We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does no...We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.展开更多
Password security is a crucial component of modern internet security. In this paper, we present a provably secure method for password verification using combinatorial group theory. This method relies on the group rand...Password security is a crucial component of modern internet security. In this paper, we present a provably secure method for password verification using combinatorial group theory. This method relies on the group randomizer system, a subset of the MAGNUS computer algebra system and corrects most of the present problems with challenge response systems, the most common types of password verification. Theoretical security of the considered method depends on several results in asymptotic group theory. We mention further that this method has applications for many other password situations including container security.展开更多
This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share...This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.展开更多
Recently,Wireless Sensor Network(WSN)becomes most potential technologies for providing improved services to several data gathering and track-ing applications.Because of the wireless medium,multi-hop communication,abse...Recently,Wireless Sensor Network(WSN)becomes most potential technologies for providing improved services to several data gathering and track-ing applications.Because of the wireless medium,multi-hop communication,absence of physical protectivity,and accumulated traffic,WSN is highly vulner-able to security concerns.Therefore,this study explores a specific type of DoS attack identified as a selective forwarding attack where the misbehaving node in the network drops packet on a selective basis.It is challenging to determine if packet loss is caused by a collision in the medium access path,poor channel quality,or a selective forwarding assault.Identifying misbehaving nodes at the earliest opportunity is an acceptable solution for performing secure routing in such networks.As a result,in this study effort,we present a unique Modified Ad Hoc On-Demand Distance Vector(AODV)Routing protocol depending upon the One time password(OTP)method that employs the RSA algorithm.Finally,a trust evaluation process determines which approach is the most optimal.Accord-ing to the simulationfindings of the suggested routing protocol and comparison with existing routing protocols provided in this article,the proposed work is both efficient and cost-effective.展开更多
In the last few years,cyber security has been an essential prerequisite for almost every organization to handle the massive number of emerging cyber attacks worldwide.A critical factor in reducing the possibility of b...In the last few years,cyber security has been an essential prerequisite for almost every organization to handle the massive number of emerging cyber attacks worldwide.A critical factor in reducing the possibility of being exploited is cyber security awareness.Not only having the adequate knowledge but how to utilize this knowledge to prevent cyber attacks.In this paper we conducted a survey that focuses on three vital security parameters,which are trust,passwords and defensive attitude respectively.The survey mainly aimed at assessing cyber security knowledge of 200 students and 100 faculty members in a Sudanese college and how secure these participants think they are according to their current cyber behaviour.56%of the participants are males and 44%are females.The results revealed that all participants were having fairly-low level of security awareness and their defensive attitude is considerably weak and doesn’t protect them either individually or at institutional-level.Nevertheless,faculty member showed better cyber security knowledge and skills by 8%higher than students.This study can be used to develop training approaches that bridge the security gaps depicted by the respondents of the survey questions manipulated in this study.展开更多
Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the ...Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the primary method in the future due to their simplicity and low cost.Considering the security and usability of passwords,we propose AvoidPwd,which is a novel mnemonic password generation strategy that is based on keyboard transformation.AvoidPwd helps users customize a“route”to bypass an“obstacle”and choose the characters on the“route”as the final password.The“obstacle”is a certain word using any language and the keys adjacent to the“obstacle”are typed with the“Shift”key.A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets.The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets.Meanwhile,AvoidPwd outperformed the KbCg,SpIns,and Alphapwd in balancing security and usability.In addition,there are more symbols in the character distribution of AvoidPwd than the other strategies.AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.展开更多
Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recent...Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.展开更多
Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However...Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.展开更多
Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Sh...Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.展开更多
基金Supported by the National Natural Science Foun-dation of China (60473021)
文摘We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.
文摘Password security is a crucial component of modern internet security. In this paper, we present a provably secure method for password verification using combinatorial group theory. This method relies on the group randomizer system, a subset of the MAGNUS computer algebra system and corrects most of the present problems with challenge response systems, the most common types of password verification. Theoretical security of the considered method depends on several results in asymptotic group theory. We mention further that this method has applications for many other password situations including container security.
文摘This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.
文摘Recently,Wireless Sensor Network(WSN)becomes most potential technologies for providing improved services to several data gathering and track-ing applications.Because of the wireless medium,multi-hop communication,absence of physical protectivity,and accumulated traffic,WSN is highly vulner-able to security concerns.Therefore,this study explores a specific type of DoS attack identified as a selective forwarding attack where the misbehaving node in the network drops packet on a selective basis.It is challenging to determine if packet loss is caused by a collision in the medium access path,poor channel quality,or a selective forwarding assault.Identifying misbehaving nodes at the earliest opportunity is an acceptable solution for performing secure routing in such networks.As a result,in this study effort,we present a unique Modified Ad Hoc On-Demand Distance Vector(AODV)Routing protocol depending upon the One time password(OTP)method that employs the RSA algorithm.Finally,a trust evaluation process determines which approach is the most optimal.Accord-ing to the simulationfindings of the suggested routing protocol and comparison with existing routing protocols provided in this article,the proposed work is both efficient and cost-effective.
文摘In the last few years,cyber security has been an essential prerequisite for almost every organization to handle the massive number of emerging cyber attacks worldwide.A critical factor in reducing the possibility of being exploited is cyber security awareness.Not only having the adequate knowledge but how to utilize this knowledge to prevent cyber attacks.In this paper we conducted a survey that focuses on three vital security parameters,which are trust,passwords and defensive attitude respectively.The survey mainly aimed at assessing cyber security knowledge of 200 students and 100 faculty members in a Sudanese college and how secure these participants think they are according to their current cyber behaviour.56%of the participants are males and 44%are females.The results revealed that all participants were having fairly-low level of security awareness and their defensive attitude is considerably weak and doesn’t protect them either individually or at institutional-level.Nevertheless,faculty member showed better cyber security knowledge and skills by 8%higher than students.This study can be used to develop training approaches that bridge the security gaps depicted by the respondents of the survey questions manipulated in this study.
基金supported in part by the National Natural Science Foundation of China (No. 61803149 and No. 61977021)in part by the Technology Innovation Special Program of Hubei Province (No. 2020AEA008)in part by the Hubei Province Project of Key Research Institute of Humanities and Social Sciences at Universities (Research Center of Information Management for Performance Evaluation)
文摘Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the primary method in the future due to their simplicity and low cost.Considering the security and usability of passwords,we propose AvoidPwd,which is a novel mnemonic password generation strategy that is based on keyboard transformation.AvoidPwd helps users customize a“route”to bypass an“obstacle”and choose the characters on the“route”as the final password.The“obstacle”is a certain word using any language and the keys adjacent to the“obstacle”are typed with the“Shift”key.A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets.The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets.Meanwhile,AvoidPwd outperformed the KbCg,SpIns,and Alphapwd in balancing security and usability.In addition,there are more symbols in the character distribution of AvoidPwd than the other strategies.AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.
基金supported by the Basic Science ResearchProgram through the National Research Foundation of Korea funded by the Ministry of Education under Grant No.NRF-2010-0020210
文摘Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.
基金This work is supported by The National Natural Science Foundation of China (Nos.U1536121,61370195).
文摘Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.
文摘Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.