Masquerade Attack Research Articles

基于身份的跨域直接匿名认证机制

In view of the shortcomings of high computational overhead and failure in cross-domain anonymous authentication existed in TCG DAA program, this paper proposes a cross-domain direct anonymous attestation scheme based on identity, in which the proxy signature and direct anonymous attestation technology are employed for the trusted mobile platform (TMP) in mobile Internet. On the base of the legitimacy of the DAA signature, the verifier of remote domain identifies the authenticity of TMP, during which the remote attestation system is security-enhanced by a key agreement. Analyzed in Canetti-Krawczyk (CK) model, this authentication scheme is anonymous, unrelated and high-performance. We demonstrate that it can resist masquerade attacks, reply attacks and platform substitution attacks. It is effective and more suitable for the mobile Internet and other wireless networks.

Unsupervised anomaly detection within non‐numerical sequence data by average index difference, with application to masquerade detection

Anomaly detection within non‐numerical sequence data has developed into an important topic of data mining, but comparatively little research has been done regarding anomaly detection without training data (unsupervised anomaly detection). One application found in computer security is the detection of a so‐called masquerade attack, which consists of an attacker abusing a regular account. This leaves only the session input, which is basically a string of non‐numerical commands, for analysis. Our previous approach to this problem introduced the use of the so‐called average index difference function for mapping the non‐numerical symbol data to a numerical space. In the present paper, we examine the theoretical properties of the average index difference function, present an enhanced unsupervised anomaly detection algorithm based on the average index difference function, show the parameters to be theoretically inferable, and evaluate the performance using real‐world data. Copyright © 2014 John Wiley & Sons, Ltd.

User Profiles and Identifing User Behaviour in the Cloud Computing Environment

In this paper, for the detection of the masquerade attacks in the cloud infrastructure collaborative filtering algorithm based on the cloud model is proposed. One of the advantages of this model is the identification of the similarity between the users on the basis of the cloud model. While using the similarity measurement method based on the cloud model, it does not require a strict comparison between the score value of operations used by different users. Here we provide the calculation of the statistic features of the score values of all operations used by the user at the access point, then we provide a comparison of statistics features of the input data and based of these we determine the similarity between the input data.

Analysis and improvement of a multi-factor biometric authentication scheme

In order to enhance the security in wireless communication, authentication schemes come to be more crucial and widely deployed recently, especially those which are referred to as multi-factor biometric authentication that base on password, biometrics, and smart card protections. A new scheme in this way was proposed in 2010 by Li and Hwang. Then Das extended the work of Li et al. and made an improvement of their weak scheme in 2011. However, in 2012, Younghwa An demonstrated that Das's protocol failed to achieve mutual authentication for the server and the user. In this paper, it is described that Younghwa An's scheme cannot withstand the following two attacks. i It is still vulnerable to replay attack, then an adversary can masquerade as the legal server. ii It cannot provide user anonymity and resistance to user masquerading attack, because an adversary can execute the re-registration process by intercepting the IDi in the login phase. Therefore, an improvement to Younghwa An's scheme is presented in this paper. Then, security formal analysis of the modified scheme using the Burrows-Abadi-Needham logic is given, which demonstrates that the modified scheme with slight high computation costs can protect against the several possible attacks. Copyright © 2014 John Wiley & Sons, Ltd.

Masquerade attack on transform-based binary-template protection based on perceptron learning

With the increasing deployment of biometric systems, security of the biometric systems has become an essential issue to which serious attention has to be given. To prevent unauthorized access to a biometric system, protection has to be provided to the enrolled biometric templates so that if the database is compromised, the stored information will not enable any adversary to impersonate the victim in gaining an illegal access. In the past decade, transform-based template protection that stores binary one-way-transformed templates (e.g. Biohash) has appeared being one of the benchmark template protection techniques. While the security of such approach lies in the non-invertibility of the transform (e.g. given a transformed binary template, deriving the corresponding face image is infeasible), we will prove in this paper that, irrespective of whether the algorithm of transform-based approach is revealed, a synthetic face image can be constructed from the binary template and the stolen token (storing projection and discretization parameters) to obtain a highly-probable positive authentication response. Our proposed masquerade attack algorithms are mainly composed of a combination of perceptron learning and customized hill climbing algorithms. Experimental results show that our attack algorithms achieve very promising results where the best setting of our attack achieves 100% and 98.3% rank one recognition rates for the CMU PIE and FRGC databases correspondingly when the binarization algorithm (transformation plus discretization) is known; and 85.29% and 46.57% rank one recognition rates for the CMU PIE and FRGC databases correspondingly when the binarization algorithm is unknown.

