Automatic Key Update Mechanism for Lightweight M2M Communication and Enhancement of IoT Security: A Case Study of CoAP Using Libcoap Library

The ecosystem for an Internet of Things (IoT) generally comprises endpoint clients, network devices, and cloud servers. Thus, data transfers within the network present multiple security concerns. The recent boom in IoT applications has accelerated the need for a network infrastructure that provides timely and safe information exchange services. A shortcoming of many existing networks is the use of static key authentication. To enable the use of automatic key update mechanisms in IoT devices and enhance security in lightweight machine-to-machine (M2M) communications, we propose a key update mechanism, namely, double OTP (D-OTP), which combines both one-time password (OTP) and one-time pad to achieve an IoT ecosystem with theoretically unbreakable security. The proposed D-OTP was implemented into the Constrained Application Protocol (CoAP) through the commonly used libcoap library. The experimental results revealed that an additional 8.93% latency overhead was required to obtain an unbreakable guarantee of data transfers in 100 CoAP communication sessions.

Small Prime Divisors Attack and Countermeasure against the RSA-OTP Algorithm

One-time password algorithms are widely used in digital services to improve security. However, many such solutions use a constant secret key to encrypt (process) one-time plaintexts. A paradigm shift from constant to one-time keys could introduce tangible benefits to the application security field. This paper analyzes a one-time password concept for the Rivest–Shamir–Adleman algorithm, in which each key element is hidden, and the value of the modulus is changed after each encryption attempt. The difference between successive moduli is exchanged between communication sides via an unsecure channel. Analysis shows that such an approach is not secure. Moreover, determining the one-time password element (Rivest–Shamir–Adleman modulus) can be straightforward. A countermeasure for the analyzed algorithm is proposed.

Serverless Architecture For Bulk Email Management

Sending emails in large quantities can be tediousconsidering free services do not cover bulk email and paidservices can be costly and are not easy to customize. Traditionalemail client used for basic emailing services fail to be useful inlarger volumes of emails to target people or spread informationto consented individuals. This paper proposes a serverless archi-tecture to tackle such problems by using one such offering fromthe Amazon Web Services(AWS) which can be easily replacedby a software architects choice of service. The constraints helpto make an architecture using components that can fit most ofthe needs of a serverless backend and extend it to scenariossuch mobile notifications, One Time Password (OTP) systems orother means of communication to minimize single point of failureand also decrease the dependency on physical servers for suchoperations offering a comparable solution within the cloud. Thearchitecture proposed is tested to find the time taken to sendthe emails of various quantities and see how it affects the cost.The architecture was successful able to send multiple emails in aquick and single invocation and has demonstrated a higher levelof scalability compared to conventional methods.

Smart Home Multi-Factor Authentication Using Face Recognition and One-Time Password on Smartphone

Recently, the adoption of smart home technology has been on the rise and becoming a trend for home residents. The development of Internet-of-Things (IoT) technology drives the smart home authentication system with biometric systems such as facial recognition, fingerprint, and voice control techniques. In the context of homeowners, security is always the primary concern. However, conventional home security and the existing smart home security system have some limitations. These techniques use single-factor authentication, which provides limited protection for home security. Therefore, this project proposed a design for smart home multi-factor authentication using facial recognition and a one-time password sent to smartphones for a home security system. Rapid application development was the methodology for conducting this study. A usability evaluation suggested that the proposed smart home multi-factor authentication is acceptable, but some usability issues can be improved in the future.

Device Identity-Based User Authentication on Electronic Payment System for Secure E-Wallet Apps

E-wallets are a modern electronic payment system technology that easily recognize consumer interest, making our transactions very convenient and efficient. E-wallets are intended to substitute the existing physical wallet, which may tell others something about us as a person. That is why using a physical wallet is a unique, personal experience that cannot be duplicated. A solution would be to replace the physical wallet with an e-wallet on an existing mobile device. The personal nature of the e-wallet is that it should be installed on a unique device. One of the fundamental protections against any illegal access to e-wallet application is through authentication. In particular, the fundamental authentication category used in an existing e-wallet is based on knowledge (i.e., what you know), ownership (i.e., what you have), and biometric (i.e., what you are) authentication, which are sometimes prone to security threats such as account takeover, sim swapping, app cloning, or know your customer verification attacks. The design of an e-wallet authentication on mobile device solution must take into consideration the intensity of the security. To address this problem, this study proposes a design of e-wallet apps with an extension security element that focuses on the device identity in the existing user authentication mechanism. This study covers four fundamental categories of authentication: password, one time password, fingerprints, and international mobile equipment identifier. Using IMEI limits an e-wallet to be in one specific device in one time; this brings it into line with the nature of a physical wallet. In addition, it will be ready to handle the mentioned threats above, which will ultimately result in the far more reliable to use of e-wallet apps. The proposed authentication design has two phases, a registration phase and an authentication phase. The proposed method has been developed and implemented based on an Android Studio Firebase real-time database management and PayPal. In addition, the complete design has been evaluated using functional requirement testing to see how closely it meets functionality requirements. The results obtained from functional testing show that the functionalities of the proposed method meet the requirements, and one cannot use a same account on two devices; hence, it is secure from attacks. The result also shows that the proposed method has no errors. Moreover, it has been shown that our proposed method has better security parameters in terms of the existing method.

