchain-Envisioned Authenticated Key Management Mechanism For Smart Healthcare Applications, Siddhant Thapiyal, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Sachin Shetty

VMASC Publications

The healthcare sector is a very crucial and important sector of any society, and with the evolution of the various deployed technologies, like the Internet of Things (IoT), machine learning and blockchain it has numerous advantages. However, in this section, the data is much more vulnerable than others, because the data is strictly private and confidential, and it requires a highly secured framework for the transmission of data between entities. In this article, we aim to design a blockchain-envisioned authentication and key management mechanism for the IoMT-based smart healthcare applications (in short, we call it SBAKM-HS). We compare the various …

A Data Taxonomy For Adaptive Multifactor Authentication In The Internet Of Health Care Things, Tance Suleski, Mohiuddin Ahmed

Research outputs 2022 to 2026

The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The systems of interconnected devices, users, data, and working environments are referred to as the Internet of Health Care Things (IoHT). IoHT devices have emerged in the past decade as cost-effective solutions with large scalability capabilities to address the constraints on limited resources. These devices cater to the need for remote health care services outside of physical interactions. However, IoHT security is often overlooked because the devices are quickly deployed and configured as …

A Provable Secure And Efficient Authentication Framework For Smart Manufacturing Industry, Muhammad Hammad, Akhtar Badshah, Ghulam Abbas, Hisham Alasmary, Muhammad Waqas, Wasim A. Khan

Research outputs 2022 to 2026

Smart manufacturing is transforming the manufacturing industry by enhancing productivity and quality, driving growth in the global economy. The Internet of Things (IoT) has played a crucial role in realizing Industry 4.0, where machines can communicate and interact in real-time. Despite these advancements, security remains a major challenge in developing and deploying smart manufacturing. As cyber-attacks become more prevalent, researchers are making security a top priority. Although IoT and Industrial IoT (IIoT) are used to establish smart industries, these systems remain vulnerable to various types of attacks. To address these security issues, numerous authentication methods have been proposed. However, many …

Secure Authentication Scheme Based On Numerical Series Cryptography For Internet Of Things, Dr Khaled Nagaty, Maha Aladin, Abeer Hamdy Dr.

Computer Science

The rapid advancement of cellular networks and wireless networks has laid a solid basis for the Internet of Things. IoT has evolved into a unique standard that allows diverse physical devices to collaborate with one another. A service provider gives a variety of services that may be accessed via smart apps anywhere, at any time, and from any location over the Internet. Because of the public environment of mobile communication and the Internet, these services are highly vulnerable to a several malicious attacks, such as unauthorized disclosure by hostile attackers. As a result, the best option for overcoming these vulnerabilities …

A Systematic Review On Machine Learning Models For Online Learning And Examination Systems, Sanaa Kaddoura, Daniela Elena Popescu, Jude D. Hemanth

All Works

Examinations or assessments play a vital role in every student’s life; they determine their future and career paths. The COVID pandemic has left adverse impacts in all areas, including the academic field. The regularized classroom learning and face-to-face real-time examinations were not feasible to avoid widespread infection and ensure safety. During these desperate times, technological advancements stepped in to aid students in continuing their education without any academic breaks. Machine learning is a key to this digital transformation of schools or colleges from real-time to online mode. Online learning and examination during lockdown were made possible by Machine learning methods. …

Machine Learning-Based Device Type Classification For Iot Device Re- And Continuous Authentication, Kaustubh Gupta

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Today, the use of Internet of Things (IoT) devices is higher than ever and it is growing rapidly. Many IoT devices are usually manufactured by home appliance manufacturers where security and privacy are not the foremost concern. When an IoT device is connected to a network, currently there does not exist a strict authentication method that verifies the identity of the device, allowing any rogue IoT device to authenticate to an access point. This thesis addresses the issue by introducing methods for continuous and re-authentication of static and dynamic IoT devices, respectively. We introduce mechanisms and protocols for authenticating a …

