Pramote Kuacharoen

An Implementation of a High Capacity 2D Barcode

Two-dimensional barcode technology is becoming popular and useful for communication as well as transport data. However, the common two-dimensional barcodes can contain a very little amount of data. Although certain types of two-dimensional barcodes can contain more data, the size of the barcode image becomes too large. As a result, it is impractical to insert or attach the barcode to the document in the form of paper or print media. The barcode would occupy a large portion of the page. The space would be wasted and the information may not fit on the page.

Transaction Authentication Using HMAC-Based One-Time Password and QR Code

Conducting financial transactions over the Internet has been widely adopted due to the convenience and usability. However, conducting financial transactions via the Internet may be subjected to many types of attacks including password attacks, malware, phishing, and other unauthorized activities. Many banks have enhanced their security by using One-Time Password (OTP) as another authentication method in addition to traditional username and password. The OTP may be sent to the mobile phone number of the account owner via SMS. Even with the enhanced security measure, internet banking is still vulnerable to different types of attacks such as online phishing. We propose, design, and implement a transaction authentication scheme using HMAC-based mobile OTP and QR Code. Our scheme is resilient to known attacks including, but not limited to, eavesdropping, replay, message modification, and phishing.

Design and Implementation of a Secure Online Lottery System

Government has the authority to operate lottery schemes. Since the operation of the lottery system is controlled by the government, there are issues with public trust. The people may speculate that the lottery is rigged. This issue becomes critical with an online lottery system since the unprotected data can be easy manipulated. If all combinations which have been sold are known before the drawing, the government may draw winning numbers which pay the least. Moreover, winning tickets may be added after the drawing. As a result, corruption may be inevitable. The government should operate lottery schemes with integrity which include transparency and accountability.

A practical customer privacy protection on shared servers

Customer privacy protection is very important in an e-commerce site. Without such protection, the customers may not be willing to provide personal information or conduct business at the site. Therefore, the merchant should protect its customer information in order to gain customer trust. In this paper, an approach for protecting customer information on shared servers is presented. The proposed method provides customer privacy by encrypting the customer information at the client machine and allows the key to be shared between the customer and the merchant. The encrypted customer information is sent and stored on the shared server. Therefore, attackers cannot access the customer information while the merchant can easily obtain such information. To make it practical, the technique is implemented in software and is transparent to the customer. Furthermore, this solution to protect customer privacy does not significantly increase the cost to develop and deploy the system.

Single Password Authentication Protocol

Internet users usually subscribe to a few online services. Remembering a different password for each service becomes a burden and a challenge for some. As a result, many Internet users frequently use the same password for multiple accounts. This kind of practice is risky since each service has a different security level. For example, an online community site has a weaker security measure than an online bank site. If an attacker has compromised a lower security service and obtained the user’s password, the attacker may be able to identify other accounts and use the stolen password. Therefore, reusing passwords becomes a security risk, and is not generally recommended. This paper tries to mitigate the risk of reusing an identical password for multiple accounts by implementing a single password authentication protocol. The proposed protocol does not expose the user’s password in the event of the server or the communication line has been breached.

Rhythm Authentication Using Multi-touch Technology: A New Method of Biometric Authentication

A keystroke authentication method has a lower cost and is more powerful and easier to use than other biometric authentication methods. However, traditional keystroke authentication has many weaknesses and is easy to attack by criminals. Attacks can include shoulder surfing attacks, eavesdropping attacks and key-logger attacks. When users try to access their computer or portable device by using keystroke authentication method, the users must push the correct buttons with the correct rhythm in order to be authenticated. If the users make several failed authentication attempts, the system will lock their account. As a result, the users usually use a simple password and rhythm for accessing their account which will make the risk even higher. This research proposes a new method of a keystroke authentication by using multi-touch technique on touchpad which is embedded on a laptop computer. The users can register their rhythm using their fingers on the touchpad to the system as a biometric authentication. An attacker will have difficulties conducting a shoulder surfing attack. This is because the users have no need to type their password and can use one hand to cover the other hand which is used to make their rhythm for the touch. Furthermore, the users can quickly make the rhythm. An eavesdropping attack is rendered useless since the touchpad can get event data when the users touch it without making any sound. Even though some users may not be vigilant and make tapping sounds, an eavesdropper cannot know how many fingers the users use to tap on the touchpad to make one beat. The research results show that the purposed multi-touch rhythm authentication performs better than the traditional keystroke method and provides better security, usability, and faster authentication.

An Implementation of a Paper Based Authentication Using HC2D Barcode and Digital Signature

Paper-based documents are important and still widely used in government agencies and private entities as some documents cannot be replaced by electronic documents. These include loan agreements, dispatch or contracts, household registrations and passports. They must be paper-based. Paper-based documents can be easily forged with a printer and a scanner, and imaging software can easily edit them. This paper presents a paper-based document authentication by applying a digital signature and HC2D barcode to verify the integrity of the text message and the sender of the document. This is useful both for a quick inspection of documents with large quantities and monitoring that may help prevent fraud and forgery which may have occurred.

Combination of Data Masking and Data Encryption for Cloud Database

Database as a service in cloud computing enables the user to create, store, modify, and retrieve data over the Internet. The user does not have to install and maintain the database himself. Instead, the database service provider takes responsibility for installing and maintaining the database. Storing data in a cloud database introduces security risks in data confidentiality, data integrity, and privacy. This research aims to design a method for storing data in a cloud database that provides data confidentiality and privacy and allows querying data. The comparison operations and aggregate functions can be performed on the cloud server. The research employs a combination of data masking and data encryption to achieve the objectives.