Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.

A new adaptive XOR, hashing and encryption-based authentication protocol for secure transmission of the medical data in Internet of Things (IoT)

Internet of Things (IoT) plays a prominent role in health-care of patients, which assist the physicians and patients through the assistance in effective decision-making and additionally, in the medical field, IoT plays a significant role in real-time monitoring of the patients. Even though the data provided by the IoT devices ensure the effective decision-making, the data is susceptible to the network attacks. Thus, the paper proposes an authentication protocol for enabling the secure data transmission in IoT based on three functions, such as encryption function, hashing function, and adaptive XOR function. The proposed authentication protocol is named as, Adaptive XOR, hashing and Encryption Key Exchange (AXHE) protocol, which is the combination of the functions, such as encryption function, hashing function, and adaptive XOR function. The protocol ensures the security in the communication through two successive phases, such as registration and authentication of the user, where the user name, password, public keys, private keys, and security factor are employed. The authentication is progressed as seven levels and whenever the security factor matches, the user is authenticated and the communication continues. The analysis of the proposed AXHE is performed using 50 and 100 nodes in the presence of DOS and black hole attacks, which acquires the detection rate, throughput, and detection delay of 0.3859, 0.32, and 6.535 s, respectively.

Hybrid Obfuscation with key Based Encryption for Integrated Circuits

A new functional encryption method applied for integrated circuit (IC) is proposed in this paper which is called as hybrid obfuscation. The hardware obfuscation or encryption function is a countermeasures act utilized to provide safety of circuit from malware attack and unauthorized entry at the time of manufacture by the distrusted foundries across the world. The purpose of encryption is to design and embed secret keys for achieving functional modifications at the design space itself. Such keys are programmed suddenly inside the ICs when they are obtained from the factory. Since the distrusted factory doesn't approach the key, they can't dispose of the extra components of the chip which doesn't work effectively without the key. By joining existing procedures of obscurity known as fixed obfuscation and dynamic obfuscation, the half and half muddling strategy accomplish the objectives of an encryption function. The investigation of safety efforts proves that the functional encryption enhances the design security as contrasted with existing method. In addition, the proposed method decreases zone overhead by 40% and control overhead by 30% for a key length of 30 bits contrasted with the active obscurity

On the Constructions of New Symmetric Ciphers Based on Nonbijective Multivariate Maps of Prescribed Degree

The main purpose of this paper is to introduce stream ciphers with the nonbijective encryption function of multivariate nature constructed in terms of algebraic graph theory. More precisely, we describe the two main symmetric algorithms for creation of multivariate encryption transformations based on three families of bipartite graphs with partition sets isomorphic to Kn, where K is selected as the finite commutative ring. The plainspace of the algorithm is Ω={x∣∑xi∈K⁎, x∈Kn}⊂Kn,Ω≅K⁎×Kn-1. The second algorithm is a generalization of the first one with using the jump operator, where generalized encryption map has an essentially higher degree in comparison with the previous version. Moreover, the degree of this generalized map is not bounded by some constant. This property guarantees resistance of the cipher to linearization attacks.