Phishing Attack: Raising Awareness and Protection Techniques

Phishing is a form of social engineering attack that can be used to steal sensitive and vital information and details from unsuspecting entities which could either be organizations or individuals. This paper gives a review on how phishing attacks are carried out and the protection techniques involved in defending against such attacks and how to raise awareness about such attacks in Bournemouth University using the MINDSPACE framework. The protection techniques would be classified into three layers namely; automated tools, training and knowledge, and multifactor authentication. The awareness would be raised using the MINDSPACE framework and it revealed that about 50% of the students approached were ignorant of the phishing attack and the tactics used to carry the attack out.

Multifactor Authentication in Automated Teller Machine

Skimming of card details is the primary problem faced by many people in today’s world. This can be done in many ways. For instance, a thief can insert a small device into the machine and steal the information. When a person swipes or inserts a card, the details will be captured and stored. This problem can be solved using biometrics. Biometrics include fingerprint, iris, face, retina scanning, etc. This paper focused on solving this issue using fingerprint and iris recognition using OpenCV and propose a suitable method for this issue. Fingerprint and iris recognition are performed by identifying the keypoints and descriptors and matching those with the test data. Keywords: Biometrics, Fingerprint recognition, Iris recognition, Scale Invariant Feature Transform, Oriented FAST and Rotated BRIEF, OpenCV

MyMaster : A Multifactor Authentication Scheme for Smart Home Device

Smart homes are one of the Internet of Things (IoT) applications most significant to enable people to operate intelligent devices on the Internet in their homes. However, when users can access an intelligent home system remotely, they have major privacy and confidentiality difficulties to overcome. Nothing has been done to improve the safety characteristics of an intelligent home with current research on authentication approaches. For example, to address these issues and to develop a reciprocal tracking authentication system with a critical aspect of a deal, we recommend an Internet based Smart Home System (IFTTT) model. As a controller and a safety guard, an IFTTT-Home Gateway provides a user with remote access to a Smart Home System within their company. The system is designed for mutual authentication with security features such as anonymity and full advance security by using Elliptical Curve Encryption, Nonces, XOR or cryptographic Hash functions. We also incorporate multi factor authentication (MFA) into the model to ensure more security and preventing privacy leakage.

An AODV Based Multifactor Authentication Scheme for Wireless Sensor Network

Wireless Sensor Network (WSN) is a type of wireless network that is fast getting a lot of attention in scientific and industrial applications, and it is a network of decentralized autonomous standalone sensor devices. However, WSN is easily prone to malicious attacks as anyone can access the server through the node without a proper security authentication. In this paper, we proposed a secure AODV based multi-factor authentication scheme for WSN to mitigate physical attack, offline guessing attack and replay attack. Our proposed scheme is preferred to keep the scheme lightweight while providing enough security that requires smart card, user identity, password, and OTP. Our proposed scheme has relatively lower computational cost with a total of 10Th than the other compared schemes except for Adil et al.’s scheme. However, we have around 8288 bits of authentication overhead due to the nature of packet and the addition of factors. Hence, our scheme is outperformed from computational cost perspective, but the scheme is slightly higher on authentication overhead perspective. In the future, multiple device authentication, implementation of biometric feature can be added to improve the scheme.

Mutual Authentication in Body Area Networks (BANs) Using Multi-Biometric and Physiological Signal-Based Key Agreement

The development of wireless technology has had a major impact on the wireless body area networks (WBANs) especially in the medical field where a small wireless sensor is installed in, on, or around the patient’s body for real-time health monitoring and personalized medical treatment. However, the data is collected by the sensors and transmitted via wireless channels. This could make the channel vulnerable to being accessed and falsified by an unauthorized user and may put the lives of the patient at risk and might give a false alarm. Therefore, a secure authentication and data encryption scheme in BANs is needed in a device to establish the interaction. The asymmetric cryptosystems that function in BANs can cause a Man-in-the-Middle attack because the initial requirement in BAN requires the user to configure a master key or password. The impersonation attack may also involve BAN where other individual pretends to be the owner of the devices and lastly Eavesdropping attack where the attack eavesdrops on transmission to unlock devices. With the existing schemes, mutual authentication using the biometric features (fingerprint) and the physiological signal from the electrocardiogram database is used to make sure the authentication is more secure, reliable, and accurate. In this paper, we proposed a new multifactor authentication scheme on biometric authentication which is the retina scan. We proposed the retina scan because the retina of the human eye is unique, remains the same, and cannot be obtained from anywhere which makes it difficult to forge. We also added a new device which is a smart watch to receive a key agreement message from the fingerprint to double confirm the same identification. This is to make sure high security is obtained and offered simplicity, efficiency, and precision scheme for the authentication.