Efficient and secure dynamic ID‐based remote user authentication scheme for distributed systems using smart cards

In a distributed environment, a fundamental concern is authentication of local and remote users in insecure communication networks. Absolutely, legitimate users are more powerful attackers, since they possess internal system information not available to an intruder. Therefore many remote user authentication schemes for distributed systems have been proposed. These schemes claimed that they could resist various attacks. However, they were found to have some weaknesses later. Lee et al . proposed a secure dynamic ID-based remote user authentication scheme for the multi-server environment using smart cards and claimed that their scheme could protect against masquerade attacks, server spoofing attack, registration server spoofing attack and insider attack. In this study, the authors show that Lee et al .'s scheme is still vulnerable to password guessing attack, server spoofing attack and masquerade attack. To propose a viable authentication scheme for distributed systems, we remedy the flaws of Lee et al .'s scheme and propose an efficient improvement over Lee et al .'s scheme. Furthermore, we compare the proposed scheme with related ones to prove that the computation cost, security and efficiency of the proposed scheme are well suitable for practical applications in a distributed system.

Cryptanalysis of an Improved Smartcard-based Remote Password Authentication Scheme

In recent years, several dynamic identity-based two-factor user authentication using password and smartcard have been proposed to provide mutual authentication between the user and server over unreliable networks. However, the design of secure cryptographic schemes is still notoriously hard, and there have been several instances of detected flaws in published schemes. For example in 2010, Hao and Yu demonstrated that Wang et al.'s user authe ntication scheme is insecure against off-line password guessing and server masquerade attacks, and proposed an improved scheme. Subsequently in 2012, Chao pointed out that the improved scheme of Hao and Yu is, unfortunately, susceptible to off-line password guessing and server masquerade attacks, and prone to password backward security problem; and proposed an enhanced scheme. In this paper, we demonstrated that Chao's enhanced scheme is not secure against user masquerade attack, server masquerade attack, insider attack and off-line password guessing attack in violation of its security claim as well as it fails to achieve users' anonymity.

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Protocol for trusted channel based on portable trusted module

Web-based e-commerce applications need a trusted channel, which provides confidential communication, identity authentication and integrity assurance of endpoints, to guarantee the security of electronic transactions. A user-oriented trusted computing system based on Portable Trusted Module (PTM) is presented. Remote attestation is incorporated into Transport Layer Security (TLS) handshake protocol based on PTM so as to establish a trusted channel between two endpoints in network. This protocol can resist masquerading, trusted path and runtime attacks and propagate the trust in the computing system to the end user effectively. The test results of our proof-of-concept prototype show that our protocol for trusted channel is feasible for deployment in e-commerce applications on the Internet.

Dynamic Change Reporting of Platform Configuration

TCG group introduced the Remote Attestation Protocol, which has a weak point that makes it vulnerable to a masquerade attack. In this paper, a new method is introduced for improving the security of this protocol against masquerading attacks. The security of the improved protocol is analyzed using AVISPA tools. Advantages of the improved protocol include a reduced number of messages and lower cost, which prevents useless communication. Furthermore, an improved mechanism for measuring and reporting the changes is recommended. Combining the above mentioned, improved protocol with the improved integrity measurement and reporting mechanism can solve the existing problem in certain critical applications.

Cryptanalysis and an Efficient Secure ID-based Remote User Authentication using Smart Card

Remote User authentication protocol is used for verifying the legitimacy of a remote user over insecure network environments. Recently, many secure ID based remote user authentication scheme using smart card have been proposed in the literature. In 2012, Ratan-Sanjay [1] proposed secure ID based remote user authentication scheme using smart card and claimed that their scheme can avoid all types of security flaws and feasible in terms of computation and storage cost. But We have pointed out that their scheme is insecure against user impersonation attack, server masquerading attack, off-line password guessing attack, off-line identity guessing attack, session key recovery attack and smart card stolen attack. So, their scheme can not be used for practical implementation in terms of security. Further, their scheme takes more computation and communication cost than the proposed scheme. To overcome these weakness, we have proposed an efficient secure ID based remote user authentication scheme using smart card based on cryptographic one way hash function. The proposed scheme resists all possible attacks and provides better computation and communication cost than Ratan-Sanjay’s [1] scheme published earlier.

