Authentication is the most crucial aspect of security and a predominant measure employed in cybersecurity.Cloud computing provides a shared electronic device resource for users via the internet,and the authentication ...Authentication is the most crucial aspect of security and a predominant measure employed in cybersecurity.Cloud computing provides a shared electronic device resource for users via the internet,and the authentication techniques used must protect data from attacks.Previous approaches failed to resolve the challenge of making passwords secure,memorable,usable,and time-saving.Graphical Password(GP)is still not widely utilized in reality because consumers suffer from multiple login stages.This paper proposes an Indexed Choice-Based Graphical Password(ICGP)scheme for improving the authentication part.ICGP consists of two stages:registration and authentication.At the registration stage,the user registers his/her data user name a number called Index Number(IN),and chooses an image from a grid of images.After completing the registration,ICGP gives the user a random unique number(UNo)to be a user ID.At the authentication stage,the user chooses a different image from the grid based on the random appearance of the registered image dimensions on the grid plus the registered Index Number.ICGP password is a combination of three factors;user’s name,UNo,and any image.According to the experiments,the proposed ICGP has achieved great improvements when compared to prior methods.The ICGP has increased the possible password numbers from 9.77e+6 to 3.74e+30,the password space from 1.20e+34 to 1.37e+84,and decreased the password entropy from 7.16e−7 to 8.26e−30.展开更多
TarGuess-I is a leading model utilizing Personally Identifiable Information for online targeted password guessing.Due to its remarkable guessing performance,the model has drawn considerable attention in password secur...TarGuess-I is a leading model utilizing Personally Identifiable Information for online targeted password guessing.Due to its remarkable guessing performance,the model has drawn considerable attention in password security research.However,through an analysis of the vulnerable behavior of users when constructing passwords by combining popular passwords with their Personally Identifiable Information,we identified that the model fails to consider popular passwords and frequent substrings,and it uses overly broad personal information categories,with extensive duplicate statistics.To address these issues,we propose an improved password guessing model,TGI-FPR,which incorporates three semantic methods:(1)identification of popular passwords by generating top 300 lists from similar websites,(2)use of frequent substrings as new grammatical labels to capture finer-grained password structures,and(3)further subdivision of the six major categories of personal information.To evaluate the performance of the proposed model,we conducted experiments on six large-scale real-world password leak datasets and compared its accuracy within the first 100 guesses to that of TarGuess-I.The results indicate a 2.65%improvement in guessing accuracy.展开更多
Military image encryption plays a vital role in ensuring the secure transmission of sensitive visual information from unauthorized access.This paper proposes a new Tri-independent keying method for encrypting military...Military image encryption plays a vital role in ensuring the secure transmission of sensitive visual information from unauthorized access.This paper proposes a new Tri-independent keying method for encrypting military images.The proposed encryption method is based on multilevel security stages of pixel-level scrambling,bitlevel manipulation,and block-level shuffling operations.For having a vast key space,the input password is hashed by the Secure Hash Algorithm 256-bit(SHA-256)for generating independently deterministic keys used in the multilevel stages.A piecewise pixel-level scrambling function is introduced to perform a dual flipping process controlled with an adaptive key for obscuring the spatial relationships between the adjacent pixels.Adynamicmasking scheme is presented for conducting a bit-level manipulation based on distinct keys that change over image regions,providing completely different encryption results on identical regions.To handle the global correlation between large-scale patterns,a chaotic index-map system is employed for shuffling image regions randomly across the image domain based on a logistic map seeded with a private key.Experimental results on a dataset of military images show the effectiveness of the proposed encryption method in producing excellent quantitative and qualitative results.The proposed method obtains uniform histogram distributions,high entropy values around the ideal(≈8 bits),Number of Pixel Change Rate(NPCR)values above 99.5%,and low Peak Signal-to-Noise Ratio(PSNR)over all encrypted images.This validates the robustness of the proposed method against cryptanalytic attacks,verifying its ability to serve as a practical basis for secure image transmission in defense systems.展开更多
Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Sh...Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.展开更多
Password-based authenticated key exchange(PAKE) protocols are cryptographic primitives which enable two entities,who only share a memorable password,to identify each other and to communicate over a public unreliable n...Password-based authenticated key exchange(PAKE) protocols are cryptographic primitives which enable two entities,who only share a memorable password,to identify each other and to communicate over a public unreliable network with a secure session key.In this paper,we propose a simple,efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function.Our protocol is secure against dictionary attacks.Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.展开更多
Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the ...Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the primary method in the future due to their simplicity and low cost.Considering the security and usability of passwords,we propose AvoidPwd,which is a novel mnemonic password generation strategy that is based on keyboard transformation.AvoidPwd helps users customize a“route”to bypass an“obstacle”and choose the characters on the“route”as the final password.The“obstacle”is a certain word using any language and the keys adjacent to the“obstacle”are typed with the“Shift”key.A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets.The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets.Meanwhile,AvoidPwd outperformed the KbCg,SpIns,and Alphapwd in balancing security and usability.In addition,there are more symbols in the character distribution of AvoidPwd than the other strategies.AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.展开更多
In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users' passwords with keys generated by the TPM, which...In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users' passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users' passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.Abstract: In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users' passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users' passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.展开更多
To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnera...To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.展开更多
Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on pas...Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.展开更多
Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However...Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.展开更多
Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et ...Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et al. proposed the first constant-round password-based group key ex- change with different passwords for such net- works. In 2008, Nam et al. discovered the short- comings of the scheme, and modified it. But the works only provide the group key. In this paper, we propose a password-based secure communication scheme for the loT, which could be applied in the battlefield communication systems and support dy- namic group, in which the nodes join or leave. By performing the scheme, the nodes in the heteroge- neous MANET can realize secure broadcast, secure unicast, and secure direct communication across realms. After the analyses, we demonstrate that the scheme is secure and efficient.展开更多
User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are...User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.展开更多
基金Supporting Project number(RSP2024R444),King Saud University,Riyadh,Saudi Arabia.
文摘Authentication is the most crucial aspect of security and a predominant measure employed in cybersecurity.Cloud computing provides a shared electronic device resource for users via the internet,and the authentication techniques used must protect data from attacks.Previous approaches failed to resolve the challenge of making passwords secure,memorable,usable,and time-saving.Graphical Password(GP)is still not widely utilized in reality because consumers suffer from multiple login stages.This paper proposes an Indexed Choice-Based Graphical Password(ICGP)scheme for improving the authentication part.ICGP consists of two stages:registration and authentication.At the registration stage,the user registers his/her data user name a number called Index Number(IN),and chooses an image from a grid of images.After completing the registration,ICGP gives the user a random unique number(UNo)to be a user ID.At the authentication stage,the user chooses a different image from the grid based on the random appearance of the registered image dimensions on the grid plus the registered Index Number.ICGP password is a combination of three factors;user’s name,UNo,and any image.According to the experiments,the proposed ICGP has achieved great improvements when compared to prior methods.The ICGP has increased the possible password numbers from 9.77e+6 to 3.74e+30,the password space from 1.20e+34 to 1.37e+84,and decreased the password entropy from 7.16e−7 to 8.26e−30.
基金supported by the Joint Funds of National Natural Science Foundation of China(Grant No.U23A20304)the Fund of Laboratory for Advanced Computing and Intelligence Engineering(No.2023-LYJJ-01-033)+1 种基金the Special Funds of Jiangsu Province Science and Technology Plan(Key R&D ProgramIndustryOutlook and Core Technologies)(No.BE2023005-4)the Science Project of Hainan University(KYQD(ZR)-21075).
文摘TarGuess-I is a leading model utilizing Personally Identifiable Information for online targeted password guessing.Due to its remarkable guessing performance,the model has drawn considerable attention in password security research.However,through an analysis of the vulnerable behavior of users when constructing passwords by combining popular passwords with their Personally Identifiable Information,we identified that the model fails to consider popular passwords and frequent substrings,and it uses overly broad personal information categories,with extensive duplicate statistics.To address these issues,we propose an improved password guessing model,TGI-FPR,which incorporates three semantic methods:(1)identification of popular passwords by generating top 300 lists from similar websites,(2)use of frequent substrings as new grammatical labels to capture finer-grained password structures,and(3)further subdivision of the six major categories of personal information.To evaluate the performance of the proposed model,we conducted experiments on six large-scale real-world password leak datasets and compared its accuracy within the first 100 guesses to that of TarGuess-I.The results indicate a 2.65%improvement in guessing accuracy.
