Showing papers on "Data Authentication Algorithm published in 2020"

Smart card-based secure authentication protocol in multi-server IoT environment

Abstract: In recent years, the internet of things has been widely utilized in various fields, such as in smart factories or connected cars. As its domain of application has expanded, it has begun to be employed using multi-server architectures for a more efficient use of resources. However, because users wishing to receive IoT(Internet of Things) services connect to multi-servers over wireless networks, this can expose systems to various attacks and result in serious security risks. To protect systems (and users) from potential security vulnerabilities, a secure authentication technology is necessary. In this paper, we propose a smart card-based authentication protocol, which performs the authentication for each entity by allowing users to go through the authentication process using a smart card transmitted from an authentication server, and to login to a server connected to the IoT. Furthermore, the security of our proposed authentication protocol is verified by simulating a formal verification scenario using AVISPA(Automated Validation of Internet Security Protocols and Applications), a security protocol-verification tool.

Nimble out-of-band authentication for EAP (EAP-NOOB)

Abstract: Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. This EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have a minimal user interface and no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB channel between the peer device and authentication server.

BUMAR: A Blockchain-Empowered UAV-Assisted Smart Surveillance Architecture for Marine Areas

Abstract: Trespassing in the marine area is a very critical issue. As a result, countries are losing revenue as well as it's a threat against the sovereignty of the country. As sea area is large, it's not always possible to monitor every part in real-time. Unmanned aerial vehicle (UAV) is a promising technology that can assist to alleviate this issue. However, communication between the control center and a UAV encircles with cyber threats as well as data in the surveillance may experience unauthorised modification. This paper represents a blockchain-empowered smart surveillance architecture in which UAV performs surveillance and uses a two-phase authentication process to verify the marine vehicles. The experimental result manifests that the proposed scheme is faster and consumes less energy than the existing authentication algorithms.

Three-way authentication apparatus and method in cloud environment and 3D printing apparatus and method using three-way authentication in cloud environment

Abstract: Disclosed herein are a three-way authentication apparatus and method in a cloud environment. The three-way authentication method in a cloud environment includes performing, by a control device and a service device, mutual authentication through an IF-1 interface, performing, by the control device and a function server, mutual authentication through an IF-2 interface, requesting, by the control device, the function server to issue an authentication token for authentication between the service device and the function server, and delivering an authentication token issued by the function server to the service device, and performing, by the service device, mutual authentication with the function server using the delivered authentication token through an IF-3 interface.

A Long Sequence Speech Perceptual Hashing Authentication Algorithm Based on Constant Q Transform and Tensor Decomposition

Abstract: Most speech authentication algorithms are over-optimized for robustness and efficiency, resulting in poor discrimination. Hashing shorter sequence is likely to cause the same hashing sequence to come from different speech segments, which will cause serious deviations in authentication. Few people pay attention to the research on the discrimination of hashing sequence length, so this paper proposes a long sequence speech authentication algorithm based on constant Q transform (CQT) and tensor decomposition (TD). In this paper, hashing long sequence is used to solve the problem of poor collision resistance of existing algorithms, fast and accurate authentication can be achieved for important speech fragments with large data volumes. The sub-band in the frequency domain are first divided into different matrix, then the variance set of sub-band in the frequency domain is obtained, and finally the feature values are obtained by CQT and TD transformation. The obtained feature values have strong robustness and can cope with the interference of complex channel environment. In this paper, Texas Instruments and Massachusetts Institute of Technology (TIMIT) speech database and the Text to Speech (TTS) are used to establish a database of 51600 speeches to verify the performance of the algorithm. Experimental results show that compared with the existing speech authentication algorithms, the proposed algorithm has the characteristics of high discrimination, strong robustness and high efficiency.

