Authentication and Authorization Applications in 4G Networks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Authentication and Authorization Applications in 4G Networks"

Transcription

1 Authentication and Authorization Applications in 4G Networks Abstract Libor Dostálek Faculty of Science University of South Bohemia Ceske Budejovice, Czech Republic The principle of 4G mobile networks shows that users are still connected to the network. It also calls will be implemented already over the network (VoLTE). This contribution to discuss the possibility of strong authentication for applications running on mobile devices. It deals with the possibility of combining algorithm AKA with other authentication algorithms. Combination of two algorithms will be created strong multifactor authentication, which is suitable for applications demanding high secure authentication such as Internet banking or Internet access to the Government applications. Keywords: Authentication, Smart Card, Security, Strong Password Authentication, Mobile Application Authentication. 1 Introduction Currently, there is a mass deployment of LTE in mobile networks. The next step is to deploy VoLTE (Voice over LTE), which uses similar technology, such as VoIP (i.e. TCP/IP application protocols family such as e.g. SIP, SDP, RTP etc.). For authentication in application protocols that implement the VoLTE, will be use smart cards, USIM/ISIM. This authentication based on USIM/ISIM uses so-called AKA mechanism, which uses a share secret between the USIM/ISIM and Authentication Center of users. Current mobile applications typically use password authentication. Since SIP protocol uses the same authentication mechanisms such as HTTP, so it is quite clear that it opens the possibility of using USIM/ISIM and authentication to mobile web applications.

2 Authentication method based on AKA mechanism, however, has its drawbacks. E.g. AKA authenticates the user to the whole time from the user login on to the network until user log off. If the network needs to re-authenticate mobile devices, may silently authenticate user (e.g. in case of transition to roaming) i.e. perform authentication without user intervention (without entering a PIN). Another disadvantage is the fact that the shared secret for AKA authentication mechanism are administered by the mobile operator. For many applications it would be advantageous if for authentication was implemented the second factor, which would administer the owner of the server. I.e. Authentication is not completely under the control of the mobile operator. Mobile equipment is computer with smart card authentication/authorization (unlike the PC). In the future it will be possible to develop entirely new types of applications, such as secure public transport tickets sale (SMS tickets causing many frauds). At present, many Internet applications are accessed from smart phones. If Internet applications require authentication, so we have a number of authentication methods, e.g.: 1. Native authentication methods in 3G/4G networks based AKA mechanism, which is hereafter mentioned. This authentication is undoubtedly a cryptographically strong authentication. Its disadvantage is that it is practically used for authenticating of mobile device to the network. To understand the problem we will describe a practical example. The user turns on the mobile device, enters a PIN, which opens an access to the secret on USIM/ISIM. Next, network services silently authenticate the user, without requiring user intervention. An attacker could steal mobile equipment with logged user and subsequently could easily exploit mobile devices. Therefore, this kind of authentication is often called equipment authentication. 2. Password authentication is typical user authentication. Generally, this authentication method is unfortunately considered weak, so applications such as home banking or egov seek other mechanisms. 3. Strong password authentication are more sophisticated password authentication methods which are resistant against known attacks (sniffing or elicitation of password, password-file compromise attack, guessing

3 attack, forgery attack, impersonation attack, stolen-verifier attack, replay attack etc.). 4. Authentication based on public key certificates (PKI). The problem is, where the mobile device securely store the private keys. 5. External devices such as authentication calculators generating one-time passwords. The main disadvantage of this solution is that a user must take care about an additional device, what he can find disagreeable. Using multiple authentication method independently does not increase security. Our idea is to combine (to breed) methods 1 and 3 in a common multifactor authentication. The first factor is an equipment authentication based on AKA mechanisms and the second factor is strong password authentication. 2 Ease of Use The envisaged solution does neither impose any additional requirements on the functionality of a mobile device, nor impose any additional requirements on contents of the USIM/ISIM card or the mobile infrastructure. The envisaged solution could be implemented as software application. 3 AKA mechanism A Mobile K B Network Authentication center K AKA1: I want to access AKA4: RAND, SQN AK,AMF, MAC-A AKA2: Please generate AV for A AKA3: AV=(RAND, RES, SQN AK,AMF, MAC-A) 1. Generate: o RAND o SQN 2. Run authentication function (Fig. 2) 1. Compute SQN using f5 (SQN AK AK=SQN) 2. Run authentication function (Fig. 2) 3. If MAC-A computed by A equal to MAC-A from AV, than B is authenticated. AKA5: RES If RES obtained from A equal to RES from AV than A is authenticated. Figure 1: AKA mechanism.

