Multi-factor Authentication Scheme Research Articles

A Fog Computing and Blockchain-based Anonymous Authentication Scheme to Enhance Security in VANET Environments

Authentication of vehicles and users, integrity of exchanged messages, and privacy preservation are essential features in VANETs. VANETs are used to collect information on road conditions, vehicle location and speed, and traffic congestion data. The open exchange of information within VANETs poses serious security threats. Furthermore, existing schemes have higher communication and computational costs, making them incompatible with resource-constrained VANET applications. This study proposes a multifactor authentication and privacy-preserving security scheme for VANETs based on blockchain and fog computing to meet all these requirements. The proposed scheme uses fingerprints and Quick Response (QR) codes as a multifactor to authenticate vehicle users and fog-cloud computing techniques to reduce the computational burden on RSUs and improve service quality and resilience. Additionally, the scheme synchronizes a consistent ledger across all RSUs using blockchain technology to store and distribute vehicle authentication statuses. Through a thorough comparison with relevant current protocols, the scheme shows a much-reduced computing expense and communication burden in situations with high vehicle density within a timeframe of 6.3846 ms and 544 bytes for communication costs. In addition, the proposed scheme demonstrates a successful balance between efficacy and complexity, protecting confidentiality, anonymous authentication, and ensuring integrity and conditional tracking. Formal and informal security analysis showed that the proposed scheme is more reliable, practical, and secure against many hostile attacks, such as modification attacks, 51% attacks, Sybil attacks, and MITM attacks.

ECC-Based Anonymous and Multi-factor Authentication Scheme for IoT Environment

ECC-Based Anonymous and Multi-factor Authentication Scheme for IoT Environment

Analysis of Multi-factor Authentication (MFA) Schemes in Zero Trust Architecture (ZTA): Current State, Challenges, and Future Trends

Analysis of Multi-factor Authentication (MFA) Schemes in Zero Trust Architecture (ZTA): Current State, Challenges, and Future Trends

A novel lightweight multi-factor authentication scheme for MQTT-based IoT applications

The present authentication solutions employed in the Internet of Things (IoT) are either inadequate or computationally intensive, given the resource-constrained nature of IoT devices. This challenges the researchers to devise efficient solutions to embed an important security tenet like authentication. In IoT, the most popular machine-to-machine communication protocol used at the application layer is Message Queuing Telemetry Transport (MQTT). However, the MQTT protocol inherently lacks security-related functions, like authentication, authorization, confidentiality, access control, and data integrity, which is unacceptable for IoT-driven mission-critical applications when connected over public networks. In such a situation, the security is hardened by employing a transport layer security protocol like TLS, which entails significant computational overheads. This paper presents a novel scheme to enhance MQTT security by providing a lightweight multi-factor authentication scheme based on Elliptical curve cryptography. The proposed scheme uses a low-cost signature and a fuzzy extractor to correct errors in imprinted biometrics in noisy environments. This scheme attains mutual authentication, generates a securely agreed-upon session key for secret communication, and guarantees perfect forward secrecy. Furthermore, the rigorous informal security analysis shows the proposed scheme resists cryptographic attacks, including known session critical attacks. Furthermore, an empirical study has been carried out to assess the effectiveness of the proposed scheme in the Cooja simulated environment.

Opportunistic Sensor-Based Authentication Factors in and for the Internet of Things.

Communication between connected objects in the Internet of Things (IoT) often requires secure and reliable authentication mechanisms to verify identities of entities and prevent unauthorized access to sensitive data and resources. Unlike other domains, IoT offers several advantages and opportunities, such as the ability to collect real-time data through numerous sensors. These data contains valuable information about the environment and other objects that, if used, can significantly enhance authentication processes. In this paper, we propose a novel idea to building opportunistic sensor-based authentication factors by leveraging existing IoT sensors in a system of systems approach. The objective is to highlight the promising prospects of opportunistic authentication factors in enhancing IoT security. We claim that sensors can be utilized to create additional authentication factors, thereby reinforcing existing object-to-object authentication mechanisms. By integrating these opportunistic sensor-based authentication factors into multi-factor authentication schemes, IoT security can be substantially improved. We demonstrate the feasibility and effectivenness of our idea through illustrative experiments in a parking entry scenario, involving both mobile robots and cars, achieving high identification accuracy. We highlight the potential of this novel method to improve IoT security and suggest future research directions for formalizing and comparing our approach with existing techniques.

