Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Theses/Dissertations

Authentication

Discipline
Institution
Publication Year
Publication

Articles 31 - 44 of 44

Full-Text Articles in Physical Sciences and Mathematics

Exploiting Human Factors In User Authentication, Payas Gupta Jan 2013

Exploiting Human Factors In User Authentication, Payas Gupta

Dissertations and Theses Collection (Open Access)

Our overarching issue in security is the human factor – and dealing with it is perhaps one of the biggest challenges we face today. Human factor is often described as the weakest part of a security system and users are often described as the weakest link in the security chain. In this thesis, we focus on two problems which are caused by human factors in user authentication and propose respective solutions. a) Secrecy information inference attack – publicly available information can be used to infer some secrecy information about the user. b) Coercion attack – where an attacker forces a …

Go to article

Security On Medical Wireless Sensor Networks, Eric D. Southern Aug 2012

Security On Medical Wireless Sensor Networks, Eric D. Southern

Electronic Thesis and Dissertation Repository

Wireless technology is fast becoming a very important tool for all aspects of communication. An area that lacks a strong implementation for wireless communication is the medical field. Wireless systems could be used by clinicians to be better able to diagnose and monitor patients. The reason behind the lack of adoption in healthcare is due to the need to meet the legislated and perceived requirements of security and privacy when dealing with clinical information. The current methods of wireless authentication are investigated and an existing issue in mobile networks is described and solved with two novel solutions; one solution within …

Go to article

Construction Of Efficient Authentication Schemes Using Trapdoor Hash Functions, Santosh Chandrasekhar Jan 2011

Construction Of Efficient Authentication Schemes Using Trapdoor Hash Functions, Santosh Chandrasekhar

University of Kentucky Doctoral Dissertations

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor …

Go to article

Exploring Identity Management At Community Colleges In Texas With Open Access To College Computer Networks, Michael John Callahan Jan 2011

Exploring Identity Management At Community Colleges In Texas With Open Access To College Computer Networks, Michael John Callahan

Walden Dissertations and Doctoral Studies

The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state's mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron's internal security management model with the external trust models of the Liberty Alliance and Microsoft's Passport software. …

Go to article

Protecting Privacy And Ensuring Security Of Rfid Systems Using Private Authentication Protocols, Md. Endadul Hoque Aug 2010

Protecting Privacy And Ensuring Security Of Rfid Systems Using Private Authentication Protocols, Md. Endadul Hoque

Master's Theses (2009 -)

Radio Frequency IDentification (RFID) systems have been studied as an emerging technology for automatic identification of objects and assets in various applications ranging from inventory tracking to point of sale applications and from healthcare applications to e-passport. The expansion of RFID technology, however, gives rise to severe security and privacy concerns. To ensure the widespread deployment of this technology, the security and privacy threats must be addressed. However, providing solutions to the security and privacy threats has been a challenge due to extremely inadequate resources of typical RFID tags. Authentication protocols can be a possible solution to secure RFID communications. …

Go to article

Convenient Decentralized Authentication Using Passwords, Timothy W. Van Der Horst Mar 2010

Convenient Decentralized Authentication Using Passwords, Timothy W. Van Der Horst

Theses and Dissertations

Passwords are a very convenient way to authenticate. In terms of simplicity and portability they are very difficult to match. Nevertheless, current password-based login mechanisms are vulnerable to phishing attacks and typically require users to create and manage a new password for each of their accounts. This research investigates the potential for indirect/decentralized approaches to improve password-based authentication. Adoption of a decentralized authentication mechanism requires the agreement between users and service providers on a trusted third party that vouches for users' identities. Email providers are the de facto trusted third parties on the Internet. Proof of email address ownership is …

Go to article

Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler Jul 2008

Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler

Theses and Dissertations

The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP …

Go to article

Wireless Authentication Using Remote Passwords, Andrew S. Harding Jan 2008

Wireless Authentication Using Remote Passwords, Andrew S. Harding

Theses and Dissertations

Current authentication methods for wireless networks are difficult to maintain. They often rely on globally shared secrets or heavyweight public-key infrastructure. Wireless Authentication using Remote Passwords (WARP) mitigates authentication woes by providing usable mechanisms for both administrators and end-users. Administrators grant access by simply adding users' personal messaging identifiers (e.g., email addresses, IM handles, cell phone numbers) to an access control list. There is no need to store passwords or other account information. Users simply prove ownership of their authorized identifier to obtain wireless access.

