Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured...Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.展开更多
Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like s...Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.展开更多
The rise of the digital economy and the comfort of accessing by way of user mobile devices expedite human endeavors in financial transactions over the Virtual Private Network(VPN)backbone.This prominent application of...The rise of the digital economy and the comfort of accessing by way of user mobile devices expedite human endeavors in financial transactions over the Virtual Private Network(VPN)backbone.This prominent application of VPN evades the hurdles involved in physical money exchange.The VPN acts as a gateway for the authorized user in accessing the banking server to provide mutual authentication between the user and the server.The security in the cloud authentication server remains vulnerable to the results of threat in JP Morgan Data breach in 2014,Capital One Data Breach in 2019,and manymore cloud server attacks over and over again.These attacks necessitate the demand for a strong framework for authentication to secure from any class of threat.This research paper,propose a framework with a base of EllipticalCurve Cryptography(ECC)to performsecure financial transactions throughVirtual PrivateNetwork(VPN)by implementing strongMulti-Factor Authentication(MFA)using authentication credentials and biometric identity.The research results prove that the proposed model is to be an ideal scheme for real-time implementation.The security analysis reports that the proposed model exhibits high level of security with a minimal response time of 12 s on an average of 1000 users.展开更多
Multi-factor Authentication(MFA)often referred to as Two-factor Authentication(2FA),which is a subset of MFA,is the practice of implementing additional security methods on top of a standard username and password...Multi-factor Authentication(MFA)often referred to as Two-factor Authentication(2FA),which is a subset of MFA,is the practice of implementing additional security methods on top of a standard username and password to help authenticate the identity of a user and increase the security of data.This chapter will investigate the problem with username and password logins,the different types of authentication,current best practice for multi-factor authentication and interpretations about how the technology will grow in the upcoming years.展开更多
With the development of computer hardware technology and network technology,the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all profe...With the development of computer hardware technology and network technology,the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle.The information perception of the Internet of Things plays a key role as a link between the computer world and the real world.However,there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power,limited power supply,and open communication links.We proposed a novel lightweight authentication protocol based on password,smart card and biometric identification that achieves mutual authentication among User,GWN and sensor node.Biometric identification can increase the nonrepudiation feature that increases security.After security analysis and logical proof,the proposed protocol is proven to have a higher reliability and practicality.展开更多
Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,bio...Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,biometric data are widely observed.Especially,how to keep the privacy of biometric at the password database without impairing efficiency is still an open question.Using the vulnerability of encryption(or hash)algorithms,the attacker can still launch offline brute-force attacks on encrypted(or hashed)biometric data.To address the potential risk of biometric disclosure at the password database,in this paper,we propose a novel efficient and secure MFA key exchange(later denoted as MFAKE)protocol leveraging the Pythia PRF service and password-to-random(or PTR)protocol.Armed with the PTR protocol,a master password pwd can be translated by the user into independent pseudorandom passwords(or rwd)for each user account with the help of device(e.g.,smart phone).Meanwhile,using the Pythia PRF service,the password database can avoid leakage of the local user’s password and biometric data.This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.展开更多
Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate parties based on pre-shared secret password. It was claimed that this protocol was secure against off-line dicti...Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate parties based on pre-shared secret password. It was claimed that this protocol was secure against off-line dictionary attack, but a new research has proved its vulnerability to off-line dictionary attack and proving step was applied by using “Patched Protocol” which was based on public key validation. Unfortunately, this step caused a raise in the computation cost, which made this protocol less appealing than its competitors. We proposed an alternate enhancement to keep this protocol secure without any extra computation cost that was known as “Enhanced Dragonfly”. This solution based on two-pre-shared secret passwords instead of one and the rounds between parties had compressed into two rounds instead of four. We prove that the enhanced-Dragonfly protocol is secure against off-line dictionary attacks by analyzing its security properties using the Scyther tool. A simulation was developed to measure the execution time of the enhanced protocol, which was found to be much less than the execution time of patched Dragonfly. The off-line dictionary attack time is consumed for few days if the dictionary size is 10,000. According to this, the use of the enhanced Dragonfly is more efficient than the patched Dragonfly.展开更多