A BlockChain-Based IoT Data Securing and Sharing System for Attendance Management

Objective: An Internet of Things (IoT) network has constraints on power consumption, processing power and security of end devices in the network. On the other hand, blockchain technology has some difficulties in storage capacity, data privacy, the ability to revoke consent, energy usage, scalability, and speed. To overcome the individual limitations of these two technologies, we integrate these two to propose a new design with an intention to authenticate, secure and share data pertaining to attendance system. In this present work the primary implementation details of our proposed work regarding coding are analyzed and a straightforward solution is offered by using indexing. Methods: Through our proposed work we introduce a multifaceted authentication system for user device substantiation, a Public Key Infrastructure (PKI) and RSA (Rivest-Shamir-Adleman) based blockchain implementation for data sharing and a rule-based access control scheme used for accessing data. Findings: The system can work with unidirectional and bidirectional IoT networks, and the data is stored on blockchain, providing more security to the data generated on the IoT network. Blockchain technology is utilized to offer a solution for certain problems encountered within a widespread network. Furthermore, a multi-factor authentication scheme is introduced and a rule-based access control scheme to access the data. Novelty: The blockchain is emerging which can be used to decentralize management and protect sensitive data. In a blockchain based attendance system, no administrative authority is permitted to modify or erase data. The individual who adds a data entry to the blockchain cannot later deny their involvement in the action. On the blockchain, all of the data and history are accessible to every participant. The blockchain based attendance system needs to offer a database that can be trusted, secure, and impossible to manipulate. Keywords: Blockchain (BC), Internet of Things (IoT), Student Attendance Management (SAM), User Authentication Key (UAK), Data Sharing

Lightweight blockchain-based remote user authentication for fog-enabled IoT deployment

The Internet of Things (IoT) seeks to enhance human life by embedding everyday objects with intelligence. As deployed in diverse environments, IoT devices exchange substantial data to offer autonomously smart and innovative services. Cloud computing serves as an effective solution for processing and storing data from IoT devices, enabling remote access for end-users. However, authenticating remote users poses a critical challenge. Although several existing schemes tackle this challenge, they have notable security and performance weaknesses. This paper introduces a lightweight, distributed multi-factor authentication scheme for remote users in IoT. The proposed approach, named Lightchain, integrates blockchain technology and fog computing while incorporating a lightweight cryptographic hash function. The security of Lightchain is rigorously confirmed through formal verification using the well-recognized Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Additionally, we develop and assess Lightchain’s functionality using the solidity language across diverse use cases. A comparative analysis is presented to evaluate performance costs and security requirements against recent methods. The proposed scheme demonstrates efficiency and robustness, making it well-suited for a range of IoT applications.

Multi-factor authentication scheme based on custom attributes

Multi-factor authentication scheme based on custom attributes

AI-Oriented Two-Phase Multifactor Authentication in SAGINs: Prospects and Challenges

Space-air-ground integrated networks (SAGINs), which have emerged as an expansion of terrestrial networks, provide flexible access, ubiquitous coverage, high-capacity backhaul, and emergency/disaster recovery for mobile users (MUs). While the massive benefits brought by SAGIN may improve the quality of service, unauthorized access to SAGIN entities is potentially dangerous. At present, conventional crypto-based authentication is facing challenges, such as the inability to provide continuous and transparent protection for MUs. In this article, we propose an AI-oriented two-phase multi-factor authentication scheme (ATMAS) by introducing intelligence to authentication. The satellite and network control center collaborate on continuous authentication, while unique spatial-temporal features, including service features and geographic features, are utilized to enhance the system security. Our further security analysis and performance evaluations show that ATMAS has proper security characteristics which can meet various security requirements. Moreover, we shed light on lightweight and efficient authentication mechanism design through a proper combination of spatial-temporal factors.