A Study on the Concept of Using Efficient Lightweight Hash Chain to Improve Authentication in VMF Military Standard

Abstract: Authentication algorithms in the form of cryptographic schemes, such as the Secure Hash Algorithm 1 (SHA-1) and the digital signature algorithm (DSA), specified in the current variable message format (VMF) military standard have numerous reliability-related limitations when applied to tactical data link (TDL) and multi-TDL networks (MTN). This is because TDL and MTN require maximum tactical security, communication integrity, and low network overhead based on many protocol header bits for rapid communication with limited network resources. The application of such authentication algorithms to TDL and MTN in a rapidly changing battlefield environment without reinforcement measures will lead to functional weaknesses and vulnerabilities when high-level digital-covert activities and deception tactics are implemented. Consequently, the existing VMF authentication scheme must be improved to secure transmission integrity, lower network transaction, and receive authentication tactical information in VMF-based combat network radio (CNR) networks. Therefore, in this study, a tactical wireless ad hoc network topology, similar to that of the existing CNRs, is considered, and a lightweight multi-factor hash chain-based authentication scheme that includes a time-based one-time password (T-OTP) for network overhead reduction and terminal authentication is proposed, coupled with exception handling. The proposed method enhances the confidentiality of tactical message exchanges and reduces unnecessary network transactions and transmission bits for authentication flows between real-time military terminals owned by squads, while ensuring robustness in limited battlefields. Based on these approaches, in the future, we intend to increase the authentication reliability between wireless terminals in the Korean variable message format (KVMF)-based CNR networks based on the Korean Army Corps network scenarios.

3D Face Authentication Software Test Automation

Abstract: The 3D face authentication has become a hot trend for researchers and developers in the recent years, due to its many advantages over the 2D face recognition feature. The 3D reconstruction of a human face using both near-infrared and depth sensors is a complex process on mobile phones. It commonly involves algorithms like face detection, face landmark detection, facial feature extraction, and depth information analysis. The 3D face authentication feature is critical for the user as per as security and also providing a convenient way to authenticate by the correct user. Therefore, the testing of 3D face authentication algorithms and applications in terms of functionality, performance, and stability is critical. However, the research on 3D face authentication application level validation and testing method is lacking in the field. Most testers are still validating the application manually. In this paper, we propose a robotic-arm-based test automation for testing the 3D face authentication feature on mobile phones. We programmed a 6 degree of freedom (6-DOF) robotic arm to perform 3D face authentication automated tests that were executed manually before. Our test automation also benchmarked the performance of an in-house developed 3D face authentication application and a 3 rd party application which yielded promising latency and accuracy comparison results under different performance-impacting test scenarios.

A FPGA-Based Post-Processing and Validation Platform for Random Number Generators

Abstract: Cryptography and computer security rely heavily on random numbers for key exchange of authentication algorithms. However, current Internet-of-Things (IoT) device security is often based on poor quality pseudo-random number generators (PRNGs). This issue can be overcome using true random number generators (TRNGs) that may offer better quality and higher security. Nonetheless, TRNG often provide slow throughput and require post-processing to correct hardware biases and ensure the desired statistical behavior. In this paper, we present a FPGA-based hardware platform able to validate and post-process multiple TRNG sources. Moreover, we propose a hardware implementation of a provably secure post-processing algorithm called SPRG. Based on the sponge construction and the Keccak-f standard, it improves random number quality while maintaining high data throughput. A full platform providing hardware acceleration has been implemented on a Xilinx Kintex- 7 FPGA board to test the validity of the generated numbers through χ 2 and SP800-90B online statistical tests, and to improve the randomness using AIS-31 or SPRG post-processing hardware cores. The proposed platform is modular and targets both IoT edge devices and back-end servers.

Performance Evaluation of the CoAP Protocol with Security Support for IoT Environments

Abstract: Internet of Things (IoT) can be defined as the interconnection through Internet of an unprecedented number of devices with the purpose of exchanging data. It stands as one of the most popular technologies for the following years and it is requiring substantial changes in the Internet protocols to meet its requirements. As the application layer is decisive for the quality of the connection, this paper analyzes the performance offered by one of the most popular protocols for the application layer in IoT: the Constrained Application Protocol (CoAP). This analysis aims to examine the features and capabilities of this protocol and to determine its feasibility to operate under constrained devices using security support. For this, a realistic network scenario is deployed to run the simulations and to measure bandwidth, consumption of resources (i.e., CPU cycles and bandwidth usage) and communication latency. Additionally, the trade-off between security and performance is discussed measuring the bandwidth overhead and the consumption increase associated to secure the communications. Different ciphering and authentication algorithms are tested, following the recommendations made by the Internet Engineering Task Force (IETF).

