Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
Articles 1 - 13 of 13
Full-Text Articles in Physical Sciences and Mathematics
Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park
Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park
VMASC Publications
In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication …
A Privacy Framework For Decentralized Applications Using Blockchains And Zero Knowledge Proofs, David Gabay
A Privacy Framework For Decentralized Applications Using Blockchains And Zero Knowledge Proofs, David Gabay
FIU Electronic Theses and Dissertations
With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage of EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided …
Work-In-Progress: Iot Device Signature Validation, Jeffrey Hemmes
Work-In-Progress: Iot Device Signature Validation, Jeffrey Hemmes
Regis University Faculty Publications
Device fingerprinting is an area of security that has received renewed attention in recent years, with a number of classification methods proposed that rely on characteristics unique to a particular vendor or device type. Current works are limited to determining device type for purposes of access control and MAC address spoof prevention. This work synthesizes multiple sources of information to verify device capabilities in a device profile, which can be used in a number of applications not limited to authentication and authorization. The approach proposed in this paper relies on existing protocols and methods proposed in the literature, using a …
Proximity Detection With Single-Antenna Iot Devices, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz
Proximity Detection With Single-Antenna Iot Devices, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz
Dartmouth Scholarship
Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for …
Using Vibrations From A Smartring As An Out-Of-Band Channel For Sharing Secret Keys, Sougata Sen, Varun Mishra, David Kotz
Using Vibrations From A Smartring As An Out-Of-Band Channel For Sharing Secret Keys, Sougata Sen, Varun Mishra, David Kotz
Dartmouth Scholarship
With the rapid growth in the number of Internet of Things (IoT) devices with wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this work, we empirically investigate the possibility of using an out-of-band communication channel – vibration, generated …
Securing Messaging Services Through Efficient Signcryption With Designated Equality Test, Yujue Wang, Hwee Hwa Pang, Robert H. Deng, Yong Ding, Qianhong Wu, Bo Qin
Securing Messaging Services Through Efficient Signcryption With Designated Equality Test, Yujue Wang, Hwee Hwa Pang, Robert H. Deng, Yong Ding, Qianhong Wu, Bo Qin
Research Collection School Of Computing and Information Systems
To address security and privacy issues in messaging services, we present a public key signcryption scheme with designated equality test on ciphertexts (PKS-DET) in this paper. The scheme enables a sender to simultaneously encrypt and sign (signcrypt) messages, and to designate a tester to perform equality test on ciphertexts, i.e., to determine whether two ciphertexts signcrypt the same underlying plaintext message. We introduce the PKS-DET framework, present a concrete construction and formally prove its security against three types of adversaries, representing two security requirements on message confidentiality against outsiders and the designated tester, respectively, and a requirement on message unforgeability …
Closetalker: Secure, Short-Range Ad Hoc Wireless Communication, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz
Closetalker: Secure, Short-Range Ad Hoc Wireless Communication, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz
Dartmouth Scholarship
Secure communication is difficult to arrange between devices that have not previously shared a secret. Previous solutions to the problem are susceptible to man-in-the-middle attacks, require additional hardware for out-of-band communication, or require an extensive public-key infrastructure. Furthermore, as the number of wireless devices explodes with the advent of the Internet of Things, it will be impractical to manually configure each device to communicate with its neighbors. Our system, CloseTalker, allows simple, secure, ad hoc communication between devices in close physical proximity, while jamming the signal so it is unintelligible to any receivers more than a few centimeters away. CloseTalker …
Image-Based Authentication, Mozhgan Azimpourkivi
Image-Based Authentication, Mozhgan Azimpourkivi
FIU Electronic Theses and Dissertations
