Abstract: Nowadays, computer worms, viruses and Trojan horse
become popular, and they are collectively called malware. Those
malware just spoiled computers by deleting or rewriting important
files a decade ago. However, recent malware seems to be born to earn
money. Some of malware work for collecting personal information so
that malicious people can find secret information such as password for
online banking, evidence for a scandal or contact address which relates
with the target. Moreover, relation between money and malware
becomes more complex. Many kinds of malware bear bots to get
springboards. Meanwhile, for ordinary internet users,
countermeasures against malware come up against a blank wall.
Pattern matching becomes too much waste of computer resources,
since matching tools have to deal with a lot of patterns derived from
subspecies. Virus making tools can automatically bear subspecies of
malware. Moreover, metamorphic and polymorphic malware are no
longer special. Recently there appears malware checking sites that
check contents in place of users' PC. However, there appears a new
type of malicious sites that avoids check by malware checking sites. In
this paper, existing protocols and methods related with the web are
reconsidered in terms of protection from current attacks, and new
protocol and method are indicated for the purpose of security of the
web.
Abstract: Authentication plays a vital role in many secure
systems. Most of these systems require user to log in with his or her
secret password or pass phrase before entering it. This is to ensure all
the valuables information is kept confidential guaranteeing also its
integrity and availability. However, to achieve this goal, users are
required to memorize high entropy passwords or pass phrases.
Unfortunately, this sometimes causes difficulty for user to remember
meaningless strings of data. This paper presents a new scheme which
assigns a weight to each personal question given to the user in
revealing the encrypted secrets or password. Concentration of this
scheme is to offer fault tolerance to users by allowing them to forget
the specific password to a subset of questions and still recover the
secret and achieve successful authentication. Comparison on level of
security for weight-based and weightless secret recovery scheme is
also discussed. The paper concludes with the few areas that requires
more investigation in this research.
Abstract: With the rapid development of wireless mobile communication, applications for mobile devices must focus on network security. In 2008, Chang-Chang proposed security improvements on the Lu et al.-s elliptic curve authentication key agreement protocol for wireless mobile networks. However, this paper shows that Chang- Chang-s improved protocol is still vulnerable to off-line password guessing attacks unlike their claims.
Abstract: A low cost Short Message System (SMS) based Home security system equipped with motion, smoke, temperature, humidity and light sensors has been studied and tested. The sensors are controlled by a microprocessor PIC 18F4520 through the SMS having password protection code for the secure operation. The user is able to switch light and the appliances and get instant feedback. Also in cases of emergencies such as fire or robbery the system will send alert message to occupant and relevant civil authorities. The operation of the home security has been tested on Vodafone- Fiji network and Digicel Fiji Network for emergency and feedback responses for 25 samples. The experiment showed that it takes about 8-10s for the security system to respond in case of emergency. It takes about 18-22s for the occupant to switch and monitor lights and appliances and then get feedback depending upon the network traffic.
Abstract: Security has been an important issue and concern in the
smart home systems. Smart home networks consist of a wide range of
wired or wireless devices, there is possibility that illegal access to
some restricted data or devices may happen. Password-based
authentication is widely used to identify authorize users, because this
method is cheap, easy and quite accurate. In this paper, a neural
network is trained to store the passwords instead of using verification
table. This method is useful in solving security problems that
happened in some authentication system. The conventional way to
train the network using Backpropagation (BPN) requires a long
training time. Hence, a faster training algorithm, Resilient
Backpropagation (RPROP) is embedded to the MLPs Neural
Network to accelerate the training process. For the Data Part, 200
sets of UserID and Passwords were created and encoded into binary
as the input. The simulation had been carried out to evaluate the
performance for different number of hidden neurons and combination
of transfer functions. Mean Square Error (MSE), training time and
number of epochs are used to determine the network performance.
From the results obtained, using Tansig and Purelin in hidden and
output layer and 250 hidden neurons gave the better performance. As
a result, a password-based user authentication system for smart home
by using neural network had been developed successfully.
