Your search keyword '"NTLMSSP"' showing total 206 results

1. AccessAuth: Capacity-aware security access authentication in federated-IoT-enabled V2G networks

Author

Kaoru Ota, Mianxiong Dong, Ming Tao, and Zhuzhong Qian

Subjects

Challenge-Handshake Authentication Protocol, Information privacy, Computer access control, Computer Networks and Communications, Computer science, computer.internet_protocol, Email authentication, Access control, 02 engineering and technology, Computer security, computer.software_genre, NTLMSSP, Theoretical Computer Science, Distributed System Security Architecture, Artificial Intelligence, Forward secrecy, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Data Authentication Algorithm, Authentication, Revocation, business.industry, 020206 networking & telecommunications, Mutual authentication, Multi-factor authentication, Chip Authentication Program, Hardware and Architecture, Network Admission Control, IPsec, Network Access Control, Authentication protocol, Protected Extensible Authentication Protocol, 020201 artificial intelligence & image processing, Lightweight protocol, Challenge–response authentication, business, computer, Software, Computer network

Abstract

Vehicle-to-Grid (V2G) systems promoted by the federated Internet of Things (IoT) technology will be ubiquitous in the future; therefore, it is crucial to provide trusted, flexible and efficient operations for V2G services using high-quality measures for security and privacy. These can be achieved by access and authority authentication. This paper presents a lightweight protocol for capacity-based security access authentication named A c c e s s A u t h . Considering the overload probability and system capacity constraints of the V2G network domain, as well as the mobility of electric vehicles, the ideal number of admissible access requests is first calculated adaptively for each V2G network domain to actively achieve capacity-based access admission control. Subsequently, to provide mutual authentication and maintain the data privacy of admitted sessions, by considering whether there is prior knowledge of the trust relationship between the relevant V2G network domains, a high-level authentication model with specific authentication procedures is presented to enforce strict access authentication such that the sessions are conducted only by authorized requesters. Additionally, efficient session revocation with forward security and session recovery with no extra authentication delay are also discussed. Finally, analytical and evaluation results are presented to demonstrate the performance of A c c e s s A u t h .

Published

2018

2. Secure server-server communication for dual stage biometrics – based password authentication scheme

Author

Mythili Boopathi and M. Aramudhan

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, General Engineering, 020206 networking & telecommunications, 02 engineering and technology, Engineering (General). Civil engineering (General), Computer security, computer.software_genre, Authentication server, NTLMSSP, Internet Authentication Service, Distributed System Security Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, TA1-2040, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

The distributed environment insists the protection of servers, while information sharing is achieved. The conventional biometrics-based password authentication mechanisms use single server, which can be compromised easily. The dual stage authentication mechanism has been already proved for its security over the single stage authentication mechanism in our previous work. In this paper, the protocol is improved to establish communication between the authentication server and the master server through a secure link. Since the hashed messages are prone to collision attacks, the proposed scheme uses elliptic curve cryptography-based ciphers for establishing connection at the initial stage. The security analysis of the proposed authentication scheme with secure server – server communication link reveals the robustness and the security features, which are offered over our previous as well as the conventional authentication mechanisms. Keywords: Authentication, Security, Server, Biometric, Protocol

Published

2018

3. A new risk-based authentication management model oriented on user's experience

Author

Mariusz Sepczuk and Zbigniew Kotulski

Subjects

Challenge-Handshake Authentication Protocol, Authentication, General Computer Science, business.industry, Computer science, SPNEGO, Generic Security Service Algorithm for Secret Key Transaction, Data security, 020206 networking & telecommunications, Access control, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Authentication protocol, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, Law, computer

Abstract

With the increasing role of numerous Internet services, more and more private data must be protected. One of the mechanisms which is used to ensure data security is user authentication. A reliable authentication mechanism is a foundation of security of a remote service but, on the other hand, it is also a source of user frustration because of fear of losing access in case of three failures. A remedy to this problem could be contextual secure authentication. Such a protocol should provide multi-level authentication mechanism which increases user satisfaction without decreasing a protection level. In this paper we propose a risk analysis procedure of a new authentication management model using contextual data and oriented on user experience. We describe an approach to risk assessment of the mechanism, which supports a process of choosing the proper multi-step authentication procedure. On this basis, it is possible to provide a security solution which keeps balance between user satisfaction (related to QoE) and the obtained Level of Security (related to QoP).

Published

2018

4. Smart card-based secure authentication protocol in multi-server IoT environment

Author

Won-il Bae and Jin Kwak

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Computer Networks and Communications, Computer science, computer.internet_protocol, Vulnerability, 02 engineering and technology, Computer security, computer.software_genre, Login, Internet security, Authentication server, NTLMSSP, Internet Authentication Service, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Protocol (object-oriented programming), Data Authentication Algorithm, Authentication, Wireless network, business.industry, 020207 software engineering, Multi-factor authentication, mathematics_computer_science_other, Hardware and Architecture, Authentication protocol, IPsec, Smart card, Challenge–response authentication, business, computer, Software, Computer network

Abstract

In recent years, the internet of things has been widely utilized in various fields, such as in smart factories or connected cars. As its domain of application has expanded, it has begun to be employed using multi-server architectures for a more efficient use of resources. However, because users wishing to receive IoT(Internet of Things) services connect to multi-servers over wireless networks, this can expose systems to various attacks and result in serious security risks. To protect systems (and users) from potential security vulnerabilities, a secure authentication technology is necessary. In this paper, we propose a smart card-based authentication protocol, which performs the authentication for each entity by allowing users to go through the authentication process using a smart card transmitted from an authentication server, and to login to a server connected to the IoT. Furthermore, the security of our proposed authentication protocol is verified by simulating a formal verification scenario using AVISPA(Automated Validation of Internet Security Protocols and Applications), a security protocol-verification tool.

