Multifactor Authentication 2015

 

 
SoS Logo

Multifactor Authentication 2015

 

Multifactor authentication is of general interest within cryptography.  For the Science of Security community, it relates to human factors, resilience, and metrics.  The work cited here was presented in 2015.

Pavlovski, C.; Warwar, C.; Paskin, B.; Chan, G., "Unified Framework for Multifactor Authentication," In Telecommunications (ICT), 2015 22nd International Conference on, pp. 209-213, 27-29 April 2015. doi: 10.1109/ICT.2015.7124684

Abstract: The progression towards the use of mobile network devices in all facets of personal, business and leisure activity has created new threats to users and challenges to the industry to preserve security and privacy. Whilst mobility provides a means for interacting with others and accessing content in an easy and malleable way, these devices are increasingly being targeted by malicious parties in a variety of attacks. In addition, web technologies and applications are supplying more function and capability that attracts users to social media sites, e-shopping malls, and for managing finances (banking). The primary mechanism for authentication still employs a username and password based approach. This is often extended with additional (multifactor) authentication tools such as one time identifiers, hardware tokens, and biometrics. In this paper we discuss the threats, risks and challenges with user authentication and present the techniques to counter these problems with several patterns and approaches. We then outline a framework for supplying these authentication capabilities to the industry based on a unified authentication hub.

Keywords: Internet; authorisation; mobile computing; Web applications; Web technologies; authentication capabilities; e-shopping malls; finance management; mobile network devices; multifactor authentication tool; password based approach; social media sites; unified authentication hub; user authentication; username based approach; Authentication; Banking; Biometrics (access control); Business; Mobile communication; Mobile handsets; mobile networks; multifactor authentication; security; unified threat management (ID#: 16-9159)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124684&isnumber=7124639

 

Adukkathayar, A.; Krishnan, G.S.; Chinchole, R., "Secure Multifactor Authentication Payment System Using NFC," in Computer Science & Education (ICCSE), 2015 10th International Conference on, pp. 349-354, 22-24 July 2015. doi: 10.1109/ICCSE.2015.7250269

Abstract: The latest trend of making financial transactions is done by the use of cards or internet banking. A person may have multiple bank accounts across several banks which makes it difficult for him/her to manage the transactions i.e. he/she either has to carry several cards or use a bunch of bank websites for accomplishing his/her transaction purposes. This situation demands the need of a simple, secure and hi-tech system for achieving the purposes of making transactions. We propose such a system that uses the latest technologies like NFC and multifactor authentication which can be used on any NFC enabled Smartphone. The multi factor authentication system uses a 4-digit PIN as the knowledge factor, an NFC enabled Smartphone, instead of cards, as the possession factor and the face of the user as the inherence factor for the purpose of authentication. The proposed system which can be implemented as cross-platform mobile application, not only allows the user to make secure transactions, but also allows him/her to make transactions from his/her multiple accounts.

Keywords: bank data processing; message authentication; mobile computing; near-field communication; smart phones;4-digit PIN;NFC enabled smartphone; bank accounts; cross-platform mobile application; financial transactions; inherence factor; knowledge factor; near field communication; online bank transactions; possession factor; secure multifactor authentication payment system; secure transactions; Authentication; Face; Face recognition; Mobile communication; Online banking; Receivers; Authentication; Consumer Storage; Mobile computing; Multifactor; NFC; Near Field Communication; Peer-to-peer; Security (ID#: 16-9160)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7250269&isnumber=7250193

 

Mandyam, G.D.; Milikich, M., "Leveraging Contextual Data for Multifactor Authentication in the Mobile Web," in Communication Systems and Networks (COMSNETS), 2015 7th International Conference on, pp. 1-4, 6-10 Jan. 2015. doi: 10.1109/COMSNETS.2015.7098728

Abstract: Identiyy and authentication in the mobile web are important for many types of applications that benefit users, including payments. The mobile web today has several traditional approaches to authentication that allow for sensitive applications to take place. However, moving forward the use of contextual data can have a place in the area of authentication, Use of sensor information available on smartphones can provide information about user context that can serve either to augment existing authentication techniques or even provide additional authentication factors in their own right.

