Secure User Authentication Research Articles

High Security User Authentication Enabled by Piezoelectric Keystroke Dynamics and Machine Learning

With the rapid development of electric and information technologies, security issues are becoming a pressing concern. This has given rise to a plethora of authentication techniques, leading among them being the fixed-password method due to its simple mechanism and independence from any specific hardware in the modern smartphone. While fixed-password methods enjoy benefits such as ease of use, potential security issues associated with password leakage cannot be ignored. This article, investigates an alternative strategy based on user keystrokes. Here, the user touch times and force features are extracted from a piezoelectric force touch panel which is an integral part of the hardware. Three broadly adopted machine learning classifiers are used for the collected data set, finally achieving an Equal Error Rate (EER) of 0.720%.

Analysis of the authentication scheme based on the use of QR-code and webcam for Smart-Mobile devices

The paper analyzes the necessity and expediency of using the method of user authentication based on QR-code and webcam for Smart-Mobile devices. Phishing attacks are one of the most serious threats faced by Internet users. Existing authentication schemes are not able to provide an adequate protection from these attacks, as evidenced by statistics collected by the companies researching cybersecurity. Therefore, the task of developing a secure authentication scheme for users, which can effectively counteract various types of phishing attacks is very important. The paper proposes a new authentication scheme for users, which allows them to log in to their accounts without remembering passwords or presenting other authentication tokens. According to the messaging protocol in the proposed scheme, the user must scan the dynamically generated QR-code using a smartphone application, then take their own photo via the webcam, and send it to the smartphone via a message from the server. Thus, the full authentication procedure requires minimal user involvement and is performed automatically. The results of evaluation and practical testing show that the proposed authentication scheme is quite reliable and can be used as a secure user authentication scheme for Smart-Mobile devices. The proposed authentication protocol is not only able to cope with attacks such as Real Time Man-In-The-Middle and Controlled Relay Man-In-The-Middle, but can also protect users from the effects of malicious browser extensions and substitution of authentic applications by malicious variants. In addition, the proposed scheme does not require users to have any authentication tokens or credentials, as all they need is to scan the QR-code and verify the image taken by their own webcam. That makes the use of the proposed scheme more convenient and easy for users as compared to other known authentication schemes. Currently, the application of the proposed scheme requires the use of HTTPS websites for the exchange of all data involved. Thus, the proposed protocol can be implemented to manage cookies securely in order to prevent the interception of session data.

SLUA-WSN: Secure and Lightweight Three-Factor-Based User Authentication Protocol for Wireless Sensor Networks.

Wireless sensor networks (WSN) are composed of multiple sensor nodes with limited storage, computation, power, and communication capabilities and are widely used in various fields such as banks, hospitals, institutes to national defense, research, and so on. However, useful services are susceptible to security threats because sensitive data in various fields are exchanged via a public channel. Thus, secure authentication protocols are indispensable to provide various services in WSN. In 2019, Mo and Chen presented a lightweight secure user authentication scheme in WSN. We discover that Mo and Chen’s scheme suffers from various security flaws, such as session key exposure and masquerade attacks, and does not provide anonymity, untraceability, and mutual authentication. To resolve the security weaknesses of Mo and Chen’s scheme, we propose a secure and lightweight three-factor-based user authentication protocol for WSN, called SLUA-WSN. The proposed SLUA-WSN can prevent security threats and ensure anonymity, untraceability, and mutual authentication. We analyze the security of SLUA-WSN through the informal and formal analysis, including Burrows–Abadi–Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Moreover, we compare the performance of SLUA-WSN with some existing schemes. The proposed SLUA-WSN better ensures the security and efficiency than previous proposed scheme and is suitable for practical WSN applications.

