Your search keyword '"COMPUTER access control"' showing total 8,047 results

1. The Security Jawbreaker.

Author

Vachon, Phil

Subjects

*HOME security measures, *COMPUTER software security, *SECURITY management, *BUSINESS enterprises, *COMPUTER access control, *COMPUTER network security

Abstract

The article discusses the evolution of enterprise security in parallel with household security, emphasizing the transition from perimeter defenses to comprehensive access controls amid the internet's ubiquity. It explores the challenges of maintaining security as businesses expose more applications externally and advocates for segmented access based on roles and responsibilities to prevent breaches. Finally, it underscores the importance of pervasive authority checks within systems to minimize vulnerabilities and ensure robust security.

Published

2024

2. Authentication Security of Combinatorial Watermarking for GNSS Signal Authentication.

Author

Anderson, Jason, Lo, Sherman, and Walter, Todd

Subjects

*DIGITAL watermarking, *GLOBAL Positioning System, *SIGNAL processing, *COMPUTER access control, *CRYPTOGRAPHY

Abstract

Watermarking signal authentication is a technique in which a global navigation satellite system (GNSS) provider cryptographically perturbs the spreading code to allow for limited cryptographic authentication of a signal. Several proposals and studies have been presented or are underway to augment GNSS signals with this capability. This work reintroduces a generalized combinatorial watermarking function that affords a flexible pathway to cryptographically prove the authentication security of a signal with receiver observables under certain assumptions. The security levels are comparable to those of standard cryptographic security (e.g., 128-bit security) and require little or no additional use of the navigation data bandwidth. We show how our methods can be applied to signals of different designs and signal-to-noise ratios. With our receiver processing strategy, one can design a watermarking signal authentication scheme and the accompanying receiver to have high confidence in a signal's authenticity. [ABSTRACT FROM AUTHOR]

Published

2024

3. Home computer ownership and educational outcomes of adolescents in Greece.

Author

Djinovic, Vladana and Giannakopoulos, Nicholas

Subjects

*HUMAN capital, *EDUCATIONAL technology, *COMPUTER access control, *PROBABILITY theory

Abstract

We investigate the impact of home computer ownership on educational outcomes during adolescence. Using longitudinal survey data from Greece, we focus on the timing of exposure to home computers for children aged 14–18 and find that those without computer access have a 10 percentage point higher probability of dropping out of school compared to those with access. Employing a panel event study framework, we show that years of schooling increase in periods after the exposure to a personal computer at home. Our results suggest that disparities in computer access may affect significantly the human capital development during adolescence. [ABSTRACT FROM AUTHOR]

Published

2024

4. A lightweight and anonymous mutual authentication and key agreement scheme for WBAN.

Author

Marandi, Saba, Moazami, Farokhlagha, and Malekinezhad, Amir

Subjects

KEY agreement protocols (Computer network protocols), BODY area networks, WIRELESS sensor network security, MEDICAL personnel, COMPUTER access control, WEARABLE technology, DATA privacy, INFORMATION networks

Abstract

In the medical field, a wearable body area network is a wireless network in which wearable sensors are implemented in or on patients' bodies to gather their sensitive health information and send it to the medical servers accordingly. These multi-functional sensors provide all users with optimized and convenient services, such as homecare monitoring of people's health conditions. Ensuring the privacy of users' information during its transfer between users and medical personnel necessitates a secure wireless environment. Mobility and insecure communication channels introduce a substantial threat from unauthorized entities, jeopardizing the privacy of the transferred information within this network. To mitigate this risk, researchers have proposed various authentication and key agreement schemes, aiming to enhance the safety of the communication channel and preserve user privacy. Additionally, the wearable body area network comprises resource-constrained devices, emphasizing the need for lightweight protocols to guarantee the transmitted information's authenticity, confidentiality, and integrity. Ankur Gupta and his colleagues recently proposed a mutual authentication and key agreement protocol and proved its security against well-known attacks. However, after in-depth analysis, we discovered that their proposed protocol is vulnerable to sensor node impersonation and sensor node capture attacks. In this paper, we propose a new lightweight mutual authentication and key agreement scheme in WBAN based on basic symmetric cryptosystems (Exclusive OR and Hash functions) to overcome the security weaknesses in Gupta's protocol and provide indispensable security for communicating data. Unlike Gupta's protocol, our proposed scheme is safe in the CK-adversary threat model. The security of the presented scheme is evaluated using BAN-Logic, the AVISPA tool, and the Real or Random (ROR) model. Overall, the performance comparison of the proposed protocol with the existing related protocols depicts that our new scheme is more efficient than others in terms of communication and computational complexities. [ABSTRACT FROM AUTHOR]

Published

2024

5. IDENTITY-BASED PRIVACY-PRESERVING ANONYMOUS AUTHENTICATION ACCESS CONTROL FOR SECURE CLOUD COMPUTING.

Author

Praneetha, N., Rao, S. Srinivasa, V. V. R., Maheswara Rao, Rao, I. S. Siva, and Brahmanandam, P. S.

Subjects

CLOUD computing, COMPUTER access control, INFORMATION sharing, DATA management, DATA analysis

Abstract

The storage of data with access controllability in sharing data between multiple users in a dispersed environment is now the most pressing issue in cloud computing. Cloud computing's unique feature allows its subscribers to exchange and manage their data with one another safely. However, privacy is essential for all cloud users to communicate freely and openly, as data is accessed by unwanted parties in the cloud. Cloud services have employed numerous security-related techniques for efficient and safe user data exchange. These methods provide efficient, flexible, and reliable access control rules between users when exchanging data. But, they each have advantages and disadvantages concerning key generation and data security. To address the need for adaptable, scalable, and trustworthy access control while exchanging data across a dispersed network, this research proposes a novel access control-based privacy-preserving approach. In terms of cipher text and critical policy security, this method is an extension of attribute-based encryption and the only difference is that with cloud computing, users hierarchically share data, and access control policy amongst shared users is evaluated efficiently. Our method includes sophisticated security features like the revocation of users and access rights of users for outsourced data in the cloud. It also provides scalability and dependability in producing critical structures with dynamic qualities. Experimental results demonstrate that the suggested method improves the current system in terms of cloud data sharing efficiency, scalability, and dependability. [ABSTRACT FROM AUTHOR]

Published

2024

6. Telemedicine Model for Hyperglycaemia Patients on Emergency in Ughelli, Delta State.

Author

R. O., IDAMA and D. A., OYEMADE

Subjects

TELEMEDICINE, HYPERGLYCEMIA, EMERGENCY medicine, COMPUTER access control, ASSISTIVE technology

Abstract

Real time telemedicine model especially in the face of emergency has come to stay. In a remote health monitoring system, patient identification is given more consideration as a crucial security requirement. To highlight the difficulties and talk about how complete the answers are, more research is necessary. For real-time telemedicine monitoring systems, a novel authentication mechanism built on models is suggested. To modernize the pattern of the neighborhood hospital's operations, the adoption of the created model as a new authentication mechanism is suggested in the first phase. The creation and data gathering of the recently constructed model are discussed in the second phase to put the methods into context. Our authentication method uses two modalities namely text and visual chat. Key component suggested usability for test users is identified. Also, future simulations and implementations with privacy protection, authentication process ensured resultant applications was robust, scalable, persistent and high-level usability. 81.08% of the medical personnel and 87.21% of the patients agreed telemedicine system should be adopted due to its quick diagnosis during emergency, reduced referrals, strengthens patients' confidence, eased usage, enhanced proficiency and management with user-friendly interface have all become inherent benefits of proposed system. [ABSTRACT FROM AUTHOR]

Published

2024

7. Extending Rucio with modern cloud storage support.

Author

Barisits, Martin, Barnsley, Robert, Barreiro Megino, Fernando Harald, Elmsheuser, Johannes, Lassnig, Mario, Patrascoiu, Mihai, Perry, James, Serfon, Cedric, Vendrell Moya, Alba, and Wegner, Tobias

Subjects

*CLOUD computing, *COMPUTER storage devices, *COMPUTER access control, *COST estimates, *DATA recovery

