SSSL: Shoulder Surfing Safe Login

Classical PIN-entry methods are vulnerable to a broad class of observation attacks (shoulder surfing, key-logging).A number of alternative PIN-entry methods that are based on human cognitive skills have been proposed. These methods can be classified into two classes regarding information available to a passive adversary: (i) the adversary fully observes the entire input and output of a PIN-entry procedure, and (ii) the adversary can only partially observe the input and/or output. In this paper we propose a novel PIN-entry scheme - Shoulder Surfing Safe Login (SSSL). SSSL is a challenge response protocol that allows a user to login securely in the presence of the adversary who can observe (via key-loggers, cameras) user input. This is accomplished by restricting the access to SSSL challenge values. Compared to existing solutions, SSSL is both user-friendly (not mentally demanding) and cost efficient. Our usability study reveals that the average login time with SSSL is around 8 sec in a 5-digit PIN scenario. We also show the importance of considering side-channel timing attacks in the context of authentication schemes based on human cognitive skills.

Download Full-text

Timing attacks and local timing attacks against Barrett’s modular multiplication algorithm

Journal of Cryptographic Engineering ◽

10.1007/s13389-020-00254-3 ◽

2021 ◽

Author(s):

Johannes Mittmann ◽

Werner Schindler

Keyword(s):

Side Channel ◽

Modular Exponentiation ◽

Modular Multiplication ◽

Multiplication Algorithm ◽

Diffie Hellman ◽

Mathematical Difficulties ◽

Execution Times ◽

Stochastic Properties ◽

Timing Attacks ◽

Theoretical Results

AbstractMontgomery’s and Barrett’s modular multiplication algorithms are widely used in modular exponentiation algorithms, e.g. to compute RSA or ECC operations. While Montgomery’s multiplication algorithm has been studied extensively in the literature and many side-channel attacks have been detected, to our best knowledge no thorough analysis exists for Barrett’s multiplication algorithm. This article closes this gap. For both Montgomery’s and Barrett’s multiplication algorithm, differences of the execution times are caused by conditional integer subtractions, so-called extra reductions. Barrett’s multiplication algorithm allows even two extra reductions, and this feature increases the mathematical difficulties significantly. We formulate and analyse a two-dimensional Markov process, from which we deduce relevant stochastic properties of Barrett’s multiplication algorithm within modular exponentiation algorithms. This allows to transfer the timing attacks and local timing attacks (where a second side-channel attack exhibits the execution times of the particular modular squarings and multiplications) on Montgomery’s multiplication algorithm to attacks on Barrett’s algorithm. However, there are also differences. Barrett’s multiplication algorithm requires additional attack substeps, and the attack efficiency is much more sensitive to variations of the parameters. We treat timing attacks on RSA with CRT, on RSA without CRT, and on Diffie–Hellman, as well as local timing attacks against these algorithms in the presence of basis blinding. Experiments confirm our theoretical results.

Download Full-text

Smart Secured Real Time Agriculture Monitoring System

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.6.15043 ◽

2018 ◽

Vol 7 (3.6) ◽

pp. 281

Author(s):

J Srirampavan

Keyword(s):

Sensor Networks ◽

Embedded Systems ◽

Sensor Network ◽

Mobile Device ◽

Vital Role ◽

Separate Entity ◽

Cloud Data ◽

Lcd Display ◽

Cost Efficient ◽

User Friendly

Embedded systems in Agriculture play a vital role in unifying the work involved and improve conservations. Designing a smart as well as a cost efficient and more user-friendly system will be idealistic challenge. The following system that has been proposed is designed with those ideal constraints in mind. It consists of a Raspberry pi3 as a gateway that links the sensor networks with the cloud. To improve security an MQTT protocol is used for cloud connectivity. The communication between the sensor networks is managed by NRF24L01. The Sensor network is a separate entity that can used like a plug and play device and is built by a micro controller with a LCD display and an interfaced GPS. Multicasting is also possible between sensor networks and the gateway. The processed data from the sensor networks is sent through NRF24L01 to the gateway. The gateway further processes and encapsulates the data and through MQTT the data gets stored on the cloud. This cloud data can be accessed through computer or mobile device

Download Full-text

Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES

Applied Sciences ◽

10.3390/app8101898 ◽

2018 ◽

Vol 8 (10) ◽

pp. 1898 ◽

Cited By ~ 1

Author(s):

Yang Li ◽

Momoka Kasuya ◽

Kazuo Sakiyama

Keyword(s):

