In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users’ authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users’ authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users’ identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
This report analysis web security password authentication based on single- block hash function, written by Shi-Qi Wang, Jing-Ya Wang and Yong-Zhen Li and presented at the 2013 International Conference on Electronic Engineering and Computer Science. To analyze an algorithm means to study the specification of the Algorithm and come to a conclusion about how the implementation of that algorithm will perform in general. Here, the amount of resources necessary to execute the algorithm is determined and its equivalent running time (time complexity) or efficiency of the algorithm.
A review of some of the available literature provides insights into various web security and user identity authentication mechanisms, single- block hash function algorithm, its types, design and functions.
The key findings include:
The Single- Block Hash Function Algorithm has variable input length and fixed out length
The flow chart in figure 1 of the studies shows that the algorithm is Message Digest Method 5 (MD 5)
MD5 algorithm appends padding bits, appends length bits, initialize MD buffer and process each 512- bit block.
In processing each 512- bit block, a total of 64 operations are performed in 4 stages and each stage undergoes 16 iterations.
Collision Resistance Scenario: MD 5 has a very weak collision resistance and its therefore not recommended for encryption. However, MD 5 can withstand tamper with and replay. Running Time (Time Complexity): The time complexity of MD 5 is O(n), where n represents the size of the input data. it is considered relatively fast and efficient than the traditional password but slower than modern hash functions.
Many researchers research to use Single-Block hash algorithm to realize the Web user ID authentication
MD 5 solves deficiency of the traditional username-password authentication or digital signature to realize Web user’s identity authentication
The information presented in this report has been gathered from secondary sources and has been prepared for submission as Information Security Course at AAMUSTED.
Big data as a service (BDaaS) platform is widely used by various
organizations for handling and processing the high volume of data generated
from different internet of things (IoT) devices. Data generated from these IoT
devices are kept in the form of big data with the help of cloud computing
technology. Researchers are putting efforts into providing a more secure and
protected access environment for the data available on the cloud. In order to
create a safe, distributed, and decentralised environment in the cloud,
blockchain technology has emerged as a useful tool. In this research paper, we
have proposed a system that uses blockchain technology as a tool to regulate
data access that is provided by BDaaS platforms. We are securing the access
policy of data by using a modified form of ciphertext policy-attribute based
encryption (CP-ABE) technique with the help of blockchain technology. For
secure data access in BDaaS, algorithms have been created using a mix of CPABE with blockchain technology. Proposed smart contract algorithms are
implemented using Eclipse 7.0 IDE and the cloud environment has been
simulated on CloudSim tool. Results of key generation time, encryption time,
and decryption time has been calculated and compared with access control
mechanism without blockchain technology.
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
This document proposes a new Multi-Server Authentication Key Exchange approach for secure communication in big data environments. It aims to address issues with the existing Kerberos approach used in Parallel Network File Systems (pNFS), which has scalability limits and does not provide forward secrecy or prevent key escrow. The proposed approach uses authenticated key exchange protocols between clients and storage devices to reduce the workload on the metadata server by up to 54% while providing forward secrecy and preventing key escrow with only minor client-side computation overhead. It is designed specifically for the needs of pNFS but could benefit other similar distributed file systems.
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
This report analysis web security password authentication based on single- block hash function, written by Shi-Qi Wang, Jing-Ya Wang and Yong-Zhen Li and presented at the 2013 International Conference on Electronic Engineering and Computer Science. To analyze an algorithm means to study the specification of the Algorithm and come to a conclusion about how the implementation of that algorithm will perform in general. Here, the amount of resources necessary to execute the algorithm is determined and its equivalent running time (time complexity) or efficiency of the algorithm.
A review of some of the available literature provides insights into various web security and user identity authentication mechanisms, single- block hash function algorithm, its types, design and functions.
The key findings include:
The Single- Block Hash Function Algorithm has variable input length and fixed out length
The flow chart in figure 1 of the studies shows that the algorithm is Message Digest Method 5 (MD 5)
MD5 algorithm appends padding bits, appends length bits, initialize MD buffer and process each 512- bit block.
In processing each 512- bit block, a total of 64 operations are performed in 4 stages and each stage undergoes 16 iterations.
Collision Resistance Scenario: MD 5 has a very weak collision resistance and its therefore not recommended for encryption. However, MD 5 can withstand tamper with and replay. Running Time (Time Complexity): The time complexity of MD 5 is O(n), where n represents the size of the input data. it is considered relatively fast and efficient than the traditional password but slower than modern hash functions.
Many researchers research to use Single-Block hash algorithm to realize the Web user ID authentication
MD 5 solves deficiency of the traditional username-password authentication or digital signature to realize Web user’s identity authentication
The information presented in this report has been gathered from secondary sources and has been prepared for submission as Information Security Course at AAMUSTED.
Big data as a service (BDaaS) platform is widely used by various
organizations for handling and processing the high volume of data generated
from different internet of things (IoT) devices. Data generated from these IoT
devices are kept in the form of big data with the help of cloud computing
technology. Researchers are putting efforts into providing a more secure and
protected access environment for the data available on the cloud. In order to
create a safe, distributed, and decentralised environment in the cloud,
blockchain technology has emerged as a useful tool. In this research paper, we
have proposed a system that uses blockchain technology as a tool to regulate
data access that is provided by BDaaS platforms. We are securing the access
policy of data by using a modified form of ciphertext policy-attribute based
encryption (CP-ABE) technique with the help of blockchain technology. For
secure data access in BDaaS, algorithms have been created using a mix of CPABE with blockchain technology. Proposed smart contract algorithms are
implemented using Eclipse 7.0 IDE and the cloud environment has been
simulated on CloudSim tool. Results of key generation time, encryption time,
and decryption time has been calculated and compared with access control
mechanism without blockchain technology.
Multi-Server Authentication Key Exchange Approach in BIGDATA EnvironmentIRJET Journal
This document proposes a new Multi-Server Authentication Key Exchange approach for secure communication in big data environments. It aims to address issues with the existing Kerberos approach used in Parallel Network File Systems (pNFS), which has scalability limits and does not provide forward secrecy or prevent key escrow. The proposed approach uses authenticated key exchange protocols between clients and storage devices to reduce the workload on the metadata server by up to 54% while providing forward secrecy and preventing key escrow with only minor client-side computation overhead. It is designed specifically for the needs of pNFS but could benefit other similar distributed file systems.
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...IJNSA Journal
High-profile security breaches and attacks on many organization’s database have been on the increase and the consequences of this, are the adverse effect on the organizations in terms of financial loss and reputation. Many of the security breaches has been ascribed to the vulnerability of the organization’s networks, security policy and operations. Additionally, the emerging technology solutions like Internet-ofThings (IoT), Artificial Intelligence, and Cloud Computing, has extremely exposed many of the organizations to different forms of cyber-threats and attacks. Researchers and system designers have made attempts to proffer solution to some of these challenges. However, the efficacy of the techniques remains a great concern due to insufficient control mechanisms. For instance, many of the techniques are majorly based on a single mode encryption techniques which are not too robust to withstand the threats and attacks on organization’s database. To proffer solution to these challenges, the current research designed and integrated a hybridized data security model based on Secured Hash Analysis (SHA 512) and Salting Techniques to enhance the adeptness of the existing techniques. The Hash Analysis algorithm was used to map the data considered to a bit string of a fixed length and salt was added to the password strings essentially to hide its real hash value. The idea of adding salt to the end of the password is basically to complicate the password cracking process. The hybridized model was implemented in Windows environment using python 3.7 IDE platform and tested on a dedicated Local Area Network (LAN) that was exposed to threats from both internal and external sources. The results from the test show that the model performed well in terms of efficiency and robustness to attacks. The performance of the new model recorded a high level of improvement over the existing techniques with a recital of 97.6%.
Developed security and privacy algorithms for cyber physical system IJECEIAES
Cyber-physical system (CPS) is a modern technology in the cyber world, and it integrates with wireless sensor network (WSN). This system is widely used in many applications such as a smart city, greenhouse, healthcare, and power grid. Therefore, the data security and integrity are necessary to ensure the highest level of protection and performance for such systems. In this paper, two sides security system for cyber-physical level is proposed to obtain security, privacy, and integrity. The first side is applied the secure sockets layer (SSL)/transport layer security (TLS) encryption protocol with the internet of things (IoT) based message queuing telemetry transport (MQTT) protocol to secure the connection and encrypt the data exchange between the system's parties. The second side proposes an algorithm to detect and prevent a denial of service (DoS) attack (hypertext transfer protocol (HTTP) post request) on a Web server. The experiment results show the superior performance of the proposed method to secure the CPS by detecting and preventing the cyber-attacks, which infect the Web servers. They also prove the implementation of security, privacy and integrity aspects on the CPS.