Keywords: Internet; authorisation; mobile computing; smart phones; authentication factors; contextual data; mobile Web authentication; multifactor authentication; sensitive applications; sensor information; smartphones; Browsers; Conferences; Geology; authentication; authorization (ID#: 16-9161)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098728&isnumber=7098633

 

Dharavath, K.; Talukdar, F.A.; Laskar, R.H., "Facial Image Processing in Conjunction with Password for Intelligent Access Control," in TENCON 2015 - 2015 IEEE Region 10 Conference, pp. 1-5, 1-4 Nov. 2015. doi: 10.1109/TENCON.2015.7373181

Abstract: In most of the access control systems employed in any organizations, one or more level authentication steps are used to protect their assets. These authentication systems in general involve one or more level knowledge based or possession based authentication steps or sometimes the combination of both, in order to have a high security. However, with the advance of technology these methods are more vulnerable to soft attacks, i.e. more prone to tampering problems. Hence there is a need to have an authentication factor which is highly impossible to synthesize it in any manner. We present a frame work of secured intelligent access control system using two authentication factors namely, inherence factor and knowledge factor. Facial image and a personalized unique password are used as inherence and knowledge factors respectively. Gabor filter along with a subspace technique is employed for feature extraction and matching test and training images. Proposed two factor authentication system reported far better results than any other access control systems existing in literature.

Keywords: Gabor filters; face recognition; feature extraction; image filtering; image matching; Gabor filter; authentication systems; facial image processing; feature extraction; inherence factor; intelligent access control system; knowledge factor; matching test; personalized password; possession-based authentication step; soft attacks; subspace technique; tampering problem; training images; Access control; Authentication; Face; Face recognition; Feature extraction; Gabor filters; Principal component analysis; Face recognition; Gabor features local binary pattern; multifactor authentication; principal component analysis; statistical features; texture features (ID#: 16-9162)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373181&isnumber=7372693

 

Albahbooh, N.A.; Bours, P., "A Mobile Phone Device as a Biometrics Authentication Method for an ATM Terminal," in Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, pp. 2017-2024, 26-28 Oct. 2015. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.299

Abstract: The use of mobile phone devices is expanding rapidly and they become essential tools that offer competitive business advantages in today's growing world of global computing environments. A Mobile phone device is a suitable tool for a multifactor authentication that could provide powerful and easy to use authentication device to access any service securely such as an ATM terminal as well as would increase the level of protection for critical and sensitive information. In this paper, we present a protocol that provides more secure ATM authentication using biometrics (fingerprint or face) on a mobile phone device under the restriction that no changes can be made to the existing physical infrastructure. Furthermore, we give an overview of the current ATM authentication methods utilizing mobile devices as a factor in the authentication process. Moreover, we outline a high level security analysis for the proposed authentication protocol.

Keywords: banking; biometrics (access control); cryptographic protocols; mobile computing; mobile handsets; ATM authentication methods; ATM terminal; authentication protocol; biometrics authentication method; global computing environments; high level security analysis; mobile phone device; multifactor authentication; Authentication; Biometrics (access control); Mobile handsets; Online banking; Protocols; ATM Terminal; Authentication Protocol; Biometrics; Fuzzy Vault; Mobile Phone Device  (ID#: 16-9163)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363345&isnumber=7362962

 

Dostalek, L.; Ledvina, J., "Strong Authentication for Internet Mobile Application," in Applied Electronics (AE), 2015 International Conference on, pp. 23-26, 8-9 Sept. 2015. Doi: (not provided)

Abstract: 4G networks to utilize Voice over LTE (VoLTE). VoLTE uses similar authentication mechanisms such as HTTP. It is therefore possible that a web client on the mobile device will use for authentication mechanism originally designed for the VoLTE [10]. I.e. to use the AKA mechanism, which uses the UICC (USIM / ISIM). This mechanism authenticates the user to the mobile network. However, Web applications can provide another entity. This contribution to discuss the possibility of strong authentication into applications running on mobile devices. It deals with the possibility of combining algorithm AKA with other authentication algorithms. Combination of two algorithms will be created strong multifactor authentication, which is suitable for applications demanding high secure authentication such as Internet banking or Internet access to the Government applications.

