Visible to the public Biblio

Filters: Keyword is smart cards  [Clear All Filters]
2020-03-02
Nag, Soumyajit, Banerjee, Subhasish, Sen, Srijon.  2019.  A New Three Party Authenticated Key Agreement Protocol Which Is Defiant towards Password Guessing Attack. 2019 International Conference on Automation, Computational and Technology Management (ICACTM). :13–18.

In order to develop a `common session secret key' though the insecure channel, cryptographic Key Agreement Protocol plays a major role. Many researchers' cryptographic protocol uses smart card as a medium to store transaction secret values. The tampered resistance property of smart card is unable to defend the secret values from side channel attacks. It means a lost smart card is an easy target for any attacker. Though password authentication helps the protocol to give secrecy but on-line as well as off-line password guessing attack can make the protocol vulnerable. The concerned paper manifested key agreement protocol based on three party authenticated key agreement protocol to defend all password related attacks. The security analysis of our paper has proven that the accurate guess of the password of a legitimate user will not help the adversary to generate a common session key.

2020-02-24
Biswas, Sonam, Roy, Abhishek.  2019.  An Intrusion Detection System Based Secured Electronic Service Delivery Model. 2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA). :1316–1321.
Emergence of Information and Communication Technology (ICT) has facilitated its users to access electronic services through open channel like Internet. This approach of digital communication has its specific security lapses, which should be addressed properly to ensure Privacy, Integrity, Non-repudiation and Authentication (PINA) of information. During message communication, intruders may mount infringement attempts to compromise the communication. The situation becomes critical, if an user is identified by multiple identification numbers, as in that case, intruder have a wide window open to use any of its identification number to fulfill its ill intentions. To resolve this issue, author have proposed a single window based cloud service delivery model, where a smart card serves as a single interface to access multifaceted electronic services like banking, healthcare, employment, etc. To detect and prevent unauthorized access, in this paper, authors have focused on the intrusion detection system of the cloud service model during cloud banking transaction.
2020-02-10
Lee, JoonYoung, Kim, MyeongHyun, Yu, SungJin, Park, KiSung, Park, YoungHo.  2019.  A Secure Multi-Factor Remote User Authentication Scheme for Cloud-IoT Applications. 2019 28th International Conference on Computer Communication and Networks (ICCCN). :1–2.
With the development of internet of things (IoT) and communication technology, the sensors and embedded devices collect a large amount of data and handle it. However, IoT environment cannot efficiently treat the big data and is vulnerable to various attacks because IoT is comprised of resource limited devices and provides a service through a open channel. In 2018, Sharma and Kalra proposed a lightweight multi-factor authentication protocol for cloud-IoT environment to overcome this problems. We demonstrate that Sharma and Kalra's scheme is vulnerable to identity and password guessing, replay and session key disclosure attacks. We also propose a secure multifactor authentication protocol to resolve the security problems of Sharma and Kalra's scheme, and then we analyze the security using informal analysis and compare the performance with Sharma and Kalra's scheme. The proposed scheme can be applied to real cloud-IoT environment securely.
2020-01-06
Rezaeighaleh, Hossein, Laurens, Roy, Zou, Cliff C..  2018.  Secure Smart Card Signing with Time-based Digital Signature. 2018 International Conference on Computing, Networking and Communications (ICNC). :182–187.
People use their personal computers, laptops, tablets and smart phones to digitally sign documents in company's websites and other online electronic applications, and one of the main cybersecurity challenges in this process is trusted digital signature. While the majority of systems use password-based authentication to secure electronic signature, some more critical systems use USB token and smart card to prevent identity theft and implement the trusted digital signing process. Even though smart card provides stronger security, any weakness in the terminal itself can compromise the security of smart card. In this paper, we investigate current smart card digital signature, and illustrate well-known basic vulnerabilities of smart card terminal with the real implementation of two possible attacks including PIN sniffing and message alteration just before signing. As we focus on second attack in this paper, we propose a novel mechanism using time-based digital signing by smart card to defend against message alteration attack. Our prototype implementation and performance analysis illustrate that our proposed mechanism is feasible and provides stronger security. Our method uses popular timestamping protocol packets and does not require any new key distribution and certificate issuance.
2019-05-01
Hajny, J., Dzurenda, P., Ricci, S., Malina, L., Vrba, K..  2018.  Performance Analysis of Pairing-Based Elliptic Curve Cryptography on Constrained Devices. 2018 10th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT). :1–5.