文摘Military image encryption plays a vital role in ensuring the secure transmission of sensitive visual information from unauthorized access.This paper proposes a new Tri-independent keying method for encrypting military images.The proposed encryption method is based on multilevel security stages of pixel-level scrambling,bitlevel manipulation,and block-level shuffling operations.For having a vast key space,the input password is hashed by the Secure Hash Algorithm 256-bit(SHA-256)for generating independently deterministic keys used in the multilevel stages.A piecewise pixel-level scrambling function is introduced to perform a dual flipping process controlled with an adaptive key for obscuring the spatial relationships between the adjacent pixels.Adynamicmasking scheme is presented for conducting a bit-level manipulation based on distinct keys that change over image regions,providing completely different encryption results on identical regions.To handle the global correlation between large-scale patterns,a chaotic index-map system is employed for shuffling image regions randomly across the image domain based on a logistic map seeded with a private key.Experimental results on a dataset of military images show the effectiveness of the proposed encryption method in producing excellent quantitative and qualitative results.The proposed method obtains uniform histogram distributions,high entropy values around the ideal(≈8 bits),Number of Pixel Change Rate(NPCR)values above 99.5%,and low Peak Signal-to-Noise Ratio(PSNR)over all encrypted images.This validates the robustness of the proposed method against cryptanalytic attacks,verifying its ability to serve as a practical basis for secure image transmission in defense systems.
文摘Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.
基金the National Natural Science Foundation of China(Nos.60703094 and 61070217)
文摘Password-based authenticated key exchange(PAKE) protocols are cryptographic primitives which enable two entities,who only share a memorable password,to identify each other and to communicate over a public unreliable network with a secure session key.In this paper,we propose a simple,efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function.Our protocol is secure against dictionary attacks.Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.
基金supported in part by the National Natural Science Foundation of China (No. 61803149 and No. 61977021)in part by the Technology Innovation Special Program of Hubei Province (No. 2020AEA008)in part by the Hubei Province Project of Key Research Institute of Humanities and Social Sciences at Universities (Research Center of Information Management for Performance Evaluation)
文摘Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the primary method in the future due to their simplicity and low cost.Considering the security and usability of passwords,we propose AvoidPwd,which is a novel mnemonic password generation strategy that is based on keyboard transformation.AvoidPwd helps users customize a“route”to bypass an“obstacle”and choose the characters on the“route”as the final password.The“obstacle”is a certain word using any language and the keys adjacent to the“obstacle”are typed with the“Shift”key.A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets.The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets.Meanwhile,AvoidPwd outperformed the KbCg,SpIns,and Alphapwd in balancing security and usability.In addition,there are more symbols in the character distribution of AvoidPwd than the other strategies.AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.
基金Supported by the National Natural Science Foundation of China(61472429,61070192,91018008,61303074,61170240)the Beijing Municipal Natural Science Foundation(4122041)National High-Technology Research and Development Program of China(863 Program)(2007AA01Z414)
文摘In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users' passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users' passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.Abstract: In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users' passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users' passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.
基金Acknowledgements This work was supported by the National Natural ScienceFoundation of China under Grants No. 60873191, No. 60903152, No. 60821001, and the Beijing Natural Science Foundation under Grant No. 4072020.
文摘To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.
基金the National Science Council (Nos. NSC 99-2218-E-011-014 and NSC 100-2219-E-011-002)
文摘Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system e?ciency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.
基金This work is supported by The National Natural Science Foundation of China (Nos.U1536121,61370195).
文摘Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.
基金supported by National Natural Science Foundation of China(Grant Nos.60873191,60903152,61003286,60821001)
文摘Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et al. proposed the first constant-round password-based group key ex- change with different passwords for such net- works. In 2008, Nam et al. discovered the short- comings of the scheme, and modified it. But the works only provide the group key. In this paper, we propose a password-based secure communication scheme for the loT, which could be applied in the battlefield communication systems and support dy- namic group, in which the nodes join or leave. By performing the scheme, the nodes in the heteroge- neous MANET can realize secure broadcast, secure unicast, and secure direct communication across realms. After the analyses, we demonstrate that the scheme is secure and efficient.
基金the National Basic Research Development(973) Program of China(No.2013CB834205)the National Natural Science Foundation of China(Nos.61070153 and 61103209)+1 种基金the Natural Science Foundation of Zhejiang Province(Nos.LZ12F02005 and LY12F02006)the Education Department Foundation of Zhejiang Province(No.Y201222977)
文摘User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.