Ascp-Iomt: Ai-Enabled Lightweight Secure Communication Protocol For Internet Of Medical Things, Mohammad Wazid, Jaskaran Singh, Ashok Kumar Das, Sachin Shetty, Muhammad Khurram Khan, Joel J.P.C. Rodrigues

VMASC Publications

The Internet of Medical Things (IoMT) is a unification of smart healthcare devices, tools, and software, which connect various patients and other users to the healthcare information system through the networking technology. It further reduces unnecessary hospital visits and the burden on healthcare systems by connecting the patients to their healthcare experts (i.e., doctors) and allows secure transmission of healthcare data over an insecure channel (e.g., the Internet). Since Artificial Intelligence (AI) has a great impact on the performance and usability of an information system, it is important to include its modules in a healthcare information system, which will be …

Healthcare 5.0 Security Framework: Applications, Issues And Future Research Directions, Mohammad Wazid, Ashok Kumar Das, Noor Mohd, Youngho Park

VMASC Publications

Healthcare 5.0 is a system that can be deployed to provide various healthcare services. It does these services by utilising a new generation of information technologies, such as Internet of Things (IoT), Artificial Intelligence (AI), Big data analytics, blockchain and cloud computing. Due to the introduction of healthcare 5.0, the paradigm has been now changed. It is disease-centered to patient-centered care where it provides healthcare services and supports to the people. However, there are several security issues and challenges in healthcare 5.0 which may cause the leakage or alteration of sensitive healthcare data. This demands that we need a robust …

Analysis Of Blockchain Solutions For E-Voting: A Systematic Literature Review, Ali Benabdallah, Antoine Audras, Louis Coudert, Nour El Madhoun, Mohamad Badra

All Works

To this day, abstention rates continue to rise, largely due to the need to travel to vote. This is why remote e-voting will increase the turnout by allowing everyone to vote without the need to travel. It will also minimize the risks and obtain results in a faster way compared to a traditional vote with paper ballots. In fact, given the high stakes of an election, a remote e-voting solution must meet the highest standards of security, reliability, and transparency to gain the trust of citizens. In literature, several remote e-voting solutions based on blockchain technology have been proposed. Indeed, …

A Review On Security Issues And Solutions Of The Internet Of Drones, Wencheng Yang, Song Wang, Xuefei Yin, Xu Wang, Jiankun Hu

Research outputs 2022 to 2026

The Internet of Drones (IoD) has attracted increasing attention in recent years because of its portability and automation, and is being deployed in a wide range of fields (e.g., military, rescue and entertainment). Nevertheless, as a result of the inherently open nature of radio transmission paths in the IoD, data collected, generated or handled by drones is plagued by many security concerns. Since security and privacy are among the foremost challenges for the IoD, in this paper we conduct a comprehensive review on security issues and solutions for IoD security, discussing IoD-related security requirements and identifying the latest advancement in …

Secure Self-Checkout Kiosks Using Alma Api With Two-Factor Authentication, Ron Bulaon

Research Collection Library

Self-checkout kiosks have become a staple feature of many modern and digitized libraries. These devices are used by library patrons for self-service item loans. Most implementations are not new, in fact many of these systems are simple, straight forward and work as intended. But behind this useful technology, there is a security concern on authentication that has to be addressed.

In my proposed presentation, I will discuss the risk factors of self-checkout kiosks and propose a solution using Alma APIs. I will address the technical shortcomings of the current implementations, compared to the proposed solution, and where the weakest link …

Deep Learning Modalities For Biometric Alteration Detection In 5g Networks-Based Secure Smart Cities, Ahmed Sedik, Lo'ai A. Tawalbeh, Mohamed Hammad, Ahmed A. Abd El-Latif, Ghada M. El-Banby, Ashref A.M. Khalaf, Fathi E. Abd El-Samie, Abdullah M. Iliyasu

