Search results

1 – 10 of over 3000
To view the access options for this content please click here
Article
Publication date: 9 August 2021

Gnaneshwari G.R., M.S. Hema and S.C. Lingareddy

Pervasive computing environment allows the users to access the services anywhere and anytime. Due to the dynamicity, mobility, security, heterogeneity, and openness have…

Abstract

Purpose

Pervasive computing environment allows the users to access the services anywhere and anytime. Due to the dynamicity, mobility, security, heterogeneity, and openness have become a major challenging task in the Pervasive computing environment. To solve the security issues and to increase the communication reliability, an authentication-based access control approach is developed in this research to ensure the level of security in the Pervasive computing environment.

Design/methodology/approach

This paper aims to propose authentication-based access control approach performs the authentication mechanism using the hashing, encryption, and decryption function. The proposed approach effectively achieves the conditional traceability of user credentials to enhance security. Moreover, the performance of the proposed authentication-based access control approach is estimated using the experimental analysis, and performance improvement is proved using the evaluation metrics. It inherent the tradeoff between authentication and access control in the Pervasive computing environment. Here, the service provider requires authorization and authentication for the provision of service, whereas the end-users require unlinkability and untraceability for data transactions.

Findings

The proposed authentication-based access control obtained 0.76, 22.836 GB, and 3.35 sec for detection rate, memory, and time by considering password attack, and 22.772GB and 4.51 sec for memory and time by considering without attack scenario.

Originality/value

The communication between the user and the service provider is progressed using the user public key in such a way that the private key of the user can be generated through the encryption function.

Details

International Journal of Pervasive Computing and Communications, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 19 August 2021

Sajaad Ahmed Lone and Ajaz Hussain Mir

Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization…

Abstract

Purpose

Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication.

Design/methodology/approach

The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation.

Findings

The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments.

Originality/value

The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.

Details

International Journal of Pervasive Computing and Communications, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 11 May 2020

Vipin Khattri, Sandeep Kumar Nayak and Deepak Kumar Singh

Currency usage either in the physical or electronic marketplace through chip-based or magnetic strip-based plastic card becoming the vulnerable point for the handlers…

Abstract

Purpose

Currency usage either in the physical or electronic marketplace through chip-based or magnetic strip-based plastic card becoming the vulnerable point for the handlers. Proper education and awareness can only thrive when concrete fraud detection techniques are being suggested together with potential mitigation possibilities. The purpose of this research study is tendering in the same direction with a suitable plan of action in developing the authentication strength metric to give weightage marks for authentication techniques.

Design/methodology/approach

In this research study, a qualitative in-depth exploration approach is being adapted for a better description, interpretation, conceptualization for attaining exhaustive insights into specific notions. A concrete method of observation is being adopted to study various time boxed reports on plastic card fraud and its possible impacts. Content and narrative analysis are being followed to interpret more qualitative and less quantitative story about existing fraud detection techniques. Moreover, an authentication strength metric is being developed on the basis of time, cost and human interactions.

Findings

The archived data narrated in various published research articles represent the local and global environment and the need for plastic card money. It gives the breathing sense and capabilities in the marketplace. The authentication strength metric gives a supporting hand for more solidification of the authentication technique with respect to the time, cost and human ease.

Practical implications

The research study is well controlled and sufficient interpretive. The empirical representation of authentication technique and fraud detection technique identification and suggestive mitigation gives this research study an implication view for the imbibing research youths. An application and metric based pathway of this research study provides a smoother way to tackle futuristic issues and challenges.

Originality/value

This research study represents comprehensive knowledge about the causes of the notion of plastic card fraud. The authentication strength metric represents the novelty of a research study which produced on the basis of rigorous documentary and classified research analysis. The creativity of the research study is rendering the profound and thoughtful reflection of the novel dimension in the same domain.