Authentication of IoT device with the enhancement of One-time Password (OTP)

The Robust and Energy Efficient Authentication Protocol works for Industrial Internet of Things. The Internet of Things (IoT) is an arising innovation and expected to give answers for different modern fields. The IoT enable connection of physical devices all around the world to the internet by collecting and sharing critical and real-time data among each other. The increment of devices increases the computational cost during data transmission between devices and towards the internet. In this paper we proposed a solution that is a multi-factor authentication protocol to enhance the protocol proposed by Li et al. For Industrial IoT by adding One Time Password (OTP) after the biometric information of the user is checked by the Gateway Node (GWN) to be able to tackle additional network attack aside from those that are overcome by Li et al. scheme. Our contribution for this project is, we proposed the solution that a multi-factor authentication protocol to enhance the protocol proposed. For Industrial IoT by adding One Time Password (OTP) after the biometric information of the user is checked by the Gateway Node (GWN) to be able to tackle additional network attack aside from those that are overcome. The idea of adding OTP is inspired by where they scheme correlates to biometric of user as well. Our proposal is lower cost than the three protocols regarding authentication overhead and computational cost perspectives. Challenges and future directions of this paper examined the security shortcomings of a client confirmation convention for WSN, which is as proposed by Chang and Le. To address the normal security shortcomings of past protocols, we proposed a strong and energy effective three-factor authentication protocol for WSN.

A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.

Camera-Based Parking System Management Using Raspberry Pi

Currently, there are still many use of manual parking systems, namely parking attendants provide instructions for vehicles to park. This is often considered inefficient because there is no data recording of vehicles that park, resulting in a low level of security and comfort for visitors and the parking system does not provide information about parking slots which can make it difficult for visitors to park vehicles. With this, the vehicle that wants to park often has difficulty when parking the vehicle. Through various problems that occur, the author develops a parking system that can provide information on the availability of parking slots in the parking area as well as data storage for vehicle number plates that do parking. In the parking system, the Raspberry Pi 3 Model B is used as the main controller, camera detection to obtain information in the form of characters from the vehicle number plate with the help of OCR (Optical Character Recognition), the use of OTP (One Time Password) code which can be used only once so as to increase security. on the parking system. Vehicle data in the form of number plates and also OTP code will be stored in the database and used when the vehicle will leave the parking area by matching the number plate data and OTP code of a vehicle to be able to leave the parking area. Through the development of the parking system, it is hoped that it will work well for vehicle drivers to find available parking locations and increase safety and comfort for drivers because of data storage in the form of vehicle number plates as vehicle identity and the use of OTP codes that can only be used once.

Implementasi One Time Password dengan Metode Advanced Encryption Standard

Teknologi yang terus berkembang membutuhkan tingkat keamanan yang tinggi, terutama dalammenjaga password. Untuk mengatasi password yang harus diubah dalam jangka waktu tertentu, digunakanlahOne-Time Password (OTP). OTP sudah berhasil diimplementasikan dalam berbagai kasus perbankanmenggunakan token. Penelitian ini bertujuan untuk mengimplementasikan OTP dalam smartphone, terutamaAndroid yang diharapkan dapat menggantikan fungsi token yang sudah ada. Metode yang digunakan untukmembangkitkan OTP dalam penelitian ini adalah metode AES (Advanced Encryption Standard). Aplikasiberbasis Android yang dihasilkan dapat menggantikan fungsi token yang ada saat ini. Selain itu, dalammengimplementasikan algoritma kriptografi AES untuk OTP berdasarkan challenge, aplikasi inimenggunakan secret number yang akan bertambah seiring dengan jumlah pembangkitan OTP.