HTTPI BASED WEB SERVICE SECURITY OVER SOAP IJNSA Journal
Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, which ensures the entire security requirements of open applications. Benefit of using the HTTPI is that it is economical in use, well-suited for cache proxies, like HTTP is, and provides security against many Internet attacks (Server Impersonation and Message Modification) like HTTPS does. In terms of performance HTTPI is very close to the HTTP, but much better than HTTPS. A Web service is a method of communication between two ends over the Internet. These web services are developed over XML and HTTP. Today, most of the open applications use web services for most of their operations. For securing these web services, security design based on HTTPI is proposed. Our work involves securing the web services over SOAP, based on the HTTPI. This secure web service might be applicable for open applications, where authentication and integrity is needed, but no confidentiality required.
In our paper, we introduce a web service security model based on HTTPI protocol over SOAP and develop a preliminary implementation of this model. We also analyze the performance of our approach through an experiment and show that our proposed approach provides higher throughput, lower average response time and lower response size than HTTPS based web service security approach.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts. It also displays fake information if login is unsuccessful to avoid further intrusion attempts. Common security methods for user data protection include encryption before storage, user authentication, and secure transmission channels. Cloud computing provides on-demand access to computing resources over the Internet and allows users to access services without knowledge of the infrastructure.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts and displaying fake information for unsuccessful login attempts to avoid further trials. It also provides background on cloud computing and common security methods like encryption, authentication, and secure channels. The introduction describes the proposed system's process of requesting access to protected data, authenticating the user, and conditionally providing a fake database in the case of hacking attempts.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
Exchange Protocols on Network File Systems Using Parallel Sessions Authentica...IJMTST Journal
In this work we studied the key establishment for secure many-to-many communications. The main
problem is inspired by the rapid increase of large-scale distributed file systems supporting parallel access to
multiple storage devices. The system focus on the current Internet standard for such file systems, i.e.,
parallel Network File System (pNFS), which makes use of Kerberos key exchange protocols to implement
parallel session keys between clients and storage servers. Our study of the existing Kerberos protocol shows
that it has a number of limitations: (i) a metadata server providing key exchange among the clients and the
storage devices has heavy workload that limits the scalability of the protocol; (ii) the protocol cannot provide
forward secrecy; (iii) the metadata server generates all the session keys for securing communication between
clients and storage devices, and this inadvertently leads to key escrow. In this paper, we put forward three
different authenticated key exchange protocols that are designed to address the above issues. We prove that
our protocols are capable for minimizing up to almost50% of the workload of the metadata server and at the
same time supporting forward secrecy and escrow-prevention. All this requires only a small fraction of
increased computation overhead at the client.
Secure Group Communication in Grid EnvironmentCSCJournals
A Grid is a collection of resources that are available for an application to perform tasks. Grid resources are heterogeneous, geographically distributed and belong to different administrative domains. Hence security is a major concern in a grid system. Authentication, message integrity and confidentiality are the major concerns in grid security. Secure group communication is brought about by effective key distribution to authenticated users of the channels serviced by resources. The proposed approach facilitates reduced computation and efficient group communication. It also ensures efficient rekeying for each communication session. The security protocol has been implemented and tested using Globus middleware.
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
Recently, there are several studies have proposed user authentication frameworks to defend against different types of attacks such as phishing, replay attack, man in the middle attack and denial of service attack, etc. Most of these frameworks consist of three main phases, which are the registration phase, login phase, and authentication phase. Most of them have the changing password process as an additional activity.Many problemshave been noticed in the performance of these frameworks. For example, the registration phase is valunerable to internal attack such as SYN flood attack. In this work, we aim to propose a robust user authentication framework that overcomes the previous framework shortages. The proposed framework provides many security aspects such as remote authentication, mutual authentication, session key establishment,to mention a few. Besides, to ensure the security through all phases of this framework, we add a new phase called a Service Access Authentication Phase (SAAP).This phase is resposable of the internal verification .
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
Cloud computing technology provides various internet-based services. Many cloud computing vendors are offering cloud services through their own service mechanism. These mechanisms consist of various service parameters such as authentication, security, performance, availability, etc. Customer can access these cloud services through web browsers using http protocols. Each protocol has its own way of achieving the request-response services, authentication, confidentiality and etc. Cloud computing is an internet-based technology, which provides Infrastructure, Storage, Platform services on demand through a browser using HTTP protocols. These protocol features can be enhanced using cloud specific protocol, which provides strong authentication, confidentiality, security, integrity, availability and accessibility. We are proposing and presenting the secure cloud transmission protocol (SCTP) engineering phases which sits on top of existing http protocols to provide strong authentication security and confidentiality using multi-models. SCTP has multi-level and multi-dimensional approach to achieve strong authentication and multi-level security technique to achieve secure channel. This protocol can add on to existing http protocols. It can be used in any cloud services. This paper presents proposed Protocol engineering phases such as Service Specification, Synthesis, Analysis, Modelling, and Implementation model with test suites. This paper is represents complete integration of our earlier proposed and published multilevel techniques
Single Sign-on Authentication Model for Cloud Computing using KerberosDeepak Bagga
ABSTRACT
In today’s organizations need for several new resources and storage requirements for terabytes of data is generated every day. Cloud computing provides solution for this in a cost effective and efficient manner. Cloud computing provides on demand resources as services to clients. Cloud is highly scalable and flexible. Although it is benefiting the clients in several ways but as data is stored remotely it has many security loopholes like attacks, data lose, other security and authentication issues. In this paper we are proposing an authentication model for cloud computing based on the Kerberos protocol to provide single sign-on and to prevent against DDOS attacks. This model can benefit by filtering against unauthorized access and to reduce the burden, computation and memory usage of cloud against authentication checks for each client. It acts as a third party between cloud servers and clients to allow secure access to cloud services. In this paper we will see some of the related work for cloud security issues and attacks. Then in next section we will discuss the proposed architecture, its working and sequential process of message transmission. Next we will see how it can prevent against DDOS attacks, some benefits and how it provides single sign-on.
This document summarizes a research paper on M-Pass, a proposed user authentication protocol that aims to prevent password stealing and reuse attacks. M-Pass leverages cell phones and SMS to authenticate users on untrusted devices without requiring them to enter passwords. It involves a registration phase where users register with a website and encrypt a password with their phone number. For login, users provide their username and long-term phone password, and the website generates a one-time password using a secret credential. The protocol aims to eliminate the need to remember multiple passwords by using the phone for authentication across websites. Evaluation shows registration and login times average around 4 and 3.5 minutes respectively. The researchers conclude M-Pass can prevent password stealing and reuse
IRJET- Blockchain based Certificate Issuing and ValidationIRJET Journal
This document proposes a blockchain-based system for issuing, storing, and validating education certificates to prevent certificate forgery. The system would use blockchain technology to store certificate hashes and public key cryptography for authentication. When a company requests a certificate, the system would verify the certificate hash against the blockchain and get signatures from the student and institution to validate the certificate's authenticity before providing it. The system aims to create an efficient, secure mechanism for managing and sharing education credentials.
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...IJCNCJournal
Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more abundant, the number of transaction systems through the Internet is increasing, and new services systems appear. For example, IoT also uses password-based authentication.
In this context, consolidating password-based authentication mechanisms is critical, but monitoring measures for timely detection of attacks also play an important role in this battle. The password attack detection solutions being used need to be supplemented and improved to meet the new situation. In this
paper we propose a solution that automatically detects online password attacks in a way that is based solely on the network, using unsupervised learning techniques and protected application orientation. Our solution therefore minimizes dependence on the factors encountered by host-based or supervised learning solutions. The certainty of the solution comes from using the results of in-depth analysis of attack
characteristics to build the detection capacity of the mechanism. The solution was implemented experimentally on the real system and gave positive results.
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET Journal
The document discusses using blockchain technology to create a digital certificate system. It provides an overview of blockchain and how it can be used to issue and verify graduation certificates in a secure and decentralized manner. Several examples of digital certificate systems that use blockchain and smart contracts are described to address issues with forgery and validate the authenticity and integrity of certificates.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...IJNSA Journal
High-profile security breaches and attacks on many organization’s database have been on the increase and the consequences of this, are the adverse effect on the organizations in terms of financial loss and reputation. Many of the security breaches has been ascribed to the vulnerability of the organization’s networks, security policy and operations. Additionally, the emerging technology solutions like Internet-ofThings (IoT), Artificial Intelligence, and Cloud Computing, has extremely exposed many of the organizations to different forms of cyber-threats and attacks. Researchers and system designers have made attempts to proffer solution to some of these challenges. However, the efficacy of the techniques remains a great concern due to insufficient control mechanisms. For instance, many of the techniques are majorly based on a single mode encryption techniques which are not too robust to withstand the threats and attacks on organization’s database. To proffer solution to these challenges, the current research designed and integrated a hybridized data security model based on Secured Hash Analysis (SHA 512) and Salting Techniques to enhance the adeptness of the existing techniques. The Hash Analysis algorithm was used to map the data considered to a bit string of a fixed length and salt was added to the password strings essentially to hide its real hash value. The idea of adding salt to the end of the password is basically to complicate the password cracking process. The hybridized model was implemented in Windows environment using python 3.7 IDE platform and tested on a dedicated Local Area Network (LAN) that was exposed to threats from both internal and external sources. The results from the test show that the model performed well in terms of efficiency and robustness to attacks. The performance of the new model recorded a high level of improvement over the existing techniques with a recital of 97.6%.
