Secure User Authentication Research Articles

Security analysis of a cloud authentication protocol using applied pi calculus

Nowadays cloud computing is the most promising model within information technology. One of the most important issues is to achieve secure user authentication. Vulnerability of an authentication protocol results in successful attacks against confidentiality and integrity of user data stored and processed in the cloud. In our suggested protocol a person uses a static password and a one-time password for identity verification. Shared control among the cloud servers is provided by applying a Merkle-tree for storing one-time passwords distributed. A security analysis is carried out in case of outsider adversaries. We show that our authentication protocol fulfils typical security requirements of a key exchange protocol, i.e., authentication of the participants, key secrecy, key freshness and confirmation that both parties know the new key in the Dolev-Yao model.

SUAA: A Secure User Authentication Scheme with Anonymity for the Single & Multi-server Environments

The rapid increase in user base and technological penetration has enabled the use of a wide range of devices and applications. The services are rendered to these devices from single-server or highly distributed server environments, irrespective of their location. As the information exchanged between servers and clients is private, numerous forms of attacks can be launched to compromise it. To ensure the security, privacy, and availability of the services, different authentication schemes have been proposed for both single-server and multi-server environments. The primary performance objective of such schemes is to prevent most (if not all) attacks, with minimal computational costs at the server and user ends. To address this challenge, this paper presents a secure user authentication scheme with anonymity (SUAA) for single-server and multi-server environments. It works on 3-factor authentication, involving passwords, smart cards, and biometric data. We use symmetric and asymmetric encryption for single-server and multi-server architectures respectively, to reduce the computational costs. Through a comprehensive security analysis, we show that the proposed scheme is reliable through mutual authentication, and is resilient to attacks addressed by state of the art solutions. Time cost analysis also shows less time required to complete the authentication process.

A Lightweight User Authentication Scheme for Cloud-IoT Based Healthcare Services

With the ongoing revolution of cloud computing and Internet of Things, remote patient monitoring has become feasible. These networking paradigms are widely used to provide healthcare services and real-time patient monitoring. The sensors that are either wearable or embedded within the body of a patient transmit patient’s data to the remote medical centers. The medical professional can access patient’s data stored in the cloud anywhere across the globe. As the sensitive data of the patient are sent over insecure cloud-IoT networks, secure user authentication is of utmost importance. An efficient user authentication scheme ensures that only legitimate users can access data and services. This paper proposes a secure and efficient user authentication scheme for remote patient monitoring. The proposed scheme is robust, lightweight and secure against multiple security attacks. Furthermore, the scheme has low computational overhead. A formal verification using AVISPA tool confirms the security of the proposed scheme.

A Provably Secure Three-Factor Session Initiation Protocol for Multimedia Big Data Communications

The session initiation protocol (SIP) is an IP-based telephony authentication mechanism for multimedia big data communications over the Internet. It is used to set up, and control voice and video calls, as well as for instant messaging. One of the concerns of this kind of open-text-based protocol is the security for user authentication. The HTTP digest-based challenge-response authentication process is used in the original SIP. However, this kind of authentication procedure is insecure and a pre-existing user configuration on the remote server is required. According to the literature, several authentication mechanisms for SIP are already devised, but none of these SIPs are robust against existing security attacks. Therefore, we design a three-factor SIP (TF-SIP) for multimedia big data communications, which is robust and flexible against existing known security issues. We show that our TF-SIP is provably secure in the random oracle model. We formally verify the mutual authentication and the freshness of the agreed session key between the user and the remote server using the BAN logic analysis. We found that the communication and computation costs are low, but the storage cost is slightly higher for our TF-SIP in comparison with other SIPs.

