Examining User Verification Schemes, Safety and Secrecy Issues Affecting M-Banking: Systematic Literature Review

10.31124/advance.15164289.v1 ◽

2021 ◽

Author(s):

Nadire Cavus ◽

Yakubu Bala Mohammed ◽

Mohammed Bulama ◽

Muhammad Lamir Isah

Keyword(s):

Web Of Science ◽

User Authentication ◽

Third Party ◽

Security And Privacy ◽

Online Fraud ◽

Study Results ◽

User Authentication Scheme ◽

Authentication Schemes ◽

Account Information ◽

Privacy Issues

Nowadays, movable banking apps are thriving in international pecuniary market due to its flexibility and convenience, especially during COVID-19 pandemic lock-down. Despites these benefits, its development continues to face a lot of challenges due to security, privacy, and authentication issues, especially in developing nations where elegant technologies and explicit cyberspace laws remain an issue. This study used PRISMA approach to systematically reviewed present m-banking studies with aims of identifying other security and privacy issues, and user authentication schemes challenges. Six scholarly databases of; IEEE Xplore, EBSCOhost, Science Direct, Scopus, Taylor and Francis, and Web of Science were searched. 38 articles were carefully read and analyzed meticulously. The study results exposed customers fear of third-party intrusion through other apps, device lost or theft with account information, financial loses, and absence of clear cyberspace laws to be the main safety and privacy issues. Also, the results found that the present authentication schemes used by banks are becoming weak and open to various attacks due to increase in online fraud. Thus, proposed two frameworks for investigating other dimensions of risk and trust factors, and for design of new user authentication scheme. Lastly, missing gaps in current studies, and direction for upcoming studies are mentioned.

Download Full-text

A Survey of Authentication Schemes in the Internet of Things

International Journal of Smart Security Technologies ◽

10.4018/ijsst.2019010102 ◽

2019 ◽

Vol 6 (1) ◽

pp. 15-30 ◽

Cited By ~ 1

Author(s):

Yasmine Labiod ◽

Abdelaziz Amara Korba ◽

Nacira Ghoualmi-Zine

Keyword(s):

Internet Of Things ◽

Security Requirements ◽

Security And Privacy ◽

The Internet ◽

Privacy And Security ◽

Depth Study ◽

Authentication Schemes ◽

Iot Devices ◽

Privacy Issues ◽

The Internet Of Things

In the recent years, the Internet of Things (IoT) has been widely deployed in different daily life aspects such as home automation, electronic health, the electric grid, etc. Nevertheless, the IoT paradigm raises major security and privacy issues. To secure the IoT devices, many research works have been conducted to counter those issues and discover a better way to remove those risks, or at least reduce their effects on the user's privacy and security requirements. This article mainly focuses on a critical review of the recent authentication techniques for IoT devices. First, this research presents a taxonomy of the current cryptography-based authentication schemes for IoT. In addition, this is followed by a discussion of the limitations, advantages, objectives, and attacks supported of current cryptography-based authentication schemes. Finally, the authors make in-depth study on the most relevant authentication schemes for IoT in the context of users, devices, and architecture that are needed to secure IoT environments and that are needed for improving IoT security and items to be addressed in the future.

Download Full-text

A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA

ACM Transactions on Privacy and Security ◽

10.1145/3464690 ◽

2021 ◽

Vol 24 (4) ◽

pp. 1-28

Author(s):

Abbas Acar ◽

Shoukat Ali ◽

Koray Karabina ◽

Cengiz Kaygusuz ◽

Hidayet Aksu ◽

...

Keyword(s):

Template Matching ◽

User Authentication ◽

Third Party ◽

Biometric Data ◽

Concrete System ◽

Current State ◽

Continuous Authentication ◽

User Data ◽

Continuous User ◽

Privacy Issues

As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, <underline>p</underline>rivacy-<underline>a</underline>ware, and secure <underline>c</underline>ontinuous <underline>a</underline>uthentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously authenticates users based on their biometrics in a privacy-aware manner. Then, we design an actual continuous user authentication system under the proposed protocol. In this concrete system, we utilize a privacy-aware template matching technique and a wearable-assisted keystroke dynamics-based continuous authentication method. This provides privacy guarantees without relying on any trusted third party while allowing the comparison of noisy user inputs (due to biometric data) and yielding an efficient and lightweight protocol. Finally, we implement our system on an Apple smartwatch and perform experiments with real user data to evaluate the accuracy and resource consumption of our concrete system.