4 AKA (Authentication and Key Agreement) mechanism is a security protocol used in 3G/4G mobile networks for mutual authentication and cryptographic material agreement (Figure 1). AKA is specified in [2]. In AKA (Figure 1) we have three communication parties: A (mobile), usually mobile equipment. A is equipped with USIM/ISIM contain shared secret K. B (network), e.g. P-CSCF in IMS. Authentication center, e.g. part of Home Subscriber Server in IMS. K SQN RAND AMF f1 f2 f3 f4 f5 AK MAC-A XRES CK IK XOR K - shared secret AMF - known string SQN - sequence number RAND - random number MAC-A - one-time password for network authentication RES - one time password for user equipment authentication CK cyphering key IK integrity key AK anonymization key for SEQ f1-f5 - one way functions XOR - binary operation SQN AK Figure 2: Functions f1 f5. Parties A (mobile) and Authentication center: share secret key K (shared secret) different for each USIM/ISIM, maintain sequence number SEQ of authentication. AKA using one way functions f1, f2, f3, f4 and f5 defined in [3]. In addition we have well known string AMF. AKA mechanism (Figure 1) is following: AKA-1: AKA-2: A (mobile) wont grant access (want authentication himself and also network authentication). B (network) sends identification of A to Authentication center. AKA-3: Authentication center on behalf of B: Generate random number RAND. Generate next sequence number SEQ of authentication.

5 AKA-4: AKA-5: AKA-3: Run Authentication functions (Figure 2) and generate Authentication vector AV = (RAND, RES, SQN AK, AMF, MAC-A). When RES is one time password for authentication of A and MAC-A is one time password for authentication of B. Send AV to B. B sore RES form Authentication vector AV and RAND, SQN AK, AMF and MAC-A send to A. A by function f5 compute SQN. A run rest of authentication functions (Figure 2) and: If MAC-A computed by A equal to MAC-A from AV, than B (network) is authenticated. Generate RES and sent it to B. B compares RES obtained form A with saved RES form AV. If are equal, then A is authenticated. AKA is intended for mutual silent authentication. Word silent mean, that user single sign on (user after switching on mobile equipment insert PIN for opening access to shared secret K) and application in mobile equipment on background silently run particular authentication to specific required network services without user intervention. 4 Secure Hash-Based Password Authentication Protocol It is necessary to choose a suitable algorithm for password authentication. Security demands on selected algorithm: Resistance to sniffing or elicitation of password. Resistance to Password-File Compromise Attack. Resistance to Denial-of-Service Attack. Resistance to Guessing Attack. G uessing Attack stands for an adversary s attempting to guess the user s private information. Resistance to Forgery Attack. Whereby unauthorized commands are transmitted from a user to a server. Impersonation Attack. Impersonation attack stands for an adversary masquerading as a legitimate user by stealing or changing the message in a protocol. Resistance to Replay Attack. Replay Attack stands for an adversary storing a message in a previous session, then the adversary sends the message in the current session to masquerade as a legitimate user.