Abstract: We see in the present day scenario that the Global
positioning system (GPS) has been an effective tool to track the
vehicle. However the adverse part of it is that it can only track a
vehicle-s position. Our present work provides a better platform to
track and disable a vehicle using wireless technology. In our system
we embed a microcomputer which monitors the series of automotive
systems like engine, fuel and braking system. The external USB
modem is connected with the microcomputer to provide 24 x 7
internet accesses. The microcomputer is synchronized with the
owner-s multimedia mobile by means of a software tool “REMOTE
DESKTOP". A unique username and password is provided to the
software tool, so that the owner can only access the microcomputer
through the internet on owner-s mobile. The key fact is that our
design is placed such that it is known only to the owner.
Abstract: Secure electronic payment system is presented in this
paper. This electronic payment system is to be secure for clients such
as customers and shop owners. The security architecture of the
system is designed by RC5 encryption / decryption algorithm. This
eliminates the fraud that occurs today with stolen credit card
numbers. The symmetric key cryptosystem RC5 can protect
conventional transaction data such as account numbers, amount and
other information. This process can be done electronically using RC5
encryption / decryption program written by Microsoft Visual Basic
6.0. There is no danger of any data sent within the system being
intercepted, and replaced. The alternative is to use the existing
network, and to encrypt all data transmissions. The system with
encryption is acceptably secure, but that the level of encryption has
to be stepped up, as computing power increases. Results In order to
be secure the system the communication between modules is
encrypted using symmetric key cryptosystem RC5. The system will
use simple user name, password, user ID, user type and cipher
authentication mechanism for identification, when the user first
enters the system. It is the most common method of authentication in
most computer system.
Abstract: Since Cloud environment has appeared as the most powerful
keyword in the computing industry, the growth in VDI (Virtual Desktop
Infrastructure) became remarkable in domestic market. In recent years, with the trend
that mobile devices such as smartphones and pads spread so rapidly, the strengths of
VDI that allows people to access and perform business on the move along with
companies' office needs expedite more rapid spread of VDI.
In this paper, mobile OTP (One-Time Password) authentication method is proposed
to secure mobile device portability through rapid and secure authentication using
mobile devices such as mobile phones or pads, which does not require additional
purchase or possession of OTP tokens of users. To facilitate diverse and wide use of
Services in the future, service should be continuous and stable, and above all, security
should be considered the most important to meet advanced portability and user
accessibility, the strengths of VDI.
Abstract: This paper introduces a hardware solution to password
exposure problem caused by direct accesses to the keyboard hardware
interfaces through which a possible attacker is able to grab user-s
password even where existing countermeasures are deployed. Several
researches have proposed reasonable software based solutions to the
problem for years. However, recently introduced hardware
vulnerability problems have neutralized the software approaches and
yet proposed any effective software solution to the vulnerability.
Hardware approach in this paper is expected as the only solution to the
vulnerability
Abstract: Modern civilization has come in recent decades into a new phase in its development, called the information society. The concept of "information society" has become one of the most common. Therefore, the attempt to understand what exactly the society we live in, what are its essential features, and possible future scenarios, is important to the social and philosophical analysis. At the heart of all these deep transformations is more increasing, almost defining role knowledge and information as play substrata of «information society». The mankind opened for itself and actively exploits a new resource – information. Information society puts forward on the arena new type of the power, at the heart of which activity – mastering by a new resource: information and knowledge. The password of the new power – intelligence as synthesis of knowledge, information and communications, the strength of mind, fundamental sociocultural values. In a postindustrial society, the power of knowledge and information is crucial in the management of the company, pushing into the background the influence of money and state coercion.
Abstract: In today's day and age, one of the important topics in
information security is authentication. There are several alternatives
to text-based authentication of which includes Graphical Password
(GP) or Graphical User Authentication (GUA). These methods stems
from the fact that humans recognized and remembers images better
than alphanumerical text characters. This paper will focus on the
security aspect of GP algorithms and what most researchers have
been working on trying to define these security features and
attributes. The goal of this study is to develop a fuzzy decision model
that allows automatic selection of available GP algorithms by taking
into considerations the subjective judgments of the decision makers
who are more than 50 postgraduate students of computer science. The
approach that is being proposed is based on the Fuzzy Analytic
Hierarchy Process (FAHP) which determines the criteria weight as a
linear formula.