Mobile and wearable devices are popular platforms for accessing online services. However, the small form factor of such devices, makes a secure and practical experience for user authentication, challenging. Further, online fraud that includes phishing attacks, has revealed the importance of conversely providing solutions for usable authentication of remote services to online users. In this thesis, we introduce image-based solutions for mutual authentication between a user and a remote service provider. First, we propose and develop Pixie, a two-factor, object-based authentication solution for camera-equipped mobile and wearable devices. We further design ai.lock, a system that reliably extracts from images, authentication …
Suaa: A Secure User Authentication Scheme With Anonymity For The Single & Multi-Server Environments, Nassoro M. R. Lwamo, Liehuang Zhu, Chang Xu, Kashif Sharif, Ximeng Liu, Chuan Zhang
Suaa: A Secure User Authentication Scheme With Anonymity For The Single & Multi-Server Environments, Nassoro M. R. Lwamo, Liehuang Zhu, Chang Xu, Kashif Sharif, Ximeng Liu, Chuan Zhang
Research Collection School Of Computing and Information Systems
The rapid increase in user base and technological penetration has enabled the use of a wide range of devices and applications. The services are rendered to these devices from single-server or highly distributed server environments, irrespective of their location. As the information exchanged between servers and clients is private, numerous forms of attacks can be launched to compromise it. To ensure the security, privacy, and availability of the services, different authentication schemes have been proposed for both single-server and multi-server environments. The primary performance objective of such schemes is to prevent most (if not all) attacks, with minimal computational costs …
Continuous Smartphone Authentication Using Wristbands, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz
Continuous Smartphone Authentication Using Wristbands, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz
Dartmouth Scholarship
Many users find current smartphone authentication methods (PINs, swipe patterns) to be burdensome, leading them to weaken or disable the authentication. Although some phones support methods to ease the burden (such as fingerprint readers), these methods require active participation by the user and do not verify the user’s identity after the phone is unlocked. We propose CSAW, a continuous smartphone authentication method that leverages wristbands to verify that the phone is in the hands of its owner. In CSAW, users wear a wristband (a smartwatch or a fitness band) with built-in motion sensors, and by comparing the wristband’s motion with …
Maia: A Language For Mandatory Integrity Controls Of Structured Data, Wassnaa Al-Mawee, Paul Bonamy, Steven Carr, Jean Mayo
Maia: A Language For Mandatory Integrity Controls Of Structured Data, Wassnaa Al-Mawee, Paul Bonamy, Steven Carr, Jean Mayo
Michigan Tech Publications
The integrity of systems files is necessary for the secure functioning of an operating system. Integrity is not generally discussed in terms of complete computer systems. Instead, integrity issues tend to be either tightly coupled to a particular domain (e.g. database constraints), or else so broad as to be useless except after the fact (e.g. backups). Often, file integrity is determined by who modifies the file or by a checksum. This paper focuses on a general model of the internal integrity of a file. Even if a file is modified by a subject with trust or has a valid checksum, …
Online Authentication Methods Used In Banks And Attacks Against These Methods, Anoud Bani-Hani, Munir Majdalweieh, Aisha Alshamsi
Online Authentication Methods Used In Banks And Attacks Against These Methods, Anoud Bani-Hani, Munir Majdalweieh, Aisha Alshamsi
All Works
© 2019 The Authors. Published by Elsevier B.V. Growing threats and attacks to online banking security (e.g. phishing, identity theft) motivates most banks to look for and use stronger authentication methods instead of using a normal username and password authentication. The main objective of the research is to identify the most common online authentication methods used widely in international banks and compare it with the methods used in six banks operating in UAE. In addition, this research will cover the current authentication threats and attacks against these methods. Two well-defined comparison matrices [15], one based on characteristics and second one …
When Human Cognitive Modeling Meets Pins: User-Independent Inter-Keystroke Timing Attacks, Ximing Liu, Yingjiu Li, Robert H. Deng, Bing Chang, Shujun Li
When Human Cognitive Modeling Meets Pins: User-Independent Inter-Keystroke Timing Attacks, Ximing Liu, Yingjiu Li, Robert H. Deng, Bing Chang, Shujun Li
Research Collection School Of Computing and Information Systems
This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that …