Computer Science Faculty Publications

Smart cities and their applications have become attractive research fields birthing numerous technologies. Fifth generation (5G) networks are important components of smart cities, where intelligent access control is deployed for identity authentication, online banking, and cyber security. To assure secure transactions and to protect user’s identities against cybersecurity threats, strong authentication techniques should be used. The prevalence of biometrics, such as fingerprints, in authentication and identification makes the need to safeguard them important across different areas of smart applications. Our study presents a system to detect alterations to biometric modalities to discriminate pristine, adulterated, and fake biometrics in 5G-based smart …

Ultrapin: Inferring Pin Entries Via Ultrasound, Liu, Ximing, Robert H. Deng, Robert H. Deng

Research Collection School Of Computing and Information Systems

While PIN-based user authentication systems such as ATM have long been considered to be secure enough, they are facing new attacks, named UltraPIN, which can be launched from commodity smartphones. As a target user enters a PIN on a PIN-based user authentication system, an attacker may use UltraPIN to infer the PIN from a short distance (50 cm to 100 cm). In this process, UltraPIN leverages smartphone speakers to issue human-inaudible ultrasound signals and uses smartphone microphones to keep recording acoustic signals. It applies a series of signal processing techniques to extract high-quality feature vectors from low-energy and high-noise signals …

An Efficient Privacy Preserving Message Authentication Scheme For Internet-Of-Things, Jiannan Wei, Tran Viet Xuan Phuong, Guomin Yang

Research Collection School Of Computing and Information Systems

As an essential element of the next generation Internet, Internet of Things (IoT) has been undergoing an extensive development in recent years. In addition to the enhancement of peoples daily lives, IoT devices also generate/gather a massive amount of data that could be utilized by machine learning and big data analytics for different applications. Due to the machine-to-machine communication nature of IoT, data security and privacy are crucial issues that must be addressed to prevent different cyber attacks (e.g., impersonation and data pollution/poisoning attacks). Nevertheless, due to the constrained computation power and the diversity of IoT devices, it is a …

Biometrics For Internet‐Of‐Things Security: A Review, Wencheng Yang, Song Wang, Nor Masri Sahri, Nickson M. Karie, Mohiuddin Ahmed, Craig Valli

Research outputs 2014 to 2021

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric …

Secure Authentication And Privacy-Preserving Techniques In Vehicular Ad-Hoc Networks (Vanets), Dakshnamoorthy Manivannan, Shafika Showkat Moni, Sherali Zeadally

Computer Science Faculty Publications

In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that …

Designing Leakage-Resilient Password Entry On Head-Mounted Smart Wearable Glass Devices, Yan Li, Yao Cheng, Wenzhi Meng, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

With the boom of Augmented Reality (AR) and Virtual Reality (VR) applications, head-mounted smart wearable glass devices are becoming popular to help users access various services like E-mail freely. However, most existing password entry schemes on smart glasses rely on additional computers or mobile devices connected to smart glasses, which require users to switch between different systems and devices. This may greatly lower the practicability and usability of smart glasses. In this paper, we focus on this challenge and design three practical anti-eavesdropping password entry schemes on stand-alone smart glasses, named gTapper, gRotator and gTalker. The main idea is to …

Editing-Enabled Signatures: A New Tool For Editing Authenticated Data, Binanda Sengupta, Yingjiu Li, Yangguang Tian, Robert H. Deng

Research Collection School Of Computing and Information Systems

Data authentication primarily serves as a tool to achieve data integrity and source authentication. However, traditional data authentication does not fit well where an intermediate entity (editor) is required to modify the authenticated data provided by the source/data owner before sending the data to other recipients. To ask the data owner for authenticating each modified data can lead to higher communication overhead. In this article, we introduce the notion of editing-enabled signatures where the data owner can choose any set of modification operations applicable on the data and still can restrict any possibly untrusted editor to authenticate the data modified …

