Explore the vast range of titles available.

Mobile user authentication acts as the first line of defense, establishing confidence in the claimed identity of a mobile user, which it typically does as a precondition to allowing access to resources in a mobile device. NIST states that password schemes and/or biometrics comprise the most conventional user authentication mechanisms for mobile devices. Nevertheless, recent studies point out that nowadays password-based user authentication is imposing several limitations in terms of security and usability; thus, it is no longer considered secure and convenient for the mobile users. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Alternatively, biometric-based user authentication has gained attention as a promising solution for enhancing mobile security without sacrificing usability. This category encompasses methods that utilize human physical traits (physiological biometrics) or unconscious behaviors (behavioral biometrics). In particular, risk-based continuous user authentication, relying on behavioral biometrics, appears to have the potential to increase the reliability of authentication without sacrificing usability. In this context, we firstly present fundamentals on risk-based continuous user authentication, relying on behavioral biometrics on mobile devices. Additionally, we present an extensive overview of existing quantitative risk estimation approaches (QREA) found in the literature. We do so not only for risk-based user authentication on mobile devices, but also for other security applications such as user authentication in web/cloud services, intrusion detection systems, etc., that could be possibly adopted in risk-based continuous user authentication solutions for smartphones. The target of this study is to provide a foundation for organizing research efforts toward the design and development of proper quantitative risk estimation approaches for the development of risk-based continuous user authentication solutions for smartphones. The reviewed quantitative risk estimation approaches have been divided into the following five main categories: (i) probabilistic approaches, (ii) machine learning-based approaches, (iii) fuzzy logic models, (iv) non-graph-based models, and (v) Monte Carlo simulation models. Our main findings are summarized in the table in the end of the manuscript.

As the number of European Union (EU) visitors grows, implementing novel border control solutions, such as mobile devices for passenger identification for land and sea border control, becomes paramount to ensure the convenience and safety of passengers and officers. However, these devices, handling sensitive personal data, become attractive targets for malicious actors seeking to misuse or steal such data. Therefore, to increase the level of security of such devices without interrupting border control activities, robust user authentication mechanisms are essential. Toward this direction, we propose a risk-based adaptive user authentication mechanism for mobile passenger identification devices for land and sea border control, aiming to enhance device security without hindering usability. In this work, we present a comprehensive assessment of novelty and outlier detection algorithms and discern OneClassSVM, Local Outlier Factor (LOF), and Bayesian_GaussianMixtureModel (B_GMM) novelty detection algorithms as the most effective ones for risk estimation in the proposed mechanism. Furthermore, in this work, we develop the proposed risk-based adaptive user authentication mechanism as an application on a Raspberry Pi 4 Model B device (i.e., playing the role of the mobile device for passenger identification), where we evaluate the detection performance of the three best performing novelty detection algorithms (i.e., OneClassSVM, LOF, and B_GMM), with B_GMM surpassing the others in performance when deployed on the Raspberry Pi 4 device. Finally, we evaluate the risk estimation overhead of the proposed mechanism when the best performing B_GMM novelty detection algorithm is used for risk estimation, indicating efficient operation with minimal additional latency.

User authentication has traditionally been performed using methods such as passwords or fingerprints. However, passwords have security vulnerabilities, and fingerprints may hinder user convenience. To address these issues, a novel user authentication method based on biosignals, specifically electromyogram (EMG) signals, is proposed. Using biosignals like EMG offers several advantages, including the ability to acquire data without user awareness, independence from the user’s environment, rapid acquisition, and enhanced security. However, one challenge with using EMG signals for authentication has been their relatively low accuracy. In this paper, a neural network is implemented using a small number of parameters (fewer than 7000) to produce a wearable device using biosignals, and user authentication accuracy is secured using the maximal overlap discrete wavelet transform (MODWT) method and the Siamese network. The MODWT method is highly effective for the time and frequency analysis of time series data, and the Siamese network is a representative method for few-shot learning. The proposed neural network is verified using Chosun University’s user authentication dataset, encompassing data from 100 individuals. Finally, this proposed network is implemented on an edge device such as field-programmable gate arrays (FPGAs) so that it can be applied to a wearable user authentication system. By implementing the Siamese network in FPGA-based edge devices, it was possible to secure user authentication performance at 94% accuracy and an authentication speed within 1.5 ms. In the case of accuracy, it is expected to be further improved by using the multimodal technique of biosignals. Also, the proposed system can be easily fabricated for digital integrated chips (ICs).

