Wyniki wyszukiwania - BazTech

1

Cancelable template generation based on quantization concepts

Nassar Rana M., Khalaf Ashraf A. M., El-Banby Ghada M., El-Samie Fathi E. Abd, Hussein Aziza I., El-Shafai Walid

Opto-Electronics Review

|

2023

|

Vol. 31, No. 3

art. no. e145940

EN

The idea of cancelable biometrics is widely used nowadays for user authentication. It is based on encrypted or intentionally-distorted templates. These templates can be used for user verification, while keeping the original user biometrics safe. Multiple biometric traits can be used to enhance the security level. These traits can be merged together for cancelable template generation. In this paper, a new system for cancelable template generation is presented depending on discrete cosine transform (DCT) merging and joint photographic experts group (JPEG) compression concepts. The DCT has an energy compaction property. The low-frequency quartile in the DCT domain maintains most of the image energy. Hence, the first quartile from each of the four biometrics for the same user is kept and other quartiles are removed. All kept coefficients from the four biometric images are concatenated to formulate a single template. The JPEG compression of this single template with a high compression ratio induces some intended distortion in the template. Hence, it can be used as a cancelable template for the user acquired from his four biometric traits. It can be changed according to the arrangement of biometric quartiles and the compression ratio used. The proposed system has been tested through merging of face, palmprint, iris, and fingerprint images. It achieves a high user verification accuracy of up to 100%. It is also robust in the presence of noise.

2

Hardware Implementation of an Enhanced Security- and Authentication-Related Automotive CAN Bus Prototype

Zniti Asmae, Ouazzani Nabih

International Journal of Electronics and Telecommunications

|

2023

|

Vol. 69, No. 1

83--88

EN

In this paper a new security technique aiming to ensure safe and reliable communications between different nodes on an automotive Controller Area Network (CAN) is presented. The proposed method relies on a robust authentication code using Blake-3 as a hash algorithm within an adapted structure that includes a monitor node. A prototype is implemented and run effectively to perform hardware simulations of real case-based security problems of automotive embedded CAN systems. As a result, data transfer can take place on a newly enhanced CAN bus according to the standard protocol without being intercepted nor tampered with by unauthorized parties thereby highlighting the effectiveness of the proposed technique.

3

Tell Me Where You Live and I Will Tell Your P@Ssw0rd: Understanding the Macrosocial Variables Influencing Password’s Strength

Bergeron Andreanne

Applied Cybersecurity & Internet Governance

|

2023

|

Vol. 2, No. 1

1--19

EN

Users’ habits in relation to cybersecurity are frequently examined from the micro perspective, using survey results to obtain impactful variables from individuals, focusing on usability and security factors of passwords. In this paper, the influence of macrosocial factors on password strength is studied in order to offer a global comprehension of the influence of the environment on users. Using the list of the 200 most common passwords by countries released by NordPass in 2021, logistic regression has been used to predict macrosocial variable influencing password strength. Results show that (1) Literacy level of a population; (2) Voice and accountability; (3) Level of global cybersecurity; and (4) Level of data breaches exposure significantly predict users’ password strength performance. The author discusses the impact of government on password hygiene of users hoping to influence the development of policies around cyber security configurations and investment set by nations and institutions.

4

Two-factor authentication (2FA) comparison of methods and applications

Florczak Sebastian, Jasiak Adrian, Szczygieł Izabela

Advances in Web Development Journal

|

2023

|

Vol. 1

26--45

EN

In this document, the investigation delves into the realm of two-factor authentication (2FA), exploring its applications and comparing various methods of implementation. Two-factor authentication, often referred to colloquially as two-step verification, serves to enhance credential security during login processes across platforms such as Facebook and online banking, among others. While 2FA has significantly improved the security of the login and registration processes, it is noteworthy that its adoption tends to be more prevalent among younger individuals. Unfortunately, an increasing number of financial scams target older individuals who may be disinclined to engage with what they perceive as the complexity of multi-step authentication and password confirmation. Subsequent chapters provide a discussion of the various types of two-factor authentication, furnish detailed descriptions, and offer a summary of the benefits and gains achievable through the deployment of 2FA.