Smartphone-Key: Hands-Free Two-Factor Authentication for Voice-Controlled Devices Using Wi-Fi Location

In the last few years, Internet of Things (IoT) devices have evolved at an accelerated rate. Smart technology is leaning towards new human-device interaction interfaces that lack screens or buttons, thus reducing the cost of the devices while offering a more natural user experience. Voice is one of the most extended IoT user interfaces nowadays and has been popularized with the advent of smart assistants. However, with the adoption of voice interfaces, new challenges arise in terms of security. According to our research, the complexity of speaker recognition has led to non-reliable voice authentication on IoT devices. Recent approaches to solve this problem include multi-factor authentication (MFA) schemes, but existing solutions, such as one-time passwords (OTP), virtual/physical buttons, and others, have a significant impact on the user experience that is not suitable for all applications and can negate the hands-free benefits of voice interfaces. In addition, the privacy concerns of voice biometrics hinder the development of personalized voice applications that require user accounting and access control policies. Motivated by this security concern, in this paper, we present a two-factor authentication (2-FA) scheme for voice-activated devices that uses a smartphone as a key to authorize voice commands when the user’s presence is detected. The proposed security model, which makes use of Wi-Fi location for presence detection, was implemented on an Amazon Echo device and an Android smartphone, the results proved that the denominated Smartphone-key model can protect against the most common attack vectors on voice-controlled devices without affecting the user experience.

Lightweight blockchain-assisted intrusion detection system in energy efficient MANETs

This paper focuses on achieving high-level security in Mobile Adhoc Networks (MANET) by incorporating Blockchain technology-based Intrusion Detection systems (IDS). The existing works on MANET security focus on either security prevention or detection. Thus, the security level attained by the prior works is unable to cope with the increasing attacks. To resolve this main issue, this research paper introduces Lightweight Blockchain assisted Intrusion Detection System (LB-IDS) which jointly prevents and detects the attacks held on mobile networks. Initially, the network nodes are authenticated by a lightweight Blockchain-based Multi-Factor Authentication (LBMFA) scheme. This procedure prevents the malicious nodes entry to the network. Then, data packets are transmitted through the optimal route which is selected by Multi-Objective Strawberry Optimization (MOSO) algorithm. The collected data packets are fed into IDS which classifies the data into normal and malicious packets. For IDS, we proposed Deep Q-Learning (DQL) algorithm which takes actions by learning the environment. As the mitigation step, the Blockchain is updated with the trust value according to the data packet classification. For such continuous monitoring, K-Mode Clustering (KMC) algorithm is proposed. On the whole, the proposed work improves the network security in MANET through Prevention, Detection, and Mitigation. The results of the presented work attains better security level, packet delivery ratio (PDR), energy efficiency, delay, and detection accuracy.

Threshold Lattice-Based Signature Scheme for Authentication by Wearable Devices

This paper presents a new threshold signature scheme based on Damgaard’s work. The proposed scheme allows for changing the message signature threshold, thereby improving the flexibility of the original Damgaard scheme. This scheme can be applied as a user authentication system using wearable devices. Based on the hardness of lattice problems, this scheme is resistant to attacks on a quantum computer, which is an advantage over the currently used multi-factor authentication schemes. The scheme’s security relies on the computational complexity of the Module-LWE and Module-SIS problems, as well as the Shamir secret sharing scheme’s security.

MAKA: Multi-Factor Authentication and Key Agreement Scheme for LoRa-Based Smart Grid Communication Services

