Search results

1 – 10 of over 4000
Article
Publication date: 9 August 2021

Gnaneshwari G.R., M.S. Hema and S.C. Lingareddy

Pervasive computing environment allows the users to access the services anywhere and anytime. Due to the dynamicity, mobility, security, heterogeneity, and openness have become a…

Abstract

Purpose

Pervasive computing environment allows the users to access the services anywhere and anytime. Due to the dynamicity, mobility, security, heterogeneity, and openness have become a major challenging task in the Pervasive computing environment. To solve the security issues and to increase the communication reliability, an authentication-based access control approach is developed in this research to ensure the level of security in the Pervasive computing environment.

Design/methodology/approach

This paper aims to propose authentication-based access control approach performs the authentication mechanism using the hashing, encryption, and decryption function. The proposed approach effectively achieves the conditional traceability of user credentials to enhance security. Moreover, the performance of the proposed authentication-based access control approach is estimated using the experimental analysis, and performance improvement is proved using the evaluation metrics. It inherent the tradeoff between authentication and access control in the Pervasive computing environment. Here, the service provider requires authorization and authentication for the provision of service, whereas the end-users require unlinkability and untraceability for data transactions.

Findings

The proposed authentication-based access control obtained 0.76, 22.836 GB, and 3.35 sec for detection rate, memory, and time by considering password attack, and 22.772GB and 4.51 sec for memory and time by considering without attack scenario.

Originality/value

The communication between the user and the service provider is progressed using the user public key in such a way that the private key of the user can be generated through the encryption function.

Details

International Journal of Pervasive Computing and Communications, vol. 19 no. 2
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 10 October 2016

Mahdi Nasrullah Al-Ameen, S.M. Taiabul Haque and Matthew Wright

Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords…

Abstract

Purpose

Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.

Design/methodology/approach

The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.

Findings

In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.

Originality/value

The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.

Details

Information & Computer Security, vol. 24 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 9 November 2015

Alain Forget, Sonia Chiasson and Robert Biddle

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords…

1339

Abstract

Purpose

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.

Design/methodology/approach

This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.

Findings

This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.

Originality/value

This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

Details

Information & Computer Security, vol. 23 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 9 October 2017

Jeremiah D. Still, Ashley Cain and David Schuster

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been…

Abstract

Purpose

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.

Design/methodology/approach

The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.

Findings

Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.

Research limitations/implications

This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.

Originality/value

Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.

Details

Information & Computer Security, vol. 25 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 20 June 2019

Verena Zimmermann, Nina Gerber, Peter Mayer, Marius Kleboth, Alexandra von Preuschen and Konstantin Schmidt

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative…

Abstract

Purpose

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.

Design/methodology/approach

This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.

Findings

The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.

Research limitations/implications

While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.

Originality/value

The results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework.

Details

Information & Computer Security, vol. 27 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 15 August 2008

Nicholas Joint

The purpose of this paper is to outline the general principles behind changes in digital library authentication policy and practice in the UK from 2006 to date.

365

Abstract

Purpose

The purpose of this paper is to outline the general principles behind changes in digital library authentication policy and practice in the UK from 2006 to date.

Design/methodology/approach

A brief review of the main features in the recent history of digital library authentication in the UK, emphasising the paradoxes underlying authentication and data protection and describing the problems faced by individual stakeholders in addressing the issues of federated access management.

Findings

That the adoption of new models of authentication involves supporting all parties involved in the national authentication project as they work through the difficult process of change management in this area, and that credible leadership of the change process is vital. Ultimately, broader issues concerning information literacy and the pervasive grasp of data protection principles in our contemporary information society are raised by the examination of this topic.

Research limitations/implications

Further in depth examination of the practical benefits of data protection and information management legislation is desirable, especially in light of the pervasively low levels of information literate understanding of these topics, of which federated access management is merely one example.

Practical implications

The straightforward presentation of the themes in this paper should enhance practitioner understanding of the complex topic under consideration.

Originality/value

This investigation reviews some technical areas of recent authentication developments in order to highlight the broader administrative meaning and impact of these innovations.

Details

Library Review, vol. 57 no. 7
Type: Research Article
ISSN: 0024-2535

Keywords

Article
Publication date: 4 April 2016

Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh and Ke Chen

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is…

Abstract

Purpose

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.

Design/methodology/approach

The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.