Abstract

Rucio is a software framework designed to facilitate scientific collaborations in efficiently organising, managing, and accessing extensive volumes of data through customizable policies. The framework enables data distribution across globally distributed locations and heterogeneous data centres, integrating various storage and network technologies into a unified federated entity. Rucio offers advanced features like distributed data recovery and adaptive replication, and it exhibits high scalability, modularity, and extensibility. Originally developed to meet the requirements of the high-energy physics experiment ATLAS, Rucio has been continuously expanded to support LHC experiments and diverse scientific communities. Recent R&D projects within these communities have evaluated the integration of both private and commercially-provided cloud storage systems, leading to the development of additional functionalities for seamless integration within Rucio. Furthermore, the underlying systems, FTS and GFAL/Davix, have been extended to cater to specific use cases. This contribution focuses on the technical aspects of this work, particularly the challenges encountered in building a generic interface for self-hosted cloud storage, such as MinIO or CEPH S3 Gateway, and established providers like Google Cloud Storage and Amazon Simple Storage Service. Additionally, the integration of decentralised clouds like SEAL is explored. Key aspects, including authentication and authorisation, direct and remote access, throughput and cost estimation, are highlighted, along with shared experiences in daily operations. [ABSTRACT FROM AUTHOR]

Published

2024

8. GPS Spoofing-Resilient Filtering Using Self-Contained Sensors and Chimera Signal Enhancement.

Author

Mina, Tara, Kanhere, Ashwin, Shetty, Akshay, and Gao, Grace

Subjects

*GLOBAL Positioning System, *PHISHING, *COMPUTER access control, *ADAPTIVE filters, *ACCESS to information

Abstract

To protect civilian Global Positioning System (GPS) users from spoofing, the Air Force Research Lab has developed the chips-message robust authentication (Chimera) signal enhancement for the GPS L1C signal. With Chimera, standalone receivers that only have access to the GPS signal will be able to authenticate their received measurements once every 3 min, whereas users with access to an out-of-band source will be able to perform authentication once every 1.5 or 6 s. However, moving receivers typically rely on much faster real-time GPS update rates of 1-20 Hz. In this work, we design a spoofing-resilient filter framework that provides continuous and secure state estimation between Chimera authentication times. By leveraging self-contained sensors on-board the vehicle, such as an inertial measurement unit or wheel encoder, as well as the periodic Chimera authentication, our proposed filter determines how much to rely on the received unauthenticated GPS measurements for state estimation. In this respect, our filter relies more extensively on GPS measurements in order to improve real-time navigation performance and reduce localization errors when GPS signals are authentic, while successfully mitigating spoofing-induced errors during an experienced attack. We experimentally validate our proposed spoofing-resilient filter in a simulated test environment for a ground vehicle model with access to the 3-min Chimera channel, under various simulated spoofing attack scenarios. To the best of the authors' knowledge, this is the first adaptive filter proposed for Chimera that continuously leverages real-time GPS measurements in a spoofing-resilient manner. [ABSTRACT FROM AUTHOR]

Published

2024

9. Secure approach to sharing digitized medical data in a cloud environment.

Author

Kumar, Kukatlapalli Pradeep, Prathap, Boppuru Rudra, Thiruthuvanathan, Michael Moses, Murthy, Hari, and Pillai, Vinay Jha

Subjects

ELECTRONIC health records, CLOUD computing, DATA privacy, COMPUTER access control, MEDICAL records

Abstract

Without proper security mechanisms, medical records stored electronically can be accessed more easily than physical files. Patient health information is scattered throughout the hospital environment, including laboratories, pharmacies, and daily medical status reports. The electronic format of medical reports ensures that all information is available in a single place. However, it is difficult to store and manage large amounts of data. Dedicated servers and a data center are needed to store and manage patient data. However, self-managed data centers are expensive for hospitals. Storing data in a cloud is a cheaper alternative. The advantage of storing data in a cloud is that it can be retrieved anywhere and anytime using any device connected to the Internet. Therefore, doctors can easily access the medical history of a patient and diagnose diseases according to the context. It also helps prescribe the correct medicine to a patient in an appropriate way. The systematic storage of medical records could help reduce medical errors in hospitals. The challenge is to store medical records on a third-party cloud server while addressing privacy and security concerns. These servers are often semi-trusted. Thus, sensitive medical information must be protected. Open access to records and modifications performed on the information in those records may even cause patient fatalities. Patient-centric health-record security is a major concern. End-to-end file encryption before outsourcing data to a third-party cloud server ensures security. This paper presents a method that is a combination of the advanced encryption standard and the elliptical curve Diffie-Hellman method designed to increase the efficiency of medical record security for users. Comparisons of existing and proposed techniques are presented at the end of the article, with a focus on the analyzing the security approaches between the elliptic curve and secret-sharing methods. This study aims to provide a high level of security for patient health records. [ABSTRACT FROM AUTHOR]

Published

2024

10. Passwordless Authentication Using a Combination of Cryptography, Steganography, and Biometrics.

Author

Oduguwa, Tunde and Arabo, Abdullahi

Subjects

COMPUTER access control, CRYPTOGRAPHY, BIOMETRIC identification, USER-centered system design

Abstract

User-generated passwords often pose a security risk in authentication systems. However, providing a comparative substitute poses a challenge, given the common tradeoff between security and user experience. This paper integrates cryptographic methods (both asymmetric and symmetric), steganography, and a combination of physiological and behavioural biometrics to construct a prototype for a passwordless authentication system. We demonstrate the feasibility of scalable passwordless authentication while maintaining a balance between usability and security. We employ threat modeling techniques to pinpoint the security prerequisites for the system, along with choosing appropriate cryptographic protocols. In addition, a comparative analysis is conducted, examining the security impacts of the proposed system in contrast to that of traditional password-based systems. The results from the prototype indicate that authentication is possible within a timeframe similar to passwords (within 2 s), without imposing additional hardware costs on users to enhance security or compromising usability. Given the scalable nature of the system design and the elimination of shared secrets, the financial and efficiency burdens associated with password resets are alleviated. Furthermore, the risk of breaches is mitigated as there is no longer a need to store passwords and/or their hashes. Differing from prior research, our study presents a pragmatic design and prototype that deserves consideration as a viable alternative for both password-based and passwordless authentication systems. [ABSTRACT FROM AUTHOR]

Published

2024

11. A Blockchain-Based Decentralized Public Key Infrastructure Using the Web of Trust.

Author

Halder, Ratna, Das Roy, Dipanjan, and Shin, Dongwan

Subjects

BLOCKCHAINS, DATA integrity, DATA privacy, PUBLIC key infrastructure (Computer security), COMPUTER access control

Abstract

Internet applications rely on Secure Socket Layer (SSL)/Transport Security Layer (TSL) certifications to establish secure communication. However, the centralized nature of certificate authorities (CAs) poses a risk, as malicious third parties could exploit the CA to issue fake certificates to malicious web servers, potentially compromising the privacy and integrity of user data. In this paper, we demonstrate how the utilization of decentralized certificate verification with blockchain technology can effectively address and mitigate such attacks. We present a decentralized public key infrastructure (PKI) based on a distributed trust model, e.g., Web of Trust (WoT) and blockchain technologies, to overcome vulnerabilities like single points of failure and to prevent tampering with existing certificates. In addition, our infrastructure establishes a trusted key-ring network that decouples the authentication process from CAs in order to enhance secure certificate issuance and accelerate the revocation process. Furthermore, as a proof of concept, we present the implementation of our proposed system in the Ethereum blockchain, confirming that the proposed framework meets the five identified requirements. Our experimental results demonstrate the effectiveness of our proposed system in practice, albeit with additional overhead compared to conventional PKIs. [ABSTRACT FROM AUTHOR]

Published

2024

12. Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoT.