Developed security and privacy algorithms for cyber physical system IJECEIAES
Cyber-physical system (CPS) is a modern technology in the cyber world, and it integrates with wireless sensor network (WSN). This system is widely used in many applications such as a smart city, greenhouse, healthcare, and power grid. Therefore, the data security and integrity are necessary to ensure the highest level of protection and performance for such systems. In this paper, two sides security system for cyber-physical level is proposed to obtain security, privacy, and integrity. The first side is applied the secure sockets layer (SSL)/transport layer security (TLS) encryption protocol with the internet of things (IoT) based message queuing telemetry transport (MQTT) protocol to secure the connection and encrypt the data exchange between the system's parties. The second side proposes an algorithm to detect and prevent a denial of service (DoS) attack (hypertext transfer protocol (HTTP) post request) on a Web server. The experiment results show the superior performance of the proposed method to secure the CPS by detecting and preventing the cyber-attacks, which infect the Web servers. They also prove the implementation of security, privacy and integrity aspects on the CPS.
HTTPI BASED WEB SERVICE SECURITY OVER SOAP IJNSA Journal
Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, which ensures the entire security requirements of open applications. Benefit of using the HTTPI is that it is economical in use, well-suited for cache proxies, like HTTP is, and provides security against many Internet attacks (Server Impersonation and Message Modification) like HTTPS does. In terms of performance HTTPI is very close to the HTTP, but much better than HTTPS. A Web service is a method of communication between two ends over the Internet. These web services are developed over XML and HTTP. Today, most of the open applications use web services for most of their operations. For securing these web services, security design based on HTTPI is proposed. Our work involves securing the web services over SOAP, based on the HTTPI. This secure web service might be applicable for open applications, where authentication and integrity is needed, but no confidentiality required.
In our paper, we introduce a web service security model based on HTTPI protocol over SOAP and develop a preliminary implementation of this model. We also analyze the performance of our approach through an experiment and show that our proposed approach provides higher throughput, lower average response time and lower response size than HTTPS based web service security approach.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
Secure Supervised Learning-Based Smart Home Authentication FrameworkIJCNCJournal
The Smart home possesses the capability of facilitating home services to their users with the systematic advance in The Internet of Things (IoT) and information and communication technologies (ICT) in recent decades. The home service offered by the smart devices helps the users in utilize maximized level of comfort for the objective of improving life quality. As the user and smart devices communicate through an insecure channel, the smart home environment is prone to security and privacy problems. A secure authentication protocol needs to be established between the smart devices and the user, such that a situation for device authentication can be made feasible in smart home environments. Most of the existing smart home authentication protocols were identified to fail in facilitating a secure mutual authentication and increases the possibility of lunching the attacks of session key disclosure, impersonation and stolen smart device. In this paper, Secure Supervised Learning-based Smart Home Authentication Framework (SSL-SHAF) is proposed as are liable mutual authentication that can be contextually imposed for better security. The formal analysis of the proposed SSL-SHAF confirmed better resistance against session key disclosure, impersonation and stolen smart device attacks. The results of SSL-SHAF confirmed minimized computational costs and security compared to the baseline protocols considered for investigation.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts. It also displays fake information if login is unsuccessful to avoid further intrusion attempts. Common security methods for user data protection include encryption before storage, user authentication, and secure transmission channels. Cloud computing provides on-demand access to computing resources over the Internet and allows users to access services without knowledge of the infrastructure.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts and displaying fake information for unsuccessful login attempts to avoid further trials. It also provides background on cloud computing and common security methods like encryption, authentication, and secure channels. The introduction describes the proposed system's process of requesting access to protected data, authenticating the user, and conditionally providing a fake database in the case of hacking attempts.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
Exchange Protocols on Network File Systems Using Parallel Sessions Authentica...IJMTST Journal
In this work we studied the key establishment for secure many-to-many communications. The main
problem is inspired by the rapid increase of large-scale distributed file systems supporting parallel access to
multiple storage devices. The system focus on the current Internet standard for such file systems, i.e.,
parallel Network File System (pNFS), which makes use of Kerberos key exchange protocols to implement
parallel session keys between clients and storage servers. Our study of the existing Kerberos protocol shows
that it has a number of limitations: (i) a metadata server providing key exchange among the clients and the
storage devices has heavy workload that limits the scalability of the protocol; (ii) the protocol cannot provide
forward secrecy; (iii) the metadata server generates all the session keys for securing communication between
clients and storage devices, and this inadvertently leads to key escrow. In this paper, we put forward three
different authenticated key exchange protocols that are designed to address the above issues. We prove that
our protocols are capable for minimizing up to almost50% of the workload of the metadata server and at the
same time supporting forward secrecy and escrow-prevention. All this requires only a small fraction of
increased computation overhead at the client.
Secure Group Communication in Grid EnvironmentCSCJournals
A Grid is a collection of resources that are available for an application to perform tasks. Grid resources are heterogeneous, geographically distributed and belong to different administrative domains. Hence security is a major concern in a grid system. Authentication, message integrity and confidentiality are the major concerns in grid security. Secure group communication is brought about by effective key distribution to authenticated users of the channels serviced by resources. The proposed approach facilitates reduced computation and efficient group communication. It also ensures efficient rekeying for each communication session. The security protocol has been implemented and tested using Globus middleware.
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
Recently, there are several studies have proposed user authentication frameworks to defend against different types of attacks such as phishing, replay attack, man in the middle attack and denial of service attack, etc. Most of these frameworks consist of three main phases, which are the registration phase, login phase, and authentication phase. Most of them have the changing password process as an additional activity.Many problemshave been noticed in the performance of these frameworks. For example, the registration phase is valunerable to internal attack such as SYN flood attack. In this work, we aim to propose a robust user authentication framework that overcomes the previous framework shortages. The proposed framework provides many security aspects such as remote authentication, mutual authentication, session key establishment,to mention a few. Besides, to ensure the security through all phases of this framework, we add a new phase called a Service Access Authentication Phase (SAAP).This phase is resposable of the internal verification .
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
Cloud computing technology provides various internet-based services. Many cloud computing vendors are offering cloud services through their own service mechanism. These mechanisms consist of various service parameters such as authentication, security, performance, availability, etc. Customer can access these cloud services through web browsers using http protocols. Each protocol has its own way of achieving the request-response services, authentication, confidentiality and etc. Cloud computing is an internet-based technology, which provides Infrastructure, Storage, Platform services on demand through a browser using HTTP protocols. These protocol features can be enhanced using cloud specific protocol, which provides strong authentication, confidentiality, security, integrity, availability and accessibility. We are proposing and presenting the secure cloud transmission protocol (SCTP) engineering phases which sits on top of existing http protocols to provide strong authentication security and confidentiality using multi-models. SCTP has multi-level and multi-dimensional approach to achieve strong authentication and multi-level security technique to achieve secure channel. This protocol can add on to existing http protocols. It can be used in any cloud services. This paper presents proposed Protocol engineering phases such as Service Specification, Synthesis, Analysis, Modelling, and Implementation model with test suites. This paper is represents complete integration of our earlier proposed and published multilevel techniques
Single Sign-on Authentication Model for Cloud Computing using KerberosDeepak Bagga
ABSTRACT
In today’s organizations need for several new resources and storage requirements for terabytes of data is generated every day. Cloud computing provides solution for this in a cost effective and efficient manner. Cloud computing provides on demand resources as services to clients. Cloud is highly scalable and flexible. Although it is benefiting the clients in several ways but as data is stored remotely it has many security loopholes like attacks, data lose, other security and authentication issues. In this paper we are proposing an authentication model for cloud computing based on the Kerberos protocol to provide single sign-on and to prevent against DDOS attacks. This model can benefit by filtering against unauthorized access and to reduce the burden, computation and memory usage of cloud against authentication checks for each client. It acts as a third party between cloud servers and clients to allow secure access to cloud services. In this paper we will see some of the related work for cloud security issues and attacks. Then in next section we will discuss the proposed architecture, its working and sequential process of message transmission. Next we will see how it can prevent against DDOS attacks, some benefits and how it provides single sign-on.
This document summarizes a research paper on M-Pass, a proposed user authentication protocol that aims to prevent password stealing and reuse attacks. M-Pass leverages cell phones and SMS to authenticate users on untrusted devices without requiring them to enter passwords. It involves a registration phase where users register with a website and encrypt a password with their phone number. For login, users provide their username and long-term phone password, and the website generates a one-time password using a secret credential. The protocol aims to eliminate the need to remember multiple passwords by using the phone for authentication across websites. Evaluation shows registration and login times average around 4 and 3.5 minutes respectively. The researchers conclude M-Pass can prevent password stealing and reuse
IRJET- Blockchain based Certificate Issuing and ValidationIRJET Journal
This document proposes a blockchain-based system for issuing, storing, and validating education certificates to prevent certificate forgery. The system would use blockchain technology to store certificate hashes and public key cryptography for authentication. When a company requests a certificate, the system would verify the certificate hash against the blockchain and get signatures from the student and institution to validate the certificate's authenticity before providing it. The system aims to create an efficient, secure mechanism for managing and sharing education credentials.
