Mohammed Misbahuddin

A user friendly password authenticated key agreement for multi server environment

Two Factor authentication mechanisms are considered to be secure for authenticating a user in Internet based environment. As the number of services provided online is day by day increasing, users intending to use various online services are also increasing. With each service requiring the user to register separately, the overhead of remembering many ID/password pairs has lead to the problem of memorability. To address this, researchers have proposed mechanisms for multi-server environment where in the user needs to register with a single registration centre using one ID/password pair and thereby access all the services registered through that server. But, as these mechanisms employ textual passwords, they suffer from many inherent drawbacks. In this paper we propose a two factor password authenticated key agreement mechanism using graphical password where in the user needs to recognize his secret image presented to him as challenge. The protocol is designed such that there is no need of maintaining a password table at server for verification. In addition, the protocol provides secure low computation mutual authentication and session key agreement. The proposed protocol is computationally efficient and is expected to be secure against ID theft, Insider attack, Replay attack, Shoulder surfing attack, Reconnaissance attack, Server spoofing attack and guessing attack.

DNA for information security: A Survey on DNA computing and a pseudo DNA method based on central dogma of molecular biology

Biology is a life science which has high significance on the quality of life and information security is that aspect for social edification, which human beings will never compromise. Both are subjects of high relevance and inevitable for mankind. So, an amalgamation of these subjects definitely turns up as utility technology, either for security or data storage and is known as Bio computing. The secure transfer of information was a major concern from ancient civilizations. Various techniques have been proposed to maintain security of data so that only intended recipient should be able to receive the message other than the sender. These practices became more significant with the introduction of the Internet. Information varies from big data to a particular word, but every piece of information requires proper storage and protection which is a major concern. Cryptography is an art or science of secrecy which protects information from unauthorized access. Various techniques evolved through years for information protection, including Ciphers, Cryptography, Steganography, Biometrics and recent DNA for security.DNA cryptography was a major breakthrough in the field of security which uses Bio-molecular concepts and gives us a new hope of unbreakable algorithms. This paper discusses various DNA based Cryptographic methods proposed till now. It also proposes a DNA symmetric algorithm based on the Pseudo DNA Cryptography and Central dogma of molecular biology. The suggested algorithm uses splicing and padding techniques along with complementary rules which make the algorithm more secure as it is an additional layer of security than conventional cryptographic techniques.

A Survey of Traditional and Cloud Specific Security Issues

The emerging technology popularly referred to as Cloud computing offers dynamically scalable computing resources on a pay per use basis over the Internet. Companies avail hardware and software resources as service from the cloud service provider as opposed to obtaining physical assets. Cloud computing has the potential for significant cost reduction and increased operating efficiency in computing. To achieve these benefits, however, there are still some challenges to be solved. Security is one of the prime concerns in adopting Cloud computing, since the user’s data has to be released from the protection sphere of the data owner to the premises of cloud service provider. As more Cloud based applications keep evolving, the associated security threats are also growing. In this paper an attempt has been made to identify and categorize the security threats applicable to Cloud environment. Threats are classified into Cloud specific security issues and traditional security attacks on various service delivery models of Cloud. The work also briefly discusses the virtualization and authentication related issues in Cloud and tries to consolidate the various security threats in a classified manner.

A Mobile Based Remote User Authentication Scheme without Verifier Table for Cloud Based Services

The emerging Cloud computing technology, offering computing resources as a service is gaining increasing attention of both the public and private sector. For the whole hearted adoption of Cloud, the service providers need to ensure that only valid users gain access to the services and data residing within the providers premises. Ensuring secure access to sensitive resources within the Cloud requires a strong user authentication mechanism using multiple authentication factors. The mechanisms should also consider the increasing needs of Internet access through smart phones and other mobile devices and facilitate access through a variety of devices. Traditionally, a user needs to maintain separate user accounts for each Service Provider whose service he/she desires to use and this may cause inconvenience to users. Single Sign on (SSO) addresses this issue by permitting users to create one login credential and access multiple services hosted in different domains. In this scenario, a compromise of the single credential can result in account take over at many other sites. This points out to the requirement of strengthening the authentication mechanism by using more than one factor. This paper proposes a SSO based remote user authentication scheme for a Cloud environment. The proposed protocol uses password and mobile token and does not require the server to maintain a verifier table. The protocol is verified using automated security Protocol verification tool, Scyther and the results prove that the protocol provides protection against man-in-the-middle attack, replay attack and secrecy of the users credentials.