Published

2017

5. Effective Authentication Data Security

Author

V Niharika

Subjects

Distributed System Security Architecture, Computer science, Authentication protocol, Network Access Control, Lightweight Extensible Authentication Protocol, Challenge–response authentication, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, computer, Data Authentication Algorithm

Published

2017

6. A Study on the Smartcard-Based Authentication Protocol Design with Advanced Security in the Multiple Server Environments

Author

Won-il Bae and Jin Kwak

Subjects

Challenge-Handshake Authentication Protocol, Computer science, business.industry, computer.internet_protocol, NTLMSSP, Distributed System Security Architecture, Internet Authentication Service, Authentication protocol, IPsec, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, business, computer, Computer network

Published

2017

7. A two way authentication using bilinear mapping function for wireless sensor networks

Author

Valli Shanmugam and Shyamala Ramachandran

Subjects

Challenge-Handshake Authentication Protocol, 020203 distributed computing, General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, NTLMSSP, Control and Systems Engineering, Generic Bootstrapping Architecture, Authentication protocol, Network Access Control, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Challenge–response authentication, business, Data Authentication Algorithm, Computer network

Abstract

The deployment of sensor networks for security and safety related environments requires securing communication primitives such as broadcast, multicast, and point to point communication. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Recent research shows that two-way authentication provides better security and high energy saving for wireless sensor networks (WSN). In this work, we investigate a shared authentication protocol for WSNs using bilinear mapping function. Many one-way broadcast authentication protocol proposed such as Timed Efficient Stream Loss-Tolerant Authentication (TESLA), Bin and Balls Authentication (BiBA), etc., which cannot provide energy efficient authentication. Here, we propose a two-way authentication based on bilinear map function and used in secure group formation algorithm. The performance metrics such as message cost, computation and communication overhead are calculated.

Published

2017

8. Dual-Stage Biometrics-Based Password Authentication Scheme Using Smart Cards

Author

Mythili Boopathi and M. Aramudhan

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, Data_MISCELLANEOUS, 020208 electrical & electronic engineering, 0211 other engineering and technologies, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, Authentication server, NTLMSSP, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Internet Authentication Service, Artificial Intelligence, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Challenge–response authentication, business, computer, Software, Data Authentication Algorithm, Information Systems, Computer network

Abstract

This paper proposes a dual-stage biometrics-based authentication mechanism using smart card. It is considered the improvement over the conventional single-stage biometrics-based authentication mechanism, which exploits only one server for authentication, whereas the proposed scheme exploits two servers. The user authentication is performed in one server and hence it is called an authentication server. The credentials of the authentication server are stored in the second server, called the master server. The master server facilitates the authentication by providing required credentials to the authentication server. Both the security analysis and complexity analysis are conducted between the proposed and the conventional schemes. The analysis results show that the proposed scheme is secure than the conventional schemes with negligible computational complexity.

Published

2017

9. Configuring Authentication and Security

Author

Vlad Catrinescu and Trevor Seward

Subjects

Distributed System Security Architecture, Computer science, computer.internet_protocol, Authentication protocol, IPsec, Network Access Control, Lightweight Extensible Authentication Protocol, Kerberos, Challenge–response authentication, Computer security, computer.software_genre, NTLMSSP, computer

Abstract

In this chapter, we will cover the various mechanisms for authentication, authorization, and security for your SharePoint farm. NTLM, Kerberos, and SAML will be covered, along with their advantages and disadvantages throughout the farm. We’ll also take a look at transport security via TLS (SSL) and IPsec. Lastly, we’ll take a look at the Windows Firewall and what the best practices are for the SharePoint environment.

Published

2019

10. A new authentication management model oriented on user’s experience

Author

Zbigniew Kotulski and Mariusz Sepczuk

Subjects

Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, lcsh:T58.5-58.64, Computer science, lcsh:Information technology, 0211 other engineering and technologies, Email authentication, 020206 networking & telecommunications, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, lcsh:QA75.5-76.95, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, lcsh:Electronic computers. Computer science, Challenge–response authentication, computer

Abstract

Authenticating users connecting to online services, social networks or m-banking became an indispensable element of our everyday life. Reliable authentication is a foundation of security of Internet services but, on the other hand, also a source of users' frustration due to possible account blocking in case of three fails. In this paper we propose a model of authentication service management which helps in keeping a balance between the authentication security level and positive users' perception of this procedure. The proposed procedure allows a user more than three attempts of authentication by switching after two failures to a more secure authentication protocol keeping a balance between QoP and QoE measures. Finally, the procedure determines an optimal path of authentication using a decision tree algorithm.

Published

2016

11. Provably secure anonymous authentication with batch verification for mobile roaming services

Author

Nai-Wei Lo and Jia-Lun Tsai

Subjects

Computer Networks and Communications, Computer science, Email authentication, 02 engineering and technology, Computer security, computer.software_genre, Encryption, NTLMSSP, law.invention, law, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Data Authentication Algorithm, Subscriber identity module, Authentication, Revocation, business.industry, 020206 networking & telecommunications, Multi-factor authentication, Computer security model, Chip Authentication Program, Hardware and Architecture, Authentication protocol, 020201 artificial intelligence & image processing, Challenge–response authentication, Roaming, business, computer, Mobile device, Software, Computer network

Abstract

Recently, multiple secure authentication schemes with user anonymity feature for mobile roaming services have been proposed to address general user privacy concern from mobile device users. As mobile devices usually have limited computing resources, it is difficult to develop an anonymous authentication scheme which possesses performance efficiency and security robustness at the same time. In this paper, a new anonymous authentication scheme for mobile roaming services is proposed to support fast authentication and preserve security strength and user privacy. The proposed authentication mechanism adopts identity-based encryption scheme and identity-based batch signature scheme to further reduce the total computation cost during one authentication session in comparison with existing authentication schemes. In addition, our scheme eliminates the requirement of storing a lot of pseudo-identities in user's SIM card and supports batch verification feature at the server side to further enhance authentication efficiency. User revocation mechanism is also developed in the proposed scheme for occasions when it is necessary for a home server to revoke individual users. To evaluate security strength of the proposed scheme, the scheme has conducted security analysis through formal proof under Jakobsson et al.'s security model. In comparison with existing authentication schemes, our scheme provides faster authentication along with lower storage consumption in user's SIM card. Hence, the proposed scheme is a very competitive candidate on secure anonymous authentication for mobile roaming services.

Published

2016

12. Bake in .onion for Tear-Free and Stronger Website Authentication

Author

Paul Syverson and Griffin Boyce

Subjects

Authentication, Computer Networks and Communications, Computer science, business.industry, Internet privacy, Email authentication, Cryptography, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, Authentication protocol, Network Access Control, Lightweight Extensible Authentication Protocol, The Internet, Electrical and Electronic Engineering, Challenge–response authentication, business, Law, computer, Data Authentication Algorithm

Abstract

Although their inherent authentication properties are generally overlooked in the shadow of the network-address hiding they provide, Tor's .onion services might just deliver stronger website authentication than existing alternatives.

