Browsing by Subject "Authentication"
Now showing 1 - 4 of 4
Results Per Page
Sort Options
Item Efficient Distributed Authentication for Intelligent Transportation Systems Using Mobile Devices(IEEE, 2024-03-27) Alshaeri, Abdulaziz; Younis, MohamedIntelligent Transportation Systems (ITS) opt to improve safety and efficiency by internetworking vehicles, road infrastructure, pedestrians, etc. Given the ad-hoc connectivity and dynamic topology of such a network, robust authentication of member nodes is essential. The authentication process should also suit the resource constrained ITS nodes. This paper proposes an efficient approach for Distributed Authentication for ITS (DAITS). DAITS employs drivers’ mobile devices to act as verifiers, and hence message authentication is provided in an as-a-service basis for the ITS nodes. Moreover, DAITS is a certificateless system, which deploys private smart contracts in a permissioned blockchain, for certifying nodes. Furthermore, the smart contracts store authentication tokens for the ITS nodes which ensure authentication between the ITS nodes and road infrastructure. DAITS relies on lightweight security primitives such as hash function, bitwise XOR, and Hash-based Message Authentication Code (HMAC). Extensive security analysis shows that DAITS can resist various security attacks. The simulation results demonstrate that DAITS is both resource-efficient and scalable, and outperforms competing schemes in terms of computation and communication overhead, and verification delay.Item Moving to client-side hashing for online authenticationBlanchard, Nikola K.; Coquand, Xavier; Selker, TedCredential leaks still happen with regular frequency, and show evidence that, despite decades of warnings, password hashing is still not correctly implemented in practice. The common practice today, inherited from previous but obsolete constraints, is to transmit the password in cleartext to the server, where it is hashed and stored. We investigate the advantages and drawbacks of the alternative of hashing client-side, and show that it is present today exclusively on Chinese websites. We also look at ways to implement it on a large scale in the near future.Item Post-Quantum Anonymous, Traceable and Linkable Authentication Scheme Based on Blockchain for Intelligent Vehicular Transportation Systems(IEEE, 2024-04-12) Xu, Shiwei; Wang, Tao; Sun, Ao; Tong, Yan; Ren, Zhengwei; Zhu, Rongbo; Song, HoubingAs the Internet of Vehicles (IoV) has become the critical part of Intelligent Vehicular Transportation Systems (IVTS), massive IoV entities (e.g., RSU, OBU, pedestrians’ mobile devices, etc.) get involved into IVTS. At present, one of the biggest challenges with IoV/IVTS is how to maintain a balance between security and privacy. The receivers need to be sure that they are receiving reliable messages from the origin and could trace or link the attacker’s identity, but the tracing or linking may work against the sender’s need for identity privacy. To solve the security and privacy problem, most of current works have proposed authentication solutions to provide anonymous, traceable and unlinkable schemes, which are still vulnerable to either Sybil attacks or quantum attacks. Therefore, we propose the blockchain-based post-quantum anonymous, traceable and linkable authentication scheme by utilizing NIST winner post-quantum algorithms and related post-quantum linkable ring signature. Grounded on the authentication scheme, we also develop key exchange mechanism, which help IoV entities perform efficient message authentication encryption/decryption during P2P communication and broadcast. The security analysis shows that our proposal is resistant to Sybil attack and provides other essential security characteristics including man-in-the-middle-proof and anti-replay. Finally, we perform detailed performance evaluation including each on-chain API execution time, the off-chain communication time and the on-board/on-chain storage requirements. To further evaluate the feasibility of our scheme in the IoV/IVTS environment, we also show the effectiveness of our proposal in a blockchain-based simulation study.Item "Pretty Close to a Must-Have": Balancing Usability Desire and Security Concern in Biometric Adoption(2019-05-09) Wolf, Flynn; Kuber, Ravi; Aviv, Adam J.We report on a qualitative inquiry among security-expert and non-expert mobile device users about the adoption of biometric authentication using semi-structured interviews(n=38, 19/19 expert/non-expert). Security experts more readily adopted biometrics than non-experts but also harbored greater distrust towards its use for sensitive transactions,feared biometric signature compromise, and in some cases distrusted newer facial recognition methods. Both groups harbored misconceptions, such as misunderstanding of the functional role of biometrics in authentication, and were about equally likely to have stopped using biometrics due to usability. Implications include the need for tailored training for security-informed advocates, better design for device sharing and co-registration, and consideration for usability needs in work environments. Refinement of these features would remove perceived obstacles to ubiquitous computing among the growing population of mobile technology users sensitized to security risk.