Related papers: Comments on Five Smart Card Based Password Authent…
Credit card fraud is a problem continuously faced by financial institutions and their customers, which is mitigated by fraud detection systems. However, these systems require the use of sensitive customer transaction data, which introduces…
This paper analyses the various authentication systems implemented for enhanced security and private re-position of an individual's log-in credentials. The first part of the paper describes the multi-factor authentication (MFA) systems,…
The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer…
Vajda and Buttyan (VB) proposed a set of five lightweight RFID authentication protocols. Defend, Fu, and Juels (DFJ) did cryptanalysis on two of them - XOR and SUBSET. To the XOR protocol, DFJ proposed repeated keys attack and nibble…
The erosion of trust put in traditional database servers, the growing interest for different forms of data dissemination and the concern for protecting children from suspicious Internet content are different factors that lead to move the…
Security situational awareness refers to identifying, mitigating, and preventing digital cyber threats by gathering information to understand the current situation. With awareness, the basis for decisions is present, particularly in complex…
Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is…
We study linking attacks on communication protocols. We show that an active attacker is strictly more powerful in this setting than previously-considered passive attackers. We introduce a formal model to reason about active linkability…
Smart contracts are software programs featuring both traditional applications and distributed data storage on blockchains. Ethereum is a prominent blockchain platform with the support of smart contracts. The smart contracts act as…
Choosing authentication schemes for a specific purpose is challenging for service providers, developers, and researchers. Previous ratings of technical and objective aspects showed that available schemes all have strengths and limitations.…
In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues.…
This paper discusses a new protocol implementing authentication in a multi-located environment that avoids man-in-the-middle (MIM) attack, replay attack and provides privacy, integrity of a message for multi-located parties. The protocol…
The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim's smartphone, the attacker can launch impersonation…
We give a new class of security definitions for authentication in the quantum setting. These definitions capture and strengthen existing definitions of security against quantum adversaries for both classical message authentication codes…
The advent of quantum key distribution (QKD) has revolutionized secure communication by providing unconditional security, unlike classical cryptographic methods. However, its effectiveness relies on robust identity authentication, as…
The unprecedented proliferation of smart devices together with novel communication, computing, and control technologies have paved the way for the Advanced Internet of Things~(A-IoT). This development involves new categories of capable…
Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience.…
In this work we analyse five popular commercial password managers for security vulnerabilities. Our analysis is twofold. First, we compile a list of previously disclosed vulnerabilities through a comprehensive review of the academic and…
Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under…
Gesture and signature passwords are two-dimensional figures created by drawing on the surface of a touchscreen with one or more fingers. Prior results about their security have used resilience to either shoulder surfing, a human observation…