Privacy preserving cloud based secure digital locker using Paillier based difference function and chaos based cryptosystem

In this paper, a cloud based digital image locker system along with secure user authentication and novel image cryptosystem for preserving privacy of user images is proposed. Images require more storage space as compared to text. So, it is not feasible to store images locally in digital locker for everyone. By taking advantage of high speed Internet, it is feasible to use cloud for efficient storage of images. However, so many researchers feel that cloud technology is ‘honest-but-curious’. Cloud service follows the specified protocol completely, but it traces and analyzes the data to get the user’s important information. To overcome from such challenges, privacy of user’s identity and data should be preserved. The proposed authentication protocol is designed using Paillier based difference function which is based on Homomorphic cryptosystem. The speciality of homomorphic function is that computation on encrypted data is possible without decrypting the cipher text. Because of this, authentication process is done in encrypted environment. A novel image cryptosystem is designed based on Fridrich model. In this cryptosystem, confusion is performed at bit-level and diffusion is performed at pixel-level. Keys are modified in each round of confusion to achieve more security. Simulation and cryptanalysis prove the effectiveness of the proposed system.

Understanding Node Capture Attacks in User Authentication Schemes for Wireless Sensor Networks

Despite decades of intensive research, it is still challenging to design a practical multi-factor user authentication scheme for wireless sensor networks (WSNs). This is because protocol designers are confronted with a long-standing “security versus efficiency” dilemma: sensor nodes are lightweight devices with limited storage and computation capabilities, while the security requirements are demanding as WSNs are generally deployed for sensitive applications. Hundreds of proposals have been proposed, yet most of them have been found to be problematic, and the same mistakes are repeated again and again. Two of the most common security failures are regarding smart card loss attacks and node capture attacks. The former has been extensively investigated in the literature, while little attention has been given to understanding the node capture attacks. To alleviate this undesirable situation, this article takes a substantial step towards systematically exploring node capture attacks against multi-factor user authentication schemes for WSNs. We first investigate the various causes and consequences of node capture attacks, and classify them into ten different types in terms of the attack targets, adversary’s capabilities and vulnerabilities exploited. Then, we elaborate on each type of attack through examining 11 typical vulnerable protocols, and suggest corresponding countermeasures. Finally, we conduct a large-scale comparative measurement of 61 representative user authentication schemes for WSNs under our extended evaluation criteria. We believe that such a systematic understanding of node capture attacks would help design secure user authentication schemes for WSNs.

A privacy preserving two-factor authentication protocol for the Bitcoin SPV nodes

In the Bitcoin network, the simplified payment verification protocol (SPV) enables a lightweight device such as a mobile phone to participate in the bitcoin network without needed todownload and store the whole Bitcoin blocks. A Bitcoin SPV node initiates and verifies transactions of the Bitcoin network through the Bitcoin wallet software which is deployed on a resource constrained device such as a mobile phone.Thus, the security of the wallet is critical for the SPV nodes as it may affect the security of users cryptocurrencies. However, there are some concerns about the security flaws within the SPV nodes which could lead to significant economic losses. Most of these vulnerabilities can be resolved by employing a secure user authentication protocol. Over the years, researchers have engaged in designing a secure authentication protocol. However, most proposals have security flaws or performance issues. Recently, Park et al. proposed a two-party authenticated key exchange protocol for the mobile environment. They claimed that their protocol is not only secure against various attacks but also can be deployed efficiently. However, after a thorough security analysis, we find that the Park et al.s protocol is vulnerable to user forgery attack, smart card stolen attack and unable to provide user anonymity. To enhance security, we proposed an efficient and secure user authentication protocol for the SPV nodes in the mobile environment which can fulfill all the security requirements and has provable security. Additionally, we provide performance analysis which shows our proposed protocol is efficient for the SPV nodes in the Bitcoin network.