Author

Hu, Shunfang, Jiang, Shaoping, Miao, Qing, Yang, Fan, Zhou, Weihong, and Duan, Peng

Subjects

PUBLIC key cryptography, INTERNET of things, ELLIPTIC curves, ELLIPTIC curve cryptography, COMPUTER access control

Abstract

With the rise of the Internet of Things (IoT), maintaining data confidentiality and protecting user privacy have become increasingly challenging. End devices in the IoT are often deployed in unattended environments and connected to open networks, making them vulnerable to physical tampering and other security attacks. Different authentication key agreement (AKA) schemes have been used in practice; several of them do not cover the necessary security features or are incompatible with resource-constrained end devices. Their security proofs have been performed under the Random-Oracle model. We present an AKA protocol for end devices and servers. The proposal leverages the ECC-based key exchange mechanism and one-way hash function-based message authentication method to achieve mutual authentication, user anonymity, and forward security. A formal security proof of the proposed scheme is performed under the standard model and the eCK model with the elliptic curve encryption computational assumptions, and formal verification is performed with ProVerif. According to the performance comparison, it is revealed that the proposed scheme offers user anonymity, perfect forward security, and mutual authentication, and resists typical attacks such as ephemeral secret leakage attacks, impersonation attacks, man-in-the-middle attacks, and key compromise impersonation attacks. Moreover, the proposed scheme has the lowest computational and communication overhead compared to existing schemes. [ABSTRACT FROM AUTHOR]

Published

2024

13. IMPROVING USER SECURITY DURING A CALL.

Author

ASTRAKHANTSEV, Andrii and PEDAN, Stanislav

Subjects

PHISHING, COMPUTER access control, PPP (Computer network protocol), DATA encryption, BIOMETRIC identification, DATA protection

Abstract

The recent development of mobile networks has led to the emergence of new threats and methods of implementing existing ones. Phishing attacks, including robocalls, are causing record losses to both individual users and large corporations. At the same time, existing countermeasures cannot provide protection against such attacks because most existing solutions focus on device authentication, whereas user authentication does not occur during a call. Another problem with mobile networks is that there is no point-to-point encryption, i.e., the speech is encrypted only on the segment from the subscriber to the base station. The subject of study in this article is the process of ensuring user security during a call. The purpose of this study is to develop a model of mutual user authentication and end-to-end data encryption in a mobile network during a call. The main objectives are the protection of users from spoofing and vishing and the proposal of a protection method by implementing mutual authentication of users during a call without storing confidential information on the side of a "trusted third party". Method of secure key exchange and end-to-end encryption during a call in the mobile network was proposed. It prevents the interception of calls by the operator for circuit-switched and packet networks. The methods used are mathematical modelling, ontological approach, and multi-criteria optimization models. Because of this research, an algorithm for mutual authentication of users is proposed by introducing biometric authentication methods and modifying the sequence of messages during a call. The proposed approach can be implemented for CS-call and VoLTE/VoWiFi calls. A call cannot be received without user biometric authentication; such as ear pattern or bone conduction methods. Modified SETUP and CONNECT ACK messages are used to inform the other party about the user verification result. This prevents user spoofing, call masquerading, and robocalls. A combination of the proposed asymmetric encryption, a short authentication string, and hashes of previous calls provides a higher level of confidentiality, integrity, and additional resistance to man-in-the-middle attacks. Conclusions. The scientific novelty of the obtained results is the integration of the above methods into the sequence of call flow messages for providing mutual authentication, end-to-end encryption, and counteraction to the number of network attacks. The proposed methods allow one level to increase the provision of services of privacy and observation groups and can be implemented in the software part of user equipment. [ABSTRACT FROM AUTHOR]

Published

2024

14. Security of Romanian Electronic Passports: The Protection of Personal Data in the Digital Age.

Author

BĂDIŢĂ, Aurelian-Gabriel

Subjects

PASSPORTS, ELECTRONIC records, COMPUTER access control, NATIONAL security, CYBERTERRORISM

Abstract

Highlighting the evolution and importance of electronic passports in Romania, respectively the security risk associated with cyber attacks against the system for issuing these documents, represents a first pillar in the development of strategies to protect national security. Adopting a proactive approach in managing cyber risks in ensuring the security of the electronic passport issuance system, respectively the security of citizens' personal data, is necessary to provide an optimal climate of trust, both for the national/European/international order and security structures, and for the well-being of the citizens who request such documents. It can be seen that attackers or impostors develop various strategies to identify and gain access to data in electronic passports in order to exploit or compromise them. Many of them resort to different methods of accessing the personal data of electronic passport holders in order to falsify them and use them to cross the state border, respectively to alienate them to other potential criminals who want to evade border control. The structures responsible for issuing e-passports implement state-of-the-art high-performance electronic security equipment and systems to counter cyber-attacks, but permanent security methods are required, as attackers resort to modern advanced methods of unauthorized access. [ABSTRACT FROM AUTHOR]

Published

2024

15. EFFICIENT FRAMEWORK OF SECURITY FOR INTERNET OF THINGS.

Author

Mehta, Mihir, Patel, Kajal, and Anadkat, Komal

Subjects

*INTERNET of things, *COMPUTER access control, *MULTI-factor authentication

Abstract

IoT security represents a highly compelling subject of research at present. The absence of a viable security solution for IoT applications could render them ineffective across various domains such as healthcare, smart homes, inventory management, smart agriculture, and more. Within the IoT architecture, security services like Confidentiality, Integrity, and Authentication play pivotal roles. In our research, we have concentrated on the Authentication service, which is fundamental for distinguishing users and devices unequivocally within a network. Authentication serves as the initial and crucial step in establishing secure communications among diverse IoT devices and users within the network. A compromised Authentication service could open the door for unauthorized users or devices to infiltrate the network, potentially leading to harmful activities like Masquerade attacks, Man-in-the-Middle (MITM) attacks, and Replay attacks. Currently, Authentication stands as a widely adopted and essential method for granting access to devices within IoT networks. Our contribution involves the development of a Multi-factor IoT Authentication Model, leveraging two key parameters: Device Context Information and Dynamic Key-based authentication. Our proposed approach begins by verifying the origin of information. If the origin is deemed valid, our model proceeds to validate the identity of the device. In the event of an intruder attempting to manipulate the device's origin from its predefined context to an alternative location, our system can swiftly detect this deviation, thereby enabling the rejection of communication requests from compromised devices. Following the verification of context information, we initiate mutual authentication between the IoT device and the server, employing the Challenge-response model. As a result of this second step, individual Session keys are generated at both the device and server sides, facilitating secure communication within a specific time window. [ABSTRACT FROM AUTHOR]

Published

2024

16. Digital Text Document Watermarking Based Tampering Attack Detection via Internet.

Author

Alohali, Manal Abdullah, Elsadig, Muna, Al-Wesabi, Fahd N., Al Duhayyim, Mesfer, Hilal, Anwer Mustafa, and Motwakel, Abdelwahed

Subjects

DIGITAL watermarking, PRODUCT tampering, COMPUTER access control, INTERNET content, INTERNET security, DATA extraction, DATA transmission systems

Abstract

Owing to the rapid increase in the interchange of text information through internet networks, the reliability and security of digital content are becoming a major research problem. Tampering detection, Content authentication, and integrity verification of digital content interchanged through the Internet were utilized to solve a major concern in information and communication technologies. The authors' difficulties were tampering detection, authentication, and integrity verification of the digital contents. This study develops an Automated Data Mining based Digital Text Document Watermarking for Tampering Attack Detection (ADMDTW-TAD) via the Internet. The DM concept is exploited in the presented ADMDTW-TAD technique to identify the document's appropriate characteristics to embed larger watermark information. The presented secure watermarking scheme intends to transmit digital text documents over the Internet securely. Once the watermark is embedded with no damage to the original document, it is then shared with the destination. The watermark extraction process is performed to get the original document securely. The experimental validation of the ADMDTW-TAD technique is carried out under varying levels of attack volumes, and the outcomes were inspected in terms of different measures. The simulation values indicated that the ADMDTW-TAD technique improved performance over other models. [ABSTRACT FROM AUTHOR]

Published

2024

17. Sphinx-in-the-Head: Group Signatures from Symmetric Primitives.

Author

Chen, Liqun, Dong, Changyu, Newton, Christopher J. P., and Wang, Yalan

Subjects

GROUP signatures (Computer security), COMPUTER access control, QUANTUM cryptography, QUANTUM computing, DIGITAL rights management

Abstract

Group signatures and their variants have been widely used in privacy-sensitive scenarios such as anonymous authentication and attestation. In this paper, we present a new post-quantum group signature scheme from symmetric primitives. Using only symmetric primitives makes the scheme less prone to unknown attacks than basing the design on newly proposed hard problems whose security is less well-understood. However, symmetric primitives do not have rich algebraic properties, and this makes it extremely challenging to design a group signature scheme on top of them. It is even more challenging if we want a group signature scheme suitable for real-world applications, one that can support large groups and require few trust assumptions. Our scheme is based on MPC-in-the-head non-interactive zero-knowledge proofs, and we specifically design a novel hash-based group credential scheme, which is rooted in the SPHINCS+ signature scheme but with various modifications to make it MPC (multi-party computation) friendly. The security of the scheme has been proved under the fully dynamic group signature model. We provide an implementation of the scheme and demonstrate the feasibility of handling a group size as large as 260. This is the first group signature scheme from symmetric primitives that supports such a large group size and meets all the security requirements. [ABSTRACT FROM AUTHOR]

Published

2024

18. Implementation of two-factor user authentication in computer systems.

Author

Tomić, Mihailo D. and Radojević, Olivera M.