Keywords: 4G mobile communication; Internet; Long Term Evolution; mobile computing; security of data; 4G networks; AKA mechanism; HTTP; ISIM; Internet mobile application; UICC; USIM; VoLTE; mobile network; secure authentication; strong multifactor authentication; voice over LTE; Authentication; Mobile communication; Mobile computing; Mobile handsets; Resistance; Smart cards; Authentication; Mobile Application; Security; Smart Card; Strong Password Authentication (ID#: 16-9164)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301048&isnumber=7301036

 

Johnston, A.H.; Weiss, G.M., "Smartwatch-Based Biometric Gait Recognition," in Biometrics Theory, Applications and Systems (BTAS), 2015 IEEE 7th International Conference on, pp. 1-6, 8-11 Sept. 2015. doi: 10.1109/BTAS.2015.7358794

Abstract: The advent of commercial smartwatches provides an intriguing new platform for mobile biometrics. Like their smartphone counterparts, these mobile devices can perform gait-based biometric identification because they too contain an accelerometer and a gyroscope. However, smartwatches have several advantages over smartphones for biometric identification because users almost always wear their watch in the same location and orientation. This location (i.e. the wrist) tends to provide more information about a user's movements than the most common location for smartphones (pockets or handbags). In this paper we show the feasibility of using smartwatches for gait-based biometrics by demonstrating the high levels of accuracy that can result from smartwatch-based identification and authentication models. Applications of smartwatch-based biometrics range from a new authentication challenge for use in a multifactor authentication system to automatic personalization by identifying the user of a shared device.

Keywords: biometrics (access control); gait analysis; identification; image recognition; message authentication; mobile computing; biometric gait recognition; multifactor authentication system; smartwatch-based biometrics; smartwatch-based identification; Accelerometers; Authentication; Biosensors; Gait recognition; Gyroscopes; Performance evaluation (ID#: 16-9165)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7358794&isnumber=7358743

 

Shah, Y.; Choyi, V.; Subramanian, L., "Multi-factor Authentication as a Service," in Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2015 3rd IEEE International Conference on, pp. 144-150, March 30 2015-April 3 2015. doi: 10.1109/MobileCloud.2015.35

Abstract: An architecture for providing multi-factor authentication as a service is proposed, resting on the principle of a loose coupling and separation of duties between network entities and end user devices. The multi-factor authentication architecture leverages Identity Federation and Single-Sign-On technologies, such as the OpenID framework, in order to provide for a modular integration of various factors of authentication. The architecture is robust and scalable enabling service providers to define risk-based authentication policies by way of assurance level requirements, which map to concrete authentication factor capabilities on user devices.

Keywords: cloud computing; message authentication; OpenID framework; assurance level requirements; authentication factor capabilities; identity federation; multifactor authentication architecture; multifactor authentication as a service; risk-based authentication policies; single-sign-on technologies; user devices; Authentication; Biometrics (access control); Mobile communication; Mobile computing; Protocols; Servers; OpenID; assurance level; biometrics; federated identity; multi-factor authentication; single-sign-on (ID#: 16-9166)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7130879&isnumber=7130853

 

Thiranant, N.; Young Sil Lee; HoonJae Lee, "Performance Comparison Between RSA and Elliptic Curve Cryptography-Based QR Code Authentication," in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, pp. 278-282, 24-27 March 2015. doi: 10.1109/WAINA.2015.62

Abstract: In the QR Code authentication technique, smart phone has become a great tool and played an important role in the authentication process. It has been used in various fields over the internet, especially in multi-factor authentication. However, security aspects should be well taken care of. In this paper, the performance comparison between RSA and Elliptic Curve Cryptography-based QR Code Authentication is proposed. It mainly focuses on QR Code, as it is now widely used all over the world. In addition, existing and related work has leveraged the use of RSA, but no work done on Elliptic Curve Cryptography. The experiment results and comparisons are shown and described in this paper.