The Smart Grid (SG) is an emerging technology to maintain an actual balance between energy production and usage by offering quite well tracking and regulation over the SG communication technology. However, SG technology becomes more vulnerable to network attacks since its monitoring and controlling are carried out over standard internet-based protocols or on public communication networks. Thus, without the involvement of an authentication mechanism and lack of privacy preservation attackers easily succeed to tamper with the communication channel and send fabricated messages. Hence, authentication has now become a critical security aspect in smart grid technology. There are some authentication mechanisms implemented in the literature to offer a set of security services, namely confidentiality of the credentials, the secrecy of shared session key, and secure mutual authentication. Most of the existing schemes are inefficient and generate high overhead in the networks. Hence, there is a requirement to implement an efficient and secure session key management scheme. The proposed Multi-factor Authentication and Key Agreement (MAKA) scheme for LoRa-based SG communication services provides anonymity and maintains secrecy of the session keys by introducing multi-factor authentication of the end devices. The proposed scheme uses unique device features and generates a fingerprint of the device that will help to maintain user anonymity. The formal security analysis of the proposed MAKA scheme is carried out by Automated Validation of Internet Security Protocols and Application (AVISPA) and ProVerif tools. The results of both show that the proposed MAKA scheme is safe enough to overcome various security attacks. Moreover, the performance is evaluated concerning the existing scheme in the literature and it is recognized that the proposed MAKA scheme generates competitive communication, computation, and storage overheads. In addition, it maintains the device anonymity and meets the security aspect of the SG communication services.

KSDSLD — A tool for keystroke dynamics synthesis & liveness detection

Keystroke dynamics is a behavioral biometrics modality that employs the characteristic typing patterns of users to verify their identity, generally as a part of a multifactor authentication scheme. Naïve implementations of keystroke dynamics verification are susceptible to presentation attacks with synthesized samples, leveraging partial or complete knowledge of the legitimate users’ typing patterns to forge accurate imitations of their behavior. The companion article has presented several novel methods for the synthesis of forged keystroke dynamics samples given one or more authentic samples of free text by the legitimate user, and a liveness detection method that employs the latter as adversaries to train a classification model, which can distinguish human-written samples from synthetic forgeries. Here, we provide the implementation and its source code.

Understanding Failures in Security Proofs of Multi-Factor Authentication for Mobile Devices

Multi-factor authentication is a promising way to enhance the security of password-based authenticated key exchange (PAKE) schemes. It is widely deployed in various daily applications for mobile devices (e.g., e-Bank, smart home, and cloud services) to provide the first line of defense for system security. However, despite intensive research, how to design a secure and efficient multi-factor authentication scheme is still a challenging problem. Hundreds of new schemes have been successfully proposed, and many are even equipped with a formal security proof. However, most of them have been shortly found to be insecure and cannot achieve the claimed security goals. Now a paradox arises: How can a multi-factor scheme that was “formally proven secure” later be found insecure? To answer this seemingly contradicting question, this paper takes a substantial first step towards systematically exploring the security proof failures in multi-factor authentication schemes for mobile devices. We first investigate the root causes of the “provable security” failure in vulnerable multi-factor authentication schemes under the random oracle model, and classify them into eight different types in terms of the five steps of conducting a formal security proof. Then, we elaborate on each type of these eight proof failures by examining three typical vulnerable protocols, and suggest corresponding countermeasures. Finally, we conduct a large-scale comparative measurement of 70 representative multi-factor authentication schemes under our extended evaluation criteria. The schemes we select range from 2009 to 2022, and the comparison results suggest that understanding failures in formal security proofs is helpful to design more secure multi-factor authentication protocols for mobile devices.

Lightweight and Secure Multi-Factor Authentication Scheme in VANETs

The idea of a smart city and the utilization of vehicles are emerging rapidly. For inter-vehicular communication, this progression builds Vehicular Ad-Hoc Network (VANET) an extensively used network. The VANET is used to obtain information regarding the road's condition, location of vehicles, speed, and traffic congestion description. The exchange of information in VANET is public which leads to severe security threats. Generally, one of the most crucial tasks in VANET is the security of data. So it becomes one of the urgent tasks of researchers. We have reviewed several authentication schemes for VANETs. Still, most schemes are not secure due to several attacks such as replay, denial of services, impersonation attacks, etc. Furthermore, the existing schemes used higher communication and computational costs, and they are also incompatible with VANET applications that are resource-constrained. This article presents the lightweight and secure multi-factor authenticated key agreement scheme for VANETs to ensure efficient and secure transmission of data via an open channel. Our presented scheme is secure, scalable, and lightweight compared to existing schemes due to its low computation and communication cost. The formal and informal security analysis proved that our scheme is more reliable, practical, and secure against several unknown adversarial attacks in VANETs.