Authentication protocols for the internet of drones: taxonomy, analysis and future directions

The Internet of Drones (IoD) provides the coordinated access to controlled airspace for the Unmanned Aerial Vehicles (called drones). The on-going cheaper costs of sensors and processors, and also wireless connectivity make it feasible to use the drones for several applications ranging from military to civilian. Since most of the applications using the drones involved in the IoD are real-time based applications, the users (external parties) usually have their interest in getting the real-time services from the deployed drones belonging to a particular fly zone. To address this important issue in the IoD, there is a great need of an efficient and secure user authentication approach in which an authorized user (for example, a driver of an ambulance) in the IoD environment can be given access to the data directly from an accessed drone. In this article, we first discuss an authentication model used in the IoD communication. We then discuss some security challenges and requirements for the IoD environment. A taxonomy of various security protocols in the IoD environment is also discussed. We then emphasis on the study of some recently proposed user authentication schemes for the IoD communication. A detailed comparative study is done based on functionality features, security attacks, and also communication and computation costs. Through the rigorous comparative study of the existing schemes, we identify the strengths and weaknesses of the user authentication schemes for the IoD communication. Finally, we identify some of the challenges for the IoD that need to be addressed in the coming future.

Aadhar Card Based Double Identity Verification System for Railway

“The reservation system of the Indian Railways is an enormous database system dealing with about millions of passengers everyday. Many of these passengers travel with a reservation however a lot more travel with unreserved tickets. In this measureless system, it is an extraordinary task to competently handle this data, which is the basic demand of the management. The problems with the existing scenario are Corruption, User Authentication Security Issues, Over population, Inefficient Railway Management. This paper presents an approach to tackle these problems in a much efficient manner. In case of Indian Railways, detailed passenger data is handled for reservations and in order to provide fast and efficient services, the data has to be processed and verified at a fast pace. For the Indian railways, enhancing the existent system with ADHAAR Card Identification will reduce manual intervention to a great extent. Also the verification of the passengers would be comprehensive and safe. The ADHAAR Card Based railway System will handle the passenger data more effectively and easily”.

Design of a Secure Encryption Model (SEM) for Cloud Data Storage Using Hadamard Transforms

Data storage has been one of the most prevalent services that has been offered by cloud computing. One of the challenges associated with data storage has been the security of the users data. There have been many models proposed that have tried to secure the users data using various cryptographic techniques. These models provide security at the cost of system overhead and increased computational complexity in terms of time and space. This paper presents a model—the Secure Encryption Model (SEM), that conserves space, reduces the computation cost and secures the users data using discrete transformations, termed as Hadamard transforms. The SEM model presented is a flexible model that encrypts the data at multiple levels, starting from a secure user authentication, which increases the security substantially. The SEM satisfies the avalanche effect property, which is a desirable property of an encryption algorithm. The storage space required for storing the encrypted data using Hadamard transforms is less by 10%, when compared to the ECC algorithm. The execution time for encrypting the data by Hadamard transforms has also been reduced by 25% when compared to the ECC algorithm. The model can be used in scenarios where the security requirements are not high and can be traded off with complexity, space and execution time.

Robust user authentication model for securing electronic healthcare system using fingerprint biometrics

ABSTRACTThe emergence of electronic health or eHealth has revolutionized the healthcare industry to offer better healthcare services at a low and affordable cost. However, it still suffers from security and privacy issues in handling health information. The privacy and security issues in eHealth domain are mainly centered around user authentication, data integrity, data confidentiality, and patient privacy protection. Biometrics technology has considerable opportunities to cope with the above security problems by providing reliable and secure user authentication. However, due to the sensitive nature of health data, the most important challenge lies toward the development of an efficient security model that can guarantee data privacy and reliability, verifying that only authorized personnel can access their corresponding health data. In this paper, we present a comprehensive overview of biometrics applications in eHealth and propose a robust and efficient scheme for user verification using fingerprint biometrics in order to enhance privacy and security in eHealth information systems. Moreover, additional issues like system complexity and processing time related to the use of biometrics should be taken into consideration. We therefore, emphasize to reduce the computation cost in biometric matching. In this work, we use local minutie features for user authentication and employ a fast stereo matching algorithm to compare the minutiae features of the test (probe) fingerprint with the minutiae features extracted from the gallery fingerprints (fingerprint database) in order to verify a person. Experimental results show that the proposed scheme leads to a compromise between the computation efficiency and the accuracy of the verification process. We believe that, our proposed scheme could be employed in real-time applications.

