A Register Access Control Scheme for SNR System to Counter CPA Attack Based on Malicious User Blacklist

Standalone Name Resolution (SNR) is an essential component of many Information-Centric Networking (ICN) infrastructures that maps and stores the mappings of IDs and locators. The delivery of data can be realized only when the name resolution process is completed correctly. It also makes the SNR become the key target of network attackers. In this paper, our research focuses on the more covert and complex Content Pollution Attack (CPA). By continuously sending invalid content to the network at a low speed, attackers will consume a lot of the resources and time of the SNR system, resulting in a serious increase in the resolution delay of normal users and further cache pollution in ICN. It is difficult to be quickly detected because the characteristics of attack are inconspicuous. To address the challenge, a register access control scheme for an SNR system based on a malicious user blacklist query is proposed. A neighbor voting algorithm is designed to discover possible attacks in the network quickly and build a blacklist of malicious users reasonably. Users on the blacklist will be restricted from accessing the ICN network during the registration phase with the resolution system. Incentives and punishments for network users are introduced to automate responses about the potential malicious behavior reports. Our scheme is more efficient as users do not have to wait for an additional system component to perform operations. In addition, our algorithm can better solve the collusion problem in the voting process when compared with the others. We experimentally evaluate our protocol to demonstrate that the probability of successful collusion attack can be reduced to less than 0.1 when the attacker ratio is 0.5.

Multi-level authentication protocol for enabling secure communication in IoT

Internet of Things (IoT) is the domain of interest for the researchers at the present with the exponential growth in technology. Security in IoT is a prime factor, which highlights the need for authentication to tackle various attackers and hackers. Authentication is the process that uniquely identifies the incoming user and this paper develops an authentication protocol based on the chebyshev polynomial, hashing function, session password, and Encryption. The proposed authentication protocol is named as, proposed Elliptic, chebyshev, Session password, and Hash function (ECSH)-based multilevel authentication. For authenticating the incoming user, there are two phases, registration and authentication. In the registration phase, the user is registered with the server and Authentication center (AC), and the authentication follows, which is an eight-step criterion. The authentication is duly based on the scale factor of the user and server, session password, and verification messages. The authentication at the eight levels assures the security against various types of attacks and renders secure communication in IoT with minimal communication overhead and packet-loss. The performance of the method is analyzed using black-hole and Denial-of-service (DOS) attacks with 50 and 100 nodes in the simulation environment. The proposed ECSH-based multilevel authentication acquired the maximal detection rate, PDR, and QOS of 15.2%, 35.7895%, and 26.4623%, respectively in the presence of 50 nodes and DOS attacks, whereas the minimal delay of 135.922 ms is acquired in the presence of 100 nodes and DOS attacks.

Efficient VANET safety message delivery and authenticity with privacy preservation

Vehicular ad-hoc networks (VANETs) play an essential role in the development of the intelligent transportation system (ITS). VANET supports many types of applications that have strict time constraints. The communication and computational overheads are minimal for these computations and there are many security requirements that should be maintained. We propose an efficient message authentication system with a privacy preservation protocol. This protocol reduces the overall communication and computational overheads. The proposed protocol consists of three main phases: the group registration phase, send/receive messages phase, and the leave/join phase. For cryptography algorithms, we combined symmetric and asymmetric key algorithms. The symmetric key was generated and exchanged without using the Diffie–Hellman (DH) protocol. Furthermore, we used an efficient version of the RSA algorithm called CRT-RSA. The experimental results showed that the computational overhead in the registration phase was significantly reduced by 91.7%. The computational overhead for sending and receiving the non-safety message phase was reduced by 41.2% compared to other existed protocols. Moreover, our results showed that the time required to broadcast a safety and non-safety group message was below 100 ms and 150 ms, respectively. The average computational time of sending and receiving a one-to-one message was also calculated. The proposed protocol was also evaluated with respect to performance and security and was shown to be invulnerable to many security attacks.

Test for Detection of Weak Graphic Passwords in Passpoint Based on the Mean Distance between Points

This work demonstrates the ineffectiveness of the Ripley’s K function tests, the distance to the nearest neighbor, and the empty space function in the Graphical Authentication scenario with Passpoint for the detection of non-random graphical passwords. The results obtained show that none of these tests effectively detect non-random graphical passwords; the reason for their failure is attributed to the small sample of the spatial pattern in question, where only the five points of the graphical password are analyzed. Consequently, a test based on mean distances is proposed, whose experiments show that it detects with good efficiency non-random graphical passwords in Passpoint. The test was designed to be included in the Graphical Authentication systems with Passpoint to warn the user about a possibly weak password during the registration phase, and in this way, the security of the system is increased.

AirSign: Smartphone Authentication by Signing in the Air

In this paper, we propose AirSign, a novel user authentication technology to provide users with more convenient, intuitive, and secure ways of interacting with smartphones in daily settings. AirSign leverages both acoustic and motion sensors for user authentication by signing signatures in the air through smartphones without requiring any special hardware. This technology actively transmits inaudible acoustic signals from the earpiece speaker, receives echoes back through both built-in microphones to “illuminate” signature and hand geometry, and authenticates users according to the unique features extracted from echoes and motion sensors. To evaluate our system, we collected registered, genuine, and forged signatures from 30 participants, and by applying AirSign on the above dataset, we were able to successfully distinguish between genuine and forged signatures with a 97.1% F-score while requesting only seven signatures during the registration phase.