6 Resistance to Stolen-Verifier Attack. Stolen-Verifier Attack means that an adversary has a user s verifier, stolen from a server, and then impersonates the user with the stolen verifier. Stolen-Verifier Attack stands for an adversary who has stolen a user s verifier from a server. He/she can masquerade as the user, using the stolen verifier without any other attack, such as Guessing Attack. Symbol U S U id or ID X S P K u r n T s E Kpu D Kpr E Spu(M) D Spr(M) Auth Q Auth A h() Meaning denotes the user denotes the server denote the identification of the user denotes secret key of S denotes the password of U is a randomly generated key selected by U and shared with the server and stored in secure storage in a smartcard denotes a random nonce generated by U or S denotes timestamp denotes encryption with public key of S with cryptographically secure public key algorithm denotes decryption with the private key of S denotes encryption of M with the public key of S when U sends M to S denotes decryption of M with the private key of S when U s E Spu(M) decrypts denotes the bitwise XOR operation denotes concatenation denote the authentication question for the registration, forget password, and password/verifier change Phases denote the authentication answer for the registration, forget password, and password/verifier change Phases denotes a cryptographic hash function

7 Was selected Secure Hash -Based Password Authentication Protocol described in [1]. Selected authentication algorithm [1] consisting the following phases: Simple user registration - during registration, client and server may exchange cryptographic material by secure channel. User authentication (login to the application). Forget-Password Phase. Password Change Phase. Now we will mention registration phase and authentication phase of this algorithm. 4.1 Registration Phase User U Server S Input ID, P and generate K u PV=h(K u P) K u R1: { ID, PV } Store: IDX=E Kpu (h(id X S )) X S R2: { Auth Q } R3: E Spu (K u, P, Auth Q Auth A ) Decrypt R by S s secret key Compute PV' using K u, P in R3. Verify if PV = PV' Store: XPV=E Kpu (h(pv K u )) X S UKP=E Kpu (ID, K u, P) QAK=E Kpu (Auth Q Auth A ) R4: { h(id X S ) } Compute and Store on smart card: KP= K u P XP=h(ID X S ) P Figure 3: Registration Phase. We have two parties: User U and server S (Figure 3). In registration phase U and S exchange four messages R1, R2, R3 and R4. Furthermore, we assume that the user

8 U has a public key certificate of S. This session supposes using secure channel. Figure 3 shows the registration phase and the detailed steps are as follows: Step R1: U S: {ID, PV} U inputs his ID and password P, generates K u, and computes the password verifier PV=h(K u P) K u. U sends ID and PV to S as registration request. Step R2: S U: {Auth Q} S computes IDX=E Kpu(h(ID X S)) X S and stores it in S s password file. Now S generates random Auth Q and sends it to U. Step R3: U S: {R = E Spu(K u, P, Auth Q Auth A)} U inputs Auth A as an answer for the authentication question Auth Q and computes Auth Q Auth A. Next, U encrypts (K u, P, Auth Q Auth A} with Spu and sends it to S. Step R4: S U: {h(id XS)} When S receives R3, S decrypts it and computes PV using Ku and P from R. And S compares PV with the received PV in R1. If they are equal, S stores XPV=EKpu(h(PV K u)) X S, UKP=E Kpu(ID, K u, P) and AK=E Kpu(Auth Q Auth A). Now S send h(id X S) to U. U store in smartcard: KP= K u P and XP=h(ID X S) P. 4.2 Login Phase This phase uses the challenge-response method as protection from replay attack. Figure 4 shows the login phase and the detailed steps are as follows: Step L1: U S: ESpu (XP, ID, r 1 ) U enters his/her smartcard in the card reader, and inputs ID and P. Next, U generates a nonce r 1 and encrypts XP, r 1 and ID with Spu. And then U sends it to S as a login request. Step L2: S U: CA 1, r 2 When S receives L1, S decrypts it and computes G 1=h(ID X S) and G 2=D Kpr(IDX XS )=h(id X S) by decrypting IDX XS with S s private key Kpr. And S compares G 1 with G 2. If they are equal, S computes P=XP G 2 and CA 1=h(ID P) r 1, generates a nonce r 2, and sends them to U. Step L3: U S: L = h(h(pv Ku ) r 2 ) h(p V Ku ) r 2