Subjects

*COMPUTER access control, *MULTI-factor authentication, *COMPUTER security, *COMPUTER systems, *DATABASES, *VOCAL tract

Abstract

Introduction/purpose: The paper explores the implementation of two-factor authentication (2FA) in computer systems, addressing the increasing need for enhanced security. It highlights the vulnerabilities of password-based authentication and emphasizes the advantages of 2FA in mitigating digital threats. The development of the VoiceAuth application, integrating 2FA through a combination of password and voice authentication, serves as a practical illustration. Methods: The research adopts a three-tier architecture for the VoiceAuth application, encompassing a database, server-side REST API, and clientside single-page application. Speaker verification is employed for voice authentication, analyzing elements like pitch, rhythm, and vocal tract shapes.The paper also discusses possibilities for future upgrades, suggesting enhancements such as real-time voice verification and additional 2FA methods. Results: The application's implementation involves a detailed breakdown of the REST API architecture, Single Page Applications (SPAs), and the Speaker Verification service. Conclusion: The research underscores the crucial role of two-factor authentication (2FA) in bolstering the security of computer systems. The VoiceAuth application serves as a practical demonstration, showcasing the successful integration of 2FA through a combination of password and voice authentication. The modular architecture of the application allows for potential upgrades. [ABSTRACT FROM AUTHOR]

Published

2024

19. Authentic Strategy - Calling for More than Just Good Strategy.

Author

Jabnoun, Naceur and Khalifa, Azaddin S.

Subjects

SELF-evaluation, COMPUTER access control, VALUATION, EMPIRICAL research, CREATIVE ability

Abstract

Copyright of University of Sharjah Journal for Humanities & Social Sciences is the property of University of Sharjah - Scientific Publishing Unit and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

20. Comprehensive Security and Privacy Framework against Malicious Insider in Cloud-based Machine Learning.

Author

Tariq, Hafsa, Naushad, Muhammad Sajid, and Ahmad, Tauqir

Subjects

DIGITAL technology, DEEP learning, MACHINE learning, HUMAN-computer interaction, COMPUTER access control

Abstract

Cloud-based machine learning has become an increasingly popular approach for training and deploying machine learning models, thanks to its scalability, cost-effectiveness, and ease of access. However, the use of cloud-based machine learning also introduces new security and privacy challenges, particularly with respect to insider threats. In this proposed research project, we aim to develop a multi-faceted approach to enhancing security and privacy in cloud-based machine learning. Our approach will draw on a range of techniques, including fully homomorphic encryption, multi-factor authentication. The proposed framework conducts a comprehensive evaluation using a variety of datasets and use cases, and this approach provides higher security and privacy as compared to existing security and privacy frameworks for cloud-based machine learning. The ultimate goal is to provide practical and effective solutions for enhancing security and privacy in cloud-based machine learning, and to contribute to the ongoing efforts to address the challenges of insider threats in this rapidly evolving field. [ABSTRACT FROM AUTHOR]

Published

2024

21. The Bureaucratic Route of the Real Estate Sale Contracts.

Author

ANTOHIE, Răzvan

Subjects

BUREAUCRACY, COMPUTER access control, LEGAL services, LABOR contracts, BENCHMARKING (Management)

Abstract

This article comes to answer one of the most common questions we have from clients in the notarial practice: "What documents are required?". Although there are no two contracts alike, just as there are no two people alike, we can say that there is a general framework that is adapted to each situation. We will present what are the stages and the bureaucratic process that the seller and buyer go through in a real estate contract, but also what documents are required and what each of them is used for. The article is structured according to three moments in the authentication process: the procedures prior to authentication, those concurrent with authentication, and those after authentication. Of course, it is up to the notary the instruments the procedure if he considers that, in addition to those presented, other documents are needed to clarify the situation of a building. We will see that, although this bureaucratic route may seem cumbersome and sometimes even boring, it is important for the safety of the non-contentious civil circuit. [ABSTRACT FROM AUTHOR]

Published

2024

22. A New Face Swap Detection Technique for Digital Images.

Author

Thabit, Rasha, Fadhil, Heba Mohammed, Fakhruldeen, Hassan Falah, Shather, Akram Hatem, and Al-Askari, Mohanad A.

Subjects

DEEP learning, DIGITAL image processing, COMPUTER access control, MACHINE learning, MALWARE

Abstract

In recent years, the rapid development of deep learning-based face image manipulation algorithms and applications became one of the challenges that are facing information forensics and information security systems. Using these applications, one can easily swap the face in a digital image with another face for different intentions where most of them are malicious intentions. Different face swap detection techniques have been presented in recent years to check the authenticity of the face in a digital image. Most of the available techniques are machine-learning or deep-learning based which makes them vulnerable to false detection results in addition to the time-consuming training process. In this paper, a new technique for face swap detection (FSD) is presented based on the image watermarking process. The proposed technique consists of two main algorithms called embedding and authentication algorithms. Several experiments have been conducted to evaluate the performance of the proposed technique and to prove its efficiency in detecting fake faces. The proposed technique outperforms various deep-learning-based techniques because no training is required and the detection accuracy is 100 %. The performance of the proposed FSD technique is promising therefore it is applicable in different practical applications. [ABSTRACT FROM AUTHOR]

Published

2024

23. Behavioral authentication for security and safety.

Author

Wang, Cheng, Tang, Hao, Zhu, Hangyu, Zheng, Junhan, and Jiang, Changjun

Subjects

ANOMALY detection (Computer security), COMPUTER access control, ARTIFICIAL intelligence, MACHINE learning, COMPUTER security

Abstract

The issues of both system security and safety can be dissected integrally from the perspective of behavioral appropriateness. That is, a system that is secure or safe can be judged by whether the behavior of certain agent(s) is appropriate or not. Specifically, a so-called appropriate behavior involves the right agent performing the right actions at the right time under certain conditions. Then, according to different levels of appropriateness and degrees of custodies, behavioral authentication can be graded into three levels, i.e., the authentication of behavioral Identity, Conformity, and Benignity. In a broad sense, for the security and safety issue, behavioral authentication is not only an innovative and promising method due to its inherent advantages but also a critical and fundamental problem due to the ubiquity of behavior generation and the necessity of behavior regulation in any system. By this classification, this review provides a comprehensive examination of the background and preliminaries of behavioral authentication. It further summarizes existing research based on their respective focus areas and characteristics. The challenges confronted by current behavioral authentication methods are analyzed, and potential research directions are discussed to promote the diversified and integrated development of behavioral authentication. [ABSTRACT FROM AUTHOR]

Published

2024

24. Privacy-preserving location authentication for low-altitude UAVs: A blockchain-based approach.

Author

Pan, Hengchang, Wang, Yuanshuo, Wang, Wei, Cao, Ping, Ye, Fangwei, and Wu, Qihui

Subjects

DRONE aircraft, ZERO-knowledge proofs, INFORMATION retrieval, COMPUTER access control, BLOCKCHAINS

Abstract

Efficient and trusted regulation of unmanned aerial vehicles (UAVs) is an essential but challenging issue in the future era of the Internet of Low-altitude Intelligence, due to the difficulties in UAVs' identity recognition and location matching, potential for falsified information reporting, etc. To address this challenging issue, in this paper, we propose a blockchain-based UAV location authentication scheme, which employs a distance bounding protocol to establish a location proof, ensuring the authenticity of UAV positions. To preserve the privacy of UAVs, anonymous certificates and zero-knowledge proof are used. The security of the proposed scheme is analyzed. Experiments demonstrate the efficiency and feasibility of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2024