Comprehensive Evaluation ◽

Electronic Devices ◽

Authentication Scheme ◽

Side Channel ◽

Silicon Chips ◽

Secret Keys ◽

Channel Information ◽

Authentication Schemes ◽

Speed And Accuracy ◽

Comprehensive Study

Various electronic devices are increasingly being connected to the Internet. Meanwhile, security problems, such as fake silicon chips, still exist. The significance of verifying the authenticity of these devices has led to the proposal of side-channel authentication. Side-channel authentication is a promising technique for enriching digital authentication schemes. Motivated by the fact that each cryptographic device leaks side-channel information depending on its used secret keys, cryptographic devices with different keys can be distinguished by analyzing the side-channel information leaked during their calculation. Based on the original side-channel authentication scheme, this paper adapts an ID-based authentication scheme that can significantly increase the authentication speed compared to conventional schemes. A comprehensive study is also conducted on the proposed ID-based side-channel authentication scheme. The performance of the proposed authentication scheme is evaluated in terms of speed and accuracy based on an FPGA-based AES implementation. With the proposed scheme, our experimental setup can verify the authenticity of a prover among 2 70 different provers within 0.59 s; this could not be handled effectively using previous schemes.

Download Full-text

Efficient Side-Channel Secure Message Authentication with Better Bounds

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2019.i4.23-53 ◽

2020 ◽

pp. 23-53

Author(s):

Chun Guo ◽

François-Xavier Standaert ◽

Weijia Wang ◽

Yu Yu

Keyword(s):

Time Complexity ◽

Side Channel ◽

Message Authentication ◽

Security Threat ◽

Cryptographic Primitives ◽

Key Recovery ◽

Leakage Resilience ◽

Authentication Schemes ◽

Key Recovery Attacks ◽

Provably Secure

We investigate constructing message authentication schemes from symmetric cryptographic primitives, with the goal of achieving security when most intermediate values during tag computation and verification are leaked (i.e., mode-level leakage-resilience). Existing efficient proposals typically follow the plain Hash-then-MAC paradigm T = TGenK(H(M)). When the domain of the MAC function TGenK is {0, 1}128, e.g., when instantiated with the AES, forgery is possible within time 264 and data complexity 1. To dismiss such cheap attacks, we propose two modes: LRW1-based Hash-then-MAC (LRWHM) that is built upon the LRW1 tweakable blockcipher of Liskov, Rivest, and Wagner, and Rekeying Hash-then-MAC (RHM) that employs internal rekeying. Built upon secure AES implementations, LRWHM is provably secure up to (beyond-birthday) 278.3 time complexity, while RHM is provably secure up to 2121 time. Thus in practice, their main security threat is expected to be side-channel key recovery attacks against the AES implementations. Finally, we benchmark the performance of instances of our modes based on the AES and SHA3 and confirm their efficiency.

Download Full-text

ZAF – An Open Source Fully Automated Feeder for Aquatic Facilities

10.1101/2021.04.28.441879 ◽

2021 ◽

Author(s):

Merlin Lange ◽

AhmetCan Solak ◽

Shruthi Vijay Kumar ◽

Hirofumi Kobayashi ◽

Bin Yang ◽

...

Keyword(s):

Open Source ◽

Food Distribution ◽

Model Organisms ◽

Precise Control ◽

Automatic Feeder ◽

Animal Feeding ◽

Fully Automatic ◽

Cost Efficient ◽

User Friendly ◽

Advanced Version

In the past few decades, aquatic animals have become popular model organisms in biology, spurring a growing need for establishing aquatic facilities. Zebrafish are widely studied and relatively easy to culture using commercial systems. However, a challenging aspect of maintaining aquatic facilities is animal feeding, which is both time- and resource-consuming. We have developed an open-source fully automatic daily feeding system, Zebrafish Automatic Feeder (ZAF). ZAF is reliable, provides a standardized amount of food to every tank, is cost-efficient, easy to build, and has a user-friendly interface. The advanced version, ZAF+, allows for the precise control of food distribution as a function of fish density per tank. Both ZAF and ZAF+ are adaptable to any laboratory environment and can help facilitate the implementation of aquatic colonies. Here we provide all blueprints and instructions for building the mechanics, electronics, fluidics, as well as to setup the control software and its user-friendly graphical interface. Importantly, the design is modular and can be scaled to meet different user needs. Furthermore, our results show that ZAF and ZAF+ do not adversely affect zebrafish culture, enabling fully automatic feeding for any aquatic facility.

Download Full-text

LotuS2: An ultrafast and highly accurate tool for amplicon sequencing analysis

10.1101/2021.12.24.474111 ◽

2021 ◽

Author(s):

Ezgi Ozkurt ◽

Joachim Fritscher ◽

Nicola Soranzo ◽

Duncan Y.K. Ng ◽

Robert P. Davey ◽

...

