Abstract: We present a protocol which allows a client to have a server carry out a quantum computation for her such that the client's inputs, outputs and computation remain perfectly private, and where she does not require any quantum computational power or memory. The client only needs to be able to prepare single qubits randomly chosen from a finite set and send them to the server, who has the balance of the required quantum computational resources. Our protocol is interactive: after the initial preparation of quantum states, the client and server use two-way classical communication which enables the client to drive the computation, giving single-qubit measurement instructions to the server, depending on previous measurement outcomes. Our protocol works for inputs and outputs that are either classical or quantum. We give an authentication protocol that allows the client to detect an interfering server; our scheme can also be made fault-tolerant. We also generalize our result to the setting of a purely classical client who communicates classically with two non-communicating entangled servers, in order to perform a blind quantum computation. By incorporating the authentication protocol, we show that any problem in BQP has an entangled two-prover interactive proof with a purely classical verifier. Our protocol is the first universal scheme which detects a cheating server, as well as the first protocol which does not require any quantum computation whatsoever on the client's side. The novelty of our approach is in using the unique features of measurement-based quantum computing which allows us to clearly distinguish between the quantum and classical aspects of a quantum computation.

Abstract: The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

Abstract: Authentication is the process where claims of identity are verified. Most mechanisms of authentication (e.g., digital signatures and certificates) exist above the physical layer, though some (e.g., spread-spectrum communications) exist at the physical layer often with an additional cost in bandwidth. This paper introduces a general analysis and design framework for authentication at the physical layer where the authentication information is transmitted concurrently with the data. By superimposing a carefully designed secret modulation on the waveforms, authentication is added to the signal without requiring additional bandwidth, as do spread-spectrum methods. The authentication is designed to be stealthy to the uninformed user, robust to interference, and secure for identity verification. The tradeoffs between these three goals are identified and analyzed in block fading channels. The use of the authentication for channel estimation is also considered, and an improved bit-error rate is demonstrated for time-varying channels. Finally, simulation results are given that demonstrate the potential application of this authentication technique.

Abstract: The mifare Classic is a contactless smart card that is used extensively in access control for office buildings, payment systems for public transport, and other applications. We reverse engineered the security mechanisms of this chip: the authentication protocol, the symmetric cipher, and the initialization mechanism. We describe several security vulnerabilities in these mechanisms and exploit these vulnerabilities with two attacks; both are capable of retrieving the secret key from a genuine reader. The most serious one recovers the secret key from just one or two authentication attempts with a genuine reader in less than a second on ordinary hardware and without any pre-computation. Using the same methods, an attacker can also eavesdrop the communication between a tag and a reader, and decrypt the whole trace, even if it involves multiple authentications. This enables an attacker to clone a card or to restore a real card to a previous state.

Abstract: This document defines the Protocol for Carrying Authentication for Network Access (PANA), a network-layer transport for Extensible Authentication Protocol (EAP) to enable network access authentication between clients and access networks. In EAP terms, PANA is a UDP- based EAP lower layer that runs between the EAP peer and the EAP authenticator.

Abstract: The Extensible Authentication Protocol (EAP), defined in [RFC3748], enables extensible network access authentication. This document specifies the EAP key hierarchy and provides a framework for the transport and usage of keying material generated by EAP authentication algorithms, known as "methods". It also provides a system-level security analysis.

Abstract: Physical Unclonable Functions (PUFs) for authentication can be implemented in a variety of electronic devices including FPGAs, RFIDs, and ASICs. In some implementations, challenge-response pairs corresponding to individual PUFs can be enrolled and used to determine authentication data, which may be managed in a database. Later when a target object with a PUF is intended to be authenticated a set (or subset) of challenges are applied to each PUF device to authenticate it and thus distinguish it from others. In some examples, authentication is achieved without requiring complex cryptography circuitry implemented on the device. Furthermore, an authentication station does not necessarily have to be in communication with an authority holding the authentication data when a particular device is to be authenticated.

Abstract: With the increased popularity of RFID applications, different authentication schemes have been proposed to provide security and privacy protection for users. Most recent RFID protocols use a central database to store the RFID tag data. The RFID reader first queries the RFID tag and returns the reply to the database. After authentication, the database returns the tag data to the reader. In this paper, we propose a more flexible authentication protocol that provides comparable protection without the need for a central database. We also suggest a protocol for secure search for RFID tags. We believe that as RFID applications become widespread, the ability to securely search for RFID tags will be increasingly useful.