Keywords: codes; public key cryptography; smart phones; QR code authentication technique; RSA; elliptic curve cryptography-based QR code authentication; internet; multifactor authentication; smartphone; Authentication; Elliptic curve cryptography; Elliptic curves; Encryption; Data encryption; Elliptic Curve Cryptography; Mobile application; Public-key algorithm; QR Code (ID#: 16-9167)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096187&isnumber=7096097

 

Guifen Zhao; Ying Li; Liping Du; Xin Zhao, "Asynchronous Challenge-Response Authentication Solution Based on Smart Card in Cloud Environment," in Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 156-159, 24-26 April 2015. doi: 10.1109/ICISCE.2015.42

Abstract: In order to achieve secure authentication, an asynchronous challenge-response authentication solution is proposed. SD key, encryption cards or encryption machine provide encryption service. Hash function, symmetric algorithm and combined secret key method are adopted while authenticating. The authentication security is guaranteed due to the properties of hash function, combined secret key method and one-time authentication token generation method. Generate random numbers, one-time combined secret key and one-time token on the basis of smart card, encryption cards and cryptographic technique, which can avoid guessing attack. Moreover, the replay attack is avoided because of the time factor. The authentication solution is applicable for cloud application systems to realize multi-factor authentication and enhance the security of authentication.

Keywords: cloud computing; message authentication; private key cryptography; smart cards; SD key; asynchronous challenge-response authentication solution; authentication security; cloud application systems; combined secret key method; cryptographic technique; encryption cards; encryption machine; encryption service; hash function; multifactor authentication; one-time authentication token generation method; one-time combined secret key; random number generation; replay attack; smart card; symmetric algorithm; time factor; Authentication; Encryption; Servers; Smart cards; Time factors; One-time password; asynchronous challenge-response authentication; multi-factor authentication; smart card}, (ID#: 16-9168)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120582&isnumber=7120439

 

Amin, R.; Biswas, G.P., "Anonymity Preserving Secure Hash Function Based Authentication Scheme for Consumer USB Mass Storage Device," in Computer, Communication, Control and Information Technology (C3IT), 2015 Third International Conference on, pp. 1-6, 7-8 Feb. 2015. doi: 10.1109/C3IT.2015.7060190

Abstract: A USB (Universal Serial Bus) mass storage device, which makes a (USB) device accessible to a host computing device and enables file transfers after completing mutual authentication between the authentication server and the user. It is also very popular device because of it's portability, large storage capacity and high transmission speed. To protect the privacy of a file transferred to a storage device, several security protocols have been proposed but none of them is completely free from security weaknesses. Recently He et al. proposed a multi-factor based security protocol which is efficient but the protocol is not applicable for practical implementation, as they does not provide password change procedure which is an essential phase in any password based user authentication and key agreement protocol. As the computation and implementation of the cryptographic one-way hash function is more trouble-free than other existing cryptographic algorithms, we proposed a light weight and anonymity preserving three factor user authentication and key agreement protocol for consumer mass storage devices and analyzes our proposed protocol using BAN logic. Furthermore, we have presented informal security analysis of the proposed protocol and confirmed that the protocol is completely free from security weaknesses and applicable for practical implementation.