In a distributed environment, a fundamental concern is authentication of local and remote users in insecure communication networks. Absolutely, legitimate users are more powerful attackers, since they possess internal system information not available to an intruder. Therefore many remote user authentication schemes for distributed systems have been proposed. These schemes claimed that they could resist various attacks. However, they were found to have some weaknesses later. Lee et al. proposed a secure dynamic ID-based remote user authentication scheme for the multi-server environment using smart cards and claimed that their scheme could protect against masquerade attacks, server spoofing attack, registration server spoofing attack and insider attack. In this study, the authors show that Lee et al.'s scheme is still vulnerable to password guessing attack, server spoofing attack and masquerade attack. To propose a viable authentication scheme for distributed systems, we remedy the flaws of Lee et al.'s scheme and propose an efficient improvement over Lee et al.'s scheme. Furthermore, we compare the proposed scheme with related ones to prove that the computation cost, security and efficiency of the proposed scheme are well suitable for practical applications in a distributed system.

Compared to traditional user authentication methods, continuous user authentication (CUA) provide enhanced protection, guarantees against unauthorized access and improved user experience. However, developing effective continuous user authentication applications using the current programming languages is a daunting task mainly because of lack of abstraction methods that support continuous user authentication. Using the available language abstractions developers have to write the CUA concerns (e.g., extraction of behavioural patterns and manual checks of user authentication) from scratch resulting in unnecessary software complexity and are prone to error. In this paper, we propose new language features that support the development of applications enhanced with continuous user authentication. We develop Plascua , a continuous user authentication language extension for event detection of user bio-metrics, extracting of user patterns and modelling using machine learning and building user authentication profiles. We validate the proposed language abstractions through implementation of example case studies for CUA.

Smart grids integrate information and communications technology into the processes of electricity production, transportation, and consumption, thereby enabling interactions between power suppliers and consumers to increase the efficiency of the power grid. To achieve this, smart meters (SMs) are installed in households or buildings to measure electricity usage and allow power suppliers or consumers to monitor and manage it in real time. However, SMs require a secure service to address malicious attacks during memory protection and communication processes and a lightweight communication protocol suitable for devices with computational and communication constraints. This paper proposes an authentication protocol based on a one-way hash function to address these issues. This protocol includes message authentication functions to address message tampering and uses a changing encryption key for secure communication during each transmission. The security and performance analysis of this protocol shows that it can address existing attacks and provides 105,281.67% better computational efficiency than previous methods.

With recent significant advancements in artificial intelligence, the necessity for more reliable recognition systems has rapidly increased to safeguard individual assets. The use of brain signals for authentication has gained substantial interest within the scientific community over the past decade. Most previous efforts have focused on identifying distinctive information within electroencephalogram (EEG) recordings. In this study, an EEG-based user authentication scheme is presented, employing a multi-layer perceptron feedforward neural network (MLP FFNN). The scheme utilizes P300 potentials derived from EEG signals, focusing on the user’s intent to select specific characters. This approach involves two phases: user identification and user authentication. Both phases utilize EEG recordings of brain signals, data preprocessing, a database to store and manage these recordings for efficient retrieval and organization, and feature extraction using mutual information (MI) from selected EEG data segments, specifically targeting power spectral density (PSD) across five frequency bands. The user identification phase employs multi-class classifiers to predict the identity of a user from a set of enrolled users. The user authentication phase associates the predicted user identities with user labels using probability assessments, verifying the claimed identity as either genuine or an impostor. This scheme combines EEG data segments with user mapping, confidence calculations, and claimed user verification for robust authentication. It also accommodates new users by transforming EEG data into feature vectors without the need for retraining. The model extracts selected features to identify users and to classify the input based on these features to authenticate the user. The experiments show that the proposed scheme can achieve 97% accuracy in EEG-based user identification and authentication.