E-mail security becomes critical issue to research community in the field of information security. Several solutions and standards have been fashioned according to the recent security requirements in order to enhance ...E-mail security becomes critical issue to research community in the field of information security. Several solutions and standards have been fashioned according to the recent security requirements in order to enhance the e-mail security. Some of the existing enhancements focus on keeping the exchange of data via e-mail in confident and integral way. While the others focus on authenticating the sender and prove that he will not repudiate from his message. This paper will survey various e-mail security solutions. We introduce different models and techniques used to solve and enhance the security of e-mail systems and evaluate each one from the view point of security.展开更多
随着越来越多工业控制系统(industrial control system,ICS)安全事件的曝光,如何防护ICS的安全已经引起了广泛的关注。然而对于ICS安全防护的研究还主要停留在理论研究和防护体系层面,缺少可以快速建立的、能够降低关键风险的具体防护...随着越来越多工业控制系统(industrial control system,ICS)安全事件的曝光,如何防护ICS的安全已经引起了广泛的关注。然而对于ICS安全防护的研究还主要停留在理论研究和防护体系层面,缺少可以快速建立的、能够降低关键风险的具体防护措施。首先抽象出ICS通信模型,梳理ICS面临的安全风险和威胁,明确了最急迫和关键的安全需求,然后在不影响功能、效率,以及能够快速部署的前提下,设计了一种通信安全增强方案,包括对关键通信报文进行单向的身份认证和完整性检验,并结合了时间戳机制和登记机制。最后通过对增强方案的安全分析,证明其能够抵御伪装、篡改和重放等常见攻击。展开更多
基金Taif University Researchers Supporting Project number(TURSP-2020/98),Taif University,Taif,Saudi Arabia。
文摘Cloud-based SDN(Software Defined Network)integration offers new kinds of agility,flexibility,automation,and speed in the network.Enterprises and Cloud providers both leverage the benefits as networks can be configured and optimized based on the application requirement.The integration of cloud and SDN paradigms has played an indispensable role in improving ubiquitous health care services.It has improved the real-time monitoring of patients by medical practitioners.Patients’data get stored at the central server on the cloud from where it is available to medical practitioners in no time.The centralisation of data on the server makes it more vulnerable to malicious attacks and causes a major threat to patients’privacy.In recent days,several schemes have been proposed to ensure the safety of patients’data.But most of the techniques still lack the practical implementation and safety of data.In this paper,a secure multi-factor authentication protocol using a hash function has been proposed.BAN(Body Area Network)logic has been used to formally analyse the proposed scheme and ensure that no unauthenticated user can steal sensitivepatient information.Security Protocol Animator(SPAN)–Automated Validation of Internet Security Protocols and Applications(AVISPA)tool has been used for simulation.The results prove that the proposed scheme ensures secure access to the database in terms of spoofing and identification.Performance comparisons of the proposed scheme with other related historical schemes regarding time complexity,computation cost which accounts to only 423 ms in proposed,and security parameters such as identification and spoofing prove its efficiency.
文摘Most network service providers like MTN Nigeria, currently use two-factor authentication for their 4G wireless networks. This exposes the network subscribers to identify theft and users data to security threats like snooping, sniffing, spoofing and phishing. There is need to curb these problems with the use of an enhanced multi-factor authentication approach. The objective of this work is to create a multi-factor authentication software for a 4G wireless network. Multi-factor authentication involves user’s knowledge factor, user’s possession factor and user’s inherence factor;that is who the user is to be presented before system access can be granted. The research methodologies used for this work include Structured System Analysis and Design Methodology, SSADM and Prototyping. The result of this work will be a Multi-factor authentications software. This software was designed with programming languages like ASP. NET, C# and Microsoft SQL Server for the database.
文摘The rise of the digital economy and the comfort of accessing by way of user mobile devices expedite human endeavors in financial transactions over the Virtual Private Network(VPN)backbone.This prominent application of VPN evades the hurdles involved in physical money exchange.The VPN acts as a gateway for the authorized user in accessing the banking server to provide mutual authentication between the user and the server.The security in the cloud authentication server remains vulnerable to the results of threat in JP Morgan Data breach in 2014,Capital One Data Breach in 2019,and manymore cloud server attacks over and over again.These attacks necessitate the demand for a strong framework for authentication to secure from any class of threat.This research paper,propose a framework with a base of EllipticalCurve Cryptography(ECC)to performsecure financial transactions throughVirtual PrivateNetwork(VPN)by implementing strongMulti-Factor Authentication(MFA)using authentication credentials and biometric identity.The research results prove that the proposed model is to be an ideal scheme for real-time implementation.The security analysis reports that the proposed model exhibits high level of security with a minimal response time of 12 s on an average of 1000 users.
文摘Multi-factor Authentication(MFA)often referred to as Two-factor Authentication(2FA),which is a subset of MFA,is the practice of implementing additional security methods on top of a standard username and password to help authenticate the identity of a user and increase the security of data.This chapter will investigate the problem with username and password logins,the different types of authentication,current best practice for multi-factor authentication and interpretations about how the technology will grow in the upcoming years.