The paper deals with the implementation aspects of the bilinear pairing operation over an elliptic curve on constrained devices, such as smart cards, embedded devices, smart meters and similar devices. Although cryptographic constructions, such as group signatures, anonymous credentials or identity-based encryption schemes, often rely on the pairing operation, the implementation of such schemes into practical applications is not straightforward, in fact, it may become very difficult. In this paper, we show that the implementation is difficult not only due to the high computational complexity, but also due to the lack of cryptographic libraries and programming interfaces. In particular, we show how difficult it is to implement pairing-based schemes on constrained devices and show the performance of various libraries on different platforms. Furthermore, we show the performance estimates of fundamental cryptographic constructions, the group signatures. The purpose of this paper is to reduce the gap between the cryptographic designers and developers and give performance results that can be used for the estimation of the implementability and performance of novel, upcoming schemes.

2019-03-22
Ntshangase, C. S., Shabalala, M. B..  2018.  Encryption Using Finger-Code Generated from Fingerprints. 2018 Conference on Information Communications Technology and Society (ICTAS). :1-5.

In this paper, the literature survey of different algorithms for generating encryption keys using fingerprints is presented. The focus is on fingerprint features called minutiae points where fingerprint ridges end or bifurcate. Minutiae points require less memory and are processed faster than other fingerprint features. In addition, presented is the proposed efficient method for cryptographic key generation using finger-codes. The results show that the length of the key, computing time and the memory it requires is efficient for use as a biometric key or even as a password during verification and authentication.

2019-02-08
Yang, B., Xu, G., Zeng, X., Liu, J., Zhang, Y..  2018.  A Lightweight Anonymous Mobile User Authentication Scheme for Smart Grid. 2018 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :821-827.

Smart Grid (SG) technology has been developing for years, which facilitates users with portable access to power through being applied in numerous application scenarios, one of which is the electric vehicle charging. In order to ensure the security of the charging process, users need authenticating with the smart meter for the subsequent communication. Although there are many researches in this field, few of which have endeavored to protect the anonymity and the untraceability of users during the authentication. Further, some studies consider the problem of user anonymity, but they are non-light-weight protocols, even some can not assure any fairness in key agreement. In this paper, we first points out that existing authentication schemes for Smart Grid are neither lack of critical security nor short of important property such as untraceability, then we propose a new two-factor lightweight user authentication scheme based on password and biometric. The authentication process of the proposed scheme includes four message exchanges among the user mobile, smart meter and the cloud server, and then a security one-time session key is generated for the followed communication process. Moreover, the scheme has some new features, such as the protection of the user's anonymity and untraceability. Security analysis shows that our proposed scheme can resist various well-known attacks and the performance analysis shows that compared to other three schemes, our scheme is more lightweight, secure and efficient.

Gurabi, M. A., Alfandi, O., Bochem, A., Hogrefe, D..  2018.  Hardware Based Two-Factor User Authentication for the Internet of Things. 2018 14th International Wireless Communications Mobile Computing Conference (IWCMC). :1081-1086.

In the distributed Internet of Things (IoT) architecture, sensors collect data from vehicles, home appliances and office equipment and other environments. Various objects contain the sensor which process data, cooperate and exchange information with other embedded devices and end users in a distributed network. It is important to provide end-to-end communication security and an authentication system to guarantee the security and reliability of the data in such a distributed system. Two-factor authentication is a solution to improve the security level of password-based authentication processes and immunized the system against many attacks. At the same time, the computational and storage overhead of an authentication method also needs to be considered in IoT scenarios. For this reason, many cryptographic schemes are designed especially for the IoT; however, we observe a lack of laboratory hardware test beds and modules, and universal authentication hardware modules. This paper proposes a design and analysis for a hardware module in the IoT which allows the use of two-factor authentication based on smart cards, while taking into consideration the limited processing power and energy reserves of nodes, as well as designing the system with scalability in mind.

2018-06-07
Farulla, G. A., Pane, A. J., Prinetto, P., Varriale, A..  2017.  An object-oriented open software architecture for security applications. 2017 IEEE East-West Design Test Symposium (EWDTS). :1–6.