Published

2016

13. Extension of Kerberos with X.509 and Integration of Elliptic Curve Cryptography in Authentication

Author

Murat Akkaya

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, computer.internet_protocol, Generic Security Service Algorithm for Secret Key Transaction, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, NTLMSSP, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Kerberized Internet Negotiation of Keys, Kerberos, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

Kerberos is one of the solutions for network security problems since it provides strong secret key cryptography over the insecure networks. Through the Kerberos authentication protocol, a client can prove its identity to a server (and vice versa) across an insecure network connection such as on Internet. In this comparative research paper, the Kerberos authentication protocol is extended and strengthened using x.509 with the integration of newer authentication system which is compared with previous authentication systems. In addition to this, RSA encryption mechanism used to provide authentication and security for the most communication systems replaced with Elliptic Curve Cryptography (ECC) encryption in Kerberos during authentication progress through simulation to expose possible efficient alternatives for key generation and to enhance security.

Published

2016

14. Message Authentication Codes

Author

Marina Blanton

Subjects

business.industry, Computer science, Authentication protocol, Email authentication, Message broker, Message authentication code, business, Hash-based message authentication code, NTLMSSP, Chip Authentication Program, Data Authentication Algorithm, Computer network

Published

2018

15. Continuous and transparent multimodal authentication: reviewing the state of the art

Author

Christoph Reich, Steven Furnell, Nathan Clarke, Ingo Stengel, and Abdulwahid Al Abdulwahid

Subjects

Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, Authentication, User authentication, Computer access control, Computer Networks and Communications, Computer science, business.industry, 0211 other engineering and technologies, Access control, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, Authentication (law), Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Software

Abstract

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner.

Published

2015

16. Multi-session authentication scheme for secure authentication and session management of cloud services environment

Author

Do-hyeon Choi and Jung-Oh Park

Subjects

Challenge-Handshake Authentication Protocol, General Computer Science, business.industry, Computer science, Mutual authentication, Multi-factor authentication, Computer security, computer.software_genre, Session management, Encryption, NTLMSSP, Chip Authentication Program, Authentication protocol, Lightweight Extensible Authentication Protocol, Session (computer science), Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.

Published

2015

17. Evaluation of user authentication methods in the gadget-free world

Author

Visa Vallivaara, Kimmo Halunen, and Juha Hiki

Subjects

Challenge-Handshake Authentication Protocol, Computer Networks and Communications, Computer science, Email authentication, 02 engineering and technology, security, Computer security, computer.software_genre, privacy, NTLMSSP, user authentication, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, ta113, evaluation, ta213, ta111, 020206 networking & telecommunications, Multi-factor authentication, Chip Authentication Program, Computer Science Applications, gadget-free, Hardware and Architecture, Authentication protocol, 020201 artificial intelligence & image processing, Challenge–response authentication, computer, Software, Information Systems

Abstract

In an ideal gadget-free environment the user is interacting with the environment and the services through only "natural" means. This imposes restrictions on many aspects of the interaction. One key element in this is user authentication, because it assures the environment and related services of the legitimacy of user's actions and empowers the user to carry out his tasks. We present five high-level categories of features of user authentication in the gadget-free world including security, privacy and usability aspects. These are adapted and extended from earlier research on web authentication methods. We survey existing authentication methods together with some emerging technologies and evaluate these according to the features in our categories. Our results show, that no single authentication method can realise all these requirements for authentication. In conclusion, we give future research directions and open problems that stem from our observations. Especially, finding combinations of authentication factors and methods that achieve all requirements is an interesting problem in the gadget-free scenario.

Published

2017

18. The improvement of authentication mechanisms

Author

Sun Chong and Li Shuo

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Otway–Rees protocol, computer.internet_protocol, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Email authentication, Computer security, computer.software_genre, NTLMSSP, Public-key cryptography, Distributed System Security Architecture, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Data Authentication Algorithm, Authentication, business.industry, SPNEGO, Authentication protocol, IPsec, Network Access Control, Protected Extensible Authentication Protocol, Wide Mouth Frog protocol, Challenge–response authentication, Reflection attack, business, computer, Computer network

Abstract

In this paper, a new authentication protocols is proposed based on asymmetric key encryption functions. Through analysis, the improved protocol not only meets to security requirement of the third generation mobile communication, but also improves the insufficient security of the published authentication protocol.

Published

2017

19. The importance of human dynamics in the future user authentication

Author

Wafaa Anani and Abdelkader Ouda

Subjects

Challenge-Handshake Authentication Protocol, Computer science, Internet privacy, Access control, 02 engineering and technology, Computer security, computer.software_genre, NTLMSSP, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Password, Password policy, Authentication, business.industry, SPNEGO, 020206 networking & telecommunications, Multi-factor authentication, Computer security model, Chip Authentication Program, Authentication protocol, Network Access Control, 020201 artificial intelligence & image processing, The Internet, Reflection attack, Challenge–response authentication, business, computer

Abstract

Authentication is one of the essential mechanism of a typical security model. It identifies the user legitimacy accessing any service over the network. Authentication can usually be done by a simple single-factor authentication method such as a password. Unfortunately, it is inadequate to ensure security when accessing variant resources and services across the Internet. Therefore, for users to authenticate their identity, there is always a need to work on a different security method that could be used as an extra layer of security can be implemented. This paper presents a human dynamic-based user authentication, relying on the assumption that the actions and interactions of personal, interpersonal, and social factors of a user would be very hard to impersonate. Furthermore, the study includes experiments to help understand human dynamics in dealing with individuals, groups, and societies to be the essential aspects for the new generation user authentication.

Published

2017

20. New media identity authentication and traffic optimization in 5G network

Author

Xinchang Zhang and Yanling Zhao

Subjects

Database server, Authentication, Computer science, business.industry, Distributed computing, 020206 networking & telecommunications, 02 engineering and technology, Authentication server, NTLMSSP, Internet Authentication Service, Authentication protocol, Server, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Computer network

Abstract

New media has increased communication between people all over the world and the Internet. Problems can be solved by centralized management of SDN controller in 5G, such as security and limited bandwidth in new media. An authentication server and a database server are connecting to the same switch. SDN controller generates a flow table routing to the authentication server, when it receives requirements of accessing media content. With successful authentication, it optimizes network traffic. According to data type, a multiple route calculation method is proposed by modifying Dijkstra algorithm. The method provides reliable transmit routes for higher quality of service (QoS). To test the proposed strategies, prototype system was designed with an ODL controller and switches. And the system implements the authentication and hierarchical transmit functions.