A Lightweight Secure User Authentication and Key Agreement Protocol for Wireless Sensor Networks

Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Security of user authentication in payment systems in the agricultural value chain

In the offered article, the threats of informational safety, arising in the modern world, directed on the bank and commercial payment systems using in all world and in Russia in particular are considered. The circuits of operation of the most popular Russian banking and commercial payment systems using electronic money (e–cash) and their possible vulnerability caused by increase of monetary calculations through the Internet are described. Not all bank devices support biometric scanning; therefore, there is question on how the huge amount of bank payment systems users can protect their personal data from not authorized operations (hackers breaking)? For support of payments safety, the paper offers using the additional complicated authentication – the application of simplified cryptography token which is looking like program application, and installed on USB – device. It will allow amplifying the safety at authentication stage as the program application generating of one – time keywords and checking (controlling) of user’s authenticity with the help of white list, is capable to eliminate all existing vulnerabilities and gaps in the informational protection of banking and commercial payment systems.

Secure User Authentication using Captcha as Passwords based on Graphical Methods

An alternative to traditional text-based password is being proposed. This aims to enhance the safety and security of the current system by adding a layer of additional security, the proposed system uses FIDO (Fast Identity Online) which unlike password catalogue, stores personally recognizing information data locally on the handler's device to defend it. FIDO's personal identification and local storing of biometric is an intended way to ease user apprehensions about personal data. Image-captchas have lately developed into a very prevalent and extensively organized crossways throughout the online networks to guard from the offensive things. Still, the developing competence in the system field has steadily weakened the safety of Image-captcha and has exposed them to attacks. Built on our valuation, we roughly recognize the defects in these methods of prominent structures, laterally with the perfect performance and plan. Ideologies for more secure captchas are formed from our findings which lean-to light on the considerate of measure and impact, for captcha solving.

A Continuous User Authentication System Based on Galvanic Coupling Communication for s-Health

Smart health (s-health) is a vital topic and an essential research field today, supporting the real-time monitoring of user’s data by using sensors, either in direct or indirect contact with the human body. Real-time monitoring promotes changes in healthcare from a reactive to a proactive paradigm, contributing to early detection, prevention, and long-term management of health conditions. Under these new conditions, continuous user authentication plays a key role in protecting data and access control, once it focuses on keeping track of a user’s identity throughout the system operation. Traditional user authentication systems cannot fulfill the security requirements of s-health, because they are limited, prone to security breaches, and require the user to frequently authenticate by, e.g., a password or fingerprint. This interrupts the normal use of the system, being highly inconvenient and not user friendly. Also, data transmission in current authentication systems relies on wireless technologies, which are susceptible to eavesdropping during the pairing stage. Biological signals, e.g., electrocardiogram (ECG) and electroencephalogram (EEG), can offer continuous and seamless authentication bolstered by exclusive characteristics from each individual. However, it is necessary to redesign current authentication systems to encompass biometric traits and new communication technologies that can jointly protect data and provide continuous authentication. Hence, this article presents a novel biosignal authentication system, in which the photoplethysmogram (PPG) biosignal and a galvanic coupling (GC) channel lead to continuous, seamless, and secure user authentication. Furthermore, this article contributes to a clear organization of the state of the art on biosignal-based continuous user authentication systems, assisting research studies in this field. The evaluation of the system feasibility presents accuracy in keeping data integrity and up to 98.66% accuracy in the authentication process.

An enhanced secure delegation‐based anonymous authentication protocol for PCSs

SummaryRapid development of wireless networks brings about many security problems in portable communication systems (PCSs), which can provide mobile users with an opportunity to enjoy global roaming services. In this regard, designing a secure user authentication scheme, especially for recognizing legal roaming users, is indeed a challenging task. It is noticed that there is no delegation‐based protocol for PCSs, which can guarantee anonymity, untraceability, perfect forward secrecy, and resistance of denial‐of‐service (DoS) attack. Therefore, in this article, we put forward a novel delegation‐based anonymous and untraceable authentication protocol, which can guarantee to resolve all the abovementioned security issues and hence offer a solution for secure communications for PCSs.

AGE: authentication in gadget-free healthcare environments

Mobile and sensor related technologies are significantly revolutionizing the medical and healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT /AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics based remote user authentication schemes.