Findings

The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.

Originality/value

The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

Details

International Journal of Pervasive Computing and Communications, vol. 12 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 3 April 2018

Minori Inoue and Takefumi Ogawa

Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three…

Abstract

Purpose

Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three indispensable factors of owner authentication technologies on mobile devices, security, usability and system efficiency, usability is considered the key factor. This paper aims to challenge the limits of usability on mobile device authentication technology with respect to input size.

Design/methodology/approach

This paper introduces one tap authentication as a novel authentication method on mobile devices. A user just has to tap the screen of a smartphone once, and he or she will be authenticated.

Findings

One tap authentication is proven possible in this paper. The average equal error rate among 10 owners against 25 unauthorized users is as low as 3.8.

Research limitations/implications

This paper focuses on verifying the possibility on one tap authentication. However, the application to various environments, such as when standing or walking or on a train, is not explored.

Originality/value

This research explores tap authentication with a single tap for the first time in the field. To the best of the authors’ knowledge, the minimum number of taps required in tap authentication has been 4.

Details

International Journal of Pervasive Computing and Communications, vol. 14 no. 1
Type: Research Article
ISSN: 1742-7371

Keywords

Article
Publication date: 18 March 2022

Suncica Hadzidedic, Silvia Fajardo-Flores and Belma Ramic-Brkic

This paper aims to address the user perspective about usability, security and use of five authentication schemes (text and graphical passwords, biometrics and hardware tokens…

Abstract

Purpose

This paper aims to address the user perspective about usability, security and use of five authentication schemes (text and graphical passwords, biometrics and hardware tokens) from a population not covered previously in the literature. Additionally, this paper explores the criteria users apply in creating their text passwords.

Design/methodology/approach

An online survey study was performed in spring 2019 with university students in Mexico and Bosnia and Herzegovina. A total of 197 responses were collected.

Findings

Fingerprint-based authentication was most frequently perceived as usable and secure. However, text passwords were the predominantly used method for unlocking computer devices. The participants preferred to apply personal criteria for creating text passwords, which, interestingly, coincided with the general password guidelines, e.g. length, combining letters and special characters.

Originality/value

Research on young adults’ perceptions of different authentication methods is driven by the increasing frequency and sophistication of security breaches, as well as their significant consequences. This study provided insight into the commonly used authentication methods among youth from two geographic locations, which have not been accounted for previously.

Details

Information & Computer Security, vol. 30 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 11 May 2020

Vipin Khattri, Sandeep Kumar Nayak and Deepak Kumar Singh

Currency usage either in the physical or electronic marketplace through chip-based or magnetic strip-based plastic card becoming the vulnerable point for the handlers. Proper…

Abstract

Purpose

Currency usage either in the physical or electronic marketplace through chip-based or magnetic strip-based plastic card becoming the vulnerable point for the handlers. Proper education and awareness can only thrive when concrete fraud detection techniques are being suggested together with potential mitigation possibilities. The purpose of this research study is tendering in the same direction with a suitable plan of action in developing the authentication strength metric to give weightage marks for authentication techniques.

Design/methodology/approach

In this research study, a qualitative in-depth exploration approach is being adapted for a better description, interpretation, conceptualization for attaining exhaustive insights into specific notions. A concrete method of observation is being adopted to study various time boxed reports on plastic card fraud and its possible impacts. Content and narrative analysis are being followed to interpret more qualitative and less quantitative story about existing fraud detection techniques. Moreover, an authentication strength metric is being developed on the basis of time, cost and human interactions.

Findings

The archived data narrated in various published research articles represent the local and global environment and the need for plastic card money. It gives the breathing sense and capabilities in the marketplace. The authentication strength metric gives a supporting hand for more solidification of the authentication technique with respect to the time, cost and human ease.

Practical implications

The research study is well controlled and sufficient interpretive. The empirical representation of authentication technique and fraud detection technique identification and suggestive mitigation gives this research study an implication view for the imbibing research youths. An application and metric based pathway of this research study provides a smoother way to tackle futuristic issues and challenges.

Originality/value

This research study represents comprehensive knowledge about the causes of the notion of plastic card fraud. The authentication strength metric represents the novelty of a research study which produced on the basis of rigorous documentary and classified research analysis. The creativity of the research study is rendering the profound and thoughtful reflection of the novel dimension in the same domain.

1 – 10 of over 4000