Abstract: Modern vehicles contain an in-vehicle network consisting of a number of electronic control units (ECUs). These ECUs are responsible for most of the functionality in the vehicle, including vehicle control and maneuverability. To date, no security features exist in this network since it has been isolated. However, an upcoming trend among automobile manufacturers is to establish a wireless connection to the vehicle to provide remote diagnostics and software updates. As a consequence, the in-vehicle network is exposed to external communication, and a potential entry point for attackers is introduced. Messages sent on the in-vehicle network lack integrity protection and data authentication; thus, the network is vulnerable to injection and modification attacks. Due to the real-time constraints and the limited resources in the ECUs, achieving data authentication is a challenge. In this paper, we propose an efficient delayed data authentication using compound message authentication codes. A message authentication code is calculated on a compound of successive messages and sent together with the subsequent messages, resulting in a delayed authentication. This data authentication could be used to detect and possibly recover from injection and modification attacks in the in-vehicle network.

Abstract: Operational and security requirements for RFID systems such as system scalability, anonymity and anti-cloning are difficult to obtain due to constraints in area, memory, etc. Due to scarceness of resources most of the proposed protocols were designed using symmetric key cryptographic algorithms. However, it has been shown that it is inevitable to use public-key cryptographic algorithms to satisfy these requirements [1]. Moreover, general public-key cryptography based authentication protocols are vulnerable in terms of anonymity, which is shown in this paper. Accordingly, we design a new authentication protocol named EC-RAC using EC (Elliptic Curve) cryptography. EC-RAC can be proved for its security in the generic group model and is carefully designed to minimize its computational workload. Moreover, we present the implementation results of EC-RAC to show its feasibility for RFID systems.

Abstract: The Extensible Authentication Protocol (EAP) is a generic framework supporting multiple types of authentication methods. In systems where EAP is used for authentication, it is desirable to not repeat the entire EAP exchange with another authenticator. This document specifies extensions to EAP and the EAP keying hierarchy to support an EAP method-independent protocol for efficient re-authentication between the peer and an EAP re-authentication server through any authenticator. The re-authentication server may be in the home network or in the local network to which the peer is connecting. [STANDARDS- TRACK]

Abstract: In order to increase the security for authenticated key exchange protocols, various authentication means can be used together. In this paper, we introduce a security model for multi-factor authenticated key exchange, which combines a password, a secure device, and biometric authentications. We thereafter present a scheme, that can be proven secure, in the random-oracle model.

Abstract: Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag's identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols.

Abstract: The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate.

Abstract: A system for authenticating a user in a network. The authentication system includes a computer resource having secure data, an authentication computing system providing dynamic authentication of a user accessing the computer resource, and a user communication device for communicating between the user and the computer resource. The computing system presents a challenge for which a specified response is required based upon a pre-determined function. Access is then granted by the computing system upon providing the correct response to the presented challenge by the user.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol The authentication input being associated with a client The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input

Abstract: Numerous authentication schemes have been proposed in the past for protecting communication authenticity and integrity in wireless sensor networks. Most of them however have following limitations: high computation or communication overhead, no resilience to a large number of node compromises, delayed authentication, lack of scalability, etc. To address these issues, we propose in this paper a novel message authentication approach which adopts a perturbed polynomial-based technique to simultaneously accomplish the goals of lightweight, resilience to a large number of node compromises, immediate authentication, scalability, and non-repudiation. Extensive analysis and experiments have also been conducted to evaluate the scheme in terms of security properties and system overhead.

Abstract: Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource.

Abstract: Systems and methods are described for improved authentication of subscribers wishing to connect to a wireless network using the EAP-AKA protocol. Embodiments exploit the requirement that the client store and transmit the Pseudonym and Fast Re-authentication Identities upon request. By using the Fast Re-authentication Identity to store session state key information, the need for the AAA server to store and replicate the EAP-AKA key information for every session is eliminated.

