Authentication in a vehicular ad-hoc network (VANET) requires not only secure and efficient authentication with privacy preservation but applicable flexibility to handle complicated transportation ...circumstances as well. In this paper, we proposed a Two-Factor LIghtweight Privacy-preserving authentication scheme (2FLIP) to enhance the security of VANET communication. 2FLIP employs the decentralized certificate authority (CA) and the biological-password-based two-factor authentication (2FA) to achieve the goals. Based on the decentralized CA, 2FLIP only requires several extremely lightweight hashing processes and a fast message-authentication-code operation for message signing and verification between vehicles. Compared with previous schemes, 2FLIP significantly reduces computation cost by 100-1000 times and decreases communication overhead by 55.24%-77.52%. Furthermore, any certificate revocation list (CRL)-related overhead on vehicles is avoided. 2FLIP makes the scheme resilient to denial-of-service attack in both computation and memory, which is caused by either deliberate invading behaviors or jammed traffic scenes. The proposed scheme provides strong privacy preservation that the adversaries can never succeed in tracing any vehicles, even with all RSUs compromised. Moreover, it achieves strong nonrepudiation that any biological anonym driver could be conditionally traced, even if he is not the only driver of the vehicle. Extensive simulations reveal that 2FLIP is feasible and has an outstanding performance of nearly 0-ms network delay and 0% packet-loss ratio, which are particularly appropriate for real-time emergency reporting applications.
As the most prevailing two-factor authentication mechanism, smart-card-based password authentication has been a subject of intensive research in the past two decades, and hundreds of this type of ...schemes have wave upon wave been proposed. In most of these studies, there is no comprehensive and systematical metric available for schemes to be assessed objectively, and the authors present new schemes with assertions of the superior aspects over previous ones, while overlooking dimensions on which their schemes fare poorly. Unsurprisingly, most of them are far from satisfactory-either are found short of important security goals or lack of critical properties, especially being stuck with the security-usability tension. To overcome this issue, in this work we first explicitly define a security model that can accurately capture the practical capabilities of an adversary and then suggest a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum. As our main contribution, a new scheme is advanced to resolve the various issues arising from user corruption and server compromise, and it is formally proved secure under the harshest adversary model so far. In particular, by integrating "honeywords", traditionally the purview of system security, with a "fuzzy-verifier", our scheme hits "two birds": it not only eliminates the long-standing security-usability conflict that is considered intractable in the literature, but also achieves security guarantees beyond the conventional optimal security bound.
Currently, the burden on the cheque clearing houses in financial institutions is increasing day-by-day, which necessitates the upgrading of the existing cheque truncation system (CTS). It is a manual ...process which uses Magnetic Ink Character Recognition (MICR), where cheques have been scanned and sent to the clearing house for further processing. The limitations of existing CTS are — illegal duplication of cheque images, invisible ink usage, visibility issues in beneficiary name, and amount on the cheque. To handle the aforementioned issues of the existing CTS, blockchain has emerged as a new technology which is a distributed ledger that is timestamped and immutable. Being immutable, forgeries related to images of cheques during clearance cycles are not allowed. This provides trust and consensus among all participating entities in the network. Motivated by the above discussion, in this paper, we propose a framework named MudraChain for automated cheque clearance, where clearance operations are handled by the blockchain network, instead of existing CTS. It includes: (i) A multi-level authentication scheme to make the blockchain-based framework secure and tamper-proof among participating financial stakeholders, (ii) A quick-response (QR) code generation algorithm which performs digital signing of a cheque, and (iii) A novel two-factor authentication protocol to generate a time based one-time password (TOTP) for secure funds transfer. The obtained results are examined against state-of-the-art approaches to indicate the supremacy of the proposed framework. Thus, MudraChain allows a seamless flow of clearance operation via blockchain for the payer and the payee without any intermediaries. Finally, it addresses the requirements of building a secure application for cheque clearance in view of decentralized blockchain 4.0 applications.