Keywords: cryptographic protocols; file organisation; BAN logic; USB device; anonymity preserving secure hash function based authentication scheme ;anonymity preserving three factor user authentication; authentication server; consumer USB mass storage device; consumer mass storage devices; cryptographic algorithms; cryptographic one-way hash function; file transfers; host computing device; informal security analysis; key agreement protocol; multifactor based security protocols; password based user authentication; password change procedure; storage capacity; universal serial bus mass storage device; Authentication; Cryptography; Protocols; Servers; Smart cards; Universal Serial Bus; Anonymity; Attack; File Secrecy; USB MSD; authentication (ID#: 16-9169)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7060190&isnumber=7060104

 

Longji Tang; Liubo Ouyang; Wei-Tek Tsai, "Multi-factor Web API Security for Securing Mobile Cloud," in Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, pp. 2163-2168, 15-17 Aug. 2015. doi: 10.1109/FSKD.2015.7382287

Abstract: Mobile Cloud Computing is gaining more popularity in both mobile users and enterprises. With mobile-first becoming enterprise IT strategy and more enterprises exposing their business services to mobile cloud through Web API, the security of mobile cloud computing becomes a main concern and key successful factor as well. This paper shows the security challenges of mobile cloud computing and defines an end-to-end secure mobile cloud computing reference architecture. Then it shows Web API security is a key to the end-to-end security stack and specifies traditional API security mechanism and two multi-factor Web API security strategy and mechanism. Finally, it compares the security features provided by ten API gateway providers.

Keywords: application program interfaces; cloud computing; mobile computing; security of data; API gateway providers; API security mechanism; business services; end-to-end secure mobile cloud computing; enterprise IT strategy; mobile cloud computing; mobile users; multifactor Web API security; securing mobile cloud; Authentication; Authorization; Business; Cloud computing; Mobile communication; end-to-end; mobile cloud; security mechanism; web API (ID#: 16-9170)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7382287&isnumber=7381900

 

van der Haar, D., "CaNViS: A Cardiac and Neurological-Based Verification System that uses Wearable Sensors," in Digital Information, Networking, and Wireless Communications (DINWC), 2015 Third International Conference on , pp. 99-104, 3-5 Feb. 2015. doi: 10.1109/DINWC.2015.7054225

Abstract: The prevalence of more portable physiological sensors in medical, lifestyle and security fields have ushered in more viable iometric attributes that can be used for the task of identification and authentication. The portability of these sensors also allows systems that require more than one signal source to be feasible and more practical. Once these biological signals are captured, they can then be combined for the purposes of authentication. The study proposes such a multi-factor biometric system, by fusing cardiac and neurological components captured with an electrocardiograph (ECG) and electroencephalograph (EEG) respectively and using them as a biometric attribute. Representing each of these components in a common format and fusing them at a feature level allows one to create a novel biometric system that is interoperable with different biological signal sources. The results indicate the system portrays a sufficient false rejection (FRR) and false acceptance rates (FAR). The results also show there is value in implementing multi-factor biological signal-based biometric systems using wearable sensors.

Keywords: biometrics (access control); electrocardiography; electroencephalography; medical signal processing; CaNViS; ECG; EEG; biological signal source; cardiac and neurological-based verification system; cardiac component; electrocardiograph; electroencephalograph; false acceptance rate; false rejection ratae; multifactor biological signal; multifactor biometric system; neurological component; wearable sensors; Authentication; Biometrics (access control);Biosensors; Electrocardiography; Electroencephalography; Feature extraction; Authentication; Biometric Fusion; Biometrics; Wearable Computing (ID#: 16-9171)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7054225&isnumber=7054206

 

Haider, S.K.; Ahmad, M.; Hijaz, F.; Patni, A.; Johnson, E.; Seita, M.; Khan, O.; van Dijk, M., "M-MAP: Multi-factor Memory Authentication for Secure Embedded Processors," in Computer Design (ICCD), 2015 33rd IEEE International Conference on, pp. 471-474, 18-21 Oct. 2015. doi: 10.1109/ICCD.2015.7357151

Abstract: The challenges faced in securing embedded computing systems against multifaceted memory safety vulnerabilities have prompted great interest in the development of memory safety countermeasures. These countermeasures either provide protection only against their corresponding type of vulnerabilities, or incur substantial architectural modifications and overheads in order to provide complete safety, which makes them infeasible for embedded systems. In this paper, we propose M-MAP: a comprehensive system based on multi-factor memory authentication for complete memory safety. We examine certain crucial implications of composing memory integrity verification and bounds checking schemes in a comprehensive system. Based on these implications, we implement M-MAP with hardware based memory integrity verification and software based bounds checking to achieve a balance between hardware modifications and performance. We demonstrate that M-MAP implemented on top of a lightweight out-of-order processor delivers complete memory safety with only 32% performance overhead on average, while incurring minimal hardware modifications, and area overhead.