9 U computes CA 2=h(ID P) r 1 and compares CA 2 with the received CA 1. If they are equal, U computes L=h(h(PV Ku) r 2) h(pv Ku) r 2, and sends L to S. When S receives L, S computes CB 1=L r 2 and computes CB 2=D Kpr(XPV X S)= h(pv Ku) and CB 3=h(CB 2 r 2) CB 2 and compares CB 3 with CB 1. If they are equal, U authenticates S. User U KP= K u PW XP=h(ID X S ) PW Server S IDX=E Kpu (h(id X S )) X S Generate random nonce r 1 L1: {E Spu (XP,ID, r 1 ) } L2: {CA 1, r 2 } D Spr (E Spu (XP,ID, r 1 ))=(XP,ID, r 1 ) Compute: G 1 =h(id X S ) G 2 =D Kpr (IDX X S )=h(id X S ) Verify: G 1 =G 2 Generate random nonce r 2 Compute: PW=XP G 2 CA 1 =h(id PW) r 1 Compute: CA 2 =h(id PW) r 1 If: CA 1 =CA 2 Network authenticated Compute: L=h(h(PV K u ) r 2 ) h(pv K u ) r 2 L3: {L} CB 1 =L r 2 CB 2 =D Kpu (XPV X S ) CB 3 =h(cb 2 r 2 ) CB 2 Verify CB 1 =CB 3 User authenticated Figure 4: Login Phase. 5 Strong authentication for mobile application As a method of strong password authentication I chose Secure Hash -Based Password Authentication Protocol [1]. This method meets the requirements set out in the section Introduction. The proposed solution creates multifactor authentication by merging AKA and [1]. Assume that the user is registered:

10 In terms of [1]: Mobile user U and Application function S (server) exchange four messages R1, R2, R3 and R4. In terms of AKA mechanism: User's is equipped by USIM/ISIM smart card which share secret K with Authentication Center AuC. Mobile user U KP, XP K Application function S XPV, UKP, IDX, QAK Authentication center AuC K In smartcard: KP= K u P XP=h(ID X S) P Generate random nonce r 1 X1: { ES pu(xp, ID, r 1) } AKA2: Please generate AV for A D Spr(E Spu(XP, ID, r 1) Compute: G 1=h(ID X S) G 2=D Kpr(IDX X S)=h(ID X S) Verify if G1 = G2 Compute: P = XP G 2 CA 1= h(id P) r 1 1. Generate: RAND SQN 2. Run authentication function (Fig. 2) X2: {CA 1,RAND, SQN AK,AMF, MAC-A} AKA3: AV=(RAND, RES, SQN AK,AMF, MAC-A) 1. Compute SQN using f5 (SQN AK AK=SQN) 2. Run authentication function (Fig. 2) 3. If MAC-A computed by A equal to MAC-A from AV, than B is authenticated. 4. Compute CA 2= h(id P) r 1 5. Verify if CA 1 =CA 2 6. Compute: L=h(h(PV K u) RES) h(pv K u) RES X3: { L } CB 1=L RES CB 2= D Kpu(XPV X S) CB 3=h(CB 2 RES) CB 2 Verify if CB 1 =CB 3 user is approval Figure 5: Strong authentication for mobile application. In proposed authentication Mobile user U and Application function S exchange three messages X1, X2 and X3 (Figure 5): Step X1: U S: {ES pu (XP, ID, r 1 )} This step is similar to step L1 in [1]. In additional this step ensure step AKA1 (Figure 1). Subsequently Application function S ask Authentication center AuC for