Download Full-text

Authentication protocols for smart homes

10.32920/ryerson.14652960 ◽

2021 ◽

Author(s):

Maninder Singh Raniyal

Keyword(s):

Smart Home ◽

User Authentication ◽

Mutual Authentication ◽

Smart Homes ◽

Authentication Scheme ◽

Security Requirements ◽

Iot Security ◽

Communication Topology ◽

User Authentication Scheme ◽

Authentication Schemes

One of the IoT's greatest opportunity and application still lies ahead in the form of smart home. In this ubiquitous/automated environment, due to the most likely heterogeneity of objects, communication, topology, security protocols, and the computationally limited na- ture of IoT objects, conventional authentication schemes may not comply with IoT security requirements since they are considered impractical, weak, or outdated. This thesis proposes: (1) The design of a two-factor device-to-device (D2D) Mutual Authentication Scheme for Smart Homes using OTP over Infrared Channel (referred to as D2DA-OTP-IC scheme); (2) The design of two proxy-password protected OTP-based schemes for smart homes, namely, the Password Protected Inter-device OTP-based Authentication scheme over Infrared Chan- nel and the Password Protected Inter-device OTP-based Authentication scheme using public key infrastructure; and (3) The design of a RSA-based two-factor user Authentication scheme for Smart Home using Smart Card.

Download Full-text

A secure remote user authentication scheme for 6LoWPAN-based Internet of Things

PLoS ONE ◽

10.1371/journal.pone.0258279 ◽

2021 ◽

Vol 16 (11) ◽

pp. e0258279

Author(s):

Ghulam Abbas ◽

Muhammad Tanveer ◽

Ziaul Haq Abbas ◽

Muhammad Waqas ◽

Thar Baker ◽

...

Keyword(s):

Internet Of Things ◽

User Authentication ◽

Security Analysis ◽

Authentication Scheme ◽

Security And Privacy ◽

Network Nodes ◽

Remote User Authentication ◽

Resource Limited ◽

User Authentication Scheme ◽

Remote User

One of the significant challenges in the Internet of Things (IoT) is the provisioning of guaranteed security and privacy, considering the fact that IoT devices are resource-limited. Oftentimes, in IoT applications, remote users need to obtain real-time data, with guaranteed security and privacy, from resource-limited network nodes through the public Internet. For this purpose, the users need to establish a secure link with the network nodes. Though the IPv6 over low-power wireless personal area networks (6LoWPAN) adaptation layer standard offers IPv6 compatibility for resource-limited wireless networks, the fundamental 6LoWPAN structure ignores security and privacy characteristics. Thus, there is a pressing need to design a resource-efficient authenticated key exchange (AKE) scheme for ensuring secure communication in 6LoWPAN-based resource-limited networks. This paper proposes a resource-efficient secure remote user authentication scheme for 6LoWPAN-based IoT networks, called SRUA-IoT. SRUA-IoT achieves the authentication of remote users and enables the users and network entities to establish private session keys between themselves for indecipherable communication. To this end, SRUA-IoT uses a secure hash algorithm, exclusive-OR operation, and symmetric encryption primitive. We prove through informal security analysis that SRUA-IoT is secured against a variety of malicious attacks. We also prove the security strength of SRUA-IoT through formal security analysis conducted by employing the random oracle model. Additionally, we prove through Scyther-based validation that SRUA-IoT is resilient against various attacks. Likewise, we demonstrate that SRUA-IoT reduces the computational cost of the nodes and communication overheads of the network.

Download Full-text

An Efficient Mobile User Authentication Scheme with User Anonymity for Wireless Communications

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.631-632.906 ◽

2014 ◽

Vol 631-632 ◽

pp. 906-909

Author(s):

Wei Jing Li ◽

Ping Zhu ◽

Hua Zhang ◽

Zheng Ping Jin

Keyword(s):

Wireless Communications ◽

Performance Analysis ◽

Elliptic Curve Cryptography ◽

User Authentication ◽

Mobile User ◽

User Anonymity ◽

Authentication Scheme ◽

User Authentication Scheme ◽

Authentication Schemes ◽

And Performance

Recently, many mobile user authentication schemes with user anonymity for wireless communications have been proposed. In 2012, Li and Lee proposed a novel user authentication and privacy preserving scheme with smart cards for wireless communications. In 2013, Jeon et al. proposed an improved user authentication scheme, and claimed their scheme achieves user anonymity and more efficient. On the basis of their work, we put forward a new user authentication scheme using elliptic curve cryptography with user anonymity for wireless communications. The security and performance analysis show that the new scheme is more secure and efficient for wireless communications.