Medical Internet of Things (IoT) systems can be used to monitor and treat patient health conditions. Security and privacy issues in medical IoT services are more important than those in any other IoT-enabled service. Therefore, various mutual authentication and key-distribution schemes have been proposed for secure communication in medical IoT services. We analyzed Hu et al.’s scheme and found that an attacker can impersonate legitimate sensor nodes and generate illegitimate session keys using the information stored in the sensor node and the information transmitted over the public channel. To overcome these vulnerabilities, we propose a scheme that utilizes physically unclonable functions to ensure a secure session key distribution and increase the computational efficiency of resource-limited sensor nodes. In addition, the proposed scheme enhances privacy protection using pseudonyms, which we prove using a formal security analysis tool, ProVerif 2.05.

The Internet of Medical Things (IoMT) is used in the medical ecosystem through medical IoT sensors, such as blood glucose, heart rate, temperature, and pulse sensors. To maintain a secure sensor network and a stable IoMT environment, it is important to protect the medical IoT sensors themselves and the patient medical data they collect from various security threats. Medical IoT sensors attached to the patient’s body must be protected from security threats, such as being controlled by unauthorized persons or transmitting erroneous medical data. In IoMT authentication, it is necessary to be sensitive to the following attack techniques. (1) The offline password guessing attack easily predicts a healthcare administrator’s password offline and allows for easy access to the healthcare worker’s account. (2) Privileged-insider attacks executed through impersonation are an easy way for an attacker to gain access to a healthcare administrator’s environment. Recently, previous research proposed a lightweight and anonymity preserving user authentication scheme for IoT-based healthcare. However, this scheme was vulnerable to offline password guessing, impersonation, and privileged insider attacks. These attacks expose not only the patients’ medical data such as blood pressure, pulse, and body temperature but also the patients’ registration number, phone number, and guardian. To overcome these weaknesses, in the present study we propose an improved lightweight user authentication scheme for the Internet of Medical Things (IoMT). In our scheme, the hash function and XOR operation are used for operation in low-spec healthcare IoT sensor. The automatic cryptographic protocol tool ProVerif confirmed the security of the proposed scheme. Finally, we show that the proposed scheme is more secure than other protocols and that it has 266.48% better performance than schemes that have been previously described in other studies.

In the era of rapid technological advancement, the Internet of Things (IoT) has revolutionised healthcare through systems like the Telecare Medicine Information System (TMIS), designed to streamline patient-doctor interactions and enhance medical treatment. However, the transmission of sensitive patient data over inherently insecure Internet channels exposes it to a spectrum of security risks. Protecting patient medical privacy and ensuring system reliability necessitate mutual authentication between both patients and medical servers. TMIS relies on robust authentication mechanisms, and combining passwords and smart cards has been a recognised approach for mutual authentication. This research introduces an innovative three-factor authentication technique with perfect forward secrecy by leveraging the power of Elliptic Curve Cryptography (ECC) in tandem with smart cards. Additionally, we have incorporated biometric authentication with a Fuzzy Extractor technology to enhance the security and reliability of the system, setting a new standard for user authentication within the realm of Social IoT healthcare. The use of ECC in the method is justified due to its compact key size and robust security measures, making the solution both efficient and secure. The proposed method safeguards user privacy by permitting registered users to change their passwords without divulging their identity to the server. The Burrows–Abadi–Needham logic (also known as the BAN logic) serves as a proof-of-concept for the proposed scheme’s security. Our system provides privacy protection along with mutual authentication and session key negotiation at a considerably low computation cost and communication cost of up to 71.03% compared to the other four relevant techniques, making it more useful in real-world scenarios.