11 generating authentication vector AV for Mobile user U (step AKA2). Authentication center return AV (step AKA3). Step X2: S U: {CA 1, RAND, SQN AK, AMF, MAC-A} When S receives X1, S decrypts it and computes G 1=h(ID X S) and G 2=D Kpr(IDX X S)=h(ID X S). And S compares G 1 with G 2. If they are equal, S computes P=XP G 2 and CA 1=h(ID P) r 1. S does not generate a nonce r 2 [1], instead of it will use RES. Cut RES from AV from step AKA3 and save it. The rest of AV: CA 1, RAND, SQN AK, AMF, MAC-A send to U. Step X3: U S: {L} U computes by function f5 sequence number SQN; run authentication functions (Figure 2) and: If MAC-A computed by U equal to MAC-A from X2, than Application function (server) is authenticated. Generate RES and use it for subsequent computing L. U computes CA 2=h(ID P) r 1 and compares CA 2 with the received CA 1. If they are equal, U computes L=h(h(PV K u) RES) h(pv K u) RES, and sends L to S. When S receives L, S computes CB 1=L RES and computes CB 2=D Kpu(XPV X S) =h(pv Ku) and CB 3=h(CB 2 RES) CB 2 and compares CB 3 with CB 1. If they are equal, mobile user U authenticates in Application function. 6 Conclusion While AKA mechanism of 3G/4G mobile networks is used for the device authentication; the password authentication is the typical user authentication into application. Breeding both authentication methods will form strong multifactor authentication. The result is strong two-factor authentication: Equipment authentication - this itself is two-factor authentication (USIM/ISIM + PIN). This authentication is controlled by an operator. But can be used by Application Service Provider [4]. Secure Hash-Based Password Authentication Protocol. This authentication is fully under control Application Service Provider.

12 Practically, it is possible to see its use, e.g. in the sale of tickets e.g. for public transport. We assume that the user is still connected to the network, which follows from the principle VoLTE (Figure 6): User U AKA & Secure Password Authentication Ticket order Ticket Server S Ticket with public subscriber s identity generation Revision of ticket Ticket Public subscriber s identity verification (sending random image) Ticket verification Figure 6: Sales and revision of tickets. 1. Perform the strong authentication, as described in the previous chapter. I.e. the user and the server mutually authenticate 2. The user U order a ticket. 3. S generates a ticket with saved public identity of U. Ticket sends to U. 4. During the revision of ticket are verified: Validity of ticket (it depend of kind of ticket). Validity of ticket holder. I.e. if the ticket was purchased by the user U on his mobile equipment. From the ticket will be extracted the public identity of the holder. This public identity is sent to a random image. 5. If U receive the image, then he has a valid ticket.

13 References [ 1 ] Jung, Hyunhee; Kim, Hyun Sung, Edited by: Murgante, B; Gervasi, O; Iglesias, A; et al., Conference: Secure Hash-Based Password Authentication Protocol Using Smartcards, 11th International Conference on Computational Science and Its Applications (ICCSA), PT V Book Series: Lecture Notes in Computer Science Volume: 6786 Pages: , 2011 [ 2 ] 3rd Generation Partnership Project: Technical Specification Group Services and System Aspects; 3G Security; Security architecture (Release 11), 3GPP TS , version 12.2., 2014 [ 3 ] 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: General (Release 11), 3GPP TS , 2014 [ 4 ] 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (Release 12), 3GPP TS V12.3.0, 2014

14

Operator-based Over-the-air M2M Wireless Sensor Network Security

Operator-based Over-the-air M2M Wireless Sensor Network Security Operator-based Over-the-air M2M Wireless Sensor Network Security Sachin Agarwal Christoph Peylo Deutsche Telekom A.G., Laboratories Ernst-Reuter-Platz 7 10587 Berlin DE Email: {sachin.agarwal, christoph.peylo}@telekom.de

More information

UMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003

UMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 UMTS security Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 Contents UMTS Security objectives Problems with GSM security UMTS security mechanisms

More information

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar,.P.-India - 247776 E-mail: yamu balyan@yahoo.co.in

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols

A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols Joe-Kai Tsay and Stig F. Mjølsnes Department of Telematics Norwegian University of Sciences and Technology, NTNU {joe.k.tsay,sfm@item.ntnu.no}

More information

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,

More information

Efficient nonce-based authentication scheme for Session Initiation Protocol

Efficient nonce-based authentication scheme for Session Initiation Protocol Efficient nonce-based authentication scheme for Session Initiation Protocol Jia Lun Tsai National Chiao Tung University, Taiwan, R.O.C. crousekimo@yahoo.com.tw Abstract: In recent years, Session Initiation