Apparatus For Securely Configuring A Target Device And Associated Methods, Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, David Kotz

Other Faculty Materials

Apparatus and method securely transfer first data from a source device to a target device. A wireless signal having (a) a higher speed channel conveying second data and (b) a lower speed channel conveying the first data is transmitted. The lower speed channel is formed by selectively transmitting the wireless signal from one of a first and second antennae of the source device based upon the first data. The first and second antenna are positioned a fixed distance apart and the target device uses a received signal strength indication (RSSI) of the first signal to decode the lower speed channel …

Digital Age Of Consent And Age Verification: Can They Protect Children?, Liliana Pasquale, Paola Zippo, Cliona Curley, Brian O'Neill, Marina Mongiello

Articles

Children are increasingly accessing social media content through mobile devices. Existing data protection regulations have focused on defining the digital age of consent, in order to limit collection of children’s personal data by organizations. However, children can easily bypass the mechanisms adopted by apps to verify their age, and thereby be exposed to privacy and safety threats. We conducted a study to identify how the top 10 social and communication apps among underage users apply age limits in their Terms of Use. We also assess the robustness of the mechanisms these apps put in place to verify the age of …

Diota: Decentralized Ledger Based Framework For Data Authenticity Protection In Iot Systems, Lei Xu, Lin Chen, Zhimin Gao, Xinxin Fan, Taeweon Suh, Weidong Shi

Computer Science Faculty Publications and Presentations

It is predicted that more than 20 billion IoT devices will be deployed worldwide by 2020. These devices form the critical infrastructure to support a variety of important applications such as smart city, smart grid, and industrial internet. To guarantee that these applications work properly, it is imperative to authenticate these devices and data generated from them. Although digital signatures can be applied for these purposes, the scale of the overall system and the limited computation capability of IoT devices pose two big challenges. In order to overcome these obstacles, we propose DIoTA, a novel decentralized ledger-based authentication framework for …

Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park

VMASC Publications

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication …

A Privacy Framework For Decentralized Applications Using Blockchains And Zero Knowledge Proofs, David Gabay

FIU Electronic Theses and Dissertations

With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage of EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided …

Work-In-Progress: Iot Device Signature Validation, Jeffrey Hemmes

Regis University Faculty Publications

Device fingerprinting is an area of security that has received renewed attention in recent years, with a number of classification methods proposed that rely on characteristics unique to a particular vendor or device type. Current works are limited to determining device type for purposes of access control and MAC address spoof prevention. This work synthesizes multiple sources of information to verify device capabilities in a device profile, which can be used in a number of applications not limited to authentication and authorization. The approach proposed in this paper relies on existing protocols and methods proposed in the literature, using a …

Proximity Detection With Single-Antenna Iot Devices, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz

Dartmouth Scholarship

Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for …

Using Vibrations From A Smartring As An Out-Of-Band Channel For Sharing Secret Keys, Sougata Sen, Varun Mishra, David Kotz

Dartmouth Scholarship

With the rapid growth in the number of Internet of Things (IoT) devices with wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this work, we empirically investigate the possibility of using an out-of-band communication channel – vibration, generated …

Securing Messaging Services Through Efficient Signcryption With Designated Equality Test, Yujue Wang, Hwee Hwa Pang, Robert H. Deng, Yong Ding, Qianhong Wu, Bo Qin

Research Collection School Of Computing and Information Systems

To address security and privacy issues in messaging services, we present a public key signcryption scheme with designated equality test on ciphertexts (PKS-DET) in this paper. The scheme enables a sender to simultaneously encrypt and sign (signcrypt) messages, and to designate a tester to perform equality test on ciphertexts, i.e., to determine whether two ciphertexts signcrypt the same underlying plaintext message. We introduce the PKS-DET framework, present a concrete construction and formally prove its security against three types of adversaries, representing two security requirements on message confidentiality against outsiders and the designated tester, respectively, and a requirement on message unforgeability …