A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment

With the ever increasing adoption rate of Internet-enabled devices [also known as Internet of Things (IoT) devices] in applications such as smart home, smart city, smart grid, and healthcare applications, we need to ensure the security and privacy of data and communications among these IoT devices and the underlying infrastructure. For example, an adversary can easily tamper with the information transmitted over a public channel, in the sense of modification, deletion, and fabrication of data-in-transit and data-in-storage. Time-critical IoT applications such as healthcare may demand the capability to support external parties (users) to securely access IoT data and services in real-time. This necessitates the design of a secure user authentication mechanism, which should also allow the user to achieve security and functionality features such as anonymity and un-traceability. In this paper, we propose a new lightweight anonymous user authenticated session key agreement scheme in the IoT environment. The proposed scheme uses three-factor authentication, namely a user’s smart card, password, and personal biometric information. The proposed scheme does not require the storing of user specific information at the gateway node. We then demonstrate the proposed scheme’s security using the broadly accepted real-or-random (ROR) model, Burrows–Abadi–Needham (BAN) logic, and automated validation of Internet security protocols and applications (AVISPAs) software simulation tool, as well as presenting an informal security analysis to demonstrate its other features. In addition, through our simulations, we demonstrate that the proposed scheme outperforms existing related user authentication schemes, in terms of its security and functionality features, and computation costs.

Revisiting Cloud Security Threat: Dictionary Attack

Several methodologies and algorithms work on the processing of cloud data and possess several security and privacy threats. The data storage feature with applications is the kernel of cloud computing services, especially for remote applications where high security risk scale is needed. In cloud computing services, password based authentication is the basic security measure for the data storage services but still, insecure communication channels are particularly vulnerable to cloud threats. The act of hacking the password is the main weakness of cloud, where attacker easily guesses the secret key by automated programs and running dictionary attacks. Researchers and experts have engineered many protocols to prevent authentication attacks. Still, there is a need to analyze individual authentication attacks such as dictionary attacks parameters separately for effective designing of protocols. More specifically, this paper presents a study on dictionary attack with respect to authentication objective and will determine its root causes through previously accomplished research studies. The key idea is to indicate the future research directions in the area through which an in-depth study would lead to new ideas for mitigation technique of dictionary attack. The proposed conclusive findings will also help to study and overcomes the root causes of previously recommended methods and for improving the user authentication security.

Research and Development of User Authentication using Graphical Passwords: A Prospective Methodology

Nowadays in information security user authentication is a very important task. In most of the computer, user authentication depends on the alphanumeric username and password. It means text-based password. But, this is not highly secure because of hackers can easily break the password. Brute force attack, dictionary attack, guessing attack etc. these all are some possible attacks on the password. If the user chooses a difficult password to prevent the system from the attackers which is very much harder for the user to remember such a difficult password. So, to resolve this problem introduced a new technique called graphical password authentication. This paper presents a detailed survey of user authentication techniques using a graphical password. It contains basically two type approaches. They are recognition-based and recall-based approaches. This survey discusses the different techniques about Graphical password authentication and their advantages and limitations. The survey provides a roadmap for the development of new graphical authentication scheme.

Biometric Mobile Data on Secure Public Cloud Vulnerabilities

Companies who are implementing the cloud solutions have increased numerous advantages in the recent years. Cloud solutions provide a very few preferences, for example, portability, adaptability and costs funds. Alongside the numerous advantages that distributed computing offers the security challenges that it presents are similarly striking. The two essential capacities for secure cloud administration are character administration and access control in distributed computing, the current methodologies for client confirmation depend on accreditation that are put together by the client. These accreditations incorporate passwords, tokens and computerized authentications. Most of the cases unapproved access by outsiders, for example, programmers likewise exist and simple for information control and abuse. In any case, the most serious issue with this methodology is that the presence of such many secret phrase account pairings for each individual client prompts either overlooked passwords or utilizing a similar mix for different locales. Security issue is significant concern, region of research in versatile distributed computing and clients. Shielding the remote information and applications from any ill-conceived get to remain an essential security worry in portable distributed computing. This paper explains about secure bio metric and face recognized based authentication protocol which is best suited for the public cloud environment to improve the safer and secure user authentication process. The above strategy will anchor approved clients as well as keep the cloud suppliers can't get in to the information and data access.