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE

More information

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Efficient Nonce-based Authentication Scheme for. session initiation protocol International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department

More information

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631 Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

More information

Security Evaluation of CDMA2000

Security Evaluation of CDMA2000 Security Evaluation of CDMA2000 L. Ertaul 1, S. Natte 2, and G. Saldamli 3 1 Mathematics and Computer Science, CSU East Bay, Hayward, CA, USA 2 Mathematics and Computer Science, CSU East Bay, Hayward,

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

GSM and UMTS security

GSM and UMTS security 2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages

More information

Formal Analysis of A Novel Mutual Authentication and Key Agreement Protocol

Formal Analysis of A Novel Mutual Authentication and Key Agreement Protocol Formal Analysis of A Novel Mutual Authentication and ey Agreement Protocol Ja'afer M. AL-Saraireh Applied Science University Amman 11961, Jordan Saleh S. Saraireh Philadelphia University Amman 11961, Jordan

More information

1. Scope and objectives

1. Scope and objectives TSG SA WG3 Security S3-020093 February 25 February 28, 2002 Bristol, UK Agenda Item: 7.3 Source: Ericsson Title: A security framework for IMS utilising HTTP Digest Document for: Discussion and decision

More information

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC International Journal of Network Security, Vol.18, No.2, PP.217-223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong

More information

Cryptanalysis of Yeh et al. s Security-Enhanced Remote User Authentication Scheme with Smart Cards

Cryptanalysis of Yeh et al. s Security-Enhanced Remote User Authentication Scheme with Smart Cards Journal of Applied Science and Engineering, Vol. 16, No. 3, pp. 319 328 (2013) DOI: 10.6180/jase.2013.16.3.11 Cryptanalysis of Yeh et al. s Security-Enhanced Remote User Authentication Scheme with Smart

More information

Multi Factor Authentication Protocols for a Secured Wsn

Multi Factor Authentication Protocols for a Secured Wsn Multi Factor Authentication Protocols for a Secured Wsn R.Jayamala Asst.Professor, Anna university of Technolgy,Trichy. V.Eswari Final Year M.E.,CSE Anna university of Technolgy,Trichy eshwarivenkatachalam@gmail.com

More information

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163. Weakness in a Mutual Authentication cheme for ession Initiation Protocol using Elliptic Curve Cryptography Debiao He chool of Mathematics and tatistics, Wuhan University, Wuhan, People s Republic of China

More information

GAA/GBA: a new Architecture for single sign-on

GAA/GBA: a new Architecture for single sign-on GAA/GBA: a new Architecture for single sign-on 2nd ETSI Security Workshop: Future Security 16-17 January 2007 Sophia- Antipolis (France) SER MÁS LÍDERES Wednesday, 17th January 2007 luisangel.galindosanchez@telefonica.es

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Entrust IdentityGuard

Entrust IdentityGuard +1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's

More information

ETSI TR 133 919 V6.1.0 (2004-12)

ETSI TR 133 919 V6.1.0 (2004-12) TR 133 919 V6.1.0 (2004-12) Technical Report Universal Mobile Telecommunications System (UMTS); Generic Authentication Architecture (GAA); System description (3GPP TR 33.919 version 6.1.0 Release 6) 1

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com

Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com Single Sign-On for the Internet: A Security Story Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com BlackHat USA, Las Vegas 2007 Introduction With the explosion of Web 2.0 technology,

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

KERBEROS. Kerberos Authentication Service

KERBEROS. Kerberos Authentication Service KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed

More information

Single Password, Multiple Accounts

Single Password, Multiple Accounts Single Password, Multiple Accounts Mohamed G. Gouda Alex X. Liu 1 Lok M. Leung 2 Mohamed A. Alam 2 Department of Computer Sciences, The University of Texas at Austin, Austin, Texas 78712-0233, U.S.A. {gouda,

More information

A Study on Secure Electronic Medical DB System in Hospital Environment

A Study on Secure Electronic Medical DB System in Hospital Environment A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133