Published

2017

21. Source Anonymous Message Authentication in Security Networks

Author

Mehala G and Mariselvi J

Subjects

Computer science, business.industry, Network Access Control, Message broker, Message authentication code, business, Computer security, computer.software_genre, NTLMSSP, computer, Data Authentication Algorithm, Computer network

Published

2014

22. Keylogging-Resistant Visual Authentication Protocols

Author

Jeonil Kang, DaeHun Nyang, and Aziz Mohaisen

Subjects

Challenge-Handshake Authentication Protocol, Computer Networks and Communications, computer.internet_protocol, Computer science, Email authentication, Keystroke logging, Computer security, computer.software_genre, NTLMSSP, S/KEY, Server, Lightweight Extensible Authentication Protocol, Electrical and Electronic Engineering, Password, Password policy, Authentication, business.industry, SPNEGO, Multi-factor authentication, Chip Authentication Program, IPsec, Authentication protocol, Network Access Control, Protected Extensible Authentication Protocol, Challenge–response authentication, business, computer, Software, Computer network

Abstract

The design of secure authentication protocols is quite challenging, considering that various kinds of root kits reside in Personal Computers (PCs) to observe user’s behavior and to make PCs untrusted devices. Involving human in authentication protocols, while promising, is not easy because of their limited capability of computation and memorization. Therefore, relying on users to enhance security necessarily degrades the usability. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users’ trust. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of authentication. To that end, we propose two visual authentication protocols: one is a one-time-password protocol, and the other is a password-based authentication protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements.

Published

2014

23. A Provably Secure Multi-server Based Authentication Scheme

Author

Kuo-Hui Yeh

Subjects

Challenge-Handshake Authentication Protocol, Authentication, SSLIOP, Otway–Rees protocol, business.industry, Computer science, Adversary, Computer security, computer.software_genre, NTLMSSP, Computer Science Applications, Authentication protocol, Server, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, Smart card, Electrical and Electronic Engineering, Challenge–response authentication, Reflection attack, business, computer, Data Authentication Algorithm

Abstract

With the rapid growth of electronic commerce and demand on variants of Internet based applications, the system providing resources and business services often consists of many servers around the world. So far, a variety of authentication schemes have been published to achieve remote user authentication on multi-server communication environment. Recently, Pippal et al. proposed a multi-server based authentication protocol to pursue the system security and computation efficiency. Nevertheless, based on our analysis, the proposed scheme is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this study, we first demonstrate how these malicious attacks can be invoked by an adversary. Then, a security enhanced authentication protocol is developed to eliminate all identified weaknesses. Meanwhile, the proposed protocol can achieve the same order of computation complexity as Pippal et al.'s protocol does.

Published

2014

24. An enhanced Kerberos protocol with non-interactive zero-knowledge proof

Author

Limin Ma, Jinjiang Zhang, and Yuesheng Zhu

Subjects

Computer Networks and Communications, computer.internet_protocol, Computer science, Generic Security Service Algorithm for Secret Key Transaction, SPNEGO, Data_MISCELLANEOUS, Computer security, computer.software_genre, Authentication server, NTLMSSP, Authentication protocol, Kerberized Internet Negotiation of Keys, Kerberos, Challenge–response authentication, computer, Information Systems

Abstract

As one of the most important trusted third-party-based authentication protocols, Kerberos is widely used to provide authentication service in distributed networks. However, it is vulnerable to common brute force password-guessing attacks because of its password-based mechanism. Some enhanced Kerberos protocols based on public key cryptography were proposed as solutions, but they require excessive computation and communication resources. In this paper, a new enhanced Kerberos protocol with non-interactive zero-knowledge proof is proposed, in which the clients and the authentication server can mutually authenticate each other without revealing any information during the authentication process. Our security analysis and experimental results have shown that the proposed scheme can resist password-guessing attacks and is more convenient and efficient than previous schemes. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014

25. Research on Network Security and Identity Authentication

Author

Yi Xing Fan and Ren Bing Zhang

Subjects

Challenge-Handshake Authentication Protocol, Otway–Rees protocol, computer.internet_protocol, Computer science, Network security, Generic Security Service Algorithm for Secret Key Transaction, Access control, Computer security, computer.software_genre, NTLMSSP, Distributed System Security Architecture, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Password authentication protocol, Password policy, Authentication, business.industry, General Engineering, Multi-factor authentication, Chip Authentication Program, Authentication protocol, Network Access Control, IPsec, Protected Extensible Authentication Protocol, Challenge–response authentication, business, computer, Computer network

Abstract

With the rapid development of computer networks and the popularity of network applications, network security has been people's increasing attention. Network security is an important issue under Network environment, authentication technology plays a very important role for network application security. Through the study of reason perish analysis and system design, providing efficient and practical solutions for network security applications system. The purpose of this paper is to research on authentication mechanisms and authentication protocols, analysis characteristics and application environments of the network authentication system, develop the VIKEY online dynamic two-factor password authentication system.

Published

2014

26. Mobile Authentication Secure Against Man-In-The-Middle Attacks

Author

Devrim Unal, Oktay Adalier, Nadir Ascioglu, Kemal Bicakci, TOBB ETU, Faculty of Engineering, Department of Computer Engineering, TOBB ETÜ, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümü, and Bıçakçı, Kemal

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Security protocol, Computer science, Email authentication, Man-in-the-middle attack, Phishing, Computer security, computer.software_genre, NTLMSSP, Secure element, Man-In-The-Middle attack, Data Authentication Algorithm, General Environmental Science, Authentication, business.industry, Service provider, Cryptographic protocol, Chip Authentication Program, Authentication protocol, Mobile signature, General Earth and Planetary Sciences, Challenge–response authentication, business, Mobile device, computer, Computer network

Abstract

9th International Conference on Future Networks and Communications(2014 : Canada), Current mobile authentication solutions put a cognitive burden on users to detect and avoid Man-In-The-Middle attacks. In this paper, we present a mobile authentication protocol named Mobile-ID which prevents Man-In-The-Middle attacks without relying on a human in the loop. With Mobile-ID, the message signed by the secure element on the mobile device incorporates the context information of the connected service provider. Hence, upon receiving the signed message the Mobile-ID server could easily identify the existence of an on-going attack and notify the genuine service provider. (c) 2014 The Authors. Published by Elsevier B.V.