5

Protecting web applications from authentication attacks

Gugała Łukasz, Łaba Kamil, Dul Magdalena

Advances in Web Development Journal

|

2023

|

Vol. 1

26--42

EN

This paper explores the critical domain of safeguarding web-based applications against authentication attacks, recognizing the persistent challenges posed by evolving cyber threats. The project delineates the distinct objectives of such attacks, including data theft, identity theft, and service disruption, underlining their potential far-reaching implications, such as the compromise of sensitive corporate data and the execution of unauthorized administrative operations. It underscores the pivotal role of user awareness and education as the ultimate defense against authentication-related breaches. Robust security measures, encompassing the use of strong, intricate passwords, encrypted network communication, two-factor authentication, and the regulation of failed login attempts, are emphasized as essential safeguards. Additionally, the project underscores the significance of maintaining system components through regular updates and conducting comprehensive security audits. A holistic approach, integrating technical and human factors, underscores user awareness and ongoing training as indispensable elements in the endeavor to enhance security in an increasingly digital landscape. "Protecting Web Applications from Authentication Attacks" aims to equip its readers with a comprehensive understanding of authentication system security and offers practical directives for bolstering defense mechanisms in a professional and formal context.

6

Analysis of potential risks of SMS-based authentication

Szpunar Albert, Stęchły Arkadiusz

Advances in Web Development Journal

|

2023

|

Vol. 1

13--25

EN

The pervasive use of mobile devices and the omnipresence of the Internet have ushered in a transformative era. Nearly everyone, regardless of age, possesses a mobile phone, bridging generational gaps in digital interaction. Mobile phones have become highly personal, with users guarding them zealously. Service providers recognize this intimate relationship, offering an opportunity to enhance security. Traditional password-based security is vulnerable to data breaches, prompting the adoption of mobile phones as a more robust platform for safeguarding digital assets. This shift has also facilitated the development of digital identification applications, reducing reliance on physical identity documents. Additionally, mobile banking applications are replacing physical payment cards, enabling secure transactions. The ascendancy of mobile payment solutions is diminishing the role of physical cash and wallets. In summary, mobile devices have reshaped security and daily activities, becoming the cornerstone of our digital existence, offering higher levels of security, convenience, and efficiency.

7

Optical asymmetric double-image encryption and authentication in an interference-based scheme using sparse representation

Luan Guangyu, Huang Caojun

Optica Applicata

|

2022

|

Vol. 52, nr 4

497--510

EN

We report an optical asymmetric scheme for double-image encryption and authentication based on interference using sparse representation. We employ sparse representation and interference to process the Fresnel spectra related with the two original images, and then respectively acquire two ciphertexts and two pairs of private keys. Each original image possesses its corresponding two private keys. Furthermore, the decrypted image is compared with its corresponding plaintext with the aid of a nonlinear correlation for authentication. In the proposed scheme, any information concerning each primary image and comprising its silhouette cannot be recognized even though one, two, or even three masks of the two ciphertexts and two private keys are utilized for decryption. The Fresnel spectrum functions which have different diffraction distances enhance the security of the proposal significantly. Moreover, the proposal also avoids the crosstalk problem. The effectiveness and security of this proposed method are demonstrated via numerical simulations.

8

Methods for ensuring data security in mobile standards

Moroz Serhii, Tkachuk Anatolii, Khvyshchun Mykola, Prystupa Stanislav, Yevsiuk Mykola

Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska

|

2022

|

T. 12, nr 1

4--9

EN

The analysis of mobile communication standards is carried out, the functional structure and interfaces of interaction between the structural elements of the cellular network are considered. To understand the principle of communication according to the GSM standard, a block diagram of a mobile switching center (MSC), base station equipment (BSS), control and service center (MCC), mobile stations (MS) is presented. The main algorithms for ensuring the confidentiality and security of mobile subscribers' data, in different types of standards, as well as the vulnerabilities of information flows are considered. In particular, the following dangerous types of attacks have been identified, to which mobile network subscribers are sensitive: sniffing; leakage of personal data; leakage of geolocation data; spoofing; remote capture of SIM-card, execution of arbitrary code (RCE); denial of service (DoS). It is established that the necessary function of the mobile network is the identification of subscribers, which is performed by IMSI, which is recorded in the SIM card of the subscriber and the HLR of the operator. To protect against spoofing, the network authenticates the subscriber before starting its service. In the case of subscriber identification, the subscriber and the network operator are protected from the effects of fraudulent access. In addition, the user must be protected from eavesdropping. This is achieved by encrypting the data transmitted over the radio interface. Thus, user authentication in UMTS, as well as in the GSM network, is carried out using encryption with a common key using the "hack-response" protocol (the authenticating party sends a random number to the authenticated party, which encrypts it according to a certain algorithm using a common key and returns the result back).

XX

Przeprowadzana jest analiza standardów komunikacji mobilnej, rozważana jest struktura funkcjonalna i interfejsy interakcji między elementami strukturalnymi sieci komórkowej. Aby zrozumieć zasadę komunikacji w standardzie GSM, przedstawiono schemat blokowy centrali ruchomej (MSC), wyposażenia stacji bazowej (BSS), centrum sterowania i obsługi (MCC), stacji ruchomych (MS). Rozważane są główne algorytmy zapewniające poufność i bezpieczeństwo danych abonentów telefonii komórkowej w różnych typach standardów, a także podatności na przepływ informacji. W szczególności zidentyfikowano następujące niebezpieczne rodzaje ataków, na które podatni są abonenci sieci komórkowych: sniffing; wyciek danych osobowych; wyciek danych geolokalizacyjnych; podszywanie się; zdalne przechwytywanie karty SIM, wykonanie dowolnego kodu (RCE); odmowa usługi (DoS). Ustalono, że niezbędną funkcją sieci komórkowej jest identyfikacja abonentów, która jest realizowana przez IMSI, która jest zapisywana na karcie SIM abonenta i HLR operatora. Aby zabezpieczyć się przed podszywaniem się, sieć uwierzytelnia subskrybenta przed uruchomieniem usługi. W przypadku identyfikacji abonenta, abonent i operator sieci są chronieni przed skutkami nieuprawnionego dostępu. Ponadto użytkownik musi być chroniony przed podsłuchem. Osiąga się to poprzez szyfrowanie danych przesyłanych przez interfejs radiowy. Tak więc uwierzytelnianie użytkownika w UMTS, jak również w sieci GSM, odbywa się z wykorzystaniem szyfrowania wspólnym kluczem z wykorzystaniem protokołu „hack-response” (strona uwierzytelniająca wysyła do strony uwierzytelnianej losową liczbę, która ją szyfruje zgodnie z określnym algorytmem używając wspólnego klucza i zwraca wynik).

9

Exterior monitoring of targeted objects: UAV platform for real-time identification and authentication of livestock

Pavlásek Pavel

Poznan University of Technology Academic Journals. Electrical Engineering

|

2021

|

No. 106

5--16

EN

Digitization and automation are transforming traditional systems for monitoring and managing objects in exteriors. Innovative farms are gradually moving in livestock management systems from paper reporting to integrated, shared and autonomous services throughout the livestock live-cycle. Although autonomous monitoring is a reality today, the benefits of autonomous monitoring by unmanned aerial systems (UAVs) for animal identification and authentication do not lie in the herd itself, but in what aerial systems can offer when operated and managed in an integrated ecosystem. At present, UAVs are little used in the agro sector as a concept “mobility-as-a-service” (MaaS), because farmers themselves in the real environment are not able to respond flexibly to technological innovations and adapt to the demand for monitoring and providing authentic data in real-time to the subsidy payment system. The focus of the paper is the presentation of a procedure targeted on design of an objects monitoring system in exterior according to defined parameters with selected main and specific data; taking in the account predefined parameters at the same time, the requirements for technological means and software with the support of machine learning for livestock identification as well as composition of selected technical equipment using the IoT concept with unique beacons for subsequent data processing in the reliable authentication methodology of every monitored objects are defined.