Keyword(s):

Data Analysis ◽

Clustering Algorithms ◽

Amplicon Sequencing ◽

Sequencing Analysis ◽

Alpha And Beta Diversity ◽

High Data ◽

Data Usage ◽

Long Read ◽

Cost Efficient ◽

User Friendly

Background: Amplicon sequencing is an established and cost-efficient method for profiling microbiomes. However, many available tools to process this data require both bioinformatics skills and high computational power to process big datasets. Furthermore, there are only few tools that allow for long read amplicon data analysis. To bridge this gap, we developed the LotuS2 (Less OTU Scripts 2) pipeline, enabling user-friendly, resource friendly, and versatile analysis of raw amplicon sequences. Results: In LotuS2, six different sequence clustering algorithms as well as extensive pre- and post-processing options allow for flexible data analysis by both experts, where parameters can be fully adjusted, and novices, where defaults are provided for different scenarios. We benchmarked three independent gut and soil datasets, where LotuS2 was on average 29 times faster compared to other pipelines - yet could better reproduce the alpha- and beta-diversity of technical replicate samples. Further benchmarking a mock community with known taxa composition showed that, compared to the other pipelines, LotuS2 recovered a higher fraction of correctly identified genera and species (98% and 57%, respectively). At ASV/OTU level, precision and F-score were highest for LotuS2, as was the fraction of correctly reconstructed 16S sequences. Conclusion: LotuS2 is a lightweight and user-friendly pipeline that is fast, precise and streamlined. High data usage rates and reliability enable high-throughput microbiome analysis in minutes. Availability: LotuS2 is available from GitHub, conda or via a Galaxy web interface, documented at http://lotus2.earlham.ac.uk/.

Download Full-text

ZAF, the first open source fully automated feeder for aquatic facilities

eLife ◽

10.7554/elife.74234 ◽

2021 ◽

Vol 10 ◽

Author(s):

Merlin Lange ◽

AhmetCan Solak ◽

Shruthi Vijay Kumar ◽

Hirofumi Kobayashi ◽

Bin Yang ◽

...

Keyword(s):

Open Source ◽

Food Distribution ◽

Model Organisms ◽

Precise Control ◽

Automatic Feeder ◽

Animal Feeding ◽

Fully Automatic ◽

Cost Efficient ◽

User Friendly ◽

Advanced Version

In the past few decades, aquatic animals have become popular model organisms in biology, spurring a growing need for establishing aquatic facilities. Zebrafish are widely studied and relatively easy to culture using commercial systems. However, a challenging aspect of maintaining aquatic facilities is animal feeding, which is both time- and resourceconsuming. We have developed an open-source fully automatic daily feeding system, Zebrafish Automatic Feeder (ZAF). ZAF is reliable, provides a standardized amount of food to every tank, is cost-efficient and easy to build. The advanced version, ZAF+, allows for the precise control of food distribution as a function of fish density per tank, and has a user-friendly interface. Both ZAF and ZAF+ are adaptable to any laboratory environment and facilitate the implementation of aquatic colonies. Here we provide all blueprints and instructions for building the mechanics, electronics, fluidics, as well as to setup the control software and its user-friendly graphical interface. Importantly, the design is modular and can be scaled to meet different user needs. Furthermore, our results show that ZAF and ZAF+ do not adversely affect zebrafish culture, enabling fully automatic feeding for any aquatic facility.

Download Full-text

A secure and cost-efficient offloading policy for Mobile Cloud Computing against timing attacks

Pervasive and Mobile Computing ◽

10.1016/j.pmcj.2018.01.007 ◽

2018 ◽

Vol 45 ◽

pp. 4-18 ◽

Cited By ~ 11

Author(s):

Tianhui Meng ◽

Katinka Wolter ◽

Huaming Wu ◽

Qiushi Wang

Keyword(s):

Cloud Computing ◽

Mobile Cloud Computing ◽

Mobile Cloud ◽

Cost Efficient ◽

Timing Attacks

Download Full-text

Design and Fabrication of Beach Cleaning Machine

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.l3146.1081219 ◽

2019 ◽

Vol 8 (12) ◽

pp. 1597-1602

Keyword(s):

Environmental Pollution ◽

Marine Environment ◽

High Efficiency ◽

Cleaning Machine ◽

Human Effort ◽

Cost Efficient ◽

User Friendly ◽

D Model

The beach cleaning machine is a vehicle that can be used to pick up rags from the shores thus keeping the beaches clean. A great number of people visit beaches very often for relaxation and recreation. People throw plastics quite often on shores without knowing the consequences. This results in environmental pollution which affects the marine environment and increases the risks of diseases. In order to overcome this we have designed and fabricated a beach cleaning machine that will clean the beaches by picking up rags with minimal human effort. Here, we have incorporated an Arduino board and developed an app through which we will be able to control the operations of the machine within a range of 10 meter through Bluetooth. A 3-D model of the design has been developed and analysis has been performed. The machine developed is a cost efficient vehicle with high efficiency and also user friendly

Download Full-text

Secure User-Friendly Remote Authentication Schemes

Information & Security An International Journal ◽

10.11610/isij.1806 ◽

2006 ◽

Vol 18 ◽

pp. 111-121

Author(s):

Tzung-Her Chen ◽

Du-Shiau Tsai ◽

Gwoboa Horng

Keyword(s):

Remote Authentication ◽

Authentication Schemes ◽

User Friendly

Download Full-text