Published

2014

27. SA3: Self-adaptive anonymous authentication for dynamic authentication policies

Author

Yanling Lian, Yi Mu, and Xinyi Huang

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Computer access control, Computer Networks and Communications, business.industry, Computer science, Data_MISCELLANEOUS, Internet privacy, Email authentication, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, Hardware and Architecture, Generic Bootstrapping Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, business, computer, Software, Data Authentication Algorithm

Abstract

Authentication is a procedure by which a client convinces the service provider about a claimed property under a given authentication policy. Anonymous authentication has an added property: protect the real identity of the client. In this paper, we study the situations with dynamic authentication policies, commonly seen in large scale systems such as cloud computing. While this is not a significant issue for classic authentication where client anonymity is not a concern, it will introduce an array of difficulties to anonymous authentication which have not been formally investigated. To address this issue, we propose the notion of SA^3: Self-Adaptive Anonymous Authentication. The related models are presented together with a generic design from attribute-based signatures.

Published

2014

28. Securing Cloud-Based Applications, Part 1

Author

Jonathan Margulies

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Software as a service, Data_MISCELLANEOUS, Authorization, Cryptography, Cloud computing, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Electronic mail, World Wide Web, Authentication protocol, Cloud testing, Lightweight Extensible Authentication Protocol, Key derivation function, Electrical and Electronic Engineering, business, Law, computer

Abstract

In the first article of a series on building software as a service (SaaS) applications with security in mind, the author discusses best practices for user authentication, including cloud-based authentication services, key derivation functions, and two-factor authentication options.

Published

2015

29. Kerberos Authentication Deployment Policy of US in Big data Environment

Author

Jinkeun Hong

Subjects

Computer science, business.industry, computer.internet_protocol, Generic Security Service Algorithm for Secret Key Transaction, Big data, Computer security, computer.software_genre, NTLMSSP, Software deployment, Kerberized Internet Negotiation of Keys, Kerberos, business, computer, Computer network

Published

2013

30. Efficient authentication for fast handover in wireless mesh networks

Author

Celia Li, Nurul Huda, Uyen Trang Nguyen, and Hoang Lan Nguyen

Subjects

Challenge-Handshake Authentication Protocol, General Computer Science, Network security, Computer science, Data_MISCELLANEOUS, Authentication server, NTLMSSP, Internet Authentication Service, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Wireless, Key management, IEEE 802.11s, Authentication, Wireless mesh network, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Handover, Authentication protocol, Network Access Control, IEEE 802.1X, business, Law, Mobile device, Computer network

Abstract

We propose new authentication protocols to support fast handover in IEEE 802.11-based wireless mesh networks. The authentication server does not need to be involved in the handover authentication process. Instead, mesh access points directly authenticate mobile clients using tickets, avoiding multi-hop wireless communications in order to minimize the authentication delay. Numerical analysis and simulation results show that the proposed handover authentication protocol significantly outperforms IEEE 802.11 authentication in terms of authentication delay.

Published

2013

31. Enhanced Authentication Scheme using Password Integrated Challenge Response Protocol

Author

Shweta Rastogi, Nitesh Rastogi, and Avinav Pathak

Subjects

Password, Challenge-Handshake Authentication Protocol, Password policy, Authentication, Otway–Rees protocol, business.industry, Computer science, Challenge response protocol, Access control, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Internet Authentication Service, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

Authentication is a process by which both the sender and receiver check and identify the validcommunicative partners prior to initialization of message exchange. Authentication is a security module which is defined at the time of starting of communication between the two communicating entities such as client and server due to the unlimited amount of insecure and malicious intruders it becomes significant to protect the network communication. The protocols are used here for initializing the valid keys and passwords for communicating with the devices. Here we are proposing a new and more secured authentication scheme based on unique identification of every pair of client and server which have entered communication on a global network. This method enhances the present security scenario by diminishing the replay, modification attacks as well as server eavesdropping. This method also enhances the efficiency, integrity, reliability and security in authentication process.

Published

2013

32. Multi-factor authentication using threshold cryptography

Author

Vishnu Venukumar and Vinod Pathari

Subjects

Challenge-Handshake Authentication Protocol, Computer access control, Computer science, Email authentication, Access control, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, One-time password, NTLMSSP, S/KEY, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Data Authentication Algorithm, Password, Password policy, Authentication, Length extension attack, business.industry, 020206 networking & telecommunications, Information security, Multi-factor authentication, Chip Authentication Program, 020202 computer hardware & architecture, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Protected Extensible Authentication Protocol, Challenge–response authentication, business, computer, Computer network

Abstract

Multi-Factor Authentication is used as a foolproof solution to various issues involved in present day critical authentication systems. However, it comes with the overhead of employing multiple authentication programs to complete the process. Moreover, current multi-factor authentication schemes require all intermediate One Time Passwords(OTPs) to be stored for the lifetime of the authentication process. They also involve security risks whenever an authentication process requires the user's password at a public place like a Point-of-Sale terminal or an open ATM booth. This work proposes a more secure, efficient, convenient and flexible multi-factor authentication technique using threshold cryptography.

Published

2016

33. User Identity based Authentication as a Service (UIDAaaS) for Public Cloud Environment

Author

L. Arockiam and N. Veeraragavan

Subjects

Challenge-Handshake Authentication Protocol, Computer science, Data_MISCELLANEOUS, Email authentication, Cloud computing, Cryptography, Computer security, computer.software_genre, NTLMSSP, S/KEY, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Data Authentication Algorithm, Password, Key generation, Password policy, Authentication, Multidisciplinary, Cloud computing security, business.industry, Information security, Multi-factor authentication, Chip Authentication Program, Authentication protocol, The Internet, Challenge–response authentication, business, computer

Abstract

Objectives: In today's Technological World, Information Security is an essential aspect for the internet applications. Cloud computing is an increasing current class of services for any type of users of the internet. Authentication is a major security problem in the cloud system and internet. This paper proposes an Authentication Password Generation (APG) algorithm, Authentication Key Generation (AKG) and Authentication Verification Algorithm (Auth_V) for security in the cloud system. Methods/Statistical Analysis: Authentication is more important among other security parameters such as integrity, confidentiality and privacy. Authentication mechanism includes different cryptography techniques that can be used for securing the data in cloud systems. These proposed three algorithms are used in the authentication process of cloud environment. It executes the ASCII code of each value in the original data. Findings: Proposed APG, AKG and Auth_V authentication algorithms are implemented in .NET and deployed on the windows azures platform of cloud environment. These proposed authentication algorithms easily fit into any type of service in the cloud system. APG is used to create a password which generates the alphabets along the special characters. Application/Improvements: Security is more important in the cloud computing. The proposed APG, AKG and Auth_V algorithms have provided better authentication mechanism to the cloud user. These techniques are suitable for education, healthcare and agriculture based applications to securely access the data in a cloud computing environment.