Research perceptions on ransomware attack: a complete analysis on conventional authentication protocols in network

Abstract: Nowadays, Computer Networks and the internet is on the increase due to the precedence that provided by them. An enormous amount of information is accessed and allowed the users to share the information on an incredible scale while connecting the network to the Internet. Even though the internet nature crafts more benefits, still it is posed by the limitations because of the attacks. One of the special types of malicious software (attack) is ransomware also called malware that affects the systems and restricts the user’s access over the system. Further, it files till the payment of ransom. This malware is made by locking the user’s desktop and encrypting the user’s files. This has emerged as a critical threat in network security since each day the raising of ransomware gets abundant. Hence, the prediction of ransomware is considered as the major problem by the researchers and numerous researches are going on over this issue. This survey planned to review the network security models along with the authentication protocol. More importantly, the ransomware attack is also highly concentrated in this survey. Further, the literature analyses on diverse techniques under network security are made. Then the analysis also focused on the algorithms used and is categorized as protocols, authentication algorithms, optimization algorithms, and other techniques. Moreover, this survey demonstrates a detailed review of the cryptographic techniques, attacks, simulation tools and clouds that are exploited in the reviewed papers. Additionally, the chronological review and the performance are reviewed under the network security models. Finally, this paper exploits the research and described the challenges on the network security that can be used further in the future

Faster Data Forwarding in Content-Centric Network via Overlaid Packet Authentication Architecture

Abstract: Content-Centric Networking (CCN) is one of the emerging paradigms for the future Internet, which shifts the communication paradigm from host-centric to data-centric. In CCN, contents are delivered by their unique names, and a public-key-based signature is built into data packets to verify the authenticity and integrity of the contents. To date, research has tried to accelerate the validation of the given data packets, but existing techniques were designed to improve the performance of content verification from the requester’s viewpoint. However, we need to efficiently verify the validity of data packets in each forwarding engine, since the transmission of invalid packets influences not only security but also performance, which can lead to a DDoS (Distributed Denial of Service) attack on CCN. For example, an adversary can inject a number of meaningless packets into CCN to consume the forwarding engines’ cache and network bandwidth. In this paper, a novel authentication architecture is introduced, which can support faster forwarding by accelerating the performance of data validation in forwarding engines. Since all forwarding engines verify data packets, our authentication architecture can eliminate invalid packets before they are injected into other CCN nodes. The architecture utilizes public-key based authentication algorithms to support public verifiability and non-repudiation, but a novel technique is proposed in this paper to reduce the overhead from using PKI for verifying public keys used by forwarding engines and end-users in the architecture. The main merit of this work is in improving the performance of data-forwarding in CCN regardless of the underlying public-key validation mechanism, such as PKI, by reducing the number of accesses to the mechanism. Differently from existing approaches that forgive some useful features of the Naive CCN for higher performance, the proposed technique is the only architecture which can support all useful features given by the Naive CCN.

Message tamper-proofing method and device

Abstract: The invention discloses a message tamper-proofing method and device. The message tamper-proofing method comprises the steps: inserting an agreed random character string at a position agreed by two communication sides in a to-be-transmitted message, and constructing a first hash character string; calculating a first security hash value corresponding to the first hash character string; and attachingthe first security hash value to a specified position of the to-be-sent message to construct a new message. According to the message tamper-proofing method, an agreed random character string is inserted into an agreed position of two communication parties in a to-be-sent message to construct a first hash character string; and a first hash value corresponding to the first hash character string isadded to the tail of the original message to be sent. A new security message is constructed, and the transmission of the new security message not only can carry the original message content, but alsohas the characteristic of preventing the message from being tampered, and the message tamper-proofing method does not depend on encryption and authentication algorithms, and the decoupling of data link layer transmission and a message application layer is realized.