Keywords: embedded systems; security of data; storage management chips; M-MAP; embedded computing systems; hardware modifications; memory safety countermeasures; multifaceted memory safety vulnerabilities; multifactor memory authentication; secure embedded processors; Benchmark testing; Computer architecture; Hardware; Program processors; Random access memory; Safety (ID#: 16-9172)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357151&isnumber=7357071

 

Gepko, I., "General Requirements and Security Architecture for Mobile Phone Anti-Cloning Measures," in EUROCON 2015 - International Conference on Computer as a Tool (EUROCON), IEEE, pp. 1-6, 8-11 Sept. 2015. doi: 10.1109/EUROCON.2015.7313666

Abstract: The impressive number of counterfeit and stolen mobile phones as well as the emergence of applications where the authentication of mobile terminal is needed shows the critical importance of reliable protection of the mobile device identity. Counterfeiters may use for their products identifiers allocated for genuine handsets. Besides, forgery of the International Mobile Equipment Identity (IMEI) is not too difficult for most of existing smartphones as their software which is the last source of IMEI before sending it to network is vulnerable to modifications. In this paper we argue that there is a need for developing of anti-cloning tool for the mobile devices, which efficacy should not depend on manufacturers. The basic requirements for the novel security architecture were formulated. We introduced “provable experience” authentication factor of mobile device which is dual with respect to the “social network” authentication factor of user. A novel method of multi-factor authentication of mobile device is proposed based on this, which allows effective blocking of clones in cellular networks and does not require standardization or changes in mobile device construction.

Keywords: security of data; smart phones; social networking (online); IMEI; anticloning tool; cellular networks; counterfeit mobile phones; genuine handsets; international mobile equipment identity; mobile device identity; mobile phone anticloning measures; mobile terminal authentication; multifactor mobile device authentication; provable experience authentication factor; security architecture; smartphones; social network authentication factor; Authentication; Mobile communication; Mobile computing; Mobile handsets; Software; IMEI; authentication factor; identity; mobile device; multi-factor authentication; security (ID#: 16-9173)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7313666&isnumber=7313653

 

Lupu, C.; Gaitan, V.-G.; Lupu, V., "Fingerprints Used for Security Enhancement of Online Banking Authentication Process," in Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, pp. 217-220, 25-27 June 2015. doi: 10.1109/ECAI.2015.7301177

Abstract: Online banking services have become one of the most important applications on the Internet, being provided by most of the banks all over the world. The end-user can manage the accounts or make some payments without being forced to go to the physical bank office. That's why security concerns regarding authentication have to be taken into the account and the bank should provide various and combined methods for login, in order to increase the confidence in their services. In other words, the bank should provide a multi-factor authentication. This paper will present a model for user enrollment and authentication, using three basic methods, based on: what user knows (a username), what user has (a digipass) and an intrinsic characteristic of the user, e.g. a fingerprint. Combining these three characteristics will lead to a great security improvement in authentication or order signing. Classical methods are based only on the first two characteristics (what user knows and has), without the most habitual one, that cannot be lost or stolen: an intrinsic characteristic of the user, like a fingerprint or an iris. This paper will also present an application developed during our researches, for user enrollment that can be used in the bank-side environment.