Abstract: Ad hoc networks are characterized by multi-hop
wireless connectivity and frequently changing network topology.
Forming security association among a group of nodes in ad-hoc
networks is more challenging than in conventional networks due to the
lack of central authority, i.e. fixed infrastructure. With that view in
mind, group key management plays an important building block of
any secure group communication. The main contribution of this paper
is a low complexity key management scheme that is suitable for fully
self-organized ad-hoc networks. The protocol is also password
authenticated, making it resilient against active attacks. Unlike other
existing key agreement protocols, ours make no assumption about the
structure of the underlying wireless network, making it suitable for
“truly ad-hoc" networks. Finally, we will analyze our protocol to show
the computation and communication burden on individual nodes for
key establishment.
Abstract: In this paper, a two factor scheme is proposed to
generate cryptographic keys directly from biometric data, which
unlike passwords, are strongly bound to the user. Hash value of the
reference iris code is used as a cryptographic key and its length
depends only on the hash function, being independent of any other
parameter. The entropy of such keys is 94 bits, which is much higher
than any other comparable system. The most important and distinct
feature of this scheme is that it regenerates the reference iris code by
providing a genuine iris sample and the correct user password. Since
iris codes obtained from two images of the same eye are not exactly
the same, error correcting codes (Hadamard code and Reed-Solomon
code) are used to deal with the variability. The scheme proposed here
can be used to provide keys for a cryptographic system and/or for
user authentication. The performance of this system is evaluated on
two publicly available databases for iris biometrics namely CBS and
ICE databases. The operating point of the system (values of False
Acceptance Rate (FAR) and False Rejection Rate (FRR)) can be set
by properly selecting the error correction capacity (ts) of the Reed-
Solomon codes, e.g., on the ICE database, at ts = 15, FAR is 0.096%
and FRR is 0.76%.
Abstract: Cybercrime is now becoming a big challenge in Nigeria apart from the traditional crime. Inability to identify perpetrators is one of the reasons for the growing menace. This paper proposes a design for monitoring internet users’ activities in order to curbing cybercrime. It requires redefining the operations of Internet Service Providers (ISPs) which will now mandate users to be authenticated before accessing the internet. In implementing this work which can be adapted to a larger scale, a virtual router application is developed and configured to mimic a real router device. A sign-up portal is developed to allow users to register with the ISP. The portal asks for identification information which will include bio-data and government issued identification data like National Identity Card number, et cetera. A unique username and password are chosen by the user to enable access to the internet which will be used to reference him to an Internet Protocol Address (IP Address) of any system he uses on the internet and thereby associating him to any criminal act related to that IP address at that particular time. Questions such as “What happen when another user knows the password and uses it to commit crime?” and other pertinent issues are addressed.
Abstract: Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.
Abstract: Biometric techniques are gaining importance for
personal authentication and identification as compared to the
traditional authentication methods. Biometric templates are
vulnerable to variety of attacks due to their inherent nature. When a
person-s biometric is compromised his identity is lost. In contrast to
password, biometric is not revocable. Therefore, providing security
to the stored biometric template is very crucial. Crypto biometric
systems are authentication systems, which blends the idea of
cryptography and biometrics. Fuzzy vault is a proven crypto
biometric construct which is used to secure the biometric templates.
However fuzzy vault suffer from certain limitations like nonrevocability,
cross matching. Security of the fuzzy vault is affected
by the non-uniform nature of the biometric data. Fuzzy vault when
hardened with password overcomes these limitations. Password
provides an additional layer of security and enhances user privacy.
Retina has certain advantages over other biometric traits. Retinal
scans are used in high-end security applications like access control to
areas or rooms in military installations, power plants, and other high
risk security areas. This work applies the idea of fuzzy vault for
retinal biometric template. Multimodal biometric system
performance is well compared to single modal biometric systems.
The proposed multi modal biometric fuzzy vault includes combined
feature points from retina and fingerprint. The combined vault is
hardened with user password for achieving high level of security.
The security of the combined vault is measured using min-entropy.
The proposed password hardened multi biometric fuzzy vault is
robust towards stored biometric template attacks.