پلت فرم eTRIKS: مفهوم و بهره برداری از پلت فرم مبتنی بر ابر بسیار مقیاس پذیر برای تحقیق و توسعه برنامه های کاربردی-2018
We describe the genesis, design and evolution of a computing platform designed and built to improve the success rate of biomedical translational research. The eTRIKS project platform was developed with the aim of building a platform that can securely host heterogeneous types of data and provide an optimal environment to run tranS MART analytical applications. Many types of data can now be hosted, including multi-OMICS data, preclinical laboratory data and clinical information, including longitudinal data sets. During the last two years, the platform has matured into a robust translational research knowledge management system that is able to host other data mining applications and support the development of new analytical tools.
Keywords: Computing ، Cloud ، eTRIKS ، tranSMART ، Hosting ، Analysis ، Security ، Translational research ، Authentication ، Platform ، Storage ، Web application ، Knowledge management
ارزیابی روش های احراز هویت تراکنش ها در بانکداری آنلاین
سال انتشار: 2018 - تعداد صفحات فایل pdf انگلیسی: 18 - تعداد صفحات فایل doc فارسی: 65
احراز هویت یک موضوع مهم تحقیقاتی در زمینه امنیت اطلاعات است. در مورد ارزیابی روش های تأیید هویت اشخاص (کاربر) تحقیقات بسیاری صورت گرفته است، اما مطالعات مربوط به ارزیابی احراز هویت تراکنش های مالی آنلاین بانکی با کمبود مواجه است. روش های احراز هویت اشخاص با سنجش ابعاد کیفی آنها سیستماتیک شده است، اما هیچ مکانیزم ارزیابی وجود ندارد که ویژگی های تکمیلی احراز هویت تراکنش را نیز در بستر کاربر محور به کار گیرد. براساس مکانیزم موجود که قابلیت دسترسی، قابلیت به یاد سپاری، امنیت و ویژگی آسیب پذیری را در روش های اهراز هویت اشخاص تعیین می کند، ما امکان سنجی را به عنوان یک بعد تکمیلی ارائه می کنیم که جنبه های مربوط به قابلیت استفاده ایمن از روش های احراز هویت تراکنش ها را می سنجد. همچنین به منظور کاهش تورش های شخصی، پیشنهاد می کنیم که این مکانیزم ارزیابی توسط ارزیاب های متعدد استفاده شود. در میان روش های احراز هویت آنلاین بانکی ، چهار روش اجرا شده و هشت روش پیشنهادی توسط هفت کارشناس ارزیابی شد. نتایج نشان می دهد که این مکانیزم را می توان در طیف گسترده ای از روش های احراز هویت استفاده کرد، زیرا قادر به ارزیابی روش های مبتنی بر طرح های مختلف اطلاعات است. با این حال، باید توجه داشت که به دلیل ماهیت ذهنی این مکانیزم ها و نظرات مختلف ارزیابان،ارزیابی ها توسط کارشناسان متعدد انجام می شود.
کلمات کلیدی: بانکداری آنلاین | تأیید اعتبار | ارزیابی
|مقاله ترجمه شده|
A provably secure password-based anonymous authentication scheme for wireless body area networks
یک روش احراز هویت ناشناس برای رمزنگاری قابل اعتماد برای شبکه های بی سیم بدن-2017
Wireless body area networks (WBANs) comprise many tiny sensor nodes which are planted in or around a patient’s body. These sensor nodes can collect biomedical data of the patient and transmit these valuable data to a data sink or a personal digital assistant. Later, health care service providers can get access to these data through authorization. The biomedical data are usually personal and privacy. Consequently, data confidentiality and user privacy are primary concerns for WBANs. In order to achieve these goals, we propose an anonymous authentication scheme for WBANs based on low-entropy password and prove its security in the random oracle model. Our scheme enjoys strong anonymity in the sense that only the client knows his identity during the authentication phase of the scheme. Compared with other related proposals, our scheme is efficient in terms of computation. Moreover, the authentication of the client relies on human-rememberable password, which makes our scheme more suitable for applications in WBANs.