A secure user authentication protocol using elliptic curve cryptography

Authentication is a significant security prerequisite for secure communications. However, most of identity assisted mutual authentication protocols are requiring of security verification, which is extremely impartment for cryptographic approach. The proposed protocol is a better identity based mutual authentication framework for two users over secure communication network. Further, paper shows the security analysis and compares with other related protocols in secure communication.

A Privacy-Preserving Lightweight Biometric System for Internet of Things Security

Constant expansion of Internet of Things (IoT) devices creates considerable convenience for peoples' daily lives; however, it also brings about some challenges. Advanced modern techniques equip IoT devices with additional sensory and communication modules, enabling them to perform more functions than just sensing, but it also means that these devices may consume more energy. Many IoT devices are powered by batteries of limited life and composed of electronic parts of limited capacity. Therefore, energy efficiency is an essential requirement for any IoT device with limited resources in terms of storage space, power, and computing capability. Moreover, possible attack vectors and attack sources for vulnerabilities in the IoT environment present another great challenge for secure user authentication. To address the above issues, in this article we propose a privacy- preserving lightweight biometric system, specifically designed for resource-limited IoT devices to save memory and computational cost. The proposed system employs a block logic operation based algorithm to reduce the biometric feature size in a simple and efficient way. Experimental results demonstrate that with a much reduced feature size, the proposed lightweight biometric system still maintains high recognition accuracy. It is worth noting that any sizable reduction in memory and computing cost is beneficial for resource-constrained IoT devices.

Secure user authentication scheme with novel server mutual verification for multiserver environments

SummaryThe fast growth of mobile services and devices has made the conventional single‐server architecture ineffective from the point of its functional requirements. To extend the scalability and availability of mobile services to various applications, it is required to deploy multiserver architecture. In 2016, Moon et al insisted that Lu et al's scheme is weak to insiders and impersonation attack, then they proposed a biometric‐based scheme for authentication and key agreement of users in multiserver environments. Unfortunately, we analyze Moon et al's scheme and demonstrate that their scheme does not withstand various attacks from a malicious registered server. We propose a user authentication scheme with server mutual verification to overcome these security drawbacks. The proposed scheme withstands an attack from malicious insiders in multiserver environments. We use a threshold cryptography to strengthen the process of server authorization and to provide better security functionalities. We then prove the authentication and session key of the proposed scheme using Burrows‐Abadi‐Needham (BAN) logic and show that our proposed scheme is secure against various attacks.

User Authentication Model for Securing E-Health System Using Fingerprint Biometrics

The emergence of electronic health or eHealth has revolutionized the healthcare industry to offer better healthcare services at a low and affordable cost. However, it still suffers from security and privacy issues in handling health information. The privacy and security issues in eHealth domain are mainly centered around user authentication, data integrity, data confidentiality, and patient privacy protection. Biometrics technology has considerable opportunities to cope with the above security problems by providing reliable and secure user authentication. However, due to the sensitive nature of health data, the most important challenge lies toward the development of an efficient security model that can guarantee data privacy and reliability, verifying that only authorized personnel can access their corresponding health data. In this paper, we present a comprehensive overview of biometrics applications in eHealth and propose a robust and efficient scheme for user verification using fingerprint biometrics in order to enhance privacy and security in eHealth information systems. Moreover, additional issues like system complexity and processing time related to the use of biometrics should be taken into consideration. We therefore, emphasize to reduce the computation cost in biometric matching. In this work, we use local minutie features for user authentication and employ a fast stereo matching algorithm to compare the minutiae features of the test (probe) fingerprint with the minutiae features extracted from the gallery fingerprints (fingerprint database) in order to verify a person. Experimental results show that the proposed scheme leads to a compromise between the computation efficiency and the accuracy of the verification process. We believe that, our proposed scheme could be employed in real-time applications.