THE METHOD OF DETECTING ONLINE PASSWORD ATTACKS BASED ON HIGH-LEVEL PROTOCOL ...IJCNCJournal
Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more abundant, the number of transaction systems through the Internet is increasing, and new services systems appear. For example, IoT also uses password-based authentication.
In this context, consolidating password-based authentication mechanisms is critical, but monitoring measures for timely detection of attacks also play an important role in this battle. The password attack detection solutions being used need to be supplemented and improved to meet the new situation. In this
paper we propose a solution that automatically detects online password attacks in a way that is based solely on the network, using unsupervised learning techniques and protected application orientation. Our solution therefore minimizes dependence on the factors encountered by host-based or supervised learning solutions. The certainty of the solution comes from using the results of in-depth analysis of attack
characteristics to build the detection capacity of the mechanism. The solution was implemented experimentally on the real system and gave positive results.
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET Journal
The document discusses using blockchain technology to create a digital certificate system. It provides an overview of blockchain and how it can be used to issue and verify graduation certificates in a secure and decentralized manner. Several examples of digital certificate systems that use blockchain and smart contracts are described to address issues with forgery and validate the authenticity and integrity of certificates.
Similar to STRONG ZERO-KNOWLEDGE AUTHENTICATION BASED ON THE SESSION KEYS (SASK) (20)
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Comparative analysis between traditional aquaponics and reconstructed aquapon...
STRONG ZERO-KNOWLEDGE AUTHENTICATION BASED ON THE SESSION KEYS (SASK)
1. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
DOI : 10.5121/ijnsa.2015.7105 51
STRONG ZERO-KNOWLEDGE AUTHENTICATION
BASED ON THE SESSION KEYS (SASK)
Younes ASIMI1
Abdellah AMGHAR2
Ahmed ASIMI3
and Yassine SADQI4
134
Laboratoire des Systèmes informatiques et Vision (LabSiV),
Equipe de la Sécurité, Cryptologie, Contrôle d’Accès et Modélisation (SCCAM),
Departments of Mathematics and Computer Sciences
2
Laboratoire des Systèmes informatiques et Vision (LabSiV),
Department of Physic
1234
Faculty of Sciences, Ibn Zohr University, B.P 8106, City Dakhla, Agadir, Morocco.
ABSTRACT
In this article, we propose a new symmetric communication system secured, founded upon strong zero
knowledge authentication protocol based on session keys (SASK). The users’ authentication is done in two
steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of
nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a
session key shared between the client and the web server to insure the symmetric encryption by this session
key. This passage allows to strengthen the process of users’ authentication, also, to evolve the process of
update and to supply a secure communication channel. This evolution aims at implementing an
authentication protocol with session keys able to verify the users’ identity, to create a secure
communication channel, and to supply better cyber-defense against the various types of attacks.
KEYWORDS
Strong authentication, virtual password, shared secret session key, secure communication channel, cyber-
defense.
1.INTRODUCTION AND NOTATION
The digital revolution has made enterprises most open and accessible thanks to the services of
cyberspace. This IT technology became more relevant in their sustainable developments. Of
course, speed, availability, accessibility, transparency, full dematerialization and simplicity have
made it omnipresent in our lives. But, the increased security in this virtual space has not assured
yet what always engenders problems of mutual trust, users’ identification, and information
validation. The cyberspace became middles of any transaction on the internet. The social or
individual movements of the users are strongly based on these technologies. The social networks
(Facebook, Gmail, Twitter,…) become important resources of the mobilization and the collective
actions around the world [23]. The evolution, the importance and the diversity of cyberspace have
rendered those omnipresent in our life [23]. Also, the developing of companies is strongly bound
in this digital evolution. But, as the internet is a public space, thus very difficult of to manage
and/or to control and/or to protect against the various possible attacks. The protection of the
users’ privacy against criminal activities is still a challenge which has no borders.
2. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
52
The security of cyberspace is one of the areas which engender more disquietude within the
research laboratories, and the digital enterprises [7], [9], [18], [21], [33], [37], [41], [42], [44].
Certainly, the experts sacrificed more time to certify the objectives of the IT security. With the
appearance of the new vulnerabilities, threats and risks degrading the level of security and
hampering the digital development are bound to the cryptographic hash functions, to the
JavaScript programming language [24], to the existing authentication systems, and also to the
exchange protocol of data on the network HTTPS [26]. At that time, the HTTPS protocol was the
only way to ensure the confidentiality and the integrity [6] of data which transit on the network.
But, thanks to an analytical study made by American researchers [26], the surveillance of the
Web traffics leaves enough information even if the data which transit are encrypted. In this
interest, we introduce a new strong authentication system allowing to remedy these problems.
We focus on the mutual authentication with zero knowledge based on virtual passwords and
shared keys session. The purpose, is to face the problems of exchange of private data, in
particular, the specific authentication settings at any session. The value of this development is to
have a strong authentication system able to respond to user needs related to the memorization,
and to the storage of passwords, also, to produce a cyber-defense can stand and fight against any
kind of cybercriminal.
In all what that follows, we denote by:
IDi : The user’ identifier of Ui.
PWi : A valid original password.
PWVSi : The virtual password per session.
HPWSi : The hashed of PWVSi.
EHPWSi : Encryption hashed password by session key.
RSi : Random salt.
CSRSi : Cryptographically secure random salt.
SOTSi : Safe One Time Salt.
OTSi : One Time Salt.
SKi : Session Key.
CRC : Cyclic redundancy check.
CVL : CRC code of variable lengths.
Ni : A positive random integer. Its binary representation is the generator
polynomial associated with each one-time salt OTSi.
DR : Dynamic rotation.
E : Symmetric cryptographic primitive.
H : One-way hash function.
Tbi, Tsi : Random nonces.
CCi : Challenge of server calculated by the client.
RCSi : Challenge and response of client calculated by the server.
RCi : Client's response to server's challenge.
Xi
new
: Renewal of the parameter X.
: XORing operation.
|| : Concatenation.
== : Comparison.
2.RELATED WORK
The authentication protocols by password have emerged by Bellovin and Merritt [43]. They
proposed firstly a protocol for exchange of encrypted keys (EKE) and then these extensions. This
protocol has been the subject of many improvements and enhancements such as the family of
3. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
53
protocols AuthA [25]. To this effect, Morris and Thompson [38] introduced another alternative to
OTP which is based on the storage of passwords salted, and hashed to decrease the risk of
compromise file [8], [18]. Despite the weak entropy of used passwords and the invention of best
authentication techniques in cyberspace, none has succeeded to replace them a significant way in
the market [10], [18], [37]. Undoubtedly, the alphanumeric passwords are easily attacked by
shoulder-surfing and spyware software and very difficult to memorize [16]. Where from, to meet
of the security recommendations relating to choose the complex passwords that have themselves
the high entropies, ObPwd [27] is another alternative of system allowing to generate strong
passwords enough basing itself on digital objects. The user does not need to memorize a very
complex password. In 2008, and in the interest to introduce an authentication system able to fight
against the theft, phishing, keylogger and shoulder surfing attacks, CPI Lei et al [22] proposed a
virtual passwords system. This virtual system has been modified by Bhavin and Doshi [4] in
order to minimize the processing time by the server. This system is theoretically breakable
because all keys in {0,..., Z-1} are finished [47]. Also, other studies made in it discipline
computing showed that the users remain unable to meet recommendations of the IT security
bound to passwords [7], [12], [13], [34], [41], [42], [44]. More precisely, the problem of
memorization and storage, even at the university level, a survey by Shay et al [36] showed that
users are unable to meet requirements of IT security related to the storage of passwords.
Especially, if we note that the average number of accounts per user exceeds 25 separate accounts
[9], [18].
At the time, to deal with vulnerabilities in the HTTP protocol, integrity and confidentiality of data
exchanged between the client and the Web server have been assured by the HTTPS protocol, in
occurrence, the authentication settings and tracking of states. This protocol uses symmetric and
asymmetric cryptographic methods supplied by the SSL / TLS protocol in order to insure the
users’ privacy on the network. But, with the diversity of types of attacks that adapt with every
situation, this system remains unable to protect the users’ privacy. In particular, if we note that
the passwords generated static to weak entropy are totally breakables. So, according to an
analytical study on this protocol by American researchers, monitoring of web traffics leaves
sufficient information even if the data which transit are encrypted [26]. For ensuring the
correlation between the clients and the web server, this protocol requires the use of cookies. Thus,
to keep the state of clients connected, the given Web server creates a cookie file containing
specific information to each client. It can also be used to ensure users identification by password.
Several studies have been conducted in the discipline to suggest secure cookies. But, in general,
almost all proposals are based on the SSL protocol, hash functions, fixed IP addresses and
encryption / decryption of sensitive data to create secure cookies able to withstand at the different
types of attacks [1], [17], [20], [32], [45], [48]. Of course, at the time, these protocols have
presented the real solutions of security able to resist against various attacks. But, with the
vulnerabilities discovered notably in the protocol SSL, and hash functions, and as, if we note that
the generated passwords are static, these protocols are unable to struggle against different attacks.
