Multi-Factor Authentication

Dasgupta, Dipankar; Roy, Arunava; Nag, Abhijit Kumar

doi:10.1007/978-3-319-58808-7_5

Cited by 46 publications

(26 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The user just enters username and password to access the information on that website. Especially, medium and small websites do not have a budget to use TLS or multi-factor authentication services [19], such as OTP, biometric, token, etc. This makes the websites possibly insecure, and there is a high risk of being hacked [20,21].…”

Section: Proposed Methodsmentioning

confidence: 99%

Authentication and password storing improvement using SXR algorithm with a hash function

Polpong

Wuttidittachotti

2020

IJECE

View full text Add to dashboard Cite

Secure password storing is essential in systems working based on password authentication. In this paper, SXR algorithm (Split, Exclusive OR, and Replace) was proposed to improve secure password storing and could also be applied to current authentication systems. SXR algorithm consisted of four steps. First, the received password from users was hashed through a general hash function. Second, the ratio and the number of iterations from the secret key (username and password) were calculated. Third, the hashed password and ratio were computed, and the hashed password was divided based on the ratio (Split) into two values. Both the values were applied to XOR equation according to the number of iterations, resulting in two new values. Last, the obtained values were concatenated and stored in the database (Replace). On evaluating, complexity analyses and comparisons has shown that SXR algorithm could provide attack resistance with a stronger hashed password against the aforementioned attacks. Consequently, even if the hackers hacked the hashed password, it would be challenging and would consume more time to decrypt the actual one, because the pattern of the stored password is the same as the one that has been hashed through the general hash function.

show abstract

Section: Proposed Methodsmentioning

confidence: 99%

Authentication and password storing improvement using SXR algorithm with a hash function

Polpong

Wuttidittachotti

2020

IJECE

View full text Add to dashboard Cite

show abstract

“…Identity theft is the fastest growing crime in recent years. Currently, password-based credentials are the most used by user authentication mechanisms, despite of their weaknesses [160]. There are multiple opportunities for impersonation and other attacks that fraudulently claim another subject's identity [161].…”

Section: Authenticationmentioning

confidence: 99%

The computer for the 21st century: present security & privacy challenges

Oliveira

Pereira

Misoczki

et al. 2018

J Internet Serv Appl

View full text Add to dashboard Cite

Decades went by since Mark Weiser published his influential work on the computer of the 21st century. Over the years, some of the UbiComp features presented in that paper have been gradually adopted by industry players in the technology market. While this technological evolution resulted in many benefits to our society, it has also posed, along the way, countless challenges that we have yet to surpass. In this paper, we address major challenges from areas that most afflict the UbiComp revolution: 1. Software Protection: weakly typed languages, polyglot software, and networked embedded systems. 2. Long-term Security: recent advances in cryptanalysis and quantum attacks. 3. Cryptography Engineering: lightweight cryptosystems and their secure implementation. 4. Resilience: issues related to service availability and the paramount role of resilience. 5. Identity Management: requirements to identity management with invisibility. 6. Privacy Implications: sensitivity data identification and regulation. 7. Forensics: trustworthy evidence from the synergy of digital and physical world. We point out directions towards the solutions of those problems and claim that if we get all this right, we will turn the science fiction of UbiComp into science fact.

show abstract

“…The challenges faced by authentication and authorisation, as well as solutions proposed by works presented above are listed in Table 3. (Bhatti et al 2004;Lima et al 2011; Govindan and Mohapatra 2012) Authentication for critical services (Aloul et al 2009) Multi-factor authentication for MANETs (Glynos et al 2005;Govindan and Mohapatra 2012) Privacy-preserving multifactor authentication (Bhargav-Spantzel et al 2017) Multi-factor authentication for pervasive environments (Ren and Lou 2007;Mayrhofer 2006;Mayrhofer and Gellersen 2007;Banyal et al 2013) Multi-factor authentication for fragile communication (Holbein and Teufel 1995;Bardram et al 2003;Kindberg et al 2002;Hulsebosch et al 2005;Mayrhofer and Gellersen 2007;Ren and Lou 2007;Lenzini 2009;Hayashi et al 2013;Primo et al 2014) Authorisation over constrained channels (Kindberg and Zhang 2001;Kindberg et al 2002) Survey (Dasgupta et al 2017) Context-aided intrusion detection (Fraunholz et al 2017a;Fraunholz et al 2017b;Fraunholz et al 2017c; Duque Anton et al…”

Section: Related Workmentioning

confidence: 99%

Putting Things in Context: Securing Industrial Authentication with Context Information

Antón¹,

Fraunholz²,

Lipps³

et al. 2018

IJCSA

View full text Add to dashboard Cite

The development in the area of wireless communication, mobile and embedded computing leads to significant changes in the application of devices. Over the last years, embedded devices were brought into the consumer area creating the Internet of Things. Furthermore, industrial applications increasingly rely on communication through trust boundaries. Networking is cheap and easily applicable while providing the possibility to make everyday life more easy and comfortable and industry more efficient and less time-consuming. One of the crucial parts of this interconnected world is sound and secure authentication of entities. Only entities with valid authorisation should be enabled to act on a resource according to an access control scheme. An overview of challenges and practices of authentication is provided in this work, with a special focus on context information as part of security solutions. It can be used for authentication and security solutions in industrial applications. Additional information about events in networks can aid intrusion detection, especially in combination with security information and event management systems. Finally, an authentication and access control approach, based on context information and-depending on the scenariomultiple factors is presented. The combination of multiple factors with context information makes it secure and at the same time case adaptive, so that the effort always matches, but never exceeds, the security demand. This is a common issue of standard cyber security, entities having to obey strict, inflexible and unhandy policies. This approach has been implemented exemplary based on RADIUS. Different scenarios were considered, showing that this approach is capable of providing flexible and scalable security for authentication processes.

show abstract

Multi-Factor Authentication

Cited by 46 publications

References 1 publication

Authentication and password storing improvement using SXR algorithm with a hash function

Authentication and password storing improvement using SXR algorithm with a hash function

The computer for the 21st century: present security & privacy challenges

Putting Things in Context: Securing Industrial Authentication with Context Information

Contact Info

Product

Resources

About