This paper introduces a newly developed Object-Oriented Open Software Architecture designed for supporting security applications, while leveraging on the capabilities offered by dedicated Open Hardware devices. Specifically, we target the SEcube™ platform, an Open Hardware security platform based on a 3D SiP (System on Package) designed and produced by Blu5 Group. The platform integrates three components employed for security in a single package: a Cortex-M4 CPU, a FPGA and an EAL5+ certified Smart Card. The Open Software Architecture targets both the host machine and the security device, together with the secure communication among them. To maximize its usability, this architecture is organized in several abstraction layers, ranging from hardware interfaces to device drivers, from security APIs to advanced applications, like secure messaging and data protection. We aim at releasing a multi-platform Open Source security framework, where software and hardware cooperate to hide to both the developer and the final users classical security concepts like cryptographic algorithms and keys, focusing, instead, on common operational security concepts like groups and policies.

2018-02-15
Shah, R. H., Salapurkar, D. P..  2017.  A multifactor authentication system using secret splitting in the perspective of Cloud of Things. 2017 International Conference on Emerging Trends Innovation in ICT (ICEI). :1–4.

Internet of Things (IoT) is an emerging trend that is changing the way devices connect and communicate. Integration of cloud computing with IoT i.e. Cloud of Things (CoT) provide scalability, virtualized control and access to the services provided by IoT. Security issues are a major obstacle in widespread deployment and application of CoT. Among these issues, authentication and identification of user is crucial. In this study paper, survey of various authentication schemes is carried out. The aim of this paper is to study a multifactor authentication system which uses secret splitting in detail. The system uses exclusive-or operations, encryption algorithms and Diffie-Hellman key exchange algorithm to share key over the network. Security analysis shows the resistance of the system against different types of attacks.

2018-01-23
Malathi, V., Balamurugan, B., Eshwar, S..  2017.  Achieving Privacy and Security Using QR Code by Means of Encryption Technique in ATM. 2017 Second International Conference on Recent Trends and Challenges in Computational Models (ICRTCCM). :281–285.

Smart Card has complications with validation and transmission process. Therefore, by using peeping attack, the secret code was stolen and secret filming while entering Personal Identification Number at the ATM machine. We intend to develop an authentication system to banks that protects the asset of user's. The data of a user is to be ensured that secure and isolated from the data leakage and other attacks Therefore, we propose a system, where ATM machine will have a QR code in which the information's are encrypted corresponding to the ATM machine and a mobile application in the customer's mobile which will decrypt the encoded QR information and sends the information to the server and user's details are displayed in the ATM machine and transaction can be done. Now, the user securely enters information to transfer money without risk of peeping attack in Automated Teller Machine by just scanning the QR code at the ATM by mobile application. Here, both the encryption and decryption technique are carried out by using Triple DES Algorithm (Data Encryption Standard).

Mathew, S., Saranya, G..  2017.  Advanced biometric home security system using digital signature and DNA cryptography. 2017 International Conference on Innovations in Green Energy and Healthcare Technologies (IGEHT). :1–4.

In today's growing concern for home security, we have developed an advanced security system using integrated digital signature and DNA cryptography. The digital signature is formed using multi-feature biometric traits which includes both fingerprint as well as iris image. We further increase the security by using DNA cryptography which is embedded on a smart card. In order to prevent unauthorized access manually or digitally, we use geo-detection which compares the unregistered devices location with the user's location using any of their personal devices such as smart phone or tab.

2017-11-03
Swathy, V., Sudha, K., Aruna, R., Sangeetha, C., Janani, R..  2016.  Providing advanced security mechanism for scalable data sharing in cloud storage. 2016 International Conference on Inventive Computation Technologies (ICICT). 3:1–6.

Data sharing is a significant functionality in cloud storage. These cloud storage provider are answerable for keeping the data obtainable and available in addition to the physical environment protected and running. Here we can securely, efficiently, and flexibly share data with others in cloud storage. A new public-key cryptosystems is planned which create constant-size cipher texts such that efficient allocation of decryption rights for any set of cipher texts are achievable. The uniqueness means that one can aggregate any set of secret keys and make them as packed in as a single key, but encircling the power of all the keys being aggregated. This packed in aggregate key can be easily sent to others or be stored in a smart card with very restricted secure storage. In KAC, users encrypt a file with single key, that means every file have each file, also there will be aggregate keys for two or more files, which formed by using the tree structure. Through this, the user can share more files with a single key at a time.

2017-03-07
Amin, R., Islam, S. K. H., Biswas, G. P., Khan, M. K..  2015.  An efficient remote mutual authentication scheme using smart mobile phone over insecure networks. 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–7.