In order to solve these problems, other improvements have been proposed to fight against the
dictionary, man-in-the-middle, phishing, and replay attacks [3], [5], [30], [31], [39], [40]. These
protocols regenerate the different virtual passwords for each open session. But they do not arrive
to push aside the vulnerabilities of the protocol SSL, and of the hash functions. And, they do not
insure the cryptographic quality of the regenerated passwords, also the integrity of authentication
settings.
Recently, the authentication mechanisms have been proposed to replace password-based
authentication schemes [2], [11], [15], [28]. The goal for them is to protect users' privacy by
using asymmetric digital signatures. The first problem of them, they are founded on SSL/STL
protocol to provide a secure communication channel between the client and the server. It allows
the users to authenticate to the server via a public key certificate and its associated private key. In
4. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
54
2011, Microsoft has proposed its authentication schemes called CardSpace, but, it is abandoned
this project in same year [11], [29]. In 2012, Mozilla has deployed its authentication schemes
called Persona [28] on its own web applications. It aims to provide a secure identification
mechanism in different web applications without the centralized authentication services. It uses
the e-mail addresses to identify their owners without need to create a new password. It improves
usability and deployability of users’ authentication [19]. But, the big problem of this
authentication mechanism is the compromised file attack [2]. Hence, if an attacker arrives to
compromise the user' identity in a given account, then, all other accounts that are founded on this
identity provider account are compromised. Also, it is vulnerable to phishing attack. The aim in
this article, is to innovate a strong authentication system can withstand the loss of information
exchanged between the client and the web server, also, not fragile than the open session. Our
object is to have an alternative scheme of SSL protocol that provides the users’ privacy on the
web applications. Indeed, for the same user, the virtual passwords regenerated are different for
each session. So, integrity of authentication parameters is provided by the integration of a
mechanism for errors detection of variable lengths. The cryptographic quality of the virtual
passwords gets thanks to the nature pseudo-random, dynamic and unpredictable of salts
regenerated in any open session. Hence, we would have the increase confidence of the connected
users.
3.SAVP PROTOCOL
Today the importance of IT security related to passwords is not only to occupy the users to
choose fairly strong passwords. Yet, to innovate systems able to hinder and resist against different
types of attacks. Of course, this challenge is very difficult to attain 100%, especially, in a public
environment such as the network. Because, in this IT discipline, the privacy of users is an inter-
linked chain requires a fairly high level of protection. Really, the evolution of new technologies
able to ensure the digital communication, the storage of personal data, and to associate and
organize different datasets, has seduced and increased the use of internet in global level. In
parallel, the innovation of attack protocols, as another evolution which affects at the bottom of
personal privacy on the Internet, is able to monitor, disclose and usurp the privacy of every
person on the Internet.
The cryptographic protocols based on the passwords have known very important evolutions. The
innovation in this authentication technique comes from their ability to meet the security needs of
users. Thereby, to create a secure communication channel, the user must memorize a lightweight
password without needing a complex infrastructure such as PKI. But, according to all the studies
made on the difficulties and the habits followed by users during the choice and storage passwords
[7], [33], [37], [41], [42], [44]. It is very difficult to build on the man as being a security key,
especially, in a highly sensitive environment. For this reason, we proposed an authentication
protocol based on the virtual passwords which are composed of following processes (for all detail
see [46], [47]):
Random Generator of a Safe Cryptographic Salt: The importance of integration of this
regenerator in our authentication system aims to ensure the robustness, the complexity,
and the cryptographic quality of the virtual passwords regenerated in any open session,
also, integrity of authentication settings.
1) Code of errors detection of variable lengths (CVL): The importance of integration of this
mechanism is to have an authentication system able to withstand against any leakage of
information. It ensures salts safe integrity exchanged between the client and the web
5. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
55
server. It has a very special property that it adapts with any generator polynomial. It is as
follows:
In registration phase:
i. It calculates a generator polynomial specific to any regenerated random salt.
ii. It calculates the CRC of this random salt.
iii. It stores the secure random salt as being the concatenation of random salt and its
CRC.
In identification phase:
i. It checks random salt safe integrity.
ii. It deduces the random salt.
2) Dynamic rotation algorithm of binary strings (DR): In order to properly to ensure on the
cryptographic nature of virtual passwords regenerated comes the interest to introduce this
algorithm in our system. It aims to ensure the unpredictability, and untraceability of
original passwords completely breakable for minimal disruption:
It generates a binary sequence from the concatenation of the original password and
a random salt.
It calculates the position of the dynamic rotation that is the sum of all bits of this
binary sequence generated.
It directs the dynamic rotation by the parity of this calculated position.
3) Extension Crypto-Services: It supplies, in both sides, the following features:
The hash functions.
The symmetric cryptographic primitives.
The dynamic rotation of binary strings.
The CRC code of variable lengths.
Regeneration random salts RSi specific to each user Ui.
4) Database: Each user Ui is characterized by four authentication parameters:
Unique identifier (IDi).
Final password (HPWi).
Regenerator of random salts (CSRSi).
A positive integer (Ni) that corresponds to the sum of all bits of a primitive signal
RSi.
The analytical results [47] have showed the unpredictable cryptographic nature of the virtual
passwords regenerated for the minimal conditions of the IT security. Likewise, in this
proposition, the robustness of the regenerated virtual passwords is strongly bound to the
cryptographic quality of unpredictable salts specific to each user and also for their behaviour. But,
as the offenses in the virtual spaces have several sources which are very difficult to manage or to
control, the importance of this article, is to propose a more robust authentication system which
not fragile than the session opened. Also, to create a communication secured channel offering a
better protection against the different types of attacks.
6. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
56
4.OUR PROPOSAL
The authentication mechanisms based on the identity of users present efficient solutions to
reassure the access to IT systems and to services. We interest of the cryptographic protocols
based on the session keys which melted themselves on the virtual passwords. This alternative
aims to bring solutions to the problems of the exchange protocols of session keys melted on the
protocol SSL or Diffie-Hellman. Of course, the robustness of the authentication systems based on
passwords is strongly expressed in terms of the length, the range, the random nature, and the
unpredictability of these primitive signals. Furthermore, it is bound to the behaviour of the users
which has a very important impact on the cryptographic quality of their virtual passwords
regenerated. It is impossible to control it, but can be evolved by the sensitization. In our proposal,
the goal is to strengthen the strong authentication of the users by session keys. At this fine, we
must to insure firstly on the robustness and the resistance of the virtual passwords at the multiple
types of attacks notably the phishing, dictionary, brute force, and man in the middle attacks, and
also at the problems of theft of the private data [3], [5], [30], [31], [39], [40]. Our system should
be able to minimize the number of the passwords memorized by the users. To reach our goals, we
integrated cryptographic mechanisms sophisticated to guarantee the purpose of our system. It
builds on one-time salts OTSi regenerated by a random generator of a safe cryptographic salt per
session [46], the dynamic rotation algorithm that deforms totally a binary string by a minimal
perturbation [47], the mechanism of errors detection of variable lengths which guarantees the
integrity of random salts exchanged between the client and the Web server [46], the one-way hash
functions, the primitive symmetric cryptographies [6], the nonces to assure the mutual
authentication, and also the dynamic and transparent update of authentication settings stored in
the database during the connection phase. These improvements aim to check the user's identity
and to prove the validity, and security settings which are going to calculate the session keys. The
gain, is to create secure communication channels symmetrical between the clients Ui and the
server thanks to recalculated session keys. The importance is to have an authentication system
able to ensure the cryptographic quality of the session keys regenerated. Furthermore, it ensures
the update of the original authentication parameters in the renewal phase.
Definition: We refer to [46], a salt is a safe one time (SOTS) if it’s specific for each user session,
regenerated by a pseudo-random and unfalsifiable regenerator.
Our system of strong zero-knowledge authentication based on the session keys (SASK) consists
of three phases: the registration phase, the identification and authentication phase, and the
renewal phase.
4.1.Registration phase
To enroll in the Web server, each user Ui is characterized by its identity IDi, and its valid
password PWi. In order to give a unique representation, the Web server should verify its
existence. These authentication parameters are very sensitive requiring a rather high level of
confidentiality and integrity. Hence, we use the dynamic rotation algorithm of the binary strings
(DR), and the mechanism of errors detection of variable lengths CVL [47].
7. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
57
Figure 1: Registration phase
This registration phase generates for each user Ui, theirs own authentication parameters. Its
security proof relies on the cryptography quality of random salts associated to the original
passwords, the dynamic rotation algorithm of the binary strings, and integrity of exchanged data
obtained by the use of a mechanism for errors detection of variable lengths (CVL). It carries out
as follows:
The user Ui must have a valid password PWi, and the only identifier IDi. The browser sends
the identifier IDi entered by the user Ui to the server.
The server checks the existence of the user Ui.
If it exists, the server sends back a message of exception informing Ui to choose another
identifier.