Published

2016

34. Securing Message at End-to-End Mobile Communication Using Cryptography Algorithm

Author

C. H. Geetha Krishna, M. Siva Rama Krishna, P. S. G. Aruna Sri, and K. Jaya Rohit

Subjects

Password, Multidisciplinary, business.industry, Application server, Computer science, 02 engineering and technology, Encryption, computer.software_genre, Computer security, Authentication server, NTLMSSP, 030507 speech-language pathology & audiology, 03 medical and health sciences, Upload, Internet Authentication Service, User identifier, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Mobile telephony, 0305 other medical science, business, computer, Computer network

Abstract

Background/Objectives: State the objectives of your work clearly. Methods/Statistical Analysis: State the methodology you employed to meet the objectives. Findings: Rewrite your findings. Application/Improvements: Here we are using mobile users and authentication server. Authentication server is uploaded with SQL server which help to store the user ID and password of the mobile users.

Published

2016

35. A New Type MySQL Integrated Mutual Authentication Security Model

Author

Hong-Yun Ning, Yang Yang, and Lan Zhang

Subjects

Challenge-Handshake Authentication Protocol, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Challenge–response authentication, computer, Data Authentication Algorithm

Abstract

MySQL database identity authentication uses a CHAP protocol, that is, the challenge/response protocol, which exists the password expressly transmission, one-way authentication, random time can not grasp and other security issues. In this paper, we analyze the security problems of the existing MySQL database authentication protocol, and propose a new type MySQL integrated mutual authentication security model. The model integrates the two-way authentication in MySQL, which realizes mutual authentication between database and user, It provides an interface for the session key, which improves the security of the data operation in the MySQL database, At the same time joining the random number in the authentication process, which can effectively resist replay attacks, etc. At the end of this paper, cases analysis of the new security model. The results show that the proposed security authentication model can ensure the security of user information and data transmission.

Published

2016

36. An Analysis of Server-Side Design for Seed-Based Mobile Authentication

Author

Meikang Qiu, Li-Chiou Chen, Longbin Chen, and Nader M. Nassar

Subjects

Computer science, Mobile computing, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, 020202 computer hardware & architecture, Generic Bootstrapping Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Mobile search, Challenge–response authentication, computer

Abstract

With the growing popularity of mobile apps, the security issues of mobile apps become critical. Similar to traditional cyber security, mobile security includes authentication, data integrity, and data privacy. Seed-based authentication is a novel approach for mobile systems. The key idea is to extract seeds from files such as images and generate random numbers for authentication. However, in seed-based authentication, the server side design is different from traditional username-password paradigm. Few work has been done to address server-side issues on seed-based authentication. In this paper, we focus on analyzing server-side design of seed-based authentication. We develop a prototype system and set up experiments to evaluate our server-side design.

Published

2016

37. Security vulnerability analysis and corresponding mitigation for password-based authentication using an offline personal authentication device

Author

Mada Alhaidary and Sk. Md. Mizanur Rahman

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Computer access control, Computer science, 0211 other engineering and technologies, Email authentication, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, NTLMSSP, S/KEY, Internet Authentication Service, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Data Authentication Algorithm, Vulnerability (computing), Password, 021110 strategic, defence & security studies, Authentication, business.industry, 020206 networking & telecommunications, Multi-factor authentication, Chip Authentication Program, Authentication protocol, Protected Extensible Authentication Protocol, Challenge–response authentication, Reflection attack, business, computer

Abstract

Due to the potential of exposing the privacy of a user, while accessing a system through an authentication process, many studies have focused on the analysis of existing protocols to develop new methods that are based on biometrics or using extra devices to add more layers of security to the authentication process. For a few years, the idea of utilizing “something you know” with “something you have” and “personal authentication device (PAD)” has become common for use in verification protocol. Very recently, a more secure PAD, namely, the Offline Personal Authentication Device (OffPAD) has been invented to serve the authentication process. This single device, the OffPAD, can be used to manage the identities of both the users and service providers, as well as to support the authentication process, while being offline most of the time. In this paper rigorous vulnerability analysis for OffPAD-based authentication technique has been conducted in terms of attack tree analysis. Finally, the mitigation technique has been proposed for the vulnerabilities.

Published

2016

38. Secure multi server authentication system using elliptic curve digital signature

Author

S. Manickam and D. Kesavaraja

Subjects

Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, Authentication, business.industry, Computer science, 020208 electrical & electronic engineering, 0211 other engineering and technologies, 02 engineering and technology, NTLMSSP, Chip Authentication Program, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Challenge–response authentication, business, Data Authentication Algorithm, Computer network

Abstract

A new secure multi-server authentication protocol using ECC take a key advantage of Asymmetric Key exchange. Recent efforts for developing authentication scheme with multi server authentication with more complicated structure and huge computational cost and confidential information are to be vulnerable. The proposed system is secure against majority of possible active attacks. This scheme provides high security along with low communication cost, computational cost and minimum key size for security. Its establish a simple structure and the task of an authentication system are analyzed with different EC metrics. This scheme is more adaptable for smart card and other less energy saving devices.

Published

2016

39. General authentication scheme in user-centric IdM

Author

Soo-Hyung Kim and Seunghyun Kim

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Computer science, business.industry, computer.internet_protocol, Message format, Email authentication, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Simple Authentication and Security Layer, Chip Authentication Program, Internet Authentication Service, Generic Bootstrapping Architecture, Server, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, business, computer, Data Authentication Algorithm, Computer network

Abstract

This paper presents a general authentication scheme for User-Centric IdM. To satisfy the authentication framework's requirements of User-Centric IdM such as consistent user experience, simple message format, and the user's participation, the proposed scheme provides a negotiation service of authentication level and a multiple authentication service in user's point of view. The proposed scheme extends the traditional general authentication framework called SASL (Simple Authentication and Security Layer).

Published

2016

40. Enable Two-Factor Authentication

Author

Richard M. Hicks

Subjects

Password, Challenge-Handshake Authentication Protocol, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Generic Bootstrapping Architecture, business.industry, Computer science, Authentication protocol, Lightweight Extensible Authentication Protocol, Multi-factor authentication, Challenge–response authentication, business, NTLMSSP, Computer network

Abstract

By default, users log in to DirectAccess client machines using only their username and password. To improve the overall security of the solution and to provide a higher level of assurance for remote users, two-factor authentication can be enabled.