25. Los Conflictos Socioambientales en el Bajo Cauca antioqueño (Colombia): Sentidos y Políticas Públicas.

Author

Montoya Restrepo, Lina Patricia

Subjects

PROSPECTING, GOVERNMENT policy, WAR, MULTI-factor authentication, COMPUTER access control, CONFLICT management

Abstract

Copyright of Estudios de Derecho is the property of Estudios de Derecho and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

26. IoT-based door access using three security-layers.

Author

Aznan, Muhammad Afiq, Ibrahim, Siti Zuraidah, Ku Azir, Ku Nurul Fazira, Ngadiran, Ruzelita, and Mohd Noh, Faridah Hanim

Subjects

*CLOSED-circuit television, *BIOMETRIC identification, *COMPUTER access control, *DATABASES, *HUMAN fingerprints, *COMPUTER passwords

Abstract

This paper demonstrates an Internet-of-Things, IoT-based Door Access using three security layers, which are biometric identification, authentication, and authorized reply. The IoT-based door access is developed with Closed Circuit Television (CCTV) monitoring to control door access by authorized users using facial recognition technique and the Telegram application along with a database to record user logs. In the first security layer, the user's face will be captured by CCTV camera and then processed to match to the registered face. In the authentication layer, the system will use Telegram Bot to send a message to the user registered Telegram Chat Identification (ID) only for entering the password. In the third security layer, if the password is valid, the system will send a signal to the hardware to unlock the door. The results showed that the developed prototype of this system successfully operated as expected. [ABSTRACT FROM AUTHOR]

Published

2023

27. Blockchain-Based Secure Authentication Solution for Web Applications.

Author

Tanrıverdi, Mustafa

Subjects

*BLOCKCHAINS, *COMPUTER access control, *WEB-based user interfaces, *MULTI-factor authentication, *SECURITY management

Abstract

In the age of information and technology, web applications have become an important part of daily life. The communication of these web applications, where important personal and corporate information is managed, with the outside world is provided by authentication methods. Today, most applications use the traditional username-password method for authentication. This method, which is vulnerable to brute force attacks, causes serious security vulnerabilities. In this method, since most users use the same login credentials in different applications, an attack can affect many applications. Some applications also prefer to rely on third-party systems such as Google and Facebook for authentication. Due to their nature, these systems have risks such as data security problems and single point failure. For more security in the authentication area, studies have been carried out on the Two-Factor Authentication (2FA) method This method has serious disadvantages such as GSM network problems, SMS cost or centralization. To overcome these problems, blockchain is appropriate solution thanks to its distributed, transparent, secure and immutable structure. In an important and sensitive issue such as identity control, it is thought that it may be risky to present blockchain technology, which is still under development, as the only method. Considering the current situation, in this study, a proposal has been made to offer a secure blockchain-based solution as an alternative to the authentication methods that currently work for web applications. The new technologies and tools used in the proposed solution are explained with visuals. [ABSTRACT FROM AUTHOR]

Published

2023

28. An Application-Based Tool That Contains Both an Enhanced Password Generator and a Password Strength Checker.

Author

Al-Zakwani, Hazam Hamood and Palanisamy, Ramesh

Subjects

COMPUTER passwords, PYTHON programming language, COMPUTER security, COMPUTER access control, STATISTICAL correlation

Abstract

The most common user authentication method for restricted resource access has been passwords. The fundamental problem with passwords is their strength or quality, or how easily or difficult they can be "guessed" by an outsider wishing to gain access to a resource you have access to by impersonating you. In this article, we examine multiple metrics related to password quality, one of which we have also suggested, and evaluate their advantages, disadvantages, and connections. We also experimented with cracking a series of passwords of varying complexity. The results of the experiments show that the quality of the passwords and their guess ability are positively correlated. [ABSTRACT FROM AUTHOR]

Published

2023

29. Implementation of smart saver, logged-in device protector.

Author

Gyudong Park, Hocheol Jeon, and Kyungshik Yi

Subjects

MALWARE, DATA protection, COMPUTER access control, INFORMATION storage & retrieval systems, GENERAL Data Protection Regulation, 2016

Abstract

Unauthorized access by malicious user could be very dangerous to all information systems. As a technical solution to prevent this, IAM (Identity and Access Management) is available. Many systems trust users who passed the system's authentication or log-in until log-out. However, IAM operates passively by traffic between devices and systems. Because IAM can't see the user of the device, it considers all traffic from the device after log-in is generated by the log-in user. Therefore, a logged-in and unattended device could be a security vulnerability of the system because it can be used by a malicious user nearby. Currently, many systems entirely rely on individual users to protect their devices. However, this study suggests an idea of technical solution called smart saver to protect the logged-in devices more securely. The smart saver triggers screen saver immediately upon detection of absence or change of the logged-in user using camera sensor of the device. For this, smart saver extracts and uses user's appearance features and tries not to violate the recent trend of strengthening identity information protection. And this study shows the feasibility of smart saver through experiments. [ABSTRACT FROM AUTHOR]

Published

2023

30. EVALUATING RESTRICTIVE VOTING AND MOVINET-BASED TRANSFER LEARNING FOR ROBUST FACE LIVENESS DETECTION.

Author

Omara, Mahmoud, Khalid, H., Fayez, Mahmoud, and Ghoniemy, Said

Subjects

COMPUTER access control, HUMAN facial recognition software, KEY performance indicators (Management), MACHINE learning, COMPUTER security, ROBUST statistics

Abstract

Face recognition technologies are rapidly becoming integral to a variety of applications, ranging from security systems to user authentication. This increasing reliance necessitates robust and accurate methods for face liveness detection. This paper presents and thoroughly evaluates two cuttingedge methods for face liveness detection: the Restrictive Voting approach and the Transfer Learning Approach. Our evaluation was performed using the Replay-Attack dataset. Various performance metrics were reported, including Accuracy, Precision, Recall, and F1-Score. Additionally, a comparative analysis was presented specifically for Half Total Error (HTER) and Equal Error Rate (EER), clearly indicating the superior performance of both methods compared to current state-of-theart techniques. Remarkably, both methods achieved a zero False Acceptance Rate (FAR), thereby entirely negating the possibility of unauthorized access. These groundbreaking findings not only affirm the robustness of the introduced methods but also suggest their substantial potential for implementation in high-security, real-world scenarios, highlighting their unmatched excellence in face liveness detection. [ABSTRACT FROM AUTHOR]

Published

2023

31. Analysis and Design of Identity Authentication for IoT Devices in the Blockchain Using Hashing and Digital Signature Algorithms.

Author

Wang, Lei, Yuan, Ying, Ding, Yan, and Pan, Meng-Shiuan

Subjects

*INTERNET of things, *ALGORITHMS, *DIGITAL signatures, *TRUST, *BLOCKCHAINS, *COMPUTER access control, *PROBLEM solving

Abstract

This paper proposes a blockchain-based identity authentication (BA) scheme for IoT devices to solve the authentication security problem of IoT devices. The BA scheme uses hashing and digital signature algorithms to achieve integrity and nonrepudiation of authentication messages. Blockchain technology is used to achieve decentralised and distributed storage and management of authentication data. Besides, the BA scheme uses the idea of trust domains and trust credentials to establish a master-slave connection between IoT devices. The BA scheme is then compared with the existing four schemes and analysed from six perspectives to show that the BA scheme has better security. Also, the results show that the BA scheme has reasonable computational and storage overhead. Finally, the advantages of the BA scheme over traditional centralised and existing blockchain-based authentication schemes are compared and analysed. The results show that it can perfectly solve the problem of overreliance on trusted third parties in traditional authentication schemes. [ABSTRACT FROM AUTHOR]

Published

2023

32. EEDF: Enhanced Encryption Decryption Framework for Device Authentication in IoT.

Author

SINGH, ROHIT, AWASTHI, LALIT KUMAR, and SHARMA, K. P.