Keywords: Anonymous | Wireless body area networks | Password authentication | Zero-knowledge proof | Provably security
Lightweight key agreement protocol for IoT based on IKEv2
پروتکل توافقنامه کلیدی سبک وزن برای IoT بر اساس IKEv2-2017
The future of wireless sensor networks is in providing IP connectivity to all the nodes in the network. 6LoWPAN is an adaptation layer which allows the IEEE 802.15.4 network to communicate using IPv6 addresses. Security in 6LoWPAN is an important issue to be taken into consideration. The nodes are limited in terms of energy, memory and process ing power. Therefore, including security will be an additional cost, but nevertheless it is mandatory in certain applications like e-health monitoring, building-structure monitoring, etc. Therefore, as a part of providing end-to-end security in wireless sensor networks, a novel lightweight key agreement and authentication protocol has been proposed. This pro tocol is implemented in NS-2 and a performance comparison is made with the existing IKEv2 protocol.
Keywords: IPSec | IKEv2 | Key agreement | Authentication | End-to-end security
Unified authentication factors and fuzzy service access using interaction provenance
فاکتورهای تأیید هویت یکپارچه و دسترسی به خدمات فازی با استفاده از منشا تعامل-2017
Authentication in service oriented computing is vulnerable to various security concerns. The core concept of authentication is dependent on credentials offered at the present moment without verifying how or when the credential was obtained by the subject. Secure authen tication techniques with multi-factor and cross-platform technologies are adopted by service providers. Unfortunately, such systems require a complex integration procedure of the se curity frameworks. Moreover, the trend of rapid service development via service composition architectures are impeded due to the diverse models of authentication factors. Hence, the adoptability of newer authentication models are limited and constrained by the feature speci fications of the external cross-platform and decentralized authentication and access control frameworks. In general, authentication models are generally based on binary successes and failures, regardless of the level of access required for a given request.The combined outcome of the above complexities results in rigid policies and complex management. Our work in this paper is characterized by notions of real-life social authentication based on the nature, quality, and length of previous encounters. We delineate the fundamental similarity of authentication factors using previous interactions. We introduce the concept of interaction provenance as a unified representation model for all existing authentication factors. We present a standardized representation model for secure interaction prov enance based on the W3C Provenance Working Group (PROV) model.We illustrate the practical feasibility of creating interaction provenance graphs for various interactive events in service oriented computing. The paper also presents formal security propositions toward defining secure interaction provenance schemes. We demonstrate how interaction provenance can utilize the causal relationship of past events to leverage service composition, cross platform integration, and timeline authentication. We posit that our generic interaction provenance model also allows easier adoption of newer authentication and access control schemes. Hence, we apply fuzzy control logic for interaction provenance records to create a novel authentication and threshold based access control model. The paper presents an interaction provenance recording and authentication protocol and a proof-of-concept imple mentation. We demonstrate the suitability of fuzzy rules to create innovative and flexible security frameworks using linguistic policies and visualization of contour maps. We also performed extensive experiments and comparative evaluation of various provenance pres ervation schemes to justify the applicability for different service models.
Keywords: Authentication | Access control | Fuzzy | Interaction provenance | W3C PROV | Persona | Security | Service oriented computing
Anatomy of the Facebook solution for mobile single sign-on: Security assessment and improvements
اناتومی راه حل فیس بوک برای تک نشانه های تلفن همراه: ارزیابی امنیت و بهبود-2017
While there exist many secure authentication and authorization solutions for web appli cations, their adaptation in the mobile context is a new and open challenge. In this paper, we argue that the lack of a proper reference model for Single Sign-On (SSO) for mobile native applications drives many social network vendors (acting as Identity Providers) to develop their own mobile solution. However, as the implementation details are not well docu mented, it is difficult to establish the proper security level of these solutions. We thus provide a rational reconstruction of the Facebook SSO flow, including a comparison with the OAuth 2.0 standard and a security analysis obtained testing the Facebook SSO reconstruction against a set of identified SSO attacks. Based on this analysis, we have modified and generalized the Facebook solution proposing a native SSO abstract model and a related implementa tion capable of solving the identified vulnerabilities and accommodating any Identity Provider. Finally, we have analyzed the new native SSO solution proposed by the OAuth Working Group, extracted the related abstract model and made a comparison with our proposal.