Otherwise:
i. It generates a one-time salt OTSi.
ii. It calculates a number Ni and SOTSi, and sends them to the browser.
The browser:
Calculates of OTSi =CVL(SOTSi, Ni).
Exercises the Dynamic Rotation (DR) on the concatenation of an original password and a
random salt: PWVSi=DR(PWi|| OTSi).
Calculates the final password by hashing of the virtual password with an one-way hash
function H: HPWSi =H(PWVSi).
Sends the final password HPWSi to server.
The server saves the parameters of authentication associated to the user Ui: IDi, HPWSi,
SOTSi, Ni.
4.2.Authentication phase
The authentication process consists of four sub-processes which combine to make sure on the
identity of users, the creating and the sharing of session keys, the users’ authenticity, and the
dynamic update of authentication parameters own for any opened session. Equally, we have
watched over the random nature of the virtual passwords regenerated. This evolution has two
advantages: the robustness of the virtual passwords against different types of attacks, and the
confidentiality and integrity of data exchanged through encryption by password in the
identification sub-processes. Furthermore, to innovate an interchange protocol of keys based
secure passwords able to regenerate the session keys random, unpredictable, and independent
from any past sessions.
8. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
58
In this phase, we have to make sure on:
The users’ identity.
The regeneration of one-time salts OTSi.
The integrity and the confidentiality of exchanged original password, one-time salts and
nonces.
The validity of the recalculated virtual passwords.
The mutual authentication.
The creation and the sharing of the session keys.
The automatic updates of the authentication parameters by session.
Figure2 : Authentication phase
This process is done as follows:
The browser:
Sends the identifier IDi of a user Ui to the server.
Generates a nonce Tbi.
The server checks the existence of the user:
If it exists, it sends its safe one-time salt SOTSi and Ni number to the browser and
generates a nonce Tsi.
Otherwise, it returns an error message.
The browser:
9. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
59
Checks the integrity of SOTSi by calculating OTSi =CVL(SOTSi, Ni).
Calculates the virtual password of a user Ui by Dynamic Rotation applied to the
concatenation of its original password valid PWi and its one-time salt OTSi:
PWVSi=DR(PWi|| OTSi).
Calculates the final password of the user Ui by hashing of the virtual password PWVSi:
HPWSi=H(PWVSi).
Encrypts the nonce Tbi by using the final password HPWSi: CCi=EHPWSi(Tbi).
Sends CCi, as an authentication challenge, to the server.
The server:
Encrypts the message received: Tbi =EHPWSi(CCi).
Calculates: RCSi =EHPWSi(Tbi Tsi).
Sends RCSi, as an authentication challenge, to the browser.
The browser:
Encrypts the message received: Tbi Tsi = EHPWi(RCSi).
Calculates: Tsi = Tbi Tbi Tsi.
Calculates the session key SKi as being the hashed of the concatenation of the final
password HPWSi, random salt SOTSi, the identifier user IDi and the nonce Tsi :
SKi=H(HPWSi||SOTSi||IDi||Tsi).
Encrypts the nonce Tsi by using the session key SKi: RCi = ESKi(Tsi).
Sends RCi, as a response to the authentication challenge, to the server.
The server:
Calculates the session key SKi as being the hashed of the concatenation of the final
password HPWSi, random salt SOTSi, the identifier user IDi and the nonce Tsi :
SKi=H(HPWSi||SOTSi||IDi||Tsi).
Encrypts the message received: Tsi’ = ESKi (RCi).
Compares the nonce received Tsi’ with one who sent Tsi: Tsi’==Tsi.
i. If the comparison is successful, therefore, mutual authentication is assured between the
browser and the server.
ii. Successful Connection.
The browser:
Encrypts the XORing result of the original password PWi and nonce Tsi by the session key
SKi: EPWi=Eski(PWi Tsi).
Sends EPWi to the server.
The server:
Generates a new one-time salt OTSi
new
.
Calculates a new number Ni
new
and a new safe one-time salt SOTSi
new
.
Calculates the new virtual password of the following session of a user Ui:
i. The Dynamic Rotation: PWVSi
new
=DR(Tsi Eski(EPWi)|| OTSi
new
).
ii. The hashing of the virtual password: HPWSi
new
=H(PWVSi
new
).
Updates of the authentication settings: HPWSi
new
, SOTSi
new
and Ni
new
.
10. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
60
Therefore, the mutual authentication is insured and the symmetric secure communication channel
created between the client and the Web server.
4.3.Renewal phase
This interesting phase is more recommended especially for newly registered users. Here, each
legitimate user should choose a new password PWi
new
also retypes the old password PWi. In this
phase, the user should be authenticated in the previous phase, and the session key created. The
goal, is to open a secure communication channel allowing the renewal of all the authentication
settings in a more secure environment than the registration phase.
Figure 3: Renewal phase
This process accomplishes as follows:
The browser sends the identifier IDi of a user Ui to the server.
The server checks the existence of the user:
If it exists:
i. Generates a new one-time salt OTSi
new
, and calculates a new number Ni
new
.
ii. Encrypts the new one-time salt OTSi
new
genrated by the session key SKi of user Ui:
CSi
new
=ESKi (OTSi
new
).
iii. Sends: CSi
new
, SOTSi and Ni to the browser.
Otherwise, it returns its an error message.
The browser:
Checks the integrity of SOTSi by the calculation of OTSi =CVL(SOTSi, Ni).
Calculates:
i. The virtual password of a user Ui by the Dynamic Rotation exercised on the
concatenation of its original password valid PWi and its one-time salt OTSi:
PWVSi=DR(PWi|| OTSi).
ii. The final password of the user Ui by hashing of the virtual password: HPWSi=H(PWVS
i).
11. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
61
iii. The encryption of the final password calculated with the session key:
EHPWSi=ESKj(HPWSi).
iv. The encryption of the message received CSi
new
by the session key in order to have the
new one-time salt regenerated for the user Ui: OTSi
new
=ESKi(CSi
new
).
v. The new virtual password of a user Ui by the dynamic rotation (DR) exerted on the
concatenation of its new original password valid PWi
new
and new one-time salt
PWVSi
new
=DR(PWi
new
|| RSi
new
).
vi. The new final password of the user Ui by hashing of the new virtual password:
HPWSi
new
=H(PWVSi
new
).
vii. The encryption of the new password calculated with the session key:
EHPWSi
new
=ESKi(HPWSi
new
).
Sends EHPWSi as an authentication challenge, and a new final password valid EHPWSi
new
to the server.
The server:
Encrypts the message received EHPWSi in order to have the old final password calculated
by the browser: HPWSi =ESKi(EHPWSi).
Compares the old password final HPWSi calculated by the browser with one that have
stored in the database HPWSi: HPWSi == HPWSi
.
i. If the comparison is successful, then the user is legitimate, otherwise, the update will
be blocked by the server.
ii. Encrypts the received message EHPWSi
new
in order to have the new final password
calculated by the browser: HPWSi
new
=ESKi(EHPWSi
new
).
iii. Updates of the authentication settings: HPWSi
new
, SOTSi
new
et Ni
new
.
5.SECURITY ANALYSIS
In this section, we estimate the importance of this improvement the level of safety of our protocol
proposed against attacks. Obviously, the attackers follow all possible avenues to reach these
goals. In general, in any IT discipline, they are based themselves on traceability, the weaknesses
of the protocols, and the theft of private data. In addition, the software malware and data theft are
very complex, sophisticated, very difficult to monitor in a real-time by antivirus or software of
anti-espionages or Firewalls or the intrusions detection/protection systems. Whence, all online
transactions should be carried out in a secure communication channel. To this effect, comes the
importance to introduce our strong authentication system which bases itself on virtual passwords
and keys of session to establish a secure communication channels without protocol SSL.
5.1 Defends against theft of data
This attack touches all cyberspace environments. The flight of sensitive data can be in the server,
over the network or else client side. Obviously, this latter space is strongly bound to the
consciences of users by the importance of safety on the survival of these accounts. The passwords
stored in a Web server or which transit on the network are virtual. Also, to break the correlation
between the passwords regenerated during all session, we have strengthened our system by a
random generator of a safe cryptographic salt (OTS), the dynamic rotation algorithm of the binary
strings (DR) which gives unpredictable results for minimal disturbances and an one-way hash
function (e.g HPWSi=H(DR(PWi||OTSi))). Likewise, our system is enhanced by the regeneration
of session keys whose interest evolving user authentication using passwords and create a secure
communication channel. They have a random, unpredictable, and dynamics characteristic which
12. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
62
are more difficult to guess: SKi=H(HPWSi||SOTSi||IDi||Tsi). We have watched over their
cryptography quality to avoid the problems of espionages and theft of sensitive data breakable. In
our system, the untraceability of the private parameters is assured, also, the renewal of the
original passwords is carried out in secure channels that protect the confidentiality and the
integrity of exchanged data (e.g CVL(SOTSi,Ni), EHPWSi(Tbi), EHPWSi(Tbi Tsi), ESKi(Tsi), CSi
new
=ESKi(OTSi
new
) and ESKi(PWi Tsi)) without using the SSL protocol. Moreover, the parameters
used in this session will never be reused in order to have a system that does not fragile the next
session. Hence, the robustness of our protocol is assured against flight of private data such as
passwords, nonces, and session keys.