To view the access options for this content please click here
Article
Publication date: 10 October 2016

Mahdi Nasrullah Al-Ameen, S.M. Taiabul Haque and Matthew Wright

Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although…

Abstract

Purpose

Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.

Design/methodology/approach

The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.

Findings

In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.

Originality/value

The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.

Details

Information & Computer Security, vol. 24 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 9 November 2015

Alain Forget, Sonia Chiasson and Robert Biddle

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text…

Downloads
1273

Abstract

Purpose

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.

Design/methodology/approach

This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.

Findings

This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.

Originality/value

This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

Details

Information & Computer Security, vol. 23 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 9 October 2017

Jeremiah D. Still, Ashley Cain and David Schuster

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been…

Abstract

Purpose

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.

Design/methodology/approach

The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.

Findings

Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.

Research limitations/implications

This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.

Originality/value

Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.

Details

Information & Computer Security, vol. 25 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 20 June 2019

Verena Zimmermann, Nina Gerber, Peter Mayer, Marius Kleboth, Alexandra von Preuschen and Konstantin Schmidt

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an…

Abstract

Purpose

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.

Design/methodology/approach

This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.

Findings

The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.

Research limitations/implications

While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.

Originality/value

The results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework.

Details

Information & Computer Security, vol. 27 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 15 August 2008

Nicholas Joint

The purpose of this paper is to outline the general principles behind changes in digital library authentication policy and practice in the UK from 2006 to date.

Downloads
343

Abstract

Purpose

The purpose of this paper is to outline the general principles behind changes in digital library authentication policy and practice in the UK from 2006 to date.

Design/methodology/approach

A brief review of the main features in the recent history of digital library authentication in the UK, emphasising the paradoxes underlying authentication and data protection and describing the problems faced by individual stakeholders in addressing the issues of federated access management.

Findings

That the adoption of new models of authentication involves supporting all parties involved in the national authentication project as they work through the difficult process of change management in this area, and that credible leadership of the change process is vital. Ultimately, broader issues concerning information literacy and the pervasive grasp of data protection principles in our contemporary information society are raised by the examination of this topic.

Research limitations/implications

Further in depth examination of the practical benefits of data protection and information management legislation is desirable, especially in light of the pervasively low levels of information literate understanding of these topics, of which federated access management is merely one example.

Practical implications

The straightforward presentation of the themes in this paper should enhance practitioner understanding of the complex topic under consideration.

Originality/value

This investigation reviews some technical areas of recent authentication developments in order to highlight the broader administrative meaning and impact of these innovations.

Details

Library Review, vol. 57 no. 7
Type: Research Article
ISSN: 0024-2535

Keywords

To view the access options for this content please click here
Article
Publication date: 4 April 2016

Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh and Ke Chen

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services…

Abstract

Purpose

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.

Design/methodology/approach

The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.

Findings

The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.

Originality/value

The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

Details

International Journal of Pervasive Computing and Communications, vol. 12 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article
Publication date: 3 April 2018

Minori Inoue and Takefumi Ogawa

Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the…

Abstract

Purpose

Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three indispensable factors of owner authentication technologies on mobile devices, security, usability and system efficiency, usability is considered the key factor. This paper aims to challenge the limits of usability on mobile device authentication technology with respect to input size.

Design/methodology/approach

This paper introduces one tap authentication as a novel authentication method on mobile devices. A user just has to tap the screen of a smartphone once, and he or she will be authenticated.

Findings

One tap authentication is proven possible in this paper. The average equal error rate among 10 owners against 25 unauthorized users is as low as 3.8.

Research limitations/implications

This paper focuses on verifying the possibility on one tap authentication. However, the application to various environments, such as when standing or walking or on a train, is not explored.

Originality/value

This research explores tap authentication with a single tap for the first time in the field. To the best of the authors’ knowledge, the minimum number of taps required in tap authentication has been 4.

Details

International Journal of Pervasive Computing and Communications, vol. 14 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

1 – 10 of over 3000