Proposed Authentication Protocol for IoT using Blockchain and Fog Nodes

Abstract: The IoT offers enormous opportunities and also brings some challenges. Authentication considered one of the main challenges introduced by IoT. IoT devices are not able to protect themselves due to there limited processing and storage capabilities. Researchers proposed authentication algorithms with either a lack of scalability or vulnerable to cyberattacks. In this paper, we propose a decentralized token-based authentication based on fog computing and blockchain. The protocol provides a secure authentication protocol using access token, ECC cryptog-raphy, and also blockchain as decentralized identity storage. The blockchain uses cryptographic identifiers, records immutability, and provenance, which allows the implementation of a decentral-ized authentication protocol. These features ensure a light and secure identity management system. We evaluate this protocol communication between controller, gateways, and devices using AVISPA/ HLPSL, and results obtained from AVISPA simulation shows that our protocol is safe based on secrecy and strong authentication criteria. The paper uses four test cases to test the Ethereum smart contract implementation to ensure the system functions properly.

Authentication algorithm selection method and device

Abstract: The invention relates to the field of communication, in particular to an authentication algorithm selection method and device. The invention used for solving the negotiation problem of an authentication algorithm and ensures UE smoothly passes the authentication service and gets access to network. The method comprises the following steps of: enabling an AUSF to obtain a first authentication algorithm set used by the UE; and extracting a first intersection of the first authentication algorithm set and a second authentication algorithm set which is locally supported to be used, sending the firstintersection to the UDM, triggering the UDM to select a target authentication algorithm used by the UE based on the first intersection and a second intersection of the third authentication algorithmset. Thus, when the authentication algorithm supported by the UE is not completely the same as the authentication algorithm selected by the UDM, the UDM selects the authentication algorithm. Accordingto the embodiment of the invention, the proper target authentication algorithm can be selected through negotiation between the UE and the UDM, the problem of authentication failure easily caused under the condition that the UE changes the ME or the ME supports multiple authentication algorithms is effectively solved, the selection of the authentication algorithms is enriched, and the UE is ensured to successfully access the network.

Universal authentication method and device and cloud service network system

Abstract: The invention discloses a universal authentication method and device and a cloud service network system. The disclosed universal authentication method comprises the following steps: receiving access requests for resources of different types of services of different source stations and/or the same source station; authenticating the access request by using authentication algorithms corresponding todifferent source stations and/or different types of services of the same source station to obtain an original authentication result; and converting the original authentication result, and outputting ageneral authentication result, the general authentication result comprising access request identifiers in one-to-one correspondence with the access requests, and an authentication flag bit for indicating whether the authentication is passed. According to the technical scheme, universal authentication can be carried out on access requests of different formats, and the operation that a server of acloud service network determines that a client has right to access resources and provides resources is unified, and the cost of subsequent upgrading and development is saved.

Cyber Threat Extenuation for Substation Data Communication: Evaluation of Encrypt-Authenticator Prototype for IEC 60870–5 Data

Abstract: Data communicated at many existing secondary electrical substations is currently not encrypted. In order to improve their data security level, a low-cost cryptography prototype is proposed. Both lightweight and conventional crypto-algorithm types are chosen to encrypt, authenticate and encrypt-authenticate data packets of IEC 60870–5, the data protocol being used at most substations. Implementations of selected algorithms are on a programmable logic arrays (FPGA) to meet communication time sensitivity while employing an eight-bit processor. The FPGA implementations are optimized for speed rather than footprint. The processor is mainly to handle processing of data packets either coming from or going into substation devices. The performance in term of latency for both the conventional and lightweight cryptography is evaluated to meet different data transmission speeds. The lightweight encryption has lower latency compared to the conventional one, while both types of authentication algorithms yield similar latency as expected.

Method and apparatus for authenticating handwritten signature using multiple authentication algorithms

Abstract: The present invention provides a handwritten signature authentication method based on multiple authentication algorithms, which receives a handwritten signature to be authenticated to extract multiple signature behavior characteristic information, analyzes the degree of correspondence between the input handwritten signature and a registered handwritten signature by applying all of extracted multiple signature behavior characteristic information to first and second signature authentication algorithms configured with different techniques, combines an analysis result of the first and second signature authentication algorithms to correct a false rejection rate and a false acceptance rate, and finally determines whether the handwritten signature authentication is successful.