Abstract: In this paper, we propose an enhanced version of the HB-MP authentication protocol, called the HB-MP+ protocol. The HB-MP protocol is a lightweight authentication protocol that is suitable for use in passive radio frequency identification (RFID) systems. The HB-MP+ protocol overcomes the man-in-the-middle attack to which the basic HB-MP protocol is vulnerable while maintaining its suitability to low-cost passive RFID systems. We show an effective man-in-the-middle attack against the HB-MP protocol where the attacker utilizes the predictable rotation of the secret key. We enhance the HB-MP protocol by randomizing the rotation of the secret key, which eliminates the vulnerability. We also propose the use of round keys that may be produced by rotation or, more generally, by a one-way function. We analyse the security and performance improvements of our HB-MP+ protocol and find it to be suitable for passive RFID systems.

Abstract: A method and apparatus for a third party authentication server is described. The method includes receiving a record ID for a user, and a one-time key generated by the server and encrypted with a user's public key by the server. The method further includes receiving the user's authentication data from the client, and determining if the user's authentication data matches the record ID. If the authentication data matches the record ID, decrypting the one-time key with the user's private key, and returning the decrypted one-time key to the client.

Abstract: E-leaming systems represent a new form of learning and are becoming more and more popular everyday. Hence security in e-Learning has become a fundamental requirement. But the problem of e- learning systems is that only little money is invested for security. Also to authenticate an e-learner especially in case of e-exams is a major challenge in an e-learning environment. The role of authentication techniques to prevent unauthorized access by malicious users becomes more significant. User authentication methods can be classified into three categories: (1) methods based on human memory such as passwords, (2) methods based on physical devices such as magnetic or IC cards, and (3) methods based on biometrics such as fingerprint, iris, etc., As the first two categories cannot escape vulnerabilities caused by forgetfulness or losses, the third category attracts much attention these days. A major problem of biometrics authentication is that it is not free from an error in the process of extraction of human characteristics and comparison of biometrics data. Multi - biometrics is useful to improve reliability of biometrics authentication when a single biometrics authentication technology cannot satisfy a required reliability level. This paper proposes an authentication system with multi- biometrics to support various services in e-Learning where user authentication is necessary.

Abstract: Providing a remote computer user authentication service involves providing a reference to a user authentication service in a host server's source code (e.g., website source code). Further, integration code that may be used in an application programming interface (API) on the host server for interaction with a user authentication service can be provided. Additionally, a user interface (UI) for user authentication on the host server, and an authentication-test message on the host server using the UI may be provided. Also, providing authentication can comprise sending an authentication-request message to a mobile device designated by the user; and/or can comprise the user responding with information from the authentication-test message. The host server can be notified of the user's authentication after a correct response is received by the user authentication service.

Abstract: This work surveys biometric based authentication systems that deploy mouse movements. Typically, timing and movement direction, along with clicking actions are used to build a profile of a user, which is then used for authentication purposes. Most system relies on a continuous monitoring process, or require the user to interact with a program (such as a game) in order to derive sufficient statistical information regarding their mouse dynamics. In this work, a novel graphical authentication system dubbed Mouse-lock is presented. This system deploys the analogy of a safe, and the password is entered via the mouse in a graphical equivalent of combination lock. The question is whether this approach elicits sufficient discriminatory information from a relatively minimalist degree of interaction from the user. The preliminary results from a study with six subjects indicates, based on FAR/FRR values, that this is a viable approach.

Abstract: In 1981,Lamport proposed the first well-known remote password authentication scheme using smart cards.A number of remote password authentication schemes with smart cards have been present since then.Recently Shen,Lin and Hwang pointed out a different type of attack on this scheme and presented a modified scheme to remove these defects.In this paper we present a new remote user authentication scheme which is the modified form of the Shen-Lin-Hwang's scheme.In this scheme the password is controlled by the user,and at any time can be changer.The scheme can withstand attack that similar to Chan and Cheng's attack and Chang and Hwang' attack in registration phase and authentication phase.

Abstract: This paper describes the security feature of e-learning authentication. The main goal of this research is to achieve authentication to identify legal user. Internet is open for all users to access and share information. Simultaneously, the user hackers are also their, to examine a web application and infrastructure to understand its design, identify the potentially weak aspects, and use these weaknesses to break or exploit the application. Through authentication process, we could overcome the illegal usage of application. We proposed different algorithms for authentication that is RIPEMD -160. RIPEMD-160 capture overall secure authentication.