Khaled Alghathbar

Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the authentication purpose. Recently, Wang et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. They claimed that their scheme preserves anonymity of user, has the features of strong password chosen by the server, and protected from several attacks. However, in this paper, we point out that Wang et al.s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme: does not provide anonymity of a user during authentication, user has no choice in choosing his password, vulnerable to insider attack, no provision for revocation of lost or stolen smart card, and does provide session key agreement. To remedy these security flaws, we propose an enhanced authentication scheme, which covers all the identified weaknesses of Wang et al.s scheme and is more secure and efficient for practical application environment.

Chaos-based secure satellite imagery cryptosystem

With the large-scale development in satellite and network communication technologies, there is a great demand for preserving the secure storage and transmission of satellite imagery over internet and shared network environment. This brings new challenges to protect sensitive and critical satellite images from unauthorized access and illegal usage. In this paper, we address the aforementioned issues and develop techniques to eliminate the associated problems. To achieve this, we propose a new chaos-based symmetric-key encryption technique for satellite imagery. This scheme utilizes multiple chaotic maps e.g. Logistic, Henon, Tent, Cubic, Sine and Chebyshev for enhancing the key space, robustness and security of satellite imagery. We perform key sensitivity, statistical and performance analysis experiments to determine the security, reliability, and speed of our algorithm for satellite imagery. The proposed algorithm presents several interesting features, such as a high level of security, large enough key space, pixel distributing uniformity and an acceptable encryption speed as compared to AES, 3-DES, and DES.

Challenge-response-based biometric image scrambling for secure personal identification

This paper presents a challenge/response-based biometric image scrambling scheme which attempts to overcome the liveness and retransmission issues of biometric image transmission over insecure communication channel. An intelligent biometric sensor is proposed which has computational power to receive challenges from authentication server and generates response against the challenge with encrypted biometric image. The fractional Fourier transform (FRT) has been used for a biometric image encryption process with its scaling factors and random phase masks as the secret keys. The random phase masks of FRT are chaotically generated by piecewise linear chaotic map (PWLCM) to further improve the encryption security. Experimental and simulation results have demonstrated that the proposed system is secure, robust, and deters the risks of attacks for secure biometric image transmission.

Effectiveness of information security awareness methods based on psychological theories

Effective user security awareness campaign can greatly enhance the information assurance posture of an organization. Information security includes organizational aspects, legal aspects, institutionalization and applications of best practices in addition to security technologies. User awareness represents a significant challenge in the security domain, with the human factor ultimately being the element that is exploited in a variety of attack scenarios. Information security awareness program is a critical component in any organizations strategy. In contrast to other information security awareness work which mostly explains methods and techniques for raising information security awareness; this paper discusses and evaluates the effectiveness of different information security awareness tools and techniques on the basis of psychological theories and models. Finally, it describes how to measure information security awareness in an organization.

Face Recognition using Layered Linear Discriminant Analysis and Small Subspace

Face recognition has great demands in human recognition and recently it becomes one of the most important research areas of biometrics. In this paper, we present a novel layered face recognition method based on Fisher’s linear discriminant analysis. The basic aim is to decrease FAR by reducing the face dataset to small size by applying layered linear discriminant analysis. Although, the computational complexity at the time of recognition is much higher than conventional PCA and LDA due to the weights computation for small subspace at the time of recognition, but on the other hand the layered LDA provides significant performance gain especially on similar face database. Layered LDA is insensitive to large dataset and also small sample size and it provides 93% accuracy on BANCA face database. Experimental and simulation results show that the proposed scheme has encouraging results for a practical face recognition system.

Cryptanalysis and improvement on a parallel keyed hash function based on chaotic neural network

This paper analyzes the security of a chaotic parallel keyed hash function in detail, and points out that it is susceptible to two kinds of forgery attacks and weak key attack (which results in MAC collision). To remedy such security flaws, an improved scheme is further proposed, and its security and performance are also discussed. The theoretical analysis shows that the improved scheme is more secure than the original one. In the meanwhile, it can also keep the parallel merit and other performance advantages of the original scheme.

Validating the enforcement of access control policies and separation of duty principle in requirement engineering

Validating the compliance of software requirements with the access control policies during the early development life cycle improves the security of the software. It prevents authorizing unauthorized subject during the specification of requirements and analysis before proceeding to other phases where the cost of fixing defects is augmented. This paper provides a logical-based framework that analyzes the authorization requirements specified in the Unified Modeling Language (UML). It ensures that the access requirements are consistent, complete and conflict-free. The framework proposed in this paper is an extension to AuthUML framework. We refine AuthUML and extend it by expanding its analysis to validate the enforcement of the Separation of Duty (SoD) during the requirement engineering. We enhance and extend AuthUML with the necessary phase, predicates and rules. The paper shows the various types of SoD and how each type can be validated. The extension shows the flexibility and scalability of AuthUML to validate new policies. Also, the extension makes AuthUML spans to different phases of the software development process that widen the application of AuthUML.

Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem

Secure broadcasting is an essential feature for critical operations in wireless sensor network (WSNs). However, due to the limited resources of sensor networks, verifying the authenticity for broadcasted messages is a very difficult issue. μTESLA is a broadcast authentication protocol, which uses network-wide loose time synchronization with one-way hashed keys to provide the authenticity verification. However, it suffers from several flaws considering the delay tolerance, and the chain length restriction. In this paper, we propose a protocol which provides broadcast authentication for wireless sensor networks. This protocol uses a nested hash chain of two different hash functions and the Chinese Remainder Theorem (CRT). The two different nested hash functions are employed for the seed updating and the key generation. Each sensor node is challenged independently with a common broadcasting message using the CRT. Our algorithm provides forward and non-restricted key generation, and in addition, no time synchronization is required. Furthermore, receivers can instantly authenticate packets in real time. Moreover, the comprehensive analysis shows that this scheme is efficient and practical, and can achieve better performance than the μTESLA system.

Energy Efficient Distributed Face Recognition in Wireless Sensor Network

Face recognition enhances the security through wireless sensor network and it is a challenging task due to constrains involved in wireless sensor network. Image processing and image communication in wireless sensor network reduces the life time of network due to the heavy processing and communication. This paper presents a collaborative face recognition system in wireless sensor network. The layered linear discriminant analysis is re-engineered to implement on wireless sensor network by efficiently allocating the network resources. Distributed face recognition not only help to reduce the communication overload but it also increase the node life time by distributing the work load on the nodes. The simulation shows that the proposed technique provide significant gain in network life time.