Subjects

INTERNET of things, COMPUTER passwords, COMPUTER access control, BIOMETRIC identification, ELLIPTIC curve cryptography

Abstract

IoT technology shows a number of hazards and privacy concerns mainly for security purposes and resistance to attacks. One among the device authentication is password authentication, such as Standard password authentication, Time Password authentication, Biometric authentication, Computer recognition authentication, CAPTCHAs, etc. We are now obtaining a PSK from a previous message or password, in which, the security of the shared message is a major problem and threat. To overcome these challenges, we have proposed an EEDF: Enhanced Encryption Decryption Framework in Device Authentication for IoT. In our proposed model, we have given a framework for encrypting and decrypting a shared message to avoid theft and improve its security. Here we have used a lightweight ECC-based Ed25519 to carry over the entire communication/process. The next is the verification process. It is done by BAN Logic. The text’s source, its recentness, and its reliability are all verified by BAN Logic. Authentication is done at this step. After that, the verified message is fed into a newly proposed novel algorithm namely Compound Xchacha20-ECC Algorithm. This Compound Xchahca20-ECC Algorithm is used for the encryption and decryption process. As a result, our proposed approach reduces the key generation time and resistance to various attacks. [ABSTRACT FROM AUTHOR]

Published

2023

33. Biometric Authentication & It’s Security Purposes.

Author

Bele, S. B., Bherde, Sakshi R., Wadalkar, Atharva U., and Deshmukh, Sakshi R.

Subjects

COMPUTER access control, MACHINE learning, ARTIFICIAL intelligence, TECHNOLOGICAL innovations, ARTIFICIAL neural networks

Abstract

Trusted user authentication is becoming an increasingly important function in a web-enabled world. The effect of an unsecure authentication system in a corporate or enterprise environment can be prosperous and can include dropping of confidential information, rejection of service, and compromise of data integrity. The value of trusted user authentication is not limited to computer or network access. Many other applications in daily life also require user authentication, such as banking, e-commerce, and can benefit from physical access control and enhanced security to computer resources. [ABSTRACT FROM AUTHOR]

Published

2023

34. The zero trust supply chain: Managing supply chain risk in the absence of trust.

Author

Collier, Zachary A. and Sarkis, Joseph

Subjects

SUPPLY chains, NUMBER theory, INFORMATION technology, COMPUTER access control, TECHNOLOGY management

Abstract

The modern supply chain is characterised by an ill-defined and porous perimeter, allowing entry points for potential adversaries to intercept sensitive information and disrupt operations. Such supply chain attacks are increasing in frequency and their impacts can be costly to an organisation. Trust between supply chain partners is commonly thought to be a risk management tool, where increasing trust results in reduced risk. However, increased trust may actually expose the supply chain to more risk, not less. In this paper, we propose the concept of the zero trust supply chain. Originating in the field of information technology and cybersecurity, a zero trust philosophy assumes that all actors and activity are untrusted. In contrast to perimeter-based security, which attempts to keep adversarial actors out, a zero trust-based security posture assumes that adversaries are already inside the system, and therefore imposes strict access and authentication requirements. In this paper, we map zero trust concepts to the supply chain, and discuss the steps an organisation might take to transition to zero trust. We set forth a research agenda by examining zero trust through the lens of several organisational theories and propose a number of research propositions. [ABSTRACT FROM AUTHOR]

Published

2021

35. A Lightweighted Secure Scheme for Data Aggregation in Large-Scale IoT-Based Smart Grids.

Author

Abdolmaleki, Mohammad J., Khorramian, Amanj, and Fathi, Mohammad

Subjects

INTERNET of things, SMART power grids, COMPUTER access control, INFRASTRUCTURE (Economics), COMPUTER security

Abstract

With the emergence of IoT devices, data aggregation in the area of smart grids can be implemented based on IoT networks. However, the communication and computation resources of IoT devices are limited so it is not possible to apply conventional Internet protocols directly. On the other hand, gathering data from smart meters in the advanced metering infrastructure faces challenges such as privacy-preserving and heavy-loaded authentication and aggregation schemes. In this paper, we propose an improved lightweight, secure, and privacypreserving scheme for aggregating data of smart meters in largescale IoT-based smart grids. The proposed scheme adopts lightweight operations of cryptography such as exclusive-OR, hash, and concatenation functions. In comparison with the schemes in the literature, the analysis and simulation results show that the proposed scheme satisfies the same security levels, while at the same time burdens lower computation and communication overheads. This observation makes the proposed scheme more suitable to be employed in large-scale and IoT-based smart grids for data aggregation. [ABSTRACT FROM AUTHOR]

Published

2023

36. WebGuardian: Holistic Approach to Address Dynamic Web Application Threat Landscape.

Author

P. A. G. P. B., Aththanayaka, M. H., Ranasinghe, H. N. K., Ranaweera, S. D., Rathnayake, Senarathne, Amila, and Yapa, Kanishka

Subjects

WEB-based user interfaces, COMPUTER access control, MACHINE learning, DIGITAL technology, ONLINE information services

Abstract

Web applications have become an integral part of our daily lives, transforming various industries, and enabling smooth online interactions. The increasing number of web applications has also led to significant security challenges. People with malicious intent continuously exploit weaknesses in these web applications, posing a risk to the confidentiality, integrity, and availability of web applications. The primary objective of this research is to develop a comprehensive system that automates the identification and mitigation of vulnerabilities, prevention of threats, assessment of risks, and management of user access in web applications. This system uses advanced technologies like machine learning, runtime application self-protection (RASP), and risk calculation algorithms to take a well-rounded approach to web application security. This research project presents a comprehensive system that automates web application security, addressing the challenges posed by evolving threats. By utilizing advanced technologies and combining various security elements, the system offers a strong and effective solution to improve the security of web applications. This ensures their ability to withstand and maintain their integrity in today's interconnected digital world. [ABSTRACT FROM AUTHOR]

Published

2023

37. Power-Based Side-Channel Attacks on Program Control Flow with Machine Learning Models.

Author

Robins, Andey, Olguin, Stone, Brown, Jarek, Carper, Clay, and Borowczak, Mike

Subjects

MACHINE learning, EMBEDDED computer systems, COMPUTATIONAL complexity, ACCURACY, COMPUTER access control

Abstract

The control flow of a program represents valuable and sensitive information; in embedded systems, this information can take on even greater value as the resources, control flow, and execution of the system have more constraints and functional implications than modern desktop environments. Early works have demonstrated the possibility of recovering such control flow through power-based side-channel attacks in tightly constrained environments; however, they relied on meaningful differences in computational states or data dependency to distinguish between states in a state machine. This work applies more advanced machine learning techniques to state machines which perform identical operations in all branches of control flow. Complete control flow is recovered with 99% accuracy even in situations where 97% of work is outside of the control flow structures. This work demonstrates the efficacy of these approaches for recovering control flow information; continues developing available knowledge about power-based attacks on program control flow; and examines the applicability of multiple standard machine learning models to the problem of classification over power-based side-channel information. [ABSTRACT FROM AUTHOR]

Published

2023

38. Siamese Neural Network for Keystroke Dynamics-Based Authentication on Partial Passwords.

Author

Lis, Kamila, Niewiadomska-Szynkiewicz, Ewa, and Dziewulska, Katarzyna

Subjects

*COMPUTER passwords, *COMPUTER access control, *MULTI-factor authentication, *COMPUTER systems

Abstract

The paper addresses issues concerning secure authentication in computer systems. We focus on multi-factor authentication methods using two or more independent mechanisms to identify a user. User-specific behavioral biometrics is widely used to increase login security. The usage of behavioral biometrics can support verification without bothering the user with a requirement of an additional interaction. Our research aimed to check whether using information about how partial passwords are typed is possible to strengthen user authentication security. The partial password is a query of a subset of characters from a full password. The use of partial passwords makes it difficult for attackers who can observe password entry to acquire sensitive information. In this paper, we use a Siamese neural network and n-shot classification using past recent logins to verify user identity based on keystroke dynamics obtained from the static text. The experimental results on real data demonstrate that keystroke dynamics authentication can be successfully used for partial password typing patterns. Our method can support the basic authentication process and increase users' confidence. [ABSTRACT FROM AUTHOR]