More information

The Security Behind Sticky Password

The Security Behind Sticky Password The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and

More information

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and

More information

Authentication Protocols Using Hoover-Kausik s Software Token *

Authentication Protocols Using Hoover-Kausik s Software Token * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY

More information

Security Analysis of Mobile Phones Used as OTP Generators

Security Analysis of Mobile Phones Used as OTP Generators Security Analysis of Mobile Phones Used as OTP Generators Håvard Raddum, Lars Hopland Nestås, and Kjell Jørgen Hole Department of Informatics, University of Bergen Havard.Raddum@ii.uib.no, lma029@student.uib.no,

More information

Authentication. Readings. Chapters 9, 10 Sections

Authentication. Readings. Chapters 9, 10 Sections Authentication Readings Chapters 9, 10 Sections 11.1-11.3 1 Authentication: Who and How User (human) can be authenticated logging into a workstation using resources of a system issues: humans find it difficult

More information

Internet Banking Two-Factor Authentication using Smartphones

Internet Banking Two-Factor Authentication using Smartphones Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania

More information

Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography

Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 10 Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography Wilayat Khan 1 and Habib Ullah 2 1 Department of Electrical

More information

Session Initiation Protocol Attacks and Challenges

Session Initiation Protocol Attacks and Challenges 2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Multi-Factor User Authentication in Wireless Sensor Networks

Multi-Factor User Authentication in Wireless Sensor Networks International Journal of Computer Science and Telecommunications [Volume 2, Issue 6, September 2011] 59 ISSN 2047-3338 Multi-Factor User Authentication in Wireless Sensor Networks T. Sarika 1 and Shaik

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

Authentication and Security in IP based Multi Hop Networks

Authentication and Security in IP based Multi Hop Networks 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security

More information

Security Enhancement Using Mutual Authentication in Existing CDMA Systems

Security Enhancement Using Mutual Authentication in Existing CDMA Systems Security Enhancement Using Mutual Authentication in Existing CDMA Systems L. Krishna Bharathi 1, Department of ECE, Pondicherry Engineering College, Pondicherry, India. Gnanou Florence Sudha 2, Department

More information

Security Analysis of PLAID

Security Analysis of PLAID Security Analysis of PLAID Dai Watanabe 1 Yokoyama Laboratory, Hitachi, Ltd., 292 Yoshida-cho, Totsuka-ku, Yokohama, 244-0817, Japan dai.watanabe.td@hitachi.com Abstract. PLAID is a mutual authentication

More information

anonymous secure decentralized SMS stealthtext transactions

anonymous secure decentralized SMS stealthtext transactions anonymous secure decentralized SMS stealthtext transactions WHITEPAPER STATE OF THE ART 2/8 WHAT IS STEALTHTEXT? stealthtext is a way to send stealthcoin privately and securely using SMS texting. stealthtext

More information

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Strong authentication for Web services with Mobile Universal identity

Strong authentication for Web services with Mobile Universal identity Strong authentication for Web services with Mobile Universal identity Do van Thanh Telenor & Norwegian University of Science & Technology Snarøyveien 30 1331 Fornebu, Norway Thanh-van.do@telenor.com Ivar

More information

Two-Factor Authentication and Swivel

Two-Factor Authentication and Swivel Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation

More information

ADVANCE AUTHENTICATION TECHNIQUES

ADVANCE AUTHENTICATION TECHNIQUES ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

IMSI Catcher. Daehyun Strobel. 13.Juli 2007. Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing.

