Related papers: Outflanking and securely using the PIN/TAN-System
In 2000, Hwang and Li proposed a new remote user authentication scheme using smart cards. In the same year, Chan and Cheng pointed out that Hwang and Li’s scheme is not secure against the masquerade attack. Further, in 2003, Shen, Lin…
Technical security is only part of E-Commerce security operations; human usability and security perception play major and sometimes dominating factors. For instance, slick websites with impressive security icons but no real technical…
In this paper, we present the actual risks of stealing user PINs by using mobile sensors versus the perceived risks by users. First, we propose PINlogger.js which is a JavaScript-based side channel attack revealing user PINs on an Android…
For many years, the pay-TV system has attracted a lot of users. Users have recently expressed the desire to use mobile TV or mobile payment via anonymous protocols. The mobile users have also received their services over cellular…
The disaggregated and multi-vendor nature of OPEN-RAN networks introduces new supply chain security risks, making equipment authenticity and integrity crucial challenges. Robust solutions are needed to mitigate vulnerabilities in…
The obstacles of each security system combined with the increase of cyber-attacks, negatively affect the effectiveness of network security management and rise the activities to be taken by the security staff and network administrators. So,…
Personal authentication is an important process we encounter almost every day; when we are logging on a computer, entering a company where we work, or a restricted area, when we are using our plastic credit cards to pay for a service or to…
Program obfuscation is a widely employed approach for software intellectual property protection. However, general obfuscation methods (e.g., lexical obfuscation, control obfuscation) implemented in mainstream obfuscation tools are heuristic…
With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication;…
This paper describes a new password-based mutual authentication protocol for Web systems which prevents various kinds of phishing attacks. This protocol provides a protection of user's passwords against any phishers even if dictionary…
The Attacks done by Viruses, Worms, Hackers, etc. are a Network Security-Problem in many Organisations. Current Intrusion Detection Systems have significant Disadvantages, e.g. the need of plenty of Computational Power or the Local…
Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most…
Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this…
Text-based password schemes have inherent security and usability problems, leading to the development of graphical password schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using…
Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people's lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are…
Every attack begins with gathering information about the target. The entry point for network breaches are often vulnerabilities in internet facing websites, which often rely on an off-the-shelf Content Management System (CMS). Bot networks…
Anonymous access authentication schemes provide users with massive application services while protecting the privacy of users' identities. The identity protection schemes in 3G and 4G are not suitable for 5G anonymous access authentication…
The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Several signcryption schemes are proposed throughout the years, each…
Copyright protection is a major issue in distributing digital content. On the other hand, improvements to usability are sought by content users. In this paper, we propose a secure {\it traitor tracing scheme against key exposure (TTaKE)}…
Measuring the information leakage is critical for evaluating the practical security of cryptographic devices against side-channel analysis. Information-theoretic measures can be used (along with Fano's inequality) to derive upper bounds on…