10

LEES: a Hybrid Lightweight Elliptic ElGamal-Schnorr-Based Cryptography for Secure D2D Communications

Ambareen Javeria, Prabhakar M., Ara Tabassum

Journal of Telecommunications and Information Technology

|

2021

|

nr 2

24--30

EN

Device-to-device (D2D) communications in 5G networks will provide greater coverage, as devices will be acting as users or relays without any intermediate nodes. However, this arrangement poses specific security issues, such as rogue relays, and is susceptible to various types of attacks (impersonation, eavesdropping, denial-of-service), due to the fact that communication occurs directly. It is also recommended to send fewer control messages, due to authenticity- and secrecy related prevailing requirements in such scenarios. Issues related to IoT applications need to be taken into consideration as well, as IoT networks are inherently resource-constrained and susceptible to various attacks. Therefore, novel signcryption algorithms which combine encryption with digital signatures are required to provide secure 5G IoT D2D communication scenarios in order to protect user information and their data against attacks, without simultaneously increasing communication costs. In this paper, we propose LEES, a secure authentication scheme using public key encryption for secure D2D communications in 5G IoT networks. This lightweight solution is a hybrid of elliptic curve ElGamal-Schnorr algorithms. The proposed scheme is characterized by low requirements concerning computation cost, storage and network bandwidth, and is immune to security threats, thus meeting confidentiality, authenticity, integrity and non-repudiation-related criteria that are so critical for digital signature schemes. It may be used in any 5G IoT architectures requiring enhanced D2D security and performance.

11

Dwuczynnikowe uwierzytelnianie klienta serwisu webowego poprzez weryfikację twarzy i jej mimiki z wykorzystaniem sztucznych sieci neuronowych

Mikulski Mateusz, Piotrowski Zbigniew

Elektronika : konstrukcje, technologie, zastosowania

|

2021

|

Vol. 62, nr 7

17--21

PL

Artykuł przedstawia przykładową implementację uwierzytelniania użytkownika aplikacji internetowej z użyciem danych biometrycznych w postaci twarzy oraz wyrażanej przez twarz emocji. Proces uwierzytelniania polega na porównaniu danych modelowych z danymi wprowadzonych podczas rejestracji do aplikacji.

EN

The article presents an example implementation of web application user authentication with the use of biometric data in the form of a face and emotions expressed by the face. The authentication process consists in comparing the model data with the data entered during registration to the application.

12

Authentication and encryption algorithms for data security in cloud computing: a comprehensive review

Nguyen Thanh Ngoc, Le Thien T. T.

Annals of Computer Science and Information Systems

|

2021

|

Vol. 27

57--63

EN

With the growth of data stored in cloud, data may become the target of attackers in the Internet. Therefore, the end users require high confidentiality, integrity and authentication in order to protect their data in cloud. In this paper, we aim at a comprehensive studying about the data security in cloud computing. The paper will discuss the details of cloud computing data security challenges and find out which are the most important challenges as well as the efficient solutions. The existing authentication and encryption algorithms are compared in terms of users' scenarios, outstanding features and the limitation. We also review the advantages and drawbacks of the algorithms for data security in terms of cloud computing services.

13

Secure AIS with Identity-Based Authentication and Encryption

Goudosis A., Katsikas S. K.

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

|

2020

|

Vol. 14, no. 2

287--298

EN

The Automatic Identification System (AIS) offers automatic traffic control and collision avoidance services to the maritime transportation sector worldwide. Because AIS lacks security mechanisms, it is vulnerable to misuse and exploitation by unlawful adversaries (e.g. sea-pirates, terrorists, smugglers). To address the security issues of the AIS, in an earlier paper [1], we proposed the deployment of a Maritime Certificate-less Identity-Based (mIBC) public-key cryptography infrastructure that enhances AIS with on-demand anonymity, authentication, and encryption capabilities. In this paper we address implementation aspects of that infrastructure. In particular, we propose to use the Sakai-Kasahara Identity-Based Encryption (IBE) approach to implement the mIBC infrastructure, following the IEEE 1363.3-2013 standard for Identity-Based Cryptography.

14

Protected AIS: a demonstration of capability scheme to provide authentication and message integrity

Kessler G. C.

