scholarly journals An Efficient Login Authentication System against Multiple Attacks in Mobile Devices

Symmetry ◽  
2021 ◽  
Vol 13 (1) ◽  
pp. 125
Author(s):  
Yang Li ◽  
Xinyu Yun ◽  
Liming Fang ◽  
Chunpeng Ge
Keyword(s):  
Authentication Scheme ◽  
Fingerprint Recognition ◽  
Mobile Platforms ◽  
Private Data ◽  
Shoulder Surfing ◽  
New Type ◽  
Authentication Schemes ◽  
Symmetry Problem ◽  
Iot Devices ◽  
The Internet Of Things

Access management of IoT devices is extremely important, and a secure login authentication scheme can effectively protect users’ privacy. However, traditional authentication schemes are threatened by shoulder-surfing attacks, and biometric-based schemes, such as fingerprint recognition and face recognition, that are commonly used today can also be cracked. Researchers have proposed some schemes for current attacks, but they are limited by usability. For example, the login authentication process requires additional device support. This method solves the problem of attacks, but it is unusable, which limits its application. At present, most authentication schemes for the Internet of Things and mobile platforms either focus on security, thus ignoring availability, or have excellent convenience but insufficient security. This is a symmetry problem worth exploring. Therefore, users need a new type of login authentication scheme that can balance security and usability to protect users’ private data or maintain device security. In this paper, we propose a login authentication scheme named PinWheel, which combines a textual password, a graphical password, and biometrics to prevent both shoulder-surfing attacks and smudge attacks and solves the current schemes’ lack of usability. We implemented PinWheel and evaluated it from the perspective of security and usability. The experiments required 262 days, and 573 subjects participated in our investigation. The evaluation results show that PinWheel can at least effectively resist both mainstream attacks and is superior to most existing schemes in terms of usability.

A Survey of Authentication Schemes in the Internet of Things

2019 ◽  
Vol 6 (1) ◽  
pp. 15-30 ◽  
Author(s):  
Yasmine Labiod ◽  
Abdelaziz Amara Korba ◽  
Nacira Ghoualmi-Zine
Keyword(s):  
Internet Of Things ◽  
Security Requirements ◽  
Security And Privacy ◽  
The Internet ◽  
Privacy And Security ◽  
Depth Study ◽  
Authentication Schemes ◽  
Iot Devices ◽  
Privacy Issues ◽  
The Internet Of Things

In the recent years, the Internet of Things (IoT) has been widely deployed in different daily life aspects such as home automation, electronic health, the electric grid, etc. Nevertheless, the IoT paradigm raises major security and privacy issues. To secure the IoT devices, many research works have been conducted to counter those issues and discover a better way to remove those risks, or at least reduce their effects on the user's privacy and security requirements. This article mainly focuses on a critical review of the recent authentication techniques for IoT devices. First, this research presents a taxonomy of the current cryptography-based authentication schemes for IoT. In addition, this is followed by a discussion of the limitations, advantages, objectives, and attacks supported of current cryptography-based authentication schemes. Finally, the authors make in-depth study on the most relevant authentication schemes for IoT in the context of users, devices, and architecture that are needed to secure IoT environments and that are needed for improving IoT security and items to be addressed in the future.

scholarly journals A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments

2021 ◽  
Vol 13 (16) ◽  
pp. 9241
Author(s):  
Seunghwan Son ◽  
Yohan Park ◽  
Youngho Park
Keyword(s):  
Intelligent Transportation Systems ◽  
User Authentication ◽  
Formal Analysis ◽  
Bilinear Pairing ◽  
Transportation Systems ◽  
Authentication Scheme ◽  
Iot Devices ◽  
And Performance ◽  
Exclusive Or ◽  
The Internet Of Things