Download Full-text

A Survey of Authentication Schemes in the Internet of Things

Research Anthology on Blockchain Technology in Business, Healthcare, Education, and Government ◽

10.4018/978-1-7998-5351-0.ch093 ◽

2021 ◽

pp. 1715-1732

Author(s):

Yasmine Labiod ◽

Abdelaziz Amara Korba ◽

Nacira Ghoualmi-Zine

Keyword(s):

Internet Of Things ◽

Security Requirements ◽

Security And Privacy ◽

The Internet ◽

Privacy And Security ◽

Depth Study ◽

Authentication Schemes ◽

Iot Devices ◽

Privacy Issues ◽

The Internet Of Things

In the recent years, the Internet of Things (IoT) has been widely deployed in different daily life aspects such as home automation, electronic health, the electric grid, etc. Nevertheless, the IoT paradigm raises major security and privacy issues. To secure the IoT devices, many research works have been conducted to counter those issues and discover a better way to remove those risks, or at least reduce their effects on the user's privacy and security requirements. This article mainly focuses on a critical review of the recent authentication techniques for IoT devices. First, this research presents a taxonomy of the current cryptography-based authentication schemes for IoT. In addition, this is followed by a discussion of the limitations, advantages, objectives, and attacks supported of current cryptography-based authentication schemes. Finally, the authors make in-depth study on the most relevant authentication schemes for IoT in the context of users, devices, and architecture that are needed to secure IoT environments and that are needed for improving IoT security and items to be addressed in the future.

Download Full-text

An Improved Dynamic ID-Based Remote User Authentication with Key Agreement Scheme

Journal of Electrical and Computer Engineering ◽

10.1155/2013/786587 ◽

2013 ◽

Vol 2013 ◽

pp. 1-5 ◽

Cited By ~ 2

Author(s):

Juan Qu ◽

Li-min Zou

Keyword(s):

Key Agreement ◽

User Authentication ◽

Impersonation Attack ◽

Forward Secrecy ◽

Insider Attack ◽

Remote User Authentication ◽

Dynamic Id ◽

User Authentication Scheme ◽

Authentication Schemes ◽

Remote User

In recent years, several dynamic ID-based remote user authentication schemes have been proposed. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resist impersonation attack and insider attack and provide anonymity for the users. However, we will show that Wen and Li's scheme cannot withstand insider attack and forward secrecy, does not provide anonymity for the users, and inefficiency for error password login. In this paper, we propose a novel ECC-based remote user authentication scheme which is immune to various known types of attack and is more secure and practical for mobile clients.

Download Full-text

Blockchain-Based Secured Access Control in an IoT System

Applied Sciences ◽

10.3390/app11041772 ◽

2021 ◽

Vol 11 (4) ◽

pp. 1772

Author(s):

Sultan Algarni ◽

Fathy Eassa ◽

Khalid Almarhabi ◽

Abduallah Almalaise ◽

Emad Albassam ◽

...

Keyword(s):

Access Control ◽

Secure Communication ◽

Large Scale ◽

Third Party ◽

Security And Privacy ◽

Multi Agent System ◽

Secure Access ◽

Multi Agent ◽

Iot Devices ◽

Privacy Issues

The distributed nature of Internet of Things (IoT) and its rapid increase on a large scale raises many security and privacy issues. Access control is one of the major challenges currently addressed through centralized approaches that may rely on a third party and they are constrained by availability and scalability, which may result in a performance bottleneck. Therefore, this paper proposes a novel solution to manage the delivery of lightweight and decentralized secure access control of an IoT system based on a multi-agent system and a blockchain. The main objective of the proposed solution is to build Blockchain Managers (BCMs) for securing IoT access control, as well as allowing for secure communication between local IoT devices. Moreover, the solution also enables secure communication between IoT devices, fog nodes and cloud computing.

Download Full-text

Authentication protocols for smart homes

10.32920/ryerson.14652960.v1 ◽

2021 ◽

Author(s):

Maninder Singh Raniyal

Keyword(s):

Smart Home ◽

User Authentication ◽

Mutual Authentication ◽

Smart Homes ◽

Authentication Scheme ◽

Security Requirements ◽

Iot Security ◽

Communication Topology ◽

User Authentication Scheme ◽

Authentication Schemes

One of the IoT's greatest opportunity and application still lies ahead in the form of smart home. In this ubiquitous/automated environment, due to the most likely heterogeneity of objects, communication, topology, security protocols, and the computationally limited na- ture of IoT objects, conventional authentication schemes may not comply with IoT security requirements since they are considered impractical, weak, or outdated. This thesis proposes: (1) The design of a two-factor device-to-device (D2D) Mutual Authentication Scheme for Smart Homes using OTP over Infrared Channel (referred to as D2DA-OTP-IC scheme); (2) The design of two proxy-password protected OTP-based schemes for smart homes, namely, the Password Protected Inter-device OTP-based Authentication scheme over Infrared Chan- nel and the Password Protected Inter-device OTP-based Authentication scheme using public key infrastructure; and (3) The design of a RSA-based two-factor user Authentication scheme for Smart Home using Smart Card.

Download Full-text