An Improvement of Wang. et. al. 's Remote User Authentication Scheme against Smart Card Security Breach

User authentication is one of the fundamental procedures to provide secure communications between user and server over an insecure public channel. Recently, Wang et. al. proposed password-based user authentication scheme based on hash function and modular exponentiation and they claimed that their scheme provides strong authentication than related scheme. But in this paper, it is pointed out that their scheme suffers from off-line password guessing attack, off-line identity guessing attack, user impersonation attack, server masquerading attack, smart card stolen attack and password change attack. Then an improved scheme over Wang et. al.’s scheme has been proposed to overcome their weaknesses. The proposed scheme resists all possible attacks and provides more security than wang et. al’s scheme, published earlier.

The Windows-Users and -Intruder simulations Logs dataset (WUIL): An experimental framework for masquerade detection mechanisms

We introduce a new masquerade dataset, called Windows-Users and -Intruder simulations Logs (WUIL), which, unlike existing datasets, involves more faithful masquerade attempts. While building WUIL, we have worked under the hypothesis that the way in which a user navigates her file system structure can neatly separate a masquerade attack. Thus, departing from standard practice, we state that it is not a user action, but the object upon which the action is carried out what distinguishes user participation. We shall argue that this approach, based on file system navigation provides a richer means, and at a higher-level of abstraction, for building novel models for masquerade detection.We shall devote an important part of this paper to describe WUIL’s content: what information about user activity is stored and how it is represented; prominent characteristics of the participant users; the kinds of masquerade attacks to be timely detected; and the way they have been simulated. We shall argue that WUIL provides reliable data for experimenting on close to real-life instances of masquerade detection, as well as for conducting fair comparisons on rival detection mechanisms, hoping it will be of use to the research community.As a side contribution of this paper, we use WUIL to conduct a simple comparison of two masquerade detection methods: one based on SVM, and the other based on KNN. While this comparison experiment is not central to the paper, we expect it to motivate research exploring deeper the masquerade detection problem, and spreading the use of WUIL. In a similar vein, we provide directions for further research, hinting on how to use the features contained in WUIL, and hoping others would find them appealing.

Preserving user‐participation for insecure network communications with CAPTCHA and visual secret sharing technique

How to provide confidential communications for involved users is always a critical challenge in designing a network system. Especially, people must face malicious attacks while surfing over an insecure network, such as brute force attack, password guessing attack, DOS attack, masquerade attack, replay attack or Trojan horse risk. Let these attacks be surveyed in more detail, and the authors can find the fact that the intruder usually launches these through thousands of trials without the interaction between the user and server. Of course, these trials are performed via bots. Thus, this study aims to develop a robust system that can guarantee the user-participation essential in the communication. That is, if the involved participants cannot prove that they are human beings, then the system will terminate the connection to prevent the attack. To achieve this, the authors apply the techniques of CAPTCHA and visual secret sharing into this system. Aside from proving the correctness of the authentication between the involved participants, the authors have conducted experiments to demonstrate the practicability of the proposed system.

An Improved Efficient Remote User Authentication Scheme in Multi-server Environment using Smart Card

In a single server environment, one server is responsible for providing services to all the authorized remote users. However, the problem arises if a user wishes to access several network services. To overcome this weakness, various multi-server authentication schemes have been proposed. In 2012, Taygi et al. [1] proposed a scheme for multi-server environment. But it is found that their proposed scheme is insecure against user impersonation attack, server masquerading attack, collaboration attack between a valid user and a server, smart card stolen attack, password guessing attack and password change attack. Then we propose an improved scheme can overcome possible attacks and also provides better computational cost as well as communication cost than related schemes published earlier.

