Browsing by Author "Ashibani, Yosef"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    A contextual authentication framework for smart home environments
    (2020-04-01) Ashibani, Yosef; Mahmoud, Qusay H.
    A smart home is one equipped with connected Internet-of-Things (IoT) devices that can be remotely accessed and controlled. Access to smart home devices is mostly achieved through smartphones and tablet computers, but this comes with security challenges such as unauthorized access and interception of data transmission. Although smart home devices are critical, many examples of security challenges, such as unauthorized access to home devices and interception of data transmission, are reported. Furthermore, many home