The Internet of Things (IoT) is being applied to various environments such as telecare systems, smart homes, and intelligent transportation systems. The information generated from IoT devices is stored at remote servers, and external users authenticate to the server for requesting access to the stored data. In IoT environments, the authentication process is required to be conducted efficiently, and should be secure against various attacks and ensure user anonymity and untraceability to ensure sustainability of the network. However, many existing protocols proposed in IoT environments do not meet these requirements. Recently, Rajaram et al. proposed a paring-based user authentication scheme. We found that the Rajaram et al. scheme is vulnerable to various attacks such as offline password guessing, impersonation, privileged insider, and known session-specific temporary information attacks. Additionally, as their scheme uses bilinear pairing, it requires high computation and communication costs. In this study, we propose a novel authentication scheme that resolves these security problems. The proposed scheme uses only hash and exclusive-or operations to be applicable in IoT environments. We analyze the proposed protocol using informal analysis and formal analysis methods such as the BAN logic, real-or-random (ROR) model, and the AVISPA simulation, and we show that the proposed protocol has better security and performance compared with existing authentication protocols. Consequently, the proposed protocol is sustainable and suitable for real IoT environments.

Malware Threat in Internet of Things and Its Mitigation Analysis

2021 ◽  
pp. 371-387
Author(s):  
Shingo Yamaguchi ◽  
Brij Gupta
Keyword(s):  
Internet Of Things ◽  
Large Volume ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
New Type ◽  
Iot Devices ◽  
Mitigation Methods ◽  
The Internet Of Things

This chapter introduces malware's threat in the internet of things (IoT) and then analyzes the mitigation methods against the threat. In September 2016, Brian Krebs' web site “Krebs on Security” came under a massive distributed denial of service (DDoS) attack. It reached twice the size of the largest attack in history. This attack was caused by a new type of malware called Mirai. Mirai primarily targets IoT devices such as security cameras and wireless routers. IoT devices have some properties which make them malware attack's targets such as large volume, pervasiveness, and high vulnerability. As a result, a DDoS attack launched by infected IoT devices tends to become massive and disruptive. Thus, the threat of Mirai is an extremely important issue. Mirai has been attracting a great deal of attention since its birth. This resulted in a lot of information related to IoT malware. Most of them came from not academia but industry represented by antivirus software makers. This chapter summarizes such information.

Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment

2021 ◽  
Vol 21 (3) ◽  
pp. 1-19
Author(s):  
Shehzad Ashraf Chaudhry ◽  
Azeem Irshad ◽  
Khalid Yahya ◽  
Neeraj Kumar ◽  
Mamoun Alazab ◽  
...  
Keyword(s):  
Mutual Authentication ◽  
Authentication Scheme ◽  
Security Requirements ◽  
User Privacy ◽  
Registered User ◽  
Authentication Schemes ◽  
A Minor ◽  
Lightweight Authentication ◽  
Privacy And Anonymity ◽  
The Internet Of Things

The advancements in the internet of things (IoT) require specialized security protocols to provide unbreakable security along with computation and communication efficiencies. Moreover, user privacy and anonymity has emerged as an integral part, along with other security requirements. Unfortunately, many recent authentication schemes to secure IoT-based systems were either proved as vulnerable to different attacks or prey of inefficiencies. Some of these schemes suffer from a faulty design that happened mainly owing to undue emphasis on privacy and anonymity alongside performance efficiency. This article aims to show the design faults by analyzing a very recent hash functions-based authentication scheme for cloud-based IoT systems with misunderstood privacy cum efficiency tradeoff owing to an unadorned design flaw, which is also present in many other such schemes. Precisely, it is proved in this article that the scheme of Wazid et al. cannot provide mutual authentication and key agreement between a user and a sensor node when there exists more than one registered user. We then proposed an improved scheme and proved its security through formal and informal methods. The proposed scheme completes the authentication cycle with a minor increase in computation cost but provides all security goals along with privacy.

scholarly journals Multi Core DN​N based IDS for Botnet Attacks using KPCA Reduction Techniques

2021 ◽  
Author(s):  
Sharmila B S ◽  
Rohini Nagapadma
Keyword(s):  
Detection System ◽  
Research Work ◽  
Principal Component ◽  
Kernel Principal Component Analysis ◽  
The Internet ◽  
Reduction Techniques ◽  
Private Data ◽  
Learning Techniques ◽  
Iot Devices ◽  
The Internet Of Things