Improved keylogging and shoulder-surfing resistant visual two-factor authentication protocol

Designing a secure user authentication method that involves human in the authentication procedure is a challenging problem. Due to their high user convenience, the password is the most widely used means of authentication. However, passwords are vulnerability to compromise by disclosure using various forms of information tapping like Keylogging, phishing attack, human shoulder-surfing and camera-based recording. This paper starts with an analysis of a previous attempt that proposes two visual authentication protocols to enhance password authentication. These protocols were based on the use of user-driven visualization utilizing two-dimensional barcode and smartphones. Even though the two protocols resist some known types of attacks, our analysis reveals serious shortcomings. The first protocol is not secure against theft of a smartphone. Both protocols are not secure against shoulder surfing, camera-based recording and phishing attacks. In this paper, the deficiencies of the original scheme are demonstrated, then a two-factor authentication scheme that eliminates these deficiencies is presented. A prototype of the proposed scheme is implemented and a secured virtual on-screen keyboard (SVOSK) comprising dynamic emoticon keyboard layout is also proposed. Formal security proof and usability analyses show that the proposed scheme is secure, efficient and has a high level of usability.

Secure user Authentication and File Transfer in Wireless Sensor Network using Improved AES Algorithm

The WSN technology is a highly efficient and effective way of gathering highly sensitive information and is often deployed in mission-critical applications, which makes the security of its data transmission of vital significance. However, the previous research paper failed to distinguish the role of centralized server for it being the main controller of the entire network. The decision of nodes communicating with each other in the previous research paper was based on the information received from the adjacent node. However, the proposed research paper will take into account the centralized server to develop a new technique to prevent the black node from joining the wireless sensor network. Key distribution technique along with the implementation of improved AES algorithm double key encryption will play an important role in transferring the data between authorized nodes securely and preventing unauthorized user from accessing it.

A Secure User Authentication Scheme with Biometrics for IoT Medical Environments

Internet of Things (IoT) is a ubiquitous network that devices are interconnected and users can access those devices through the Internet. Recently, medical healthcare systems are combined with these IoT networks and provide efficient and ef-fective medical services to medical staff and patients. However, the security threats are increased simultaneously as the requirements of medical services in IoT medical environments are increased. It is essential to provide security of the networks from malicious attacks. In 2018, Roy et al. proposed a remote user authentication and key agreement scheme with biometrics in IoT medical environments. Unfortunately, we analyze Roy et al.’s scheme and demonstrate that their scheme does not withstand various attacks, such as replay attacks and password guessing attacks. Then we propose a user authentication scheme to overcome these security drawbacks. The proposed scheme withstands various attacks from adversaries in IoT medical environments and provide better security functionalities of those of Roy et al. We then prove the authentication and session key of the proposed scheme using BAN logic and analyze that our proposed scheme is secure against various attacks.

A Taxonomy for Enhancing Usability, Flexibility, and Security of User Authentication

A Taxonomy for Enhancing Usability, Flexibility, and Security of User Authentication

Enhanced Novel Multilevel Secure User Authentication Scheme in Cloud.

Enhanced Novel Multilevel Secure User Authentication Scheme in Cloud.

Behavioral Biometrics for User Authentication Using Self-Refreshing SOM

Password protection has been a crucial issue in computer security. Traditional password protection using string does not provide sufficient security for user authentication. On the other hand, implementation of static biometrics in replace of password protection is costly as specific devices are needed. This research proposes the use of Self-Organizing Map (SOM) method for keystroke pattern recognition as an alternative to password protection. A self-refreshing SOM method was also implemented to increase the adaptability of SOM toward inconsistencies in typing pattern. Two main experiments were conducted to examine the ability of SOM for user recognition and the ability of self-refreshing SOM to deal with typing pattern inconsistencies. The first experiment shows the ability of SOM to authenticate users with very accurate classification. Users were successfully recognized and non-users were successfully rejected. Second experiment shows the ability of selfrefreshing SOM to deal with inconsistencies in typing pattern of a same user in which smoother transition of data trend was obtained.