Keywords: Internet; bank data processing; message authentication; retail data processing; Internet; digipass; end-user; fingerprints; intrinsic characteristic; multifactor authentication; online banking services; order signing; security enhancement; security improvement; user authentication; user enrollment; username; Authentication; Fingerprint recognition; Iris recognition; Online banking; biometrics; enrollment; online banking; process flowchart; security (ID#: 16-9174)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301177&isnumber=7301133

 

Fathi, R.; Salehi, M.A.; Leiss, E.L., "User-Friendly and Secure Architecture (UFSA) for Authentication of Cloud Services," in Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on, pp. 516-523, June 27 2015-July 2 2015. doi: 10.1109/CLOUD.2015.75

Abstract: Clouds are becoming prevalent service providers because of their low upfront costs, rapid application deployment, and high scalability. Many users outsource their sensitive data and services to cloud providers. Users frequently access these sensitive services through devices and connections that are vulnerable to thieving and eavesdropping. Therefore, users are desperate of robust security measures to protect their data and services privacy in clouds. In particular, robust authentication techniques are demanded by users for safe access to cloud services. One technique is to utilize multiple authentication factors (a.k. A multi-factor authentication) to access cloud services. However, the challenge is that the multi-factor authentication technique is not effective as it causes user frustration and fatigue. To address this challenge, in this study, we propose a multi-factor authentication architecture that aims at minimizing the perceived authentication hardship for cloud users while improving the security of the authentication. To achieve the goal, our authentication architecture suggests a progressive manner to leverage access to different levels of cloud services. At each level, the architecture asks for authentication factors by considering the perceived hardship for users. To increase the security and user convenience, the architecture also considers implicit authentication factors in addition to the explicit factors. Our evaluation results indicate that authentication using the proposed architecture decreases the users' perceived hardship up to 29% in compare with other methods. The results also reveal that our proposed architecture adapts the authentication difficulty based on the user condition.

Keywords: cloud computing; data protection; message authentication; software architecture; UFSA; cloud providers; cloud service authentication; cloud service privacy; data privacy; data protection; explicit authentication factors; implicit authentication factors; multifactor authentication technique; multiple authentication factors; robust authentication techniques; robust security measures; user-friendly and secure architecture; Authentication; Computer architecture; Engines; Mathematical model; Mobile handsets; Sensitivity; Cloud services; Multi-factor Authentication; Sand-boxing; User-friendly authentication (ID#: 16-9175)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7214085&isnumber=7212169

 

Khan, S.H.; Akbar, M.A., "Multi-Factor Authentication on Cloud," in Digital Image Computing: Techniques and Applications (DICTA), 2015 International Conference on, pp. 1-7, 23-25 Nov. 2015

doi: 10.1109/DICTA.2015.7371288

Abstract: Due to the recent security infringement incidents of single factor authentication services, there is an inclination towards the use of multi-factor authentication (MFA) mechanisms. These MFA mechanisms should be available to use on modern hand-held computing devices like smart phones due to their big share in computational devices market. Moreover, the high social acceptability and ubiquitous nature has attracted the enterprises to offer their services on modern day hand-held devices. In this regard, the big challenge for these enterprises is to ensure security and privacy of users. To address this issue, we have implemented a verification system that combines human inherence factor (handwritten signature biometrics) with the standard knowledge factor (user specific passwords) to achieve a high level of security. The major computational load of the aforementioned task is shifted on a cloud based application server so that a platform-independent user verification service with ubiquitous access becomes possible. Custom applications are built for both the iOS and Android based devices which are linked with the cloud based two factor authentication (TFA) server. The system is tested on-the-run by a diverse group of users and 98.4% signature verification accuracy is achieved.

Keywords: cloud computing; data privacy; message authentication; ubiquitous computing; Android based device; cloud based application server; hand-held computing device; handwritten signature biometrics; human inherence factor; iOS; multifactor authentication; security infringement; signature verification; single factor authentication service; smart phone; two factor authentication server; user privacy; user security; Authentication; Biometrics (access control); Hidden Markov models; Performance evaluation; Servers; Smart phones (ID#: 16-9176)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371288&isnumber=7371204

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.