IMSI Catcher. Daehyun Strobel. 13.Juli 2007. Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing. IMSI Catcher Daehyun Strobel 13.Juli 2007 Seminararbeit Ruhr-Universität Bochum Chair for Communication Security Prof. Dr.-Ing. Christof Paar Contents 1 Introduction 1 2 GSM (Global System for Mobile

More information

3GPP TS 33.220 V6.13.0 (2007-06)

3GPP TS 33.220 V6.13.0 (2007-06) TS 33.220 V6.13.0 (2007-06) Technical Specification The present document has been developed within the 3 rd Generation Partnership Project ( TM ) and may be further elaborated for the purposes of. The

More information

CryptoNET: Security Management Protocols

CryptoNET: Security Management Protocols CryptoNET: Security Management Protocols ABDUL GHAFOOR ABBASI, SEAD MUFTIC CoS, School of Information and Communication Technology Royal Institute of Technology Borgarfjordsgatan 15, SE-164 40, Kista,

More information

3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany

3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany 3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany Title: Response to: Source: To: Cc: Liaison on HTTP Security investigation within IMS LS S3-020475 (S2-022609) on Liaison on Security

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Knowledge Based Authentication (KBA) Metrics

Knowledge Based Authentication (KBA) Metrics Knowledge Based Authentication (KBA) Metrics Santosh Chokhani, Ph.D. February, 2004 Background Model for KBA Issues and Considerations Practical Usage of KBA Metrics for KBA Applicability to U.S. Government

More information

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key International Journal of Network Security, Vol.18, No.6, PP.1060-1070, Nov. 2016 1060 A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key Trung Thanh Ngo and Tae-Young

More information

Digital Rights Management using a Mobile Phone

Digital Rights Management using a Mobile Phone Digital Rights Management using a Mobile Phone Imad Abbadi Information Security Group Royal Holloway, University of London Egham, Surrey, TW20 0EX, UK I.Abbadi@rhul.ac.uk Chris Mitchell Information Security

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Mobile Office Security Requirements for the Mobile Office

Mobile Office Security Requirements for the Mobile Office Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used

More information

Strong Authentication for Secure VPN Access

Strong Authentication for Secure VPN Access Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations

More information

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology

Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack We present a new VoIP Denial Of

More information

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on

More information

ARCHIVED PUBLICATION

ARCHIVED PUBLICATION ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current

More information

Lightweight and provably secure user authentication with anonymity for the global mobility network

Lightweight and provably secure user authentication with anonymity for the global mobility network INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS Int. J. Commun. Syst. (2010) Published online in Wiley InterScience (www.interscience.wiley.com)..1158 Lightweight and provably secure user authentication

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

Authentication in WLAN

Authentication in WLAN Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Whitepaper W H I T E P A P E R OVERVIEW Arcot s unmatched authentication expertise and unique technology give organizations

More information

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

More information

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,

More information

Message authentication and. digital signatures

Message authentication and. digital signatures Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

ETSI TS 131 103 V10.1.0 (2011-04) Technical Specification

ETSI TS 131 103 V10.1.0 (2011-04) Technical Specification TS 131 103 V10.1.0 (2011-04) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Characteristics of the IP Multimedia

More information

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006 CSE331: Introduction to Networks and Security Lecture 29 Fall 2006 Announcements Project 3 is due Today Can submit electronically (mail savi@seas) By midnight Project 4 will be on the web this afternoon

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation

More information

Multi-Factor Authentication of Online Transactions

Multi-Factor Authentication of Online Transactions Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best

More information

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY

More information

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur

More information

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption Chapter 14. Key management and Distribution Symmetric Key Distribution Using Symmetric Encryption For symmetric encryption to work, the two parties to an exchange must share the same key, and that key

More information

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1 Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication

More information

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec 2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing

More information

Delivery of Voice and Text Messages over LTE

Delivery of Voice and Text Messages over LTE Delivery of Voice and Text Messages over LTE 1. The Market for Voice and SMS! 2. Third Party Voice over IP! 3. The IP Multimedia Subsystem! 4. Circuit Switched Fallback! 5. VoLGA LTE was designed as a

More information

White Paper PalmSecure truedentity

White Paper PalmSecure truedentity White Paper PalmSecure truedentity Fujitsu PalmSecure truedentity is used for mutual service and user authentication. The user's identity always remains in the possession of the user. A truedentity server

More information

Kerberos. Login via Password. Keys in Kerberos

Kerberos. Login via Password. Keys in Kerberos Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos

More information