Khan 인증기법의 취약점 분석과 개선된 사용자 익명성 제공 인증기법

본 논문에서는 2011년 Khan[7] 등에 의해 제안된 사용자 익명성 제공 인증기법에 대한 취약점을 분석하고, 이러한 취약점을 개선한 새로운 사용자 익명성 제공 인증기법을 제안한다. Khan의 인증기법은 내부자 공격에 취약하고 서버에 대한 사용자 익명성을 제공하지 못한다. 또한, 패스워드 변경 단계를 제안하고 있음에도 불구하고, 여전히 패스워드 오입력시의 취약점이 존재한다. 본 논문에서는 Khan 기법이 스마트카드를 분실할 경우의 취약점과 강력한 서버/사용자 가장 공격에도 취약함을 보인다. 제안 인증기법은 이러한 취약점들을 개선하여 사용자에게 보다 안전한 프라이버시를 제공할 수 있는 향상된 사용자 익명성을 제안한다. In this paper, we analyse the weaknesses of authentication scheme preserving user anonymity proposed by Khan et al in 2011 and we propose a new authentication schemes preserving user anonymity that improved these weaknesses. Khan et al's authentication scheme is vulnerable to insider attack and doesn't provide user anonymity to the server. Also, this scheme is still a weakness of wrong password input by mistake in spite of proposing the password change phase. In this paper, we will show that Khan et al's scheme is vulnerable to the stolen smart card attack and the strong server/user masquerade attack. The proposed authentication scheme propose the improved user anonymity, which can provide more secure privacy to user by improving these weaknesses.

Advanced Secure User Authentication Framework for Cloud Computing

Abstract Cloud Computing, as an emerging, virtual, large-scale distributed computing model, has gained increasing attention these years. Meanwhile it also faces many security challenges, one of which is authentication. Lots of researches have been done in this area. Recently, Choudhury et al proposed a user authentication framework to ensure user legitimacy before entering into the cloud. They claimed their scheme could provide identity management, mutual authentication, session key agreement between the user and the cloud server, and demanded user password change. However, we find the scheme will easily suffer from some attacks such as the masquerading attack, the OOB (out of band) attack, and the password change flaw through our analysis. In this paper, we first point out the security vulnerabilities to the Choudhury et al’s scheme, and present the detailed attacks on the scheme. Then, based on some remote user authentication schemes such as Ku-Chen’s scheme and Chen’s scheme, we apply the two-factor authentication technology to propose our advanced secure user authentication framework which can overcome above security shortages. Without sending one time key through secure OOB channel, our new protocol is able to ensure that only legitimate users can access the cloud service based on smartcard. In addition, our advanced scheme can hold all the merits of the Choudhury et al’s scheme. Formal security analysis, which is based on the strand space model and authentication test, proves that our proposed scheme is secure under standard cryptographic. Also, the simulation results illustrate that our advanced scheme is more efficient on the communication performance than other schemes.

Ntrusion Detection of Masquerading Attacks & Secure Authentication in Cloud

This paper proposed for a new authenticated access control scheme for securing data in cloud system. In this scheme cloud system verifies the authenticity of user and provides access control only to applicable user to decrypt the stored data. The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. By impersonating legal users, intruders can use the copious resources of cloud computing environments. CIDS also provides a component to summarize the alerts and inform the cloud administrator. CIDS architecture is scalable and elastic with no central coordinator. This paper also describes the components, architecture, detection models, and advantages of CIDS. Keywords - Authentication, Attribute-based signatures, Attribute-based encryption, intrusion detection, and masquerade attacks

Noninvertible Minutia Cylinder-Code Representation

Although several fingerprint template protection methods have been proposed in the literature, the problem is still unsolved, since enforcing nonreversibility tends to produce an excessive drop in accuracy. Furthermore, unlike fingerprint verification, whose performance is assessed today with public benchmarks and protocols, performance of template protection approaches is often evaluated in heterogeneous scenarios, thus making it very difficult to compare existing techniques. In this paper, we propose a novel protection technique for Minutia Cylinder-Code (MCC), which is a well-known local minutiae representation. A sophisticate algorithm is designed to reverse MCC (i.e., recovering original minutiae positions and angles). Systematic experimentations show that the new approach compares favorably with state-of-the-art methods in terms of accuracy and, at the same time, provides a good protection of minutiae information and is robust against masquerade attacks.

An improved remote password authentication scheme with smart card

This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in our proposed scheme the password is no longer involved in the calculation of verification phase which makes our scheme more secure and costs less than the old one. At last we analyze the performance of our proposed scheme to prove it provides mutual authentication between the user and the server. Moreover, it also resists password guessing attack, server and user masquerade attack and replay attack effectively.