Abstract Research on network security has recently acquired attention in the field of the Internet of Things. In the context of security, most of the IoT devices with the internet are connected directly which results in the exploitation of private data. Nowadays, the fraudster will release novel attacks very frequently especially for IoT devices. As a result, the traditional sophisticated Intrusion Detection System (IDS) model is not suitable for the identification of vulnerabilities in IoT devices. In our research work, we propose MCDNN for IDS. MCDNN is Multi Core DNN with having parallel optimizer. Rather than a traditional dataset, this paper experiment is conducted on the BoTIoT dataset. Since IoT devices generate a huge volume of data, this work focuses on reducing huge datasets using Kernel Principal Component Analysis(KPCA) reduction technique with optimizer parallelly. To decrease false alarm rate and maintaining less computational power multi-core is introduced in our research work. This helps identification of vulnerabilities in IoT devices using deep learning techniques faster. Experimental results indicate that designing MCDNN based IDS with different optimizers parallelly achieved higher performance than those of other techniques.

scholarly journals Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment

2021 ◽  
Vol 2021 ◽  
pp. 1-20
Author(s):  
Hakjun Lee ◽  
Dongwoo Kang ◽  
Youngsook Lee ◽  
Dongho Won
Keyword(s):  
Cloud Computing ◽  
Network Flow ◽  
User Authentication ◽  
Authentication Scheme ◽  
User Privacy ◽  
Sensor Devices ◽  
Authentication Schemes ◽  
Iot Devices ◽  
Network Technologies ◽  
Three Factor

Cloud computing provides virtualized information technology (IT) resources to ensure the workflow desired by user at any time and location; it allows users to borrow computing resources such as software, storage, and servers, as per their needs without the requirements of complicated network and server configurations. With the generalization of small embedded sensor devices and the commercialization of the Internet of Things (IoT), short- and long-range wireless network technologies are being developed rapidly, and the demand for deployment of cloud computing for IoT is increasing significantly. Cloud computing, together with IoT technology, can be used to collect and analyse large amounts of data generated from sensor devices, and easily manage heterogeneous IoT devices such as software updates, network flow control, and user management. In cloud computing, attacks on users and servers can be a serious threat to user privacy. Thus, various user authentication schemes have been proposed to prevent different types of attacks. In this paper, we discuss the security and functional weakness of the related user authentication schemes used in cloud computing and propose a new elliptic curve cryptography- (ECC-) based three-factor authentication scheme to overcome the security shortcomings of existing authentication schemes. To confirm the security of the proposed scheme, we conducted both formal and informal analyses. Finally, we compared the performance of the proposed scheme with those of related schemes to verify that the proposed scheme can be deployed in the real world.

scholarly journals Graphical password scheme to diminish shoulder surfing

2017 ◽  
Vol 7 (1.1) ◽  
pp. 234
Author(s):  
D. Sri Ram Varma ◽  
K. Meghana ◽  
V. Sai Deepak ◽  
R. Murugan
Keyword(s):  
Authentication Scheme ◽  
Biometric Authentication ◽  
Brute Force ◽  
Graphical Password ◽  
The People ◽  
Shoulder Surfing ◽  
Common Technique ◽  
Authentication Schemes ◽  
Dictionary Attacks

Many authentication schemes are known to us but none of them are completely secure. Textual password is the most common technique used by majority of the people in the industry. But Textual passwords are vulnerable to dictionary attacks, keyloggers, brute-force attacks, even guessing may work out sometimes. Alternative authentication schemes have been proposed to overcome this problem, some of them are Biometric authentication, retina based authentication, graphical password scheme ETC., Authentication Schemes such as biometric and retina scans are too costly, so they are not always preferred. Not every graphical authentication is secure and efficient. In this paper, an authentication scheme with a combination of text and colour is proposed. This allows the user to log-in to the framework a little more secure.