Go to article

Extensible Pre-Authentication In Kerberos, Phillip L. Hellewell Jul 2007

Extensible Pre-Authentication In Kerberos, Phillip L. Hellewell

Theses and Dissertations

Organizations need to provide services to a wide range of people, including strangers outside their local security domain. As the number of users grows larger, it becomes increasingly tedious to maintain and provision user accounts. It remains an open problem to create a system for provisioning outsiders that is secure, flexible, efficient, scalable, and easy to manage. Kerberos is a secure, industry-standard protocol. Currently, Kerberos operates as a closed system; all users must be specified upfront and managed on an individual basis. This paper presents EPAK (Extensible Pre-Authentication in Kerberos), a framework that enables Kerberos to operate as an open …

Go to article

Beyond Passswords: Usage And Policy Transformation, Alan S. Alsop Mar 2007

Beyond Passswords: Usage And Policy Transformation, Alan S. Alsop

Theses and Dissertations

The purpose of this research is to determine whether the transition to a two-factor authentication system is more secure than a system that relied only on what users “know” for authentication. While we found that factors that made passwords inherently vulnerable did not transfer to the PIN portion of a two-factor authentication system, we did find significant problems relating to usability, worker productivity, and the loss and theft of smart cards. The new authentication method has disrupted our ability to stay connected to ongoing mission issues, forced some installations to cut off remote access for their users and in one …

Go to article

Extending Distributed Temporal Protocol Logic To A Proof Based Framework For Authentication Protocols, Shahabuddin Muhammad Jan 2007

Extending Distributed Temporal Protocol Logic To A Proof Based Framework For Authentication Protocols, Shahabuddin Muhammad

Electronic Theses and Dissertations

Running critical applications, such as e-commerce, in a distributed environment requires assurance of the identities of the participants communicating with each other. Providing such assurance in a distributed environment is a difficult task. The goal of a security protocol is to overcome the vulnerabilities of a distributed environment by providing a secure way to disseminate critical information into the network. However, designing a security protocol is itself an error-prone process. In addition to employing an authentication protocol, one also needs to make sure that the protocol successfully achieves its authentication goals. The Distributed Temporal Protocol Logic (DTPL) provides a language …

Go to article

Developing Strand Space Based Models And Proving The Correctness Of The Ieee 802.11i Authentication Protocol With Restricted Sec, Zeeshan Furqan Jan 2007

Developing Strand Space Based Models And Proving The Correctness Of The Ieee 802.11i Authentication Protocol With Restricted Sec, Zeeshan Furqan

Electronic Theses and Dissertations

The security objectives enforce the security policy, which defines what is to be protected in a network environment. The violation of these security objectives induces security threats. We introduce an explicit notion of security objectives for a security protocol. This notion should precede the formal verification process. In the absence of such a notion, the security protocol may be proven correct despite the fact that it is not equipped to defend against all potential threats. In order to establish the correctness of security objectives, we present a formal model that provides basis for the formal verification of security protocols. We …

Go to article

Digital Receipts: A System To Detect The Compromise Of Digital Certificates, Nathaniel Allen Seeley Nov 2006

Digital Receipts: A System To Detect The Compromise Of Digital Certificates, Nathaniel Allen Seeley

Theses and Dissertations

The ease of copying digital materials creates difficulty in detecting the theft of digital certificates. Uneducated users frequently fail to protect their digital certificate keys by not encrypting them, storing them in insecure places, and using them unwisely. In addition, there is no way to prove that protocols involving certificates are completely secure. This thesis introduces a system to ameliorate these problems by detecting the compromise of digital certificates. It leverages dual logging messages sent via side channels to a trusted third party. This third party correlates these messages and automatically detects when an imposter presents a certificate based on …

Go to article

Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan Jul 2004

Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan

Theses and Dissertations

Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the …

Go to article

First Prev