Published

2023

39. The Multi-User Constrained Pseudorandom Function Security of Generalized GGM Trees for MPC and Hierarchical Wallets.

Author

CHUN GUO, XIAO WANG, XIANG XIE, and YU YU

Subjects

PSEUDONOISE sequences (Digital communications), ARTIFICIAL intelligence, MACHINE learning, ARTIFICIAL neural networks, COMPUTER access control

Abstract

Multi-user (mu) security considers large-scale attackers that, given access to a number of cryptosystem instances, attempt to compromise at least one of them. We initiate the study of mu security of the so-called GGM tree that stems from the pseudorandom generator to pseudorandom function transformation of Goldreich, Goldwasser, and Micali, with a goal to provide references for its recently popularized use in applied cryptography. We propose a generalized model for GGM trees and analyze its mu prefix-constrained pseudorandom function security in the random oracle model. Our model allows to derive concrete bounds and improvements for various protocols, and we showcase on the Bitcoin-Improvement-Proposal standard Bip32 hierarchical wallets and function secret sharing protocols. In both scenarios, we propose improvements with better performance and concrete security bounds at the same time. Compared with the state-of-the-art designs, our SHACAL3- and Keccak-p-based Bip32 variants reduce the communication cost of MPC-based implementations by 73.3% to 93.8%, whereas our AES-based function secret sharing substantially improves mu security while reducing computations by 50%. [ABSTRACT FROM AUTHOR]

Published

2023

40. End-to-End Security for Distributed Event-driven Enclave Applications on Heterogeneous TEEs.

Author

SCOPELLITI, GIANLUCA, POUYANRAD, SEPIDEH, NOORMAN, JOB, ALDER, FRITZ, BAUMANN, CHRISTOPH, PIESSENS, FRANK, and MÜHLBERG, JAN TOBIAS

Subjects

MACHINE learning, ARTIFICIAL intelligence, ARTIFICIAL neural networks, COMPUTER access control, INDUSTRIAL controls manufacturing

Abstract

This article presents an approach to provide strong assurance of the secure execution of distributed eventdriven applications on shared infrastructures, while relying on a small Trusted Computing Base. We build upon and extend security primitives provided by Trusted Execution Environments (TEEs) to guarantee authenticity and integrity properties of applications, and to secure control of input and output devices. More specifically, we guarantee that if an output is produced by the application, it was allowed to be produced by the application's source code based on an authentic trace of inputs. We present an integrated open-source framework to develop, deploy, and use such applications across heterogeneous TEEs. Beyond authenticity and integrity, our framework optionally provides confidentiality and a notion of availability, and facilitates software development at a high level of abstraction over the platformspecific TEE layer. We support event-driven programming to develop distributed enclave applications in Rust and C for heterogeneous TEE, including Intel SGX, ARM TrustZone, and Sancus. In this article we discuss the workings of our approach, the extensions we made to the Sancus processor, and the integration of our development model with commercial TEEs. Our evaluation of security and performance aspects show that TEEs, together with our programming model, form a basis for powerful security architectures for dependable systems in domains such as Industrial Control Systems and the Internet of Things, illustrating our framework's unique suitability for a broad range of use cases which combine cloud processing, mobile and edge devices, and lightweight sensing and actuation. [ABSTRACT FROM AUTHOR]

Published

2023

41. Privacy-preserving Decentralized Federated Learning over Time-varying Communication Graph.

Author

YANG LU, ZHENGXIN YU, and SURI, NEERAJ

Subjects

COMMUNICATION, MACHINE learning, ARTIFICIAL intelligence, ARTIFICIAL neural networks, COMPUTER access control

Abstract

Establishing how a set of learners can provide privacy-preserving federated learning in a fully decentralized (peer-to-peer, no coordinator) manner is an open problem. We propose the first privacy-preserving consensus-based algorithm for the distributed learners to achieve decentralized global model aggregation in an environment of high mobility, where participating learners and the communication graph between them may vary during the learning process. In particular, whenever the communication graph changes, the Metropolis-Hastings method [69] is applied to update the weighted adjacency matrix based on the current communication topology. In addition, the Shamir's secret sharing (SSS) scheme [61] is integrated to facilitate privacy in reaching consensus of the global model. The article establishes the correctness and privacy properties of the proposed algorithm. The computational efficiency is evaluated by a simulation built on a federated learning framework with a real-world dataset. [ABSTRACT FROM AUTHOR]

Published

2023

42. Privacy Policies across the Ages: Content of Privacy Policies 1996-2021.

Author

WAGNER, ISABEL

Subjects

NATURAL language processing, MACHINE learning, COMPUTER access control, ARTIFICIAL neural networks, CRYPTOGRAPHY, ARTIFICIAL intelligence

Abstract

It is well known that most users do not read privacy policies but almost always tick the box to agree with them. While the length and readability of privacy policies have been well studied and many approaches for policy analysis based on natural language processing have been proposed, existing studies are limited in their depth and scope, often focusing on a small number of data practices at single point in time. In this article, we fill this gap by analyzing the 25-year history of privacy policies using machine learning and natural language processing and presenting a comprehensive analysis of policy contents. Specifically, we collect a large-scale longitudinal corpus of privacy policies from 1996 to 2021 and analyze their content in terms of the data practices they describe, the rights they grant to users, and the rights they reserve for their organizations. We pay particular attention to changes in response to recent privacy regulations such as the GDPR and CCPA. We observe some positive changes, such as reductions in data collection post-GDPR, but also a range of concerning data practices, such as widespread implicit data collection for which users have no meaningful choices or access rights. Our work is an important step toward making privacy policies machine readable on the user side, which would help users match their privacy preferences against the policies offered by web services. [ABSTRACT FROM AUTHOR]

Published

2023

43. Mechanized Proofs of Adversarial Complexity and Application to Universal Composability.

Author

BARBOSA, MANUEL, BARTHE, GILLES, GRÉGOIRE, BENJAMIN, KOUTSOS, ADRIEN, and STRUB, PIERRE-YVES

Subjects

CRYPTOGRAPHY, MACHINE learning, ARTIFICIAL intelligence, ARTIFICIAL neural networks, COMPUTER access control

Abstract

In this work, we enhance the EasyCrypt proof assistant to reason about the computational complexity of adversaries. The key technical tool is a Hoare logic for reasoning about computational complexity (execution time and oracle calls) of adversarial computations. Our Hoare logic is built on top of the module system used by EasyCrypt for modeling adversaries. We prove that our logic is sound w.r.t. the semantics of EasyCrypt programs--we also provide full semantics for the EasyCrypt module system, which was lacking previously. We showcase (for the first time in EasyCrypt and in other computer-aided cryptographic tools) how our approach can express precise relationships between the probability of adversarial success and their execution time. In particular, we can quantify existentially over adversaries in a complexity class and express general composition statements in simulation-based frameworks. Moreover, such statements can be composed to derive standard concrete security bounds for cryptographic constructions whose security is proved in a modular way. As a main benefit of our approach, we revisit security proofs of some well-known cryptographic constructions and present a new formalization of universal composability. [ABSTRACT FROM AUTHOR]

Published

2023

44. A Vulnerability Assessment Framework for Privacy-preserving Record Linkage.

Author

VIDANAGE, ANUSHKA, CHRISTEN, PETER, RANBADUGE, THILINA, and SCHNELL, RAINER

Subjects

ARTIFICIAL intelligence, MACHINE learning, ARTIFICIAL neural networks, CONVOLUTIONAL neural networks, COMPUTER access control

Abstract

The linkage of records to identify common entities across multiple data sources has gained increasing interest over the last few decades. In the absence of unique entity identifiers, quasi-identifying attributes such as personal names and addresses are generally used to link records. Due to privacy concerns that arise when such sensitive information is used, privacy-preserving record linkage (PPRL) methods have been proposed to link records without revealing any sensitive or confidential information about these records. Popular PPRL methods such as Bloom filter encoding, however, are known to be susceptible to various privacy attacks. Therefore, a systematic analysis of the privacy risks associated with sensitive databases as well as PPRL methods used in linkage projects is of great importance. In this article we present a novel framework to assess the vulnerabilities of sensitive databases and existing PPRL encoding methods. We discuss five types of vulnerabilities: frequency, length, co-occurrence, similarity, and similarity neighborhood, of both plaintext and encoded values that an adversary can exploit in order to reidentify sensitive plaintext values from encoded data. In an experimental evaluation we assess the vulnerabilities of two databases using five existing PPRL encoding methods. This evaluation shows that our proposed framework can be used in real-world linkage applications to assess the vulnerabilities associated with sensitive databases to be linked, as well as with PPRL encoding methods. [ABSTRACT FROM AUTHOR]

Published

2023

45. EULER: Detecting Network Lateral Movement via Scalable Temporal Link Prediction.

Author

KING, ISAIAH J. and HOWIE HUANG, H.