Applications and techniques in information and network security

Applications and techniques in information and network security

A study on secure user authentication and authorization in OAuth protocol

When developing the client with the social network service, the OAuth protocol gets to be mostly followed. The OAuth protocol is the protocol which is being most much used in the company providing the social network service as the protocol which doesn’t expose the user certification information in 3rd Party and is developed in order to give the user resources accessible rights like Google or facebook, twitter, and etc. However, when of the authentication information of this user is exposed on network by the attacker, there is the malicious problem that it can be used. It can classify as the replay attack, phishing attack, and impersonation attack as the general security vulnerability which it can happen in this OAuth protocol. Therefore, before the Access Token is issued in order to this solve the security vulnerability in the OAuth protocol. By using E-mail, the resource owner is authenticated and the access token is safely issued. And it distribute the Access Token and stores. When using the proposed method, it uses the E-mail authentication less than 0.8% can confirm the authentication success rate of the attacker to be safer than the existing method. Because of distributes the access token and storing, although the attacker won the some of user information, it would not allow to use for the user authentication. When seven over distributed the access token, it can check that as in the E-mail authentication it can use since the release time of the access Token has 10 min or greater.

A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring

Agriculture is the backbone of our economic system and plays an important role in the life of an economy. It does not only provide raw material and food, but also provides large employment opportunities. Therefore, agriculture requires modern technology for increasing the productivity. In this context, wireless sensor networks (WSNs) could be utilized for monitoring the climatic parameters such as (temperature, humidity, light, carbon dioxide, soil moisture, acidity etc.) in an agriculture field. The climatic parameters are very important in terms of growth, quality and productivity of crops. But, any kind of interception, modification, insertion, and deletion on these parameters can have negative effect on crop. Therefore, security and privacy are important issues in agriculture field. In this regard, we design a novel remote user authentication scheme using wireless sensor networks for agriculture monitoring. The protocol is validated through Burrows–Abadi–Needham (BAN) logic and also simulated using Automated Validation Information Security Protocols and Applications (AVISPA) tool. We formally analyze the security of the scheme using random oracle model. In addition, the informal security analysis shows that the proposed protocol is secure and resists various kinds of malicious attacks. As a results, the proposed protocol is applicable in a real life application.

Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.

Generating stable biometric keys for flexible cloud computing authentication using finger vein

Cloud computing is profoundly changing the way of data storage, transfer and process. User authentication is the first security barrier for cloud computing. However, the security of traditional biometric-template-based authentication technology has been challenged because of the information leakage of biometric templates and insufficient user-key strength, which is limited by the ability of the user to memorize keys. In this paper, we propose a new bio-key generation algorithm named FVHS, which combines the advantages of both biometrics authentication and user-key authentication. It directly generates stable and sufficiently strong bio-key sequences from finger vein biometrics. Based on FVHS, a new framework for cloud computing authentication is presented that provides a more flexible, convenient, and secure user authentication. The key idea of FVHS is that through combining machine learning, biometrics, and cryptography technologies, we can mine a special feature vector from the biometrics space that can be separated and stabilized into a fixed number sequence in a higher-dimensional space. Both a theoretical analysis and experimental verification show that FVHS can extract stable bio-keys from high quality finger vein images. FVHS can extract a finger vein bio-key with a Genuine Accept Rate of more than 99.9%, while the False Accept Rate is less than 0.8% and Equal Error Rate is less than 0.5%. Meanwhile, the security strength can reach 256 bits.

Secure user authentication based on the trusted platform for mobile devices

In recent years, the use of mobile devices including smartphones has increased significantly all over the world, and e-commerce using smartphones has also greatly increased. Furthermore, many people are using their smartphones to carry out certain aspects of their work according to the BYOD trend. Therefore, it is extremely important that mobile device users are authenticated securely by remote servers when using their smartphones. Digital certificates are one of the many solutions available for authentication, but they are easy to copy and leak. Mobile device services need to properly manage registered devices and users, and trusted means of authenticating their identities are needed. In this paper, we propose a secure certificate-based user authentication framework using the trusted mobile zone (TMZ) system into which the trusted platform is built. The TMZ system is a secure mobile device into which a hypervisor is built on the mobile device, and in which the hypervisor separates the mobile device into a normal zone and a secure zone. Android OS operates in the normal zone on the TMZ systems, and secure OS is run in the secure zone at the same time. The trusted platform is built in the normal zone and the secure zone in order to provide the user with secure services. In this paper, we propose a TMZ system founded on the TEE system of the global platform. The TMZ system provides a secure execution environment in which to store sensitive data and execute security functions securely. In conclusion, we describe the experimental results of generating the signature data in the TMZ system.