Keywords: Single sign-on | Digital identity | Authentication | Mobile devices | OAuth 2.0
A Distributed Authentication Model for Composite Web Services
یک مدل تایید هویت توزیع شده برای خدمات وب کامپوزیت-2017
Proliferation of Web services based applications, collaboration and interoperability between companies, extremely heterogenous policies of security, and, more generally, reply attacks over Internet are major challenges in the design of security infrastructures for Web services. In this paper, we focus our study on authentication of composite Web services. Authentication is certainly at the heart of any secure system. Thus, we propose a distributed model of authentication based on the circle of trust concept for composite Web services. This model has several functionalities: First, it ensures authentication for arbitrary composite Web services over Internet. Second, it can process across and beyond domain authentication boundaries. Third, it takes over the conflicts of security policies using the concept of Web Single Sign On (SSO) and client’s profile using ontologies. Furthermore, the proposed model is scalable and dynamic because it is designed in a fully distributed manner, there are no central points and it evolves over time. An implementation of a prototype and a simulation design demonstrate that a strong security can be achieved for both the client and the composite Web service through the combination of a dynamic and collaborative trust model with a number of enhancements: (i) a combined encryption technique, (ii) a distributed authority of certificates, and (iii) semantic annotations.
Keywords: Security architecture | Authentication | Kerberos | Web services composition | Circle of trust
Secure data aggregation using access control and authentication for wireless sensor networks
جمع آوری داده های امن با استفاده از کنترل دسترسی و احراز هویت برای شبکه های حسگر بی سیم-2017
The existing secure data aggregation approaches for wireless sensor networks were not designed for authorization, energy efficiency and proper security, leaving them prone to attacks. In this paper, we introduce the secure data aggregation using the access control and authentication (SDAACA) protocol. Using this protocol, we aim to detect two severe types of attacks: sinkhole and Sybil attacks that are difficult to detect by existing cryptographic approaches. The proposed SDAACA protocol consists of two novel algorithms: the secure data fragmentation (SDF) and the node joining authorization (NJA). The SDF algorithm hides the data from the adversary by fragmenting it into small pieces. In the NJA algorithm, an authorization process is initiated before allowing any new node to join the network. Both algorithms help improve the Quality of Service (QoS) parameters. Moreover, we propose an access control scheme that supports accuracy, energy efficiency, freshness and authentication by reducing the communication overhead and guaranteeing the communication authenticity process. Furthermore, the proposed protocol is mapped on the oil-refinery plant to prevent and detect both sinkhole and Sybil attacks in presence of static and mobile sensor nodes. Finally, we show the effectiveness of our proposed protocol through extensive simulations and a comparative study of other known secure data aggregation protocols.
Keywords: Secure Data Aggregation | Access Control | Authentication | Wireless Sensor Network Security | Sinkhole attack | Sybil attack | energy efficiency
A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments
سه عامل طرح احراز هویت ناشناس برای شبکه های حسگر بی سیم در محیط اینترنت اشیاء -2017
Internet of Things (IoT) is an emerging technology, which makes the remote sensing and control across heterogeneous network a reality, and has good prospects in industrial applications. As an important infrastructure, Wireless Sensor Networks (WSNs) play a crucial role in industrial IoT. Due to the resource constrained feature of sensor nodes, the design of security and efficiency balanced authentication scheme for WSNs becomes a big challenge in IoT applications. First, a two-factor authentication scheme for WSNs proposed by Jiang et al. is reviewed, and the functional and security flaws of their scheme are analyzed. Then, we proposed a three-factor anonymous authentication scheme for WSNs in Internet of Things environments, where fuzzy commitment scheme is adopted to handle the users biometric information. Analysis and comparison results show that the proposed scheme keeps computational efficiency, and also achieves more security and functional features. Compared with other related work, the proposed scheme is more suitable for Internet of Things environments.
Keywords: Internet of Things | Anonymous | Authentication | Wireless Sensor Networks | Biometrics
One-time password authentication scheme based on the negative database
طرح تأیید اعتبار سنجی رمز عبور یک بار مصرف براساس پایگاه داده منفی-2017
In this paper, a novel one-time password authentication scheme based on the negative database (NDB) is proposed. The authentication data, which involve a user password and random number, are converted to an NDB before they are transmitted to the network. Recovering the original database (DB) from an NDB is an NP hard problem. Even if the data transmitted in the network have been intercepted by an attacker, the attacker cannot recover the password due to the hardness of reversing the NDB. The proposed scheme is the first one time password authentication scheme based on the NDB. Following the method used in this paper, the NDB can be added to other authentication schemes as an extra layer to further improve security. The proposed scheme can be adopted into other applications such as business management, network-based consumer electronics, and intelligent household systems.
Keywords: One-time password | Authentication | Negative database | One-way hash function