Subjects

ARTIFICIAL intelligence, MACHINE learning, CONVOLUTIONAL neural networks, ARTIFICIAL neural networks, COMPUTER access control

Abstract

Lateral movement is a key stage of system compromise used by advanced persistent threats. Detecting it is no simple task. When network host logs are abstracted into discrete temporal graphs, the problem can be reframed as anomalous edge detection in an evolving network. Research in modern deep graph learning techniques has produced many creative and complicated models for this task. However, as is the case in many machine learning fields, the generality of models is of paramount importance for accuracy and scalability during training and inference. In this article, we propose a formalized approach to this problem with a framework we call Euler. It consists of a model-agnostic graph neural network stacked upon a model-agnostic sequence encoding layer such as a recurrent neural network. Models built according to the Euler framework can easily distribute their graph convolutional layers across multiple machines for large performance improvements. Additionally, we demonstrate that Euler-based models are as good, or better, than every state-of-the-art approach to anomalous link detection and prediction that we tested. As anomaly-based intrusion detection systems, our models efficiently identified anomalous connections between entities with high precision and outperformed all other unsupervised techniques for anomalous lateral movement detection. Additionally, we show that as a piece of a larger anomaly detection pipeline, Euler models perform well enough for use in real-world systems. With more advanced, yet still lightweight, alerting mechanisms ingesting the embeddings produced by Euler models, precision is boosted from 0.243, to 0.986 on real-world network traffic. [ABSTRACT FROM AUTHOR]

Published

2023

46. PrivExtractor: Toward Redressing the Imbalance of Understanding between Virtual Assistant Users and Vendors.

Author

BOLTON, TOM, DARGAHI, TOOSKA, BELGUITH, SANA, and MAPLE, CARSTEN

Subjects

ARTIFICIAL intelligence, MACHINE learning, CONVOLUTIONAL neural networks, ARTIFICIAL neural networks, COMPUTER access control

Abstract

The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users' data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users' information "fairly and responsibly," artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users' concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use. There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data "processors" and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies' privacy practices and their compliance with data protection law. As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user. [ABSTRACT FROM AUTHOR]

Published

2023

47. Costs and Benefits of Authentication Advice.

Author

MURRAY, HAZEL and MALONE, DAVID

Subjects

COMPUTER access control, ARTIFICIAL intelligence, MACHINE learning, CONVOLUTIONAL neural networks, ARTIFICIAL neural networks

Abstract

Authentication security advice is given with the goal of guiding users and organisations towards secure actions and practices. In this article, a taxonomy of 270 pieces of authentication advice is created, and a survey is conducted to gather information on the costs associated with following or enforcing the advice. Our findings indicate that security advice can be ambiguous and contradictory, with 41% of the advice collected being contradicted by another source. Additionally, users reported high levels of frustration with the advice and identified high usability costs. The study also found that end-users disagreed with each other 71% of the time about whether a piece of advice was valuable or not. We define a formal approach to identifying security benefits of advice. Our research suggests that cost-benefit analysis is essential in understanding the value of enforcing security policies. Furthermore, we find that organisation investment in security seems to have better payoffs than mechanisms with high costs to users. [ABSTRACT FROM AUTHOR]

Published

2023

48. RansomShield: A Visualization Approach to Defending Mobile Systems Against Ransomware.

Author

LACHTAR, NADA, IBDAH, DUHA, KHAN, HAMZA, and BACHA, ANYS

Subjects

RANSOMWARE, MALWARE, COMPUTER access control, ARTIFICIAL intelligence, MACHINE learning, CONVOLUTIONAL neural networks

Abstract

The unprecedented growth in mobile systems has transformed the way we approach everyday computing. Unfortunately, the emergence of a sophisticated type of malware known as ransomware poses a great threat to consumers of this technology. Traditional research on mobile malware detection has focused on approaches that rely on analyzing bytecode for uncovering malicious apps. However, cybercriminals can bypass such methods by embedding malware directly in native machine code, making traditional methods inadequate. Another challenge that detection solutions face is scalability. The sheer number of malware variants released every year makes it difficult for solutions to efficiently scale their coverage. To address these concerns, this work presents RansomShield, an energy-efficient solution that leverages CNNs to detect ransomware. We evaluate CNN architectures that have been known to perform well on computer vision tasks and examine their suitability for ransomware detection. We show that systematically converting native instructions from Android apps into images using space-filling curve visualization techniques enable CNNs to reliably detect ransomware with high accuracy. We characterize the robustness of this approach across ARM and x86 architectures and demonstrate the effectiveness of this solution across heterogeneous platforms including smartphones and chromebooks. We evaluate the suitability of different models for mobile systems by comparing their energy demands using different platforms. In addition, we present a CNN introspection framework that determines the important features that are needed for ransomware detection. Finally, we evaluate the robustness of this solution against adversarial machine learning (AML) attacks using state-of-the-art Android malware dataset. [ABSTRACT FROM AUTHOR]

Published

2023

49. Performance and Usability Evaluation of Brainwave Authentication Techniques with Consumer Devices.

Author

ARIAS-CABARCOS, PATRICIA, FALLAHI, MATIN, HABRICH, THILO, SCHULZE, KAREN, BECKER, CHRISTIAN, and STRUFE, THORSTEN

Subjects

BRAIN waves, BIOMETRIC identification, COMPUTER access control, ERROR rates, SEMANTICS

Abstract

Brainwaves have demonstrated to be unique enough across individuals to be useful as biometrics. They also provide promising advantages over traditional means of authentication, such as resistance to external observability, revocability, and intrinsic liveness detection. However, most of the research so far has been conducted with expensive, bulky, medical-grade helmets, which offer limited applicability for everyday usage. With the aim to bring brainwave authentication and its benefits closer to real world deployment, we investigate brain biometrics with consumer devices. We conduct a comprehensive measurement experiment and user study that compare five authentication tasks on a user sample up to 10 times larger than those from previous studies, introducing three novel techniques based on cognitive semantic processing. Furthermore, we apply our analysis on high-quality open brainwave data obtainedwith a medical-grade headset, to assess the differences. We investigate both the performance, security, and usability of the different options and use this evidence to elicit design and research recommendations. Our results show that it is possible to achieve Equal Error Rates as low as 7.2% (a reduction between 68-72% with respect to existing approaches) based on brain responses to images with current inexpensive technology. We show that the common practice of testing authentication systems only with known attacker data is unrealistic and may lead to overly optimistic evaluations. With regard to adoption, users call for simpler devices, faster authentication, and better privacy. [ABSTRACT FROM AUTHOR]

Published

2023

50. Graph-Based Replication and Two Factor Authentication in Cloud Computing.

Author

Lavanya, S. and Saravanakumar, N. M.

Subjects

CLOUD computing, MULTI-factor authentication, DATA encryption, INFORMATION technology, COMPUTER access control

Abstract

Many cutting-edge methods are now possible in real-time commercial settings and are growing in popularity on cloud platforms. By incorporating new, cutting-edge technologies to a larger extent without using more infrastructures, the information technology platform is anticipating a completely new level of development. The following concepts are proposed in this research paper: 1) A reliable authentication method Data replication that is optimised; graph-based data encryption and packing colouring in Redundant Array of Independent Disks (RAID) storage. At the data centre, data is encrypted using crypto keys called Key Streams. These keys are produced using the packing colouring method in the web graph's jump graph. In order to achieve space efficiency, the replication is carried out on optimised many servers employing packing colours. It would be thought that more connections would provide better authentication. This study provides an innovative architecture with robust security, enhanced authentication, and low cost. [ABSTRACT FROM AUTHOR]

Published

2023