A Single Sign on based secure remote user authentication scheme for Multi-Server Environments

A Multi-Server Architecture comprises of a server environment having many different servers which provides the user the flexibility of accessing resources from multiple Service Providing Servers using the same credential. The primary objective of a Multi Server Environment (MSE) is to provide services of different Service Providers (SPs) without repeating registration at each SP server, and to get a unique single credential for all the servers in MSE. However, the conventional MSEs, proposed by various researchers, proposes the individual authentication service by each SP on their respective server using the credential issued by the Registration Authority of MSE. The mechanism requires the user to access each SP by keying the same credentials for every SP separately. Single Sign On (SSO) is an authentication mechanism that enables a user to sign-on once and access the services of various SPs in the same session. SAML is generally used as a Single Sign-On protocol. This work analyzes the smart card based authentication scheme for Multi-Server Environment proposed by Li et al.s and discuss various security attacks on the said scheme. The paper also proposes a Secure Dynamic-ID based scheme using smart cards or crypto cards which do not require a verifier table and implements Single Sign On feature using SAML protocol, thus allowing the user to enjoy all the features of an MSE along with SSO.

A Usable and Secure Two-Factor Authentication Scheme

ABSTRACT There are many secure authentication schemes that are secure but difficult to use. Most existing network applications authenticate users with a username and password pair. Such systems using the reusable passwords are susceptible to attacks based on the theft of password. Each scheme has its merits and drawbacks (Misbahuddin, Aijaz Ahmed, & Shastri, 2006). To overcome the susceptibility in the existing applications, there is an authentication mechanism known as Two-Factor Authentication. Two-Factor Authentication is a process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. It is a system wherein two different factors are used in conjunction to authenticate. Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. The proposed scheme allows users to freely choose their PassFile (file password) instead of remembering the password, eliminating the problem of entering the reusable password and remembering the password. In this scheme, we proposed an efficient scheme for remote user authentication. It does not maintain verifier table and allows the user to freely choose and change their passwords. The proposed scheme provides best usability for the user in terms of PassFile without changing the existing protocol. This approach uses a smart card and is secure against identity theft, guessing attack, insider attack, stolen verifier attack, replay attack, impersonation attack, and reflection attack. The proposed achieves the mutual authentication essential for many applications.

A Secure Image-Based Authentication Scheme Employing DNA Crypto and Steganography

Authentication is considered as one of the critical aspects of Information security to ensure identity. Authentication is generally carried out using conventional authentication methods such as text based passwords, but considering the increased usage of electronic services a user has to remember many id-password pairs which often leads to memorability issues. This inspire users to reuse passwords across e-services, but this practice is vulnerable to security attacks. To improve security strength, various authentication techniques have been proposed including two factor schemes based on smart card, tokens etc. and advanced biometric techniques. Graphical Image based authentication systems has received relevant diligence as it provides better usability by way of memorable image passwords. But the tradeoff between usability and security is a major concern while strengthening authentication. This paper proposes a novel two-way secure authentication scheme using DNA cryptography and steganography considering both security and usability. The protocol uses text and image password of which text password is converted into cipher text using DNA cryptography and embedded into image password by applying steganography. Hash value of the generated stego image is calculated using SHA-256 and the same will be used for verification to authenticate legitimate user.

A proof of concept implementation of a mobile based authentication scheme without password table for cloud environment

Cloud computing is a fast growing technology offering a wide range of software and infrastructure services on a pay-per-use basis. Many small and medium businesses (SMBs) have adopted this utility based Computing Model as it contributes to reduced operational and capital expenditure. Though the resource sharing feature adopted by Cloud service providers (CSPs) enables the organizations to invest less on infrastructure, it also raises concerns about the security of data stored at CSPs premises. The fact that data is prone to get accessed by the insiders or by other customers sharing the storage space is a matter of concern. Regulating access to protected resources requires reliable and secure authentication mechanism, which assures that only authorized users are provided access to the services and resources offered by CSP. This paper proposes a strong two-factor authentication mechanism using password and mobile token. The proposed model provides Single Sign-on (SSO) functionality and does not require a password table. Besides introducing the authentication scheme, the proof of concept implementation is also provided.

Digital Tokens: A Scheme for Enabling Trust Between Customers and Electronic Marketplaces

In electronic marketplaces, when the supply of a particular product is limited, and when there is a huge demand for the same, the questions of transparency and integrity prop up. We propose Digital Tokens—defined using proven cryptographic techniques—as a mechanism to assure trust for customers, and issued by a reliable, transparent and third-party intermediary, called digital token service provider (DTSP). The digital tokens are issued to a customer on behalf of a vendor and could be authenticated by both Vendor and the DTSP. This paper details the architecture involving the DTSP, protocols for communication, implementation details, the potential uses and benefits of the system and performance evaluation of such a system.

A Strong Single Sign-on User Authentication Scheme Using Mobile Token Without Verifier Table for Cloud Based Services

Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, cloud computing inevitably poses various security challenges and majority of prospective customers are worried about unauthorized access to their data. Service providers need to ensure that only authorized users access the resources, and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this chapter deliberates a Single Sign-on based two-factor authentication protocol for cloud based services. The proposed scheme uses password and a mobile token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.