5.2 Defends against phishing attacks
We refer to [16], [34], this attack is a technique of computer hacker who uses social engineering,
and pharming to usurp the users’ identity. It is very sophisticated, more dangerous, efficient, and
target on the big companies across the world (Banking and shopping sites). It requires a strategy
of global security. In this interest, comes the importance of our contribution which presents one
cyber-defense able to resist against this attack. Our authentication system inspires its robustness
of the unpredictable, dynamic and random nature of these authentication parameters notably the
virtual passwords, and the shared session keys. It also insures untraceability of any original
information exchanged between the client and the Web server. Furthermore, the users’
identification process is not based only on the regeneration of the virtual passwords during the
whole session (e.g EHPWSi(Tbi), EHPWSi(CCi), EHPWSi(Tbi Tsi) and EHPWSi(RCSi)), but, it is evolved
by a second authentication factor: it is the users’ identification by session keys (e.g ESKi(EPWi),
ESKi(Tsi) and ESKi(RCi)). In order to attack our system, the fraudulent server should have all
users’ identification parameters {IDi, HPWSi, SOTSi, Ni}. That is impossible due to the dynamic
nature of our system. Equally, the first message exchange between the client and the Web server
only allows checking the existence of a given user. For more confidentiality, we never transmitted
the passwords when identification neither in clear nor encrypted. But, we use them as keys of
symmetric encryption to assure the confidentiality, and the integrity of private data exchanged in
the users’ identification (e.g EHPWSi(Tbi), EHPWSi(CCi) and EHPWSi(RCSi)). Similarly, during
updating settings, the sending of original passwords not done that after the opening of the secure
connection, but, we encrypt the XORing result of original password and nonce created by the
Web server: ESKi(PWi Tsi). The interest, is to benefit from the cryptographic quality of
encryption by the session key regenerated to guarantee the more confidentiality of the exchanged
passwords, and also to evolve the level of user’s identification. Therefore, our system is secure
against phishing attack.
5.3 Defends against the dictionary attack
This attack founds primarily on user behaviour that is unable to store complex passwords of
strong entropies. It is very effective in case of authentication protocols using the classic
passwords. For this reason, in our system, the virtual passwords inspire their robustness of the
unpredictable salts appropriate to any sessions, of the dynamic rotation, and of the one-way hash
function (e.g PWVSi=DR(PWi||OTSi), HPWSi=H(PWVSi)). The goal is not just to have one-time
passwords, but we have watched over the complexity and unpredictability of the virtual
passwords regenerated. So, our system is effectively protected against this attack.
5.4 Defends against brute force attack
If unsuccessful dictionary attack, the attacker can exercise brute force attack in order to get the
original password. The attacker would have to test exhaustively all possible combinations of
13. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
63
passwords. Of course, this process is valid in the case of authentication protocols by the classic
passwords. By contrast, in our proposal, the attacker should guess correctly two parameters (e.g
PWi and OTSi) in a real polynomial time from a final virtual password HPWSi. But, thanks to the
dynamic rotation algorithm which breeze any correlation between binary strings obtained by the
minimal disturbances, and the nature of one-time salts. Besides, after any connection success, we
apply a dynamic updating to the authentication settings. Our proposed protocol is secured against
the brute forces attacks.
5.5 Defends against Man in the Middle attack
This technique of hacker requires an approach more sophistic than the other attacks. It builds on
the social engineering and the mechanisms of classic mutual authentication to falsify
communication channels between the clients and the Web server. The attacker should be able of
push the legitimate client to visit a fake Web site and to intercept their encrypted data exchanged.
For more complexity against this attack, we combined two approaches of authentication namely:
the virtual passwords and the session keys. As a result, an attacker could intercept any
identification messages and replay them in real time. That is impossible due to their
cryptographic nature. Even, if an attack arrives to find the final password and the key of this
shared session, this information will not have any influence on the safety of the next session.
Because, in our proposal, the authentication parameters are be regenerated of a dynamic and
unpredictable manner. Hence, the resistance of our protocol is insured against this attack.
5.6 Defends against SQL injection
This technique of attack allows an attacker to impersonate a legitimate user without having the
original password. It is very effective in standard architectures that base on a positive response to
a given request. To react in front of this attack, it is recommended to filter any information seized
by the user to avoid the execution of the requests unplanned by the application. Thus, in our
proposal, the first request only allows to check the existence of the users Ui and to retrieve these
specific random salts. More critically, the communicate entities should be able to regenerate these
authentication parameters, and to respond of the mutual authentication challenges in the reel time.
The attack complexity relies upon the impossible to regenerate neither the virtual password
HPWSi=H(DR(PWi||RSi)) nor the session key SKi=H(HPWSi||SOTSi||IDi||Tsi) without having the
original password PWi. Indeed, these authentication parameters are used to guarantee the
confidentiality of mutual authentication challenges. The interest, is to have a very difficult
identification processes for illegitimate user. Consequently, our proposal resists against this
attack.
6.CONCLUSION
The evolving nature and the complexity of the threats of the cybercrime represent real stakes for
the cyber-security requiring cyber-defenses sophisticated. The strategy of the world security
should be collaborative and global protecting any environment of the information systems. Where
from, the solutions of the computer security proposed should aim jointly on the limits and the
constraints of the users, and the evolutions of the attacks systems. More critical, the
consciousness and the behaviour of the users have very remarkable influences on the survival of
their accounts. But, it is impossible to see them as a key of safety at the level university. Our
contribution comes in the optics to insure and to create symmetric secure communication channel
between the clients and the Web server. The interest, is to have a dynamic identification system
which combines three approaches. The first one insures the regeneration of the virtual passwords,
14. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
64
and the confidentiality and the integrity of the nonces of mutual authentication exchanged. The
second calculates the secret session key shared between the client and the web server. The aim is
to have secure communication channels resist to loss of information. The last one serves to ensure
the dynamic and transparent update of authentication settings in a secure environment. This
protocol aims to adopt an authentication system meets the requirements of the security of
computer systems and to protect the users’ privacy. In order to react to the different types of
attacks, in our proposal, user’ identification is carried out in two communication distinct sub-
channels. One of them founded on the virtual passwords, and the other one on the shared session
keys. It requires each user (legitimate or attacker) to have a valid original password in order to
authenticate to a web server. It ensures the independence, the portability and the unpredictability
of authentication parameters. It is practical, efficient, and secured against different kinds of
attacks notably the attack by phishing, dictionary, brute force, man in the middle, SQL injection,
and also to the problem of theft of private data.
REFERENCES
[1] A.X. Liu, J. M. Kovacs, C. T. Huang, and M. G.Gouda, “A secure cookie protocol,” Proceedings of
14th IEEE International Conference on Computer Communications and Networks, pp. 333-338, Oct.
2005.
[2] Alexei Czeskis , Michael Dietz , Tadayoshi Kohno , Dan Wallach , Dirk Balfanz, “Strengthening user
authentication through opportunistic cryptographic identity assertions”, Proceedings of the 2012
ACM conference on Computer and communications security, Oct, 16-18, 2012, Raleigh, North
Carolina, USA .
[3] A. Herzberg and A. Gbara, “Security and Identification Indicators for Browsers against Spoofing and
Phishing Attacks,” Cryptology ePrint Archive, Report 2004/155, 2004.
http://eprint.iacr.org/2004/155.
[4] Bhavin Tanti ,Nishant Doshi. A secure email login system using virtual password.
[5] Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John C Mitchell. “Stronger Password
Authentication Using Browser Extensions”. Supported by NSF through the PORTIA project. 2005.
[6] B. Schnier, “Applied Cryptography”, Second Edition, 1996.
[7] danah boyd. “answers to questions from Twitter on teen practices”. apophenia, April 2009.
[8] David C. Feldmeier and Philip R. Karn. “UNIX Password Security - Ten Years Later”. In
CRYPTO’89: Proceedings of the 9th Annual International Cryptology Conference on Advances in
Cryptology, pages 44–63, London, UK, 1990. Springer-Verlag.
[9] Dinei Florêncio and Cormac Herley. “A large-scale study of web password habits”. In WWW ’07:
Proceedings of the 16th international conference on World Wide Web, pages 657–666, New York,
NY, USA, 2007. ACM.
[10] Dirk Weirich and Martina Angela Sasse. “Pretty good persuasion: a first step towards effective
password security in the real world”. In NSPW ’01: Proceedings of the 2001 workshop on New
security paradigms, pages 137–143, New York, NY, USA, 2001. ACM.
[11] D. Chappell, “Introducing Windows CardSpace”, April 2006.
http://msdn.microsoft.com/library/default.asp , last visited 08 January 2007.
[12] E. Jung. Passwordmaker. http://passwordmaker.mozdev.org.
[13] Gilbert Notoatmodjo and Clark Thomborson. “Passwords and Perceptions”. In Ljiljana Brankovic and
Willy Susilo, editors, Seventh Australasian Information Security Conference (AISC 2009), volume 98
of CRPIT, pages 71–78, Wellington, New Zealand, 2009. ACS.
