Search results
1 – 10 of over 4000Gnaneshwari G.R., M.S. Hema and S.C. Lingareddy
Pervasive computing environment allows the users to access the services anywhere and anytime. Due to the dynamicity, mobility, security, heterogeneity, and openness have become a…
Abstract
Purpose
Pervasive computing environment allows the users to access the services anywhere and anytime. Due to the dynamicity, mobility, security, heterogeneity, and openness have become a major challenging task in the Pervasive computing environment. To solve the security issues and to increase the communication reliability, an authentication-based access control approach is developed in this research to ensure the level of security in the Pervasive computing environment.
Design/methodology/approach
This paper aims to propose authentication-based access control approach performs the authentication mechanism using the hashing, encryption, and decryption function. The proposed approach effectively achieves the conditional traceability of user credentials to enhance security. Moreover, the performance of the proposed authentication-based access control approach is estimated using the experimental analysis, and performance improvement is proved using the evaluation metrics. It inherent the tradeoff between authentication and access control in the Pervasive computing environment. Here, the service provider requires authorization and authentication for the provision of service, whereas the end-users require unlinkability and untraceability for data transactions.
Findings
The proposed authentication-based access control obtained 0.76, 22.836 GB, and 3.35 sec for detection rate, memory, and time by considering password attack, and 22.772GB and 4.51 sec for memory and time by considering without attack scenario.
Originality/value
The communication between the user and the service provider is progressed using the user public key in such a way that the private key of the user can be generated through the encryption function.
Details
Keywords
Mahdi Nasrullah Al-Ameen, S.M. Taiabul Haque and Matthew Wright
Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords…
Abstract
Purpose
Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.
Design/methodology/approach
The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.
Findings
In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.
Originality/value
The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.
Details
Keywords
Alain Forget, Sonia Chiasson and Robert Biddle
This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords…
Abstract
Purpose
This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.
Design/methodology/approach
This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.
Findings
This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.
Originality/value
This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.
Details
Keywords
Jeremiah D. Still, Ashley Cain and David Schuster
Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been…
Abstract
Purpose
Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.
Design/methodology/approach
The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.
Findings
Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.
Research limitations/implications
This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.
Originality/value
Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.
Details
Keywords
Verena Zimmermann, Nina Gerber, Peter Mayer, Marius Kleboth, Alexandra von Preuschen and Konstantin Schmidt
Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative…
Abstract
Purpose
Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.
Design/methodology/approach
This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.
Findings
The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.
Research limitations/implications
While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.
Originality/value
The results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework.
Details
Keywords
The purpose of this paper is to outline the general principles behind changes in digital library authentication policy and practice in the UK from 2006 to date.
Abstract
Purpose
The purpose of this paper is to outline the general principles behind changes in digital library authentication policy and practice in the UK from 2006 to date.
Design/methodology/approach
A brief review of the main features in the recent history of digital library authentication in the UK, emphasising the paradoxes underlying authentication and data protection and describing the problems faced by individual stakeholders in addressing the issues of federated access management.
Findings
That the adoption of new models of authentication involves supporting all parties involved in the national authentication project as they work through the difficult process of change management in this area, and that credible leadership of the change process is vital. Ultimately, broader issues concerning information literacy and the pervasive grasp of data protection principles in our contemporary information society are raised by the examination of this topic.
Research limitations/implications
Further in depth examination of the practical benefits of data protection and information management legislation is desirable, especially in light of the pervasively low levels of information literate understanding of these topics, of which federated access management is merely one example.
Practical implications
The straightforward presentation of the themes in this paper should enhance practitioner understanding of the complex topic under consideration.
Originality/value
This investigation reviews some technical areas of recent authentication developments in order to highlight the broader administrative meaning and impact of these innovations.
Details
Keywords
Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh and Ke Chen
The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is…
Abstract
Purpose
The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.
Design/methodology/approach
The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.
Findings
The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.
Originality/value
The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.