Multifactor Authentication Car Tracking System Using Fingerprint Verification

The design of an intelligent system used to detect and locate vehicle theft has become a viable and sustainable tool in the security system globally. Multifactor authentication car tracking system works in a way that if an unauthorized person tries to steal the vehicle, the user and user’s relatives and a registered police station will be notified with the GPS location. The fingerprint records are stored in the memory of the system. When the fingerprint matches with the stored ones, the microcontroller triggers and powers the circuit. The GPS module gets the location information from satellites in the form of location coordinates. The GSM module sends a short message service immediately to notify the owner in case of any theft action. The fingerprint test-scan results of approximately 100 percent competency level demonstrate that this technology has an enormous potential to enhance effective security and tracking technology in vehicles, objects and humans. Keywords: Tracking system, GPS, Fingerprint, Module. PACS: Electronic, 07.50.EK, 84.30.-r.

A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT

The Internet of Things (IoT) has built an information bridge between people and the objective world, wherein wireless sensor networks (WSNs) are an important driving force. For applications based on WSN, such as environment monitoring, smart healthcare, user legitimacy authentication, and data security, are always worth exploring. In recent years, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are revealed to various vulnerabilities (e.g., password guessing attack, impersonation attack, and replay attack) due to nonuniform security evaluation criteria. Wang et al. put forward 12 pieces of widely accepted evaluation criteria by investigating quantities of relevant literature. In this paper, we first propose a lightweight multifactor authentication protocol for multigateway WSNs using hash functions and XOR operations. Further, BAN logic and BPR model are employed to formally prove the correctness and security of the proposed scheme, and the informal analysis with Wang et al.’s criteria also indicates that it can resist well-known attacks. Finally, performance analysis of the compared schemes is given, and the evaluation results show that only the proposed scheme can satisfy all 12 evaluation criteria and keep efficient among these schemes.

Revisiting a Multifactor Authentication Scheme in Industrial IoT

Nowadays, as one of the key applications of Internet of Things, Industry IoT (IIoT) has recently received significant attention and has facilitated our life. In IIoT environments, an amount of data generally requires to be transmitted between the user and sensing devices in an open channel. In order to ensure safe transmission of these data, it is necessary for the user and sensing devices to authenticate each other and establish a secure channel between them. Recently, a multifactor authenticated key agreement scheme for IIoT was proposed, which aims to tackle this problem and provide solutions for user multiple sensing devices’ access. This work claims that the proposed scheme is secure against vario us attacks and has less communication and computational costs than other existing related schemes. Unfortunately, we find that this scheme cannot resist smart card attack and sensing device capture attack. Furthermore, we show that this scheme fails to provide forward secrecy, which is essential for a secure multifactor authentication scheme.

AAAA: SSO and MFA Implementation in Multi-Cloud to Mitigate Rising Threats and Concerns Related to User Metadata

In the modern digital era, everyone is partially or fully integrated with cloud computing to access numerous cloud models, services, and applications. Multi-cloud is a blend of a well-known cloud model under a single umbrella to accomplish all the distinct nature and realm requirements under one service level agreement (SLA). In current era of cloud paradigm as the flood of services, applications, and data access rise over the Internet, the lack of confidentiality of the end user’s credentials is rising to an alarming level. Users typically need to authenticate multiple times to get authority and access the desired services or applications. In this research, we have proposed a completely secure scheme to mitigate multiple authentications usually required from a particular user. In the proposed model, a federated trust is created between two different domains: consumer and provider. All traffic coming towards the service provider is further divided into three phases based on the concerned user’s data risks. Single sign-on (SSO) and multifactor authentication (MFA) are deployed to get authentication, authorization, accountability, and availability (AAAA) to ensure the security and confidentiality of the end user’s credentials. The proposed solution exploits the finding that MFA achieves a better AAAA pattern as compared to SSO.