MOBILE CLOUD COMPUTING SERVICES AUTHENTICATION SCHEME

Because of the rapid growth of cloud computing and the expansion of mobile phone users in recent years, mobile cloud computing has attracted wide attention. In the mobile cloud, wireless computing networks are the basics of sharing data between mobile devices and cloud services. Since air is the communication medium, it must be properly protected; otherwise, it will be subject to a variety of security threats, for example, attacks from middle-man, identity tracking, etc... Furthermore, mobile devices are limited in storage, resources, and computing powers. Hence, designing an efficient and secure balance of authentication schemes is extremely important. First of all, a multi-factor authentication scheme based on biometric (fingerprint information), hash function, and fuzzy vault algorithm is presented in that paper. Secondly, the Validation and Analysis tool of AVISPA Security was approved. Thirdly, the security of the scheme proposed is compared to other related schemes.

A secure and efficient computation based multifactor authentication scheme for Intelligent IoT-enabled WSNs

In recent years, network-enabled physical devices have emerged as a solution to many problems, such as those involved in transmitting data from the physical world, communicating, and safeguarding information. The process of data transmission is vulnerable to a range of threats and must be secured because an open communication channel is considered for data transmission. One way to eliminate this security risk is by using a reliable and secure mutual authentication method. To accomplish this, a secure and reliable computation-based multifactor authentication approach is proposed for Intelligent IoT-enabled WSNs. To reduce the computational and communication overhead, a physically unclonable function-based secure authentication approach is proposed for sensor node's mutual authentication. In addition, to maintain the confidentiality of session key, a secure session is established among user, basestation, and nodes by using an adaptive session key update procedure. Moreover, formal and informal security analyses are performed for different aspects of security attacks.

CovertSYS: A systematic covert communication approach for providing secure end-to-end conversation via social networks

While encryption can prevent unauthorized access to a secret message, it does not provide undetectability of covert communications over the public network. Implementing a highly latent data exchange, especially with low eavesdropping/discovery probability, is challenging for practical scenarios, such as social and political movements in authoritarian regimes, military operations, and privacy preservation. Moreover, the current literature suffers from a low embedding capacity and monolingual applicability, limiting the amount of hiding secret data within short text messages using state-of-the-art algorithms, e.g., linguistic-based, structural-based, or coverless-based solutions. In this paper, we present a systematic covert communication technique called CovertSYS that enables a multilingual secure end-to-end conversation via messaging or social network platforms. The CovertSYS functions by encrypting a confidential message using a multi-factor authentication scheme and converting the encoded binary data into hidden Unicode symbols to be transmitted under cover of short text messages. We then conduct extensive experiments to confirm the security and validity of the proposed technique against state-of-the-art approaches. Our experimental results show that the CovertSYS provides a superior mean performance of 91.53% by improving the criteria scores: embedding capacity rate of 100%, imperceptibility rate of 76.4%, and distortion robustness rate of 98.2%. Finally, we discuss the practical implications of the proposed technique compared to the existing text steganography methods.

A Collaborative Detection Method of Wireless Mobile Network Intrusion Based on Cloud Computing

In order to improve the communication security of wireless mobile network, a collaborative intrusion detection method based on cloud computing is studied. The mobile terminal and the cloud computing platform are connected by the wireless mobile network. The cloud computing platform authentication server adopts a dual server and multifactor authentication scheme for mobile cloud computing to provide authentication services for mobile terminal users. The web server of the cloud computing platform uses the intrusion node detection protocol of the neighbor classification mechanism to provide a communication security protocol for users; Using the HMM algorithm, the intrusion detection module of the computing platform realizes the intrusion detection of wireless mobile network. Finally, using authentication service, security protocol, and intrusion detection module completes the cooperative detection of mobile network intrusion. The experimental results show that this method can realize the cooperative detection of wireless mobile network intrusion, and the detection accuracy is as high as 98%, which ensures the communication security of wireless mobile network.