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

|

2020

|

Vol. 14, no. 2

279--286

EN

The Automatic Identification System (AIS) provides situational awareness for vessels at sea. AIS has a number of known security vulnerabilities that can lead to a several types of attacks on AIS, including the ability to create ghost vessels, false warning or meteorological messages, or bogus virtual aids-to-navigation (AtoN). A number of methods, with varying levels of complexity, have been proposed to better secure AIS and, indeed, emerging AIS protocols will implement some of these mechanisms. Nevertheless, little has been done to secure the current standards, which will remain in use for some time. This paper presents Protected AIS (pAIS), a demonstration of capability implementation using public-key cryptography methods to address several AIS security vulnerabilities, maintain backward compatibility, and be able to interoperate with non-pAIS devices.

15

Uwierzytelnienie i autoryzacja w systemie STRADAR

Kaczmarek Sylwester, Narloch Marcin, Sac Maciej

Przegląd Telekomunikacyjny + Wiadomości Telekomunikacyjne

|

2020

|

nr 11-12

425--431

PL

Przedstawiono rozwiązanie serwera uwierzytelnienia i autoryzacji (AA) w rozproszonym systemie STRADAR, udostępniającym funkcjonalności dla prowadzenia działań operacyjnych Morskiego Oddziału Straży Granicznej. System umożliwia prezentację na stanowisku wizualizacji zdarzeń (Swz) bieżącej i archiwalnej sytuacji na mapie (AiS, radary), obrazu z kamer, zdjęć, notatek, rozmów telefonicznych oraz plików i wiadomości tekstowych (SMS) wymienianych przez funkcjonariuszy Straży Granicznej. Serwer AA udostępnia administratorowi systemu STRADAR funkcje związane z zarządzaniem kontami operatorów Swz, w tym dodawanie, edycję i usuwanie kont operatorów, definiowanie uprawnień operatorów, a także wyświetlenie historii działań na poszczególnych kontach operatorów. W artykule opisano architekturę, interfejs użytkownika oraz testy oprogramowania serwera AA.

EN

The paper presents the authentication and authorization (AA) server, which is used in the distributed STRADAR system developed for the Border Guard for monitoring maritime areas. The system allows presentation of current and archival map data (AiS, radars), video from cameras, pictures, notes, audio from telephone connections as well as files and text messages (SMS) exchanged by the Border Guard staff, which is performed in the Event Visualization Post (EVP). The AA server provides the STRADAR system administrator with functionality of managing accounts of EVP operators, particularly adding, editing and deleting accounts, defining permissions as well as displaying history of actions regarding particular accounts. The paper describes the architecture and user interface of the AA server as well as performed software tests.

16

Multi-factor signcryption scheme for secure authentication using hyper elliptic curve cryptography and bio-hash function

Rajasekar Vani, Premalatha J., Sathya K.

Bulletin of the Polish Academy of Sciences. Technical Sciences

|

2020

|

Vol. 68, nr 4

923--935

EN

Among rapid development of wireless communication, technology cryptography plays a major role in securing the personal information of the user. As such, many authentication schemes have been proposed to ensure secrecy of wireless communication but they fail to meet all the required security goals. The proposed signcryption scheme uses multi-factor authentication techniques such as user biometrics, smart card and passwords to provide utmost security of personal information. In general, wireless devices are susceptible to various attacks and resource constraint by their very nature. To overcome these challenges a lightweight cryptographic scheme called signcryption has evolved. Signcryption is a logical combination of encryption and digital signature in a single step. Thereby it provides necessary security features in less computational and communication time. The proposed research work outlines the weaknesses of the already existing Cao et al.’s authentication scheme, which is prone to biometric recognition error, offline password guessing attack, impersonation attack and replay attack. Furthermore, the proposed study provides an enhanced multi-factor authentication scheme using signcryption based on hyper elliptic curve cryptography and bio-hash function. Security of the proposed scheme is analyzed using Burrows-Abadi-Needham logic. This analysis reveals that the proposed scheme is computational and communication-efficient and satisfies all the needed security goals. Finally, an analysis of the study results has revealed that the proposed scheme protects against biometric recognition error, password guessing attack, impersonation attack, DoS attack and dictionary attack.