Published

2016

41. An efficient architecture and algorithm to prevent data leakage in Cloud Computing using multi-tier security approach

Author

Anshu Kirar, Arun Kumar Yadav, and Supriya Maheswari

Subjects

Cloud computing security, Computer science, business.industry, 010401 analytical chemistry, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, 01 natural sciences, NTLMSSP, 0104 chemical sciences, Distributed System Security Architecture, Authentication protocol, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, Challenge–response authentication, business, computer

Abstract

Cloud Computing is arising on-demand, ubiquitous internet based technology, which provides variety of services. Cloud computing offers various services like software, hardware, data storage, platform, infrastructure etc. major weakness with data security over cloud is that, the but of physical security control is not viable. Appropriately, strong approach control and authentication becomes extremely vital for providing valuable security. Number of protection and privacy issues rise be-coming to the outsourcing of infrastructure, delicate records and critical application and its multitenancy environment. In this research paper, we are proposing authentication technique and multifactor user authentication for prevent illegal access over cloud. As our proposed technique using three tier of authen-tication check, authentication image check and authentication codes. To provide further security on client side, we are using a special keyboard and on the server side authentication code is store in encrypted form on master server at different tiers. Our proposed technique is quite more secure.

Published

2016

42. Ultra-Lightweight Authentication Protocol Based on Distribution Terminal Fingerprint

Author

Jiang Ning Wang, Ya Shi Wang, Zhi Hua Zhang, Chun Ju Sun, and Chun Ling Cheng

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Otway–Rees protocol, business.industry, Computer science, General Engineering, Email authentication, Information security, Mutual authentication, Hash-based message authentication code, NTLMSSP, Chip Authentication Program, Authentication protocol, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, Cryptosystem, Message authentication code, Challenge–response authentication, business, Data Authentication Algorithm, Computer network

Abstract

With the development of information technology in power industry, information security of the distribution automation system is facing increasing challenge. To meet the device authentication demand and the limited resources in power distribution terminal, the concept of distribution terminal fingerprint is presented according to the physical and behavioral features in terminal. And then, an ultra-lightweight mutual authentication protocol based on the message authentication code algorithm is proposed. The message authentication code of the messages sent by both communication parties is calculated with the distribution terminal fingerprint as the key to achieve mutual authentication of the terminal and the master station without any cryptosystems. Finally, security and performance analysis is given. The results show that the proposed protocol can provide mutual authentication of the communicating parties, resist several attacks with small amount of calculation and simple protocol. Therefore, it can meet the resource requirements of the distribution terminal.

Published

2012

43. Improvement of a SIP Security Mechanism

Author

Long Tao Liu and Wen Tang

Subjects

Authentication, Voice over IP, Computer science, business.industry, SPNEGO, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, General Medicine, Computer security, computer.software_genre, NTLMSSP, Internet Authentication Service, Distributed System Security Architecture, Generic Bootstrapping Architecture, Challenge–response authentication, business, computer, Data Authentication Algorithm, Digest access authentication

Abstract

SIP is one of the mainstream protocols in the VoIP. A majority of SIP’s security mechanism only provides a single direction authentication from server to client such as HTTP digest authentication. To improve the present situation, a new security mechanism of SIP based on the improved HTTP digest authentication is put forward in this study. This improved security mechanism not only provides a double direction authentication between the server and client but also reduces the expenses of the server and increases the authentication efficiency thanks to its low computational complexity.

Published

2012

44. Revisiting the Security of the ALRED Design and Two of Its Variants: Marvin and LetterSoup

Author

Marcos A. Simplicio and Paulo S. L. M. Barreto

Subjects

CBC-MAC, Computer science, Email authentication, Cryptography, Library and Information Sciences, Encryption, Computer security, computer.software_genre, NTLMSSP, Lightweight Extensible Authentication Protocol, Message authentication code, Security level, Data Authentication Algorithm, Block cipher, Authentication, Length extension attack, business.industry, Computer security model, Hash-based message authentication code, Computer Science Applications, Cipher, Authentication protocol, Challenge–response authentication, business, computer, Information Systems

Abstract

The Alred construction is a lightweight strategy for constructing message authentication algorithms from an underlying iterated block cipher. Even though this construction's original analyses show that it is secure against some attacks, the absence of formal security proofs in a strong security model still brings uncertainty on its robustness. In this paper, aiming to give a better understanding of the security level provided by different authentication algorithms based on this design strategy, we formally analyze two Alred variants—the Marvin message authentication code and the LetterSoup authenticated-encryption scheme,—bounding their security as a function of the attacker's resources and of the underlying cipher's characteristics.

Published

2012

45. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards

Author

Wendong Wang, Xiong Li, Yongping Xiong, and Jian Ma

Subjects

Challenge-Handshake Authentication Protocol, Otway–Rees protocol, SSLIOP, Computer Networks and Communications, Computer science, Email authentication, Computer security, computer.software_genre, NTLMSSP, Distributed System Security Architecture, Generic Bootstrapping Architecture, Lightweight Extensible Authentication Protocol, Session key, Data Authentication Algorithm, Password, Authentication, business.industry, Mutual authentication, Multi-factor authentication, Chip Authentication Program, Computer Science Applications, Hardware and Architecture, Authentication protocol, Protected Extensible Authentication Protocol, Smart card, Wide Mouth Frog protocol, Challenge–response authentication, Reflection attack, business, computer

Abstract

Generally, if a user wants to use numerous different network services, he/she must register himself/herself to every service providing server. It is extremely hard for users to remember these different identities and passwords. In order to resolve this problem, various multi-server authentication protocols have been proposed. Recently, Sood et al. analyzed Hsiang and Shih's multi-server authentication protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication, the session key agreement and can resist several kinds of attacks. However, through careful analysis, we find that Sood et al.'s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack. Besides, since there is no way for the control server CS to know the real identity of the user, the authentication and session key agreement phase of Sood et al.'s protocol is incorrect. We propose an efficient and security dynamic identity based authentication protocol for multi-server architecture that removes the aforementioned weaknesses. The proposed protocol is extremely suitable for use in distributed multi-server architecture since it provides user's anonymity, mutual authentication, efficient, and security.

