A Secure CDM-Based Data Analysis Platform (SCAP) in Multi-Centered Distributed Setting

Hospitals have their own database structures and maintain their data in a closed manner. For this reason, it is difficult for researchers outside of institutions to access multi-center data. Therefore, if the data maintained by all hospitals follow a commonly shared format, researchers can analyze multi-center data using the same method. To safely analyze data using a common data model (CDM) in a distributed multi-center network environment, the objective of this study is to propose and implement the processes for distribution, executing the analysis codes, and returning the results. A secure CDM-based data analysis platform (SCAP) consists of a certificate authority (CA), authentication server (AS), code signer (CS), ticket-granting server (TGS), relaying server (RS), and service server (SS). The AS, CS, TGS, and RS form the central server group of the platform. An SS is stored on a hospital server as an agent for communication with the server group. We designed the functionalities and communication protocols among servers. To safely conduct the intended functions, the proposed protocol was implemented based on a cryptographic algorithm. An SCAP was developed as a web application running on this protocol. Users accessed the platform through a web-based interface.

A Key-Based Mutual Authentication Framework for Mobile Contactless Payment System Using Authentication Server

This paper presents a framework for mutual authentication between a user device and a point of sale (POS) machine using magnetic secure transmission (MST) to prevent the wormhole attack in Samsung pay. The primary attribute of this method is authenticating the POS terminals by an authentication server to bind the generated token to a single POS machine. To secure the system from eavesdropping attack, the data transmitted between the user device and the machine is encrypted by using the Elgamal encryption method. The keys used in the method are dynamic in nature. Furthermore, comparison and security analysis are presented with previously proposed systems.

Lattice-based remote user authentication from reusable fuzzy signature

In this paper, we introduce a new construction of reusable fuzzy signature based remote user authentication that is secure against quantum computers. We investigate the reusability of fuzzy signature, and we prove that the fuzzy signature schemes provide biometrics reusability (aka. reusable fuzzy signature). We define formal security models for the proposed construction, and we prove that it achieves user authenticity and user privacy. The proposed construction ensures: 1) a user’s biometrics can be securely reused in remote user authentication; 2) a third party having access to the communication channel between a user and the authentication server cannot identify the user.

Denial of Service Attack on Protocols for Smart Grid Communications

In this work, a denial of service (DoS) attack known as the clogging attack has been performed on three different modern protocols for smart grid (SG) communications. The first protocol provides authentication between smart meters (SM) and a security and authentication server (SAS). The second protocol facilitates secure and private communications between electric vehicles (EV) and the smart grid. The third protocol is a secure and efficient key distribution protocol for the smart grid. The protocols differ in either their applications (authentication, key distribution), or their ways of communications (usage of encryption, hashes, timestamps etc.). But they are similar in their purpose of design (for the smart grid) and their usage of computationally intensive mathematical operations (modular exponentiation, ECC) to implement security. Solutions to protect these protocols against this attack are then illustrated along with identifying the causes behind the occurrence of this vulnerability in SG communication protocols in general.

Secure Secondary Authentication Framework for Efficient Mutual Authentication on a 5G Data Network

The service-based architecture of the Fifth Generation(5G) had combined the services and security architectures and enhanced the authentication process of services to expand the coverage of the network, including heterogeneous devices. This architecture uses the secondary authentication for mutual authentication between the User Equipment (UE) and the Data Network (DN) to authenticate devices and services. However, this authentication mechanism can cause a signaling storm in the Non-Access Stratum (NAS) because the end node needs to communicate with the authentication server of the NAS area. This problem could affect the availability of the network when the network is extended. This research proposes a mutual authentication framework that can efficiently perform a mutual authentication process through secondary authentication between UE and DN. The proposed framework uses newly devised network functions: Secondary Authentication Function (SAF) and the Authentication Data Management Function (ADMF). This framework proposes a methodology at the protocol level for efficient mutual authentication using the mobile edge computing architecture. We analyzed the proposed framework in the point of security considerations, and we evaluated the effect of the framework on the traffic of the NAS layer and user experience. Our simulation results show that the proposed framework can reduce the NAS traffic by 39% and total traffic of the overall network by 10%.

An Improved Mechanism for SDN Flow Space to Control Oriented Authentication NAA Network

The Open Daylight platform with its power by working with IEEE 802.1X port level authentication for wired and wireless networks has been very supportive because of the massive deployments at mean charge for main design considerations. Within the current marketplace, 802.1X has flourished the ground works for wireless, wire stability, LAN stability and authentication methods. EAP (Extensible Authentication Protocol) supports long time protection of the supplicant and the authentication software till the end condition of the RADIUS (Remote Authentication Dial-In User Service) server is met. This paper is focused on the RAR (RADIUS Access Request) unique identification about the users on the network with SAA (Supplicant, Authenticator and Authentication server) system which records on the attribute cost of RFC 2865 according to the forwarding server. NAA (Non-Adaptive Algorithm) using FlowVisor based virtualization packages drive inward the network timescales or statistics, dynamically controlling the flow space of switches to control the speed and results in scaling of networks. NAA is an application level protocol that contains authentication and configuration information between a Network Access Server and a shared authentication server. It avoids the attacker from listening for requests and responses from the server and calculates the improved MD5 client secret key of the response.