17

The application of fingerprints authentication in distance education

Jan Hamid, Hamid Beena

Applied Computer Science

|

2019

|

Vol. 15, no 3

56--64

EN

Currently the distance education has obtained a wider ever acceptance. One of the main tasks of distance education is the process of checking student’s knowledge by online examination. To conduct a fair examination and prevent unauthorized users to appear in the examination, different biometric technologies are used; we in this paper implement a fingerprint biometric system for distance education students and found by survey that the students are comfortable with fingerprint biometric system.

18

Awavelet based watermarking approach in concatenated square block image for high security

Sridhar B.

Journal of Automation Mobile Robotics and Intelligent Systems

|

2018

|

Vol. 12, No. 3

68--72

EN

Watermarking in digital contents has gained the more attraction in research community. In this approach copyright information is concealed in to the concatenated square region of an image under wavelet domain, initially original image is undergoing an alternative pixel sharing approach and one of the shares undergo the circular column shift further, concatenates those shares. Next, square region is obtained by capturing the half of the row value in the last part of first share and the first part of second share which forms a square image. To enrich the robustness of the technique, watermarking is under consideration only in the folded square under wavelet. Further, the reverse process is carried out to generate the watermarked image. To show ownership, original and watermarked image have undergone the same operation and acquire the copyright information. Experimental results indicate that the proposed approach is robust against image processing attacks.

19

Zabezpieczanie haseł w systemach informatycznych

Rodwald P., Biernacik B.

Biuletyn Wojskowej Akademii Technicznej

|

2018

|

Vol. 67, nr 1

73--92

PL

Celem artykułu jest usystematyzowanie metod zabezpieczania statycznych haseł przechowywanych na potrzeby systemów informatycznych, w szczególności serwisów internetowych, wskazanie słabych stron zaprezentowanych metod oraz wyciągnięcie wniosków w postaci zaleceń dla projektantów systemów informatycznych. Na wstępie przedstawiono pojęcie kryptograficznej funkcji skrótu, a następnie omówiono kolejne metody przechowywania haseł, pokazując ich ewolucję oraz podatności na współczesne ataki. Pokazano wyniki badań nad hasłami maskowanymi w polskich bankach oraz przedstawiono najciekawsze przykłady współczesnych funkcji adaptacyjnych. Następnie dokonano autorskiej systematyzacji metod zabezpieczania haseł oraz wskazano kierunki dalszych badań.

EN

The aim of the article is to systematise the methods of securing static passwords stored in IT systems. Pros and cons of those methods are presented and conclusions as a recommendation for IT system designers are proposed. At the beginning, the concept of cryptographic hash function is presented, following discussion of methods of storing passwords showing their evolution and susceptibility to modern attacks. Results of research on masked passwords of Polish banks IT systems are presented, as well as the most interesting examples of adaptive password functions are given. Then, the systematisation of password protection methods was carried out. Finally, the directions for further research are indicated.

20

Projekt systemu wspomagającego nadzór i zarządzanie flotą autobusów

Dziuba-Kozieł M., Kozieł G.

Autobusy : technika, eksploatacja, systemy transportowe

|

2018

|

R. 19, nr 6

1030--1033, CD

PL

W artykule przedstawiono projekt systemu informatycznego wspomagającego zarządzanie flotą autobusów. Utrzymanie wysokiej pozycji na rynku jest dla firm transportowych priorytetem. Nie jest jednak możliwe bez świadczenia wysokiej jakości usług, sprawnej komunikacji, redukcji kosztów i zapewnienia wysokiego poziomu bezpieczeństwa. Wszystkie te obszary muszą być wspomagane przez system informatyczny. W artykule przedstawiono wymagania jakie musi spełnić taki system oraz zaproponowano jego koncepcję. Szczególny nacisk położono na aspekt bezpieczeństwa i niezawodności systemu.

EN

Paper discusses a project of a system to support bus fleet management. Such a system is necessary to keep high position on market. A lack of complex solution available made us to design a new safe system from scratch. The paper analyses the transport firms needs and defines system functionality necessary to support efficiently a fleet of buses. The design is focused on IT system security and reliability.