[14] Greg Aaron, (L’APWG (anti-phishing working group), http://www. antiphishing. Org.), “Phishing
Activity Trends Report, 1ST Quarter”,
http://docs.apwg.org/reports/apwg_trends_report_q1_2013.pdf, Published July 23, 2013.
[15] IETF, “RFC 5246The Transport Layer Security (TLS) protocol version 1.2”, August 2008. url
http://www. ietf. org/rfc/rfc5246. txt
[16] J. A. Halderman, B.Waters, and E. Felten. “A convenient method for securely managing passwords”.
To appear in Proceedings of the 14th International World Wide Web Conference (WWW 2005),
2005.
15. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
65
[17] J. S. Park and R. Sandhu, “Secure cookies on the Web,” IEEE Internet Computing, vol. 4, no. 4,
pp.36-44, Aug. 2000.
[18] Joseph Bonneau and Sören Preibusch. “The password thicket: technical and market failures in human
authentication on the web”, The Ninth Workshop on the Economics of Information Security, WEIS
2010.
[19] J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano, “The quest to replace passwords: A
framework for comparative evaluation of web authentication schemes,” 2012.
[20] K. Fu, E. Sit, K. Smith, and N. Feamster, “Dos, and Don’ts of client authentication on the web,”
Proceedings of 10th USENIX Security Symposium, pp. 1-16,Aug. 2001.
[21] L. Lamport, “Password authentication with insecure communication,” Commun. ACM, vol. 24, no.
11, pp. 770–772, 1981.
[22] M. Lei, Y. Xiao, S. V. Vrbsky, C.-C. Li, and L. Liu, “A virtual password scheme to protect
passwords,” in Proceedings of IEEE International Conference on Communications (ICC’2008).IEEE,
2008, pp. 1536–1540.
[23] M. Milton Joe, Dr. B. Ramakrishnan and Dr. R.S. Shaji ,“Prevention of Losing User Account by
Enhancing Security Module: A Facebook Case”, journal of emerging technologies in web
intelligence, vol. 5, no. 3, august 2013.
[24] Matasano, “Javascript Cryptography Considered Harmful,” 2011.
http://www.matasano.com/articles/javascript-cryptography/.
[25] Mihir Bellare et Phillip Rogaway. “The AuthA Protocol for Password-based Authenticated Key
Exchange”. Contributions to IEEE P1363, mars 2000.
[26] Miller, Brad and Huang, Ling and Joseph, AD and Tygar, JD, “I Know Why You Went to the Clinic:
Risks and Realization of HTTPS Traffic Analysis“, arXiv preprint arXiv:1403.0297, 3 Mar 2014.
[27] Mohammad Mannan and P.C. van Oorschot. Carleton University, Canada. “Digital Objects as
Passwords”.Version: July 14, 2008.
[28] Mozilla, “mozilla personal an identity system for the web -- mozilla.org”, 2011,
http://mozilla.org/en-US/persona.
[29] M. Dietz, Czeskis, A., Balfanz, D., & Wallach, D. S. (2012, August). “Origin-Bound Certificates: A
Fresh Approach to Strong Client Authentication for the Web”. In USENIX Security Symposium (pp.
317-331).
[30] N. Chou, R. Ledesma, Y. Teraguchi, and J. Mitchell. “Client-side defense against web-based identity
theft”. In Proceedings of Network and Distributed Systems Security (NDSS), 2004.
[31] Netcraft. “Anti-Phishing Toolbar”.
http://news.netcraft.com/archives/2004/12/28/netcraft_antiphishing_tool%
bar_available_for_download.html.
[32] P. Wang, Y. Kim, V. Kher, and T. Kwon, “Strengthening password based authentication protocols
against online dictionary attacks,” Proceed-ings of ACNS’2005, LNCS 3531, pp. 17-32,
SpringerVerlag, May 2005.
[33] Paul Dourish, E. Grinter, Jessica Delgado de la Flor, and Melissa Joseph. Security in the Wild: User
Strategies for Managing Security as an Everyday, Practical Problem. Personal Ubiquitous Comput.,
8(6):391–401, 2004.
[34] “Proofpoint Targeted Attack Protection”, www.proofpoint.com/tap.
[35] Richard M. Conlan and Peter Tarasewich. “Improving interface designs to help users choose better
passwords”. In CHI ’06: CHI ’06 extended abstracts on Human factors in computing systems, pages
652–657, New York, NY, USA, 2006. ACM.
[36] Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek,
Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. “Encountering Stronger Password
Requirements: User Attitudes and Behaviors”. In SOUPS ’10: Proceedings of the Sixth Symposium
on Usable privacy and Security. ACM, 2010.
[37] Robert Morris and Ken Thompson. “Password security: a case history”. Commun. ACM, 22(11):594–
597, 1979.
[38] S. Goldwasser, S. Micali, and C. Racko_. “The knowledge complexity of interactive proof-systems”.
In STOC '85: Proceedings of the seventeenth annual ACM symposium on Theory of computing,
pages 291{304, New York, NY, USA, 1985. ACM Press.
[39] S. K. Sood, A. K. Sarje, and K. Singh, “Dynamic identity based single password anti-phishing
protocol,” Security and Communication Networks, Accepted, Oct. 2009.
16. International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.1, January 2015
66
[40] Sandeep Kumar Sood, Anil K. Sarje, and Kuldip Singh, “Inverse Cookie-based Virtual Password
Authentication Protocol”, International Journal of Network Security, Vol.13, No.2, PP.98–108, Sept.
2011 98.
[41] Shannon Riley. “Password Security: What Users Know and What They Actually Do”. Usability
News, 8(1), 2006.
[42] Shirley Gaw and Edward W. Felten. “Password Management Strategies for Online Accounts”. In
SOUPS ’06: Proceedings of the Second Symposium on Usable Privacy and Security, pages 44–55,
New York, NY, USA, 2006. ACM.
[43] Steven M. Bellovin and Michael Merritt. “Encrypted Key Exchange: Password-Based Protocols
SecureAgainst Dictionary Attacks”. In SP ’92: Proceedings of the 1992 IEEE Symposium on Security
and Privacy, page 72, Washington, DC, USA, 1992. IEEE Computer Society.
[44] Supriya Singh, Anuja Cabraal, Catherine Demosthenous, Gunela Astbrink, and Michele Furlong.
“Password Sharing: Implications for Security Design Based on Social Practice”. In CHI ’07:
Proceedings of the SIGCHI conference on Human factors in computing systems, pages 895–904, New
York, NY, USA, 2007. ACM.
[45] V. Goyal, V. Kumar, M. Singh, A. Abraham, and S. Sanyal, “A new protocol to counter online
dictionary attacks,” Computers & Security, vol. 25, no. 2, pp.114-120, Mar. 2006.
[46] Younes ASIMI, Abdellah AMGHAR, Ahmed ASIMI and Yassine SADQI: “New Random Generator
of a Safe Cryptographic Salt per session (RGSCS)” , International Journal of Network Security,IJNS-
2013-11-14-2, (Submitted ).
[47] Younes ASIMI, Abdellah AMGHAR, Ahmed ASIMI and Yassine SADQI: “Strong zero-knowledge
Authentication based on the Virtual Passwords (SAVP)”, International Journal of Network Security,
Accepted, November. 2014.
[48] Y. Wu, H. Yao, and F. Bao, “Minimizing SSO effort in verifying SSL anti-phishing indicators,”
Proceedings of 23rd International Information Security Conference, vol. 278, pp. 47-61, Sep. 2008.
Authors
ASIMI Younes Received his Master's degree in Computer Science and Distributed Systems
in 2012 from Departments of Mathematics and Computer Science, Faculty of Science,
University Ibn Zohr, Agadir, Morocco. He is currently pursuing Ph.D in Departments of
Mathematics and Computer Sciences, Information Systems and Vision Laboratory, Morocco.
His research interests include Authentication Protocols, Computer and Network Security and
Cryptography.
Abdallah AMGHAR is a Professor in the Physics Department, Faculty of Science,
University Ibn Zohr, Morocco. He received his DEA and DES degree in 1994 from
Department of Physics, Faculty of Science, University Hassan II , Morocco. In January
2002, he has Ph.D degree in microelectronic from Department of Physics, Faculty of
Science, University Ibn Zohr, Morocco. His areas of research interests include
Cryptography, DNT, embedded systems and microelectronic.
ASIMI Ahmed received his PhD degree in Number theory from the University Mohammed
V – Agdal in 2001. He is reviewer at the International Journal of Network Security (IJNS).
His research interest includes Number theory, Code theory, and Computer Cryptology and
Security. He is a full professor at the Faculty of Science at Agadir since 2008.
SADQI Yassine received his Master’s degree in the field of Computer Science and
Distributed Systems at Ibn Zoher University in 2012. He is currently a Ph.D. candidate of
the Ibn Zoher University, Agadir, Morocco. His main field of research interest is Web
Applications Security, Computer Security and Cryptography.