基金This work is supported by the National Science Foundation of China(Grant No.61501132,Grant Nos.61771154,61301095,61370084)the China Postdoctoral Science Foundation No.2016M591515+1 种基金the Heilongjiang Postdoctoral Sustentation Fund with No.LBH-Z14055Harbin Application Technology Research and Development Project(Grant Nos.2016RAQXJ063,2016RAXXJ013).
文摘With the development of computer hardware technology and network technology,the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle.The information perception of the Internet of Things plays a key role as a link between the computer world and the real world.However,there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power,limited power supply,and open communication links.We proposed a novel lightweight authentication protocol based on password,smart card and biometric identification that achieves mutual authentication among User,GWN and sensor node.Biometric identification can increase the nonrepudiation feature that increases security.After security analysis and logical proof,the proposed protocol is proven to have a higher reliability and practicality.
基金This work was supported by the National Natural Science Foundation of China(No.61802214)the Natural Science Foundation of Shandong Province(Nos.ZR2019BF009,ZR2018LF007,ZR2017MF0,ZR2016YL011)+2 种基金the Shandong Provincial Key Research and Development Program of China(2018GGX1010052017,CXGC07012016,GGX109001)the Project of Shandong Province Higher Educational Science and Technology Program(No.J17KA049)the Global Infrastructure Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(NRF-2018K1A3A1A20026485).
文摘Multi-factor authentication(MFA)was proposed by Pointcheval et al.[Pointcheval and Zimmer(2008)]to improve the security of single-factor(and two-factor)authentication.As the backbone of multi-factor authentication,biometric data are widely observed.Especially,how to keep the privacy of biometric at the password database without impairing efficiency is still an open question.Using the vulnerability of encryption(or hash)algorithms,the attacker can still launch offline brute-force attacks on encrypted(or hashed)biometric data.To address the potential risk of biometric disclosure at the password database,in this paper,we propose a novel efficient and secure MFA key exchange(later denoted as MFAKE)protocol leveraging the Pythia PRF service and password-to-random(or PTR)protocol.Armed with the PTR protocol,a master password pwd can be translated by the user into independent pseudorandom passwords(or rwd)for each user account with the help of device(e.g.,smart phone).Meanwhile,using the Pythia PRF service,the password database can avoid leakage of the local user’s password and biometric data.This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.
文摘Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate parties based on pre-shared secret password. It was claimed that this protocol was secure against off-line dictionary attack, but a new research has proved its vulnerability to off-line dictionary attack and proving step was applied by using “Patched Protocol” which was based on public key validation. Unfortunately, this step caused a raise in the computation cost, which made this protocol less appealing than its competitors. We proposed an alternate enhancement to keep this protocol secure without any extra computation cost that was known as “Enhanced Dragonfly”. This solution based on two-pre-shared secret passwords instead of one and the rounds between parties had compressed into two rounds instead of four. We prove that the enhanced-Dragonfly protocol is secure against off-line dictionary attacks by analyzing its security properties using the Scyther tool. A simulation was developed to measure the execution time of the enhanced protocol, which was found to be much less than the execution time of patched Dragonfly. The off-line dictionary attack time is consumed for few days if the dictionary size is 10,000. According to this, the use of the enhanced Dragonfly is more efficient than the patched Dragonfly.
文摘E-mail security becomes critical issue to research community in the field of information security. Several solutions and standards have been fashioned according to the recent security requirements in order to enhance the e-mail security. Some of the existing enhancements focus on keeping the exchange of data via e-mail in confident and integral way. While the others focus on authenticating the sender and prove that he will not repudiate from his message. This paper will survey various e-mail security solutions. We introduce different models and techniques used to solve and enhance the security of e-mail systems and evaluate each one from the view point of security.
文摘随着越来越多工业控制系统(industrial control system,ICS)安全事件的曝光,如何防护ICS的安全已经引起了广泛的关注。然而对于ICS安全防护的研究还主要停留在理论研究和防护体系层面,缺少可以快速建立的、能够降低关键风险的具体防护措施。首先抽象出ICS通信模型,梳理ICS面临的安全风险和威胁,明确了最急迫和关键的安全需求,然后在不影响功能、效率,以及能够快速部署的前提下,设计了一种通信安全增强方案,包括对关键通信报文进行单向的身份认证和完整性检验,并结合了时间戳机制和登记机制。最后通过对增强方案的安全分析,证明其能够抵御伪装、篡改和重放等常见攻击。