To establish a secure connection between a mobile user and a remote server, this paper presents a session key agreement scheme through remote mutual authentication protocol by using mobile application software(MAS). We analyzed the security of our protocol informally, which confirms that the protocol is secure against all the relevant security attacks including off-line identity-password guessing attacks, user-server impersonation attacks, and insider attack. In addition, the widely accepted simulator tool AVISPA simulates the proposed protocol and confirms that the protocol is SAFE under the OFMC and CL-AtSe back-ends. Our protocol not only provide strong security against the relevant attacks, but it also achieves proper mutual authentication, user anonymity, known key secrecy and efficient password change operation. The performance comparison is also performed, which ensures that the protocol is efficient in terms of computation and communication costs.

2017-02-14
L. Rivière, J. Bringer, T. H. Le, H. Chabanne.  2015.  "A novel simulation approach for fault injection resistance evaluation on smart cards". 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :1-8.

Physical perturbations are performed against embedded systems that can contain valuable data. Such devices and in particular smart cards are targeted because potential attackers hold them. The embedded system security must hold against intentional hardware failures that can result in software errors. In a malicious purpose, an attacker could exploit such errors to find out secret data or disrupt a transaction. Simulation techniques help to point out fault injection vulnerabilities and come at an early stage in the development process. This paper proposes a generic fault injection simulation tool that has the particularity to embed the injection mechanism into the smart card source code. By its embedded nature, the Embedded Fault Simulator (EFS) allows us to perform fault injection simulations and side-channel analyses simultaneously. It makes it possible to achieve combined attacks, multiple fault attacks and to perform backward analyses. We appraise our approach on real, modern and complex smart card systems under data and control flow fault models. We illustrate the EFS capacities by performing a practical combined attack on an Advanced Encryption Standard (AES) implementation.

2015-05-06
Madhusudhan, R., Kumar, S.R..  2014.  Cryptanalysis of a Remote User Authentication Protocol Using Smart Cards. Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on. :474-477.

Remote user authentication using smart cards is a method of verifying the legitimacy of remote users accessing the server through insecure channel, by using smart cards to increase the efficiency of the system. During last couple of years many protocols to authenticate remote users using smart cards have been proposed. But unfortunately, most of them are proved to be unsecure against various attacks. Recently this year, Yung-Cheng Lee improved Shin et al.'s protocol and claimed that their protocol is more secure. In this article, we have shown that Yung-Cheng-Lee's protocol too has defects. It does not provide user anonymity; it is vulnerable to Denial-of-Service attack, Session key reveal, user impersonation attack, Server impersonation attack and insider attacks. Further it is not efficient in password change phase since it requires communication with server and uses verification table.
 

2015-05-05
Kumari, S., Om, H..  2014.  Remote Login Password Authentication Scheme Based on Cuboid Using Biometric. Information Technology (ICIT), 2014 International Conference on. :190-194.

In this paper, we propose a remote password authentication scheme based on 3-D geometry with biometric value of a user. It is simple and practically useful and also a legal user can freely choose and change his password using smart card that contains some information. The security of the system depends on the points on the diagonal of a cuboid in 3D environment. Using biometric value makes the points more secure because the characteristics of the body parts cannot be copied or stolen.
 

2015-05-04
Ding Wang, Ping Wang, Jing Liu.  2014.  Improved privacy-preserving authentication scheme for roaming service in mobile networks. Wireless Communications and Networking Conference (WCNC), 2014 IEEE. :3136-3141.

User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.

2015-05-01
Akram, R.N., Markantonakis, K., Mayes, K..  2014.  Trusted Platform Module for Smart Cards. New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on. :1-5.

Near Field Communication (NFC)-based mobile phone services offer a lifeline to the under-appreciated multiapplication smart card initiative. The initiative could effectively replace heavy wallets full of smart cards for mundane tasks. However, the issue of the deployment model still lingers on. Possible approaches include, but are not restricted to, the User Centric Smart card Ownership Model (UCOM), GlobalPlatform Consumer Centric Model, and Trusted Service Manager (TSM). In addition, multiapplication smart card architecture can be a GlobalPlatform Trusted Execution Environment (TEE) and/or User Centric Tamper-Resistant Device (UCTD), which provide cross-device security and privacy preservation platforms to their users. In the multiapplication smart card environment, there might not be a prior off-card trusted relationship between a smart card and an application provider. Therefore, as a possible solution to overcome the absence of prior trusted relationships, this paper proposes the concept of Trusted Platform Module (TPM) for smart cards (embedded devices) that can act as a point of reference for establishing the necessary trust between the device and an application provider, and among applications.