Security Aspects of the Internet of Things

2021 ◽  
pp. 207-233
Author(s):  
Dominik Hromada ◽  
Rogério Luís de C. Costa ◽  
Leonel Santos ◽  
Carlos Rabadão
Keyword(s):  
Internet Of Things ◽  
New Technologies ◽  
Smart Cities ◽  
The Internet ◽  
Detection Systems ◽  
Private Data ◽  
Promising Solution ◽  
Iot Devices ◽  
Smart Industry ◽  
The Internet Of Things

The Internet of Things (IoT) comprises the interconnection of a wide range of different devices, from Smart Bluetooth speakers to humidity sensors. The great variety of devices enables applications in several contexts, including Smart Cities and Smart Industry. IoT devices collect and process a large amount of data on machines and the environment and even monitor people's activities. Due to their characteristics and architecture, IoT devices and networks are potential targets for cyberattacks. Indeed, cyberattacks can lead to malfunctions of the IoT environment and access and misuse of private data. This chapter addresses security concerns in the IoT ecosystem. It identifies common threats for each of IoT layers and presents advantages, challenges, and limitations of promising countermeasures based on new technologies and strategies, like Blockchain and Machine Learning. It also contains a more in-depth discussion on Intrusion Detection Systems (IDS) for IoT, a promising solution for cybersecurity in IoT ecosystems.

A Survey of Authentication Schemes in the Internet of Things

2021 ◽  
pp. 1715-1732
Author(s):  
Yasmine Labiod ◽  
Abdelaziz Amara Korba ◽  
Nacira Ghoualmi-Zine
Keyword(s):  
Internet Of Things ◽  
Security Requirements ◽  
Security And Privacy ◽  
The Internet ◽  
Privacy And Security ◽  
Depth Study ◽  
Authentication Schemes ◽  
Iot Devices ◽  
Privacy Issues ◽  
The Internet Of Things

In the recent years, the Internet of Things (IoT) has been widely deployed in different daily life aspects such as home automation, electronic health, the electric grid, etc. Nevertheless, the IoT paradigm raises major security and privacy issues. To secure the IoT devices, many research works have been conducted to counter those issues and discover a better way to remove those risks, or at least reduce their effects on the user's privacy and security requirements. This article mainly focuses on a critical review of the recent authentication techniques for IoT devices. First, this research presents a taxonomy of the current cryptography-based authentication schemes for IoT. In addition, this is followed by a discussion of the limitations, advantages, objectives, and attacks supported of current cryptography-based authentication schemes. Finally, the authors make in-depth study on the most relevant authentication schemes for IoT in the context of users, devices, and architecture that are needed to secure IoT environments and that are needed for improving IoT security and items to be addressed in the future.

scholarly journals A Novel Framework to Classify Malware in MIPS Architecture-Based IoT Devices

2019 ◽  
Vol 2019 ◽  
pp. 1-13 ◽  
Author(s):  
Tran Nghi Phu ◽  
Kien Hoang Dang ◽  
Dung Ngo Quoc ◽  
Nguyen Tho Dai ◽  
Nguyen Ngoc Binh
Keyword(s):  
Industrial Revolution ◽  
Machine Learning Techniques ◽  
The Internet ◽  
The Real ◽  
Learning Techniques ◽  
Behavior System ◽  
Diverse Environment ◽  
New Type ◽  
Iot Devices ◽  
The Internet Of Things

Malware on devices connected to the Internet via the Internet of Things (IoT) is evolving and is a core component of the fourth industrial revolution. IoT devices use the MIPS architecture with a large proportion running on embedded Linux operating systems, but the automatic analysis of IoT malware has not been resolved. We proposed a framework to classify malware in IoT devices by using MIPS-based system behavior (system call—syscall) obtained from our F-Sandbox passive process and machine learning techniques. The F-Sandbox is a new type for IoT sandbox, automatically created from the real firmware of the specialized IoT devices, inheriting the specialized environment in the real firmware, therefore creating a diverse environment for sandboxing as an important characteristic of IoT sandbox. This framework classifies five families of IoT malware with F1-Weight = 97.44%.

Sign in / Sign up

Export Citation Format

Share Document