Published

2012

46. Dynamic Identity Based Authentication Protocol for Two-Server Architecture

Author

Sandeep K. Sood

Subjects

Challenge-Handshake Authentication Protocol, Internet Authentication Service, Computer science, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, Computer security, computer.software_genre, Authentication server, NTLMSSP, computer, Data Authentication Algorithm

Abstract

Most of the password based authentication protocols make use of the single authentication server for user's authentication. User's verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server architecture based authentication protocols make it difficult for the attacker to find out any significant authentication information related to the legitimate users. In 2009, Liao and Wang proposed a dynamic identity based remote user authentication protocol for multi-server environment. However, we found that Liao and Wang's protocol is susceptible to malicious server attack and malicious user attack. This paper presents a novel dynamic identity based authentication protocol for multi-server architecture using smart cards that resolves the aforementioned flaws, while keeping the merits of Liao and Wang's protocol. It uses two-server paradigm by imposing different levels of trust upon the two servers and the user's verifier information is distributed between these two servers known as the service provider server and the control server. The proposed protocol is practical and computational efficient because only nonce, one-way hash function and XOR operations are used in its implementation. It provides a secure method to change the user's password without the server's help. In e-commerce, the number of servers providing the services to the user is usually more than one and hence secure authentication protocols for multi-server environment are required.

Published

2012

47. Implementation of highly efficient Authentication and Transaction Security

Author

R. P. Arora and Garima Verma

Subjects

Challenge-Handshake Authentication Protocol, computer.internet_protocol, Computer science, Generic Security Service Algorithm for Secret Key Transaction, Cryptography, Encryption, Authentication server, Computer security, computer.software_genre, NTLMSSP, Microsoft Transaction Server, Internet Authentication Service, Lightweight Extensible Authentication Protocol, Distributed transaction, Strong authentication, Session key, Data Authentication Algorithm, Password, Authentication, business.industry, Key distribution center, Multi-factor authentication, Ticket Granting Ticket, Chip Authentication Program, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, Ticket, Kerberos, Challenge–response authentication, business, computer, Computer network

Abstract

is a network authentication protocol & is designed to provide strong authentication for client/server applications by using secret-key cryptography. Our research was aimed at enhancing the security of transactions over a network. In this paper, we used Kerberos Encryption Technique for authentication and transaction security in the network. Further, we created an Authentication Server that used to derive a 64 bit key from user's password. This password was of arbitrary length. The generated key then was used by authentication server, to encrypt ticket granting ticket + session key. The key generated by authentication server was then used by the client at the time of transaction through the transaction server to validate an authentic transaction. However, there was an issue of cross- validation of the ticket by the transaction server for which we included a database and encryption of all the text sent by any client to the transaction server. Keywordsecret key, cryptography, authentication, ticket, session key etc.

Published

2011

48. Web Authentication Protocol Using Zero Knowledge Proof

Author

U. Thiruvaazhi and R. Divya

Subjects

Challenge-Handshake Authentication Protocol, Authentication, Information Systems and Management, Computer science, Multi-factor authentication, Computer security, computer.software_genre, NTLMSSP, Computer Science Applications, Authentication protocol, Lightweight Extensible Authentication Protocol, Challenge–response authentication, computer, Software, Data Authentication Algorithm

Abstract

Market research surveys report that 75% of hacks occur at the application layer. Of the multiple vulnerabilities that exist in Web application software, proper authentication of the client and the server to each other is fundamental to the security of the system. In the current scenario, we manage this with the adoption of password-based client authentication and PKI-based server authentication. There exist unresolved vulnerabilities in this system due to the misuse of the client's passwords (impersonation) by those managing the servers. The clients' trust of the server based on the certificates issued by an increasing number of certification authorities is questionable in terms of validity and freshness. For proper authentication in Web applications, we need to verify two conditions: 1) the binding of the identity of the entity with the publicly known name or key and 2) the entity does possess the corresponding private key for the identified public key. In this paper, we use the elliptic curve discrete log problem-based version of classical zero knowledge protocol for proving number 2 and modifications of the existing schemes for proving number 1. We have done a prototype implementation of the solution and security analysis required to satisfy the security objectives.

Published

2011

49. A Modified Two-Way Authentication Protocol without Server for RFID

Author

Lei He and Xin Mei Lu

Subjects

Challenge-Handshake Authentication Protocol, SSLIOP, Otway–Rees protocol, Computer science, computer.internet_protocol, Data_MISCELLANEOUS, Hash function, Email authentication, Computer security, computer.software_genre, NTLMSSP, Lightweight Extensible Authentication Protocol, Data Authentication Algorithm, Authentication, business.industry, General Medicine, Information security, Chip Authentication Program, Authentication protocol, IPsec, Protected Extensible Authentication Protocol, Wide Mouth Frog protocol, Reflection attack, Challenge–response authentication, business, computer, Computer network

Abstract

It is necessary for researchers to design lightweight authentication protocols to protect information security between tag and reader in RFID system. It is a great challenge to design an efficient and secure protocol because the tag has limited computation resource. In the paper, we firstly analyze some protocols. Secondly, we introduce a serverless authentication protocol for RFID system and analyze its security. We find it does not provide two-way authentication. Thirdly, we propose a modified two-way authentication protocol without server for RFID. The result indicates it provides privacy protection, resists tracking, and resists cloning attack. Moreover, it provides two-way authentication. For the efficiency, we think the computational complexity of our protocol is at the same level with the original protocol.

Published

2010

50. A modern service-oriented extensible security authentication model based on company

Author

Dong-yu Wang, Jun Yang, Junde Song, and Xiao-mei Yu

Subjects

Computer Networks and Communications, Computer science, business.industry, Computer security model, Computer security, computer.software_genre, NTLMSSP, Chip Authentication Program, Distributed System Security Architecture, Authentication protocol, Signal Processing, Lightweight Extensible Authentication Protocol, Protected Extensible Authentication Protocol, business, computer, Data Authentication Algorithm, Information Systems, Computer network

Abstract

This paper proposes a modern service-oriented extensible authentication model base on company (EAMBCom), after researching some security authentication models commonly used in distributed environment. The advantages and disadvantages of strictly hierarchical authentication model (SHAM), and multiple-certificate-authority (multi-CA) model are analyzed. The EAMACom model can regard “company” as logical authentication unit, which can be extended easily and owns the ability of reducing burden of root certificate authority (RootCA). In addition, the EAMACom model can simplify the certification process on the premise of authentication security, so it actually can be used in modern service-oriented distributed file system for security.

Published

2010