Software engineering based self-checking process for cyber security system in VANET

Newly, the cyber security of Vehicle Ad hoc Network (VANET) includes two practicable: Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I), that have been considered due to importance. It has become possible to keep pace with the development in the world. The people safety is a priority in the development of technology in general and particular in of VANET for police vehicles. In this paper, we propose a software engineering based self-checking process to ensure the high redundancy of the generated keys. These keys are used in underlying cyber security system for VANET. The proposed self-checking process emploies a set of NIST tests including frequency, block and runs as a threshold for accepting the generated keys. The introduced cyber security system includes three levels: Firstly, the registration phase that asks vehicles to register in the system, in which the network excludes the unregistered ones. In this phase, the proposed software engineeringbased self-checking process is adopted. Secondly, the authentication phase that checks of the vehicles after the registration phase. Thirdly, the proposed system that is able to detect the DOS attack. The obtained results show the efficient performance of the proposed system in managing the security of the VANET network. The self-checking process increased the randomness of the generated keys, in which the security factor is increased.

A highly secure Multi- Factor authentication system using biometrics to enhance privacy in Internet of Things (IOT)

Authentication is becoming critical in the Internet of Things (IoT) environment because of its many applications and services have been emerging in the areas such as smart city, healthcare, industry etc. Security and privacy plays a vital role in IoT because their services can be accessed through smart device applications by the user from everywhere and at any time. Hence a multi-factor based authentication can provide high security in IOT environment. This security system incorporates most of the valuable methods such as cryptography, steganography and pattern recognition for authentication process. Among various biometric traits, palm vein is more efficient because it has essential sufficient features points for individual unique identification. The system employs registration phase and authentication phase. The registration phase enrolls person privacy data with their biometric and the obtained data’s are encrypted with the help of Elliptical Curve Cryptography (ECC) and this confidential information is embedded into person palm print image using bits substitution procedure. In authentication phase, recognition will be performed through three levels such as password, palm print and One Time Password (OTP). Using these three levels the matching can be done. The texture features can be obtained by using Multi Block Local Binary Pattern (MB-LBP) and Gabor filter. To afford high authentication, OTP method is also appended. This system provides better information security and texture analysis rather than previous approaches. Thus this multiple level approach ensures a fool proof and a reliable way for data access. Results are in terms of some validation parameters like false acceptance ratio, false rejection ratio and recognition rate. Observing from results, it is clear that the proposed approach outperform many existing methods. As a result, the proposed scheme has strong security, reliability and enhanced computational efficiency.

Implementation of Event-Based Dynamic Authentication on MQTT Protocol

This paper proposes an authentication mechanism on the MQ Telemetry Transport (MQTT) protocol. The exchange of data in the IoT system became an important activity. The MQTT protocol is a fast and lightweight communication protocol for IoT. One of the problems with the MQTT protocol is that there is no security mechanism in the initial setup. One security attack may occur during the client registration phase. The client registration phase has a vulnerability to accept false clients due to the absence of an authentication mechanism. An authentication mechanism has been previously made using Transport Layer Security (TLS). However, the TLS mechanism consumes more than 100 KB of data memory and is not suitable for devices that have limitations. Therefore, a suitable authentication mechanism for constraint devices is required. This paper proposes a protocol for authentication mechanisms using dynamic and event-based authentication for the MQTT protocol. The eventbased is used to reduce the computing burden of constraint devices. Dynamic usage is intended to provide different authentication properties for each session so that it can improve authentication security. As results, the applied of the event-based dynamic authentication protocol was successful in the constraint devices of microcontrollers and broker. The microcontroller, as a client, is able to process the proposed protocol. The client uses 52% of the memory for the proposed protocol and only consumes 2% higher than the protocol without security. The broker can find authentic clients and constraint devices capable of computing to carry out mutual authentication processes to clients. The broker uses a maximum of 4.3 MB of real memory and a maximum CPU usage of 3.7%.

Glembotskaya G.T., Eremin S.Yu. Scientific and practical approach to optimizing costs on development and promotion of drugs

In order to identify promising strategic development possibilities for the pharmaceutical industry in the Russian Federation, a pilot study was conducted, which has analyzed the main trends in the development of innovative medicines. As a result of the content analysis of available sources of scientific literature, the characteristics of options used in the world practice for increasing the innovative activity of individual subjects and the pharmaceutical market as a whole are presented. Possible reserves for the further development of the innovative component of the pharmaceutical market within the framework of the concept of personalized medicine according to the P4 principle (predictive - personalized - preventive - participatory) are identified and structured. The results of use by individual pharmaceutical companies of scientifically and practically justified approaches to optimizing the costs of development and promoting drugs are presented. The advantages and real prospects of a generally accepted method to reduce the cost of development by «expanding the pharmacological effect» (label expansion) of already existing drugs with a known safety profile in the world practice are shown. A scientific generalization and structuring of the goals and results of the post-registration phase of clinical trials to expand the pharmacological action of a number of drugs already existed at the market have been carried out.

Fingerprint Protected Password Authentication Protocol

With the rapid development of industrial Internet of things (IIOT), a variety of cloud services have been deployed to store and process the big data of IIOT. The traditional password only authentication is unable to meet the needs of security situation in IIOT. Therefore, a lot of mobile phone assisted password authentication schemes have been proposed. However, in existing schemes, the secret information is required to be stored in the user’s mobile phone. Once the phone is lost, the secret information may be obtained by the opponent, which will bring irreparable loss to the user. To address the above problems, we propose a fingerprint protected password authentication scheme which has no need to store the secret parameter in the mobile phone. When a user logs in, he uses his mobile phone to generate the private key which is used to decrypt the encrypted text generated during the registration phase. The process of generating the private key needs to enter the password and the fingerprint. When the computer interacts with the mobile phone, the user’s password will be blinded so that it can protect the user’s password from adversary’s attacks. Theoretical analysis and experimental results show that our scheme improves the security of the user’s secret. Meanwhile, our scheme can resist the opponent’s dictionary attacks, replay attacks, and phishing attack. Our scheme can reduce the storage pressure of the mobile phone and is easy to deploy.