•A novel secure authentication scheme to provide security in permissioned and consortium-based environments.•A QR based authentication Algorithm to perform digital signing of the cheque.•A time-based OTP Algorithm named as TOTPS to allow automatic clearance settlement of payments.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Smart-card based password authentication has been the most widely used two-factor authentication (2FA) mechanism for security-critical applications (e.g., e-Health, smart grid and e-Commerce) in the ...past decades, and it is likely to hold its status in the foreseeable future. Hundreds of this type of 2FA schemes have been proposed, yet to our knowledge, most of them are built on the intractability of conventional hard problems (e.g., discrete logarithm problems and integer factoring problems) which are no longer hard in the quantum era. With the recent advancements in quantum computing, the design of secure and efficient smart-card based password authentication schemes against quantum attacks is becoming increasingly urgent. However, it is not as simple as it seems, how to design such a quantum-resistant 2FA scheme is challenging due to the demanding security requirements and the resource-constrained nature of mobile devices . In this work, we take the first step towards this issue by proposing Quantum2FA, a practical quantum-resistant smart-card-based password authentication scheme that employs Alkim et al. 's lattice-based key exchange and Wang-Wang's "fuzzy-verifier + honeywords" technique (IEEE TDSC'18). Particularly, Quantum2FA can thwart the newly revealed key-reuse attack (ACISP'18, CT-RSA'19) against lattice-based key exchange schemes in two aspects: signal leakage attacks and key mismatch attacks. Specifically, it restricts the necessary conditions (i.e., the attacker must be the initiator of the key exchange) for an adversary to analyze the signal; It introduces honeywords to detect the key mismatches between the smart card and the server, and thus smart card loss attack can be thwarted. We formally prove the security of Quantum2FA under the random oracle model and demonstrate its efficiency through experiments on a 32 MHz 8-bit AVR Embedded Processor. Comparison results show that Quantum2FA is not only more secure but also offers better computation efficiency than the state-of-the-art conventional 2FA schemes.
Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of ...security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an "ideal" scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.
Entering the era of AI 2.0, bio‐inspired target recognition facilitates life. However, target recognition may suffer from some risks when the target is hijacked. Therefore, it is significantly ...important to provide an encryption process prior to neuromorphic computing. In this work, enlightened from time‐varied synaptic rule, an in‐memory asymmetric encryption as pre‐authentication is utilized with subsequent convolutional neural network (ConvNet) for target recognition, achieving in‐memory two‐factor authentication (IM‐2FA). The unipolar self‐oscillated synaptic behavior is adopted to function as in‐memory asymmetric encryption, which can greatly decrease the complexity of the peripheral circuit compared to bipolar stimulation. Results show that without passing the encryption process with suitable weights at the correct time, the ConvNet for target recognition will not work properly with an extremely low accuracy lower than 0.86%, thus effectively blocking out the potential risks of involuntary access. When a set of correct weights is evolved at a suitable time, a recognition rate as high as 99.82% can be implemented for target recognition, which verifies the effectiveness of the IM‐2FA strategy.
In‐memory two‐factor authentication (IM‐2FA) is implemented to enhance the security of artificial neural networks. Upon successful completion of the initial authentication, where a set of accurate weights is verified, subsequent target recognition is authorized with an impressive recognition rate of 99.82%. However, in cases where incorrect weights are provided for neuromorphic computing, access is denied.
Full text
Available for:
FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SBCE, SBMB, UL, UM, UPUK
We have previously described polyglutamine-binding protein 1 (PQBP1) as an adapter required for the cyclic GMP-AMP synthase (cGAS)-mediated innate response to the human immunodeficiency virus 1 ...(HIV-1) and other lentiviruses. Cytoplasmic HIV-1 DNA is a transient and low-abundance pathogen-associated molecular pattern (PAMP), and the mechanism for its detection and verification is not fully understood. Here, we show a two-factor authentication strategy by the innate surveillance machinery to selectively respond to the low concentration of HIV-1 DNA, while distinguishing these species from extranuclear DNA molecules. We find that, upon HIV-1 infection, PQBP1 decorates the intact viral capsid, and this serves as a primary verification step for the viral nucleic acid cargo. As reverse transcription and capsid disassembly initiate, cGAS is recruited to the capsid in a PQBP1-dependent manner. This positions cGAS at the site of PAMP generation and sanctions its response to a low-abundance DNA PAMP.
Display omitted
•PQBP1 binding to incoming HIV-1 capsids initiates the innate sensing•PQBP1 recruits cGAS once capsid disassembly and DNA synthesis are initiated•PQBP1-cGAS assembly on the capsid sanctions innate sensing of HIV DNA
Yoh and Mamede et al. demonstrate a two-step authentication system in response to retroviral infection. The work reveals a strategy by host immune surveillance to broaden its pathogen repertoire while limiting deleterious responses to host DNAs.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Human authentication is the security task whose job is to limit access to physical locations or computer network only to those with authorisation. This is done by equipped authorised users with ...passwords, tokens or using their biometrics. Unfortunately, the first two suffer a lack of security as they are easy being forgotten and stolen; even biometrics also suffers from some inherent limitation and specific security threats. A more practical approach is to combine two or more factor authenticator to reap benefits in security or convenient or both. This paper proposed a novel two factor authenticator based on iterated inner products between tokenised pseudo-random number and the user specific fingerprint feature, which generated from the integrated wavelet and Fourier–Mellin transform, and hence produce a set of user specific compact code that coined as BioHashing. BioHashing highly tolerant of data capture offsets, with same user fingerprint data resulting in highly correlated bitstrings. Moreover, there is no deterministic way to get the user specific code without having both token with random data and user fingerprint feature. This would protect us for instance against biometric fabrication by changing the user specific credential, is as simple as changing the token containing the random data. The BioHashing has significant functional advantages over solely biometrics i.e. zero equal error rate point and clean separation of the genuine and imposter populations, thereby allowing elimination of false accept rates without suffering from increased occurrence of false reject rates.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK
With the rapid development of network communication technology, identity authentication based on smart cards is one of the most common two-factor authentication schemes. In some real-world ...applications, timeliness is another challenge besides security and privacy because of the frequent logon and logoff or data updating. Presently, two-factor authentication schemes based on elliptic curve cryptography (ECC) are efficient. They are based on asymmetric encryption algorithms. But the time efficiency can be improved by hash-based methods, such as Negative databases (NDB) inspired by the artificial immune system. A one-time password authentication scheme based on NDBs is efficient, but it does not achieve the functions of mutual authentication and password changing, nor resists stolen-verifier attacks.
In this paper, we propose an efficient two-factor authentication scheme based on NDBs. With this scheme, the password changing function is achieved, and the properties of uncertain form of negative databases can reduce the frequency of data updating. As the proposed scheme is a hash function based one, it has fewer calculation steps and higher time efficiency, compared with the authentication schemes based on asymmetric encryption algorithms such as ECC. This scheme also resists the majority of attacking behaviours, such as password-guessing attacks and man-in-the-middle attacks. Experimental results verify the time efficiency of this proposed scheme, and its security is analysed as well.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Display omitted
•We demonstrate privacy breaches into two password authentication schemes for WSNs.•Public-key techniques are indispensible to achieve user untraceability.•Our principle is applicable ...to two-factor authentication for universal environments.•We discuss the viable solutions to practical realization of user anonymity.•Experimental timings of related public-key operations on small devices are reported.
Anonymity is among the important properties of two-factor authentication schemes for wireless sensor networks (WSNs) to preserve user privacy. Though impressive efforts have been devoted to designing schemes with user anonymity by only using lightweight symmetric-key primitives such as hash functions and block ciphers, to the best of our knowledge none has succeeded so far. In this work, we take an initial step to shed light on the rationale underlying this prominent issue. Firstly, we scrutinize two previously-thought sound schemes, namely Fan et al.’s scheme and Xue et al.’s scheme, and demonstrate the major challenges in designing a scheme with user anonymity.
Secondly, using these two foremost schemes as case studies and on the basis of the work of Halevi–Krawczyk (1999) 44 and Impagliazzo–Rudich (1989) 43, we put forward a general principle: Public-key techniques are intrinsically indispensable to construct a two-factor authentication scheme that can support user anonymity. Furthermore, we discuss the practical solutions to realize user anonymity. Remarkably, our principle can be applied to two-factor schemes for universal environments besides WSNs, such as the Internet, global mobility networks and mobile clouds. We believe that our work contributes to a better understanding of the inherent complexity in achieving user privacy, and will establish a groundwork for developing more secure and efficient privacy-preserving two-factor authentication schemes.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPCLJ, UPUK