Details
Keywords
Minori Inoue and Takefumi Ogawa
Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three…
Abstract
Purpose
Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three indispensable factors of owner authentication technologies on mobile devices, security, usability and system efficiency, usability is considered the key factor. This paper aims to challenge the limits of usability on mobile device authentication technology with respect to input size.
Design/methodology/approach
This paper introduces one tap authentication as a novel authentication method on mobile devices. A user just has to tap the screen of a smartphone once, and he or she will be authenticated.
Findings
One tap authentication is proven possible in this paper. The average equal error rate among 10 owners against 25 unauthorized users is as low as 3.8.
Research limitations/implications
This paper focuses on verifying the possibility on one tap authentication. However, the application to various environments, such as when standing or walking or on a train, is not explored.
Originality/value
This research explores tap authentication with a single tap for the first time in the field. To the best of the authors’ knowledge, the minimum number of taps required in tap authentication has been 4.
Details
Keywords
Suncica Hadzidedic, Silvia Fajardo-Flores and Belma Ramic-Brkic
This paper aims to address the user perspective about usability, security and use of five authentication schemes (text and graphical passwords, biometrics and hardware tokens…
Abstract
Purpose
This paper aims to address the user perspective about usability, security and use of five authentication schemes (text and graphical passwords, biometrics and hardware tokens) from a population not covered previously in the literature. Additionally, this paper explores the criteria users apply in creating their text passwords.
Design/methodology/approach
An online survey study was performed in spring 2019 with university students in Mexico and Bosnia and Herzegovina. A total of 197 responses were collected.
Findings
Fingerprint-based authentication was most frequently perceived as usable and secure. However, text passwords were the predominantly used method for unlocking computer devices. The participants preferred to apply personal criteria for creating text passwords, which, interestingly, coincided with the general password guidelines, e.g. length, combining letters and special characters.
Originality/value
Research on young adults’ perceptions of different authentication methods is driven by the increasing frequency and sophistication of security breaches, as well as their significant consequences. This study provided insight into the commonly used authentication methods among youth from two geographic locations, which have not been accounted for previously.
Details
Keywords
Vipin Khattri, Sandeep Kumar Nayak and Deepak Kumar Singh
Currency usage either in the physical or electronic marketplace through chip-based or magnetic strip-based plastic card becoming the vulnerable point for the handlers. Proper…
Abstract
Purpose
Currency usage either in the physical or electronic marketplace through chip-based or magnetic strip-based plastic card becoming the vulnerable point for the handlers. Proper education and awareness can only thrive when concrete fraud detection techniques are being suggested together with potential mitigation possibilities. The purpose of this research study is tendering in the same direction with a suitable plan of action in developing the authentication strength metric to give weightage marks for authentication techniques.
Design/methodology/approach
In this research study, a qualitative in-depth exploration approach is being adapted for a better description, interpretation, conceptualization for attaining exhaustive insights into specific notions. A concrete method of observation is being adopted to study various time boxed reports on plastic card fraud and its possible impacts. Content and narrative analysis are being followed to interpret more qualitative and less quantitative story about existing fraud detection techniques. Moreover, an authentication strength metric is being developed on the basis of time, cost and human interactions.
Findings
The archived data narrated in various published research articles represent the local and global environment and the need for plastic card money. It gives the breathing sense and capabilities in the marketplace. The authentication strength metric gives a supporting hand for more solidification of the authentication technique with respect to the time, cost and human ease.
Practical implications
The research study is well controlled and sufficient interpretive. The empirical representation of authentication technique and fraud detection technique identification and suggestive mitigation gives this research study an implication view for the imbibing research youths. An application and metric based pathway of this research study provides a smoother way to tackle futuristic issues and challenges.
Originality/value
This research study represents comprehensive knowledge about the causes of the notion of plastic card fraud. The authentication strength metric represents the novelty of a research study which produced on the basis of rigorous documentary and classified research analysis. The creativity of the research study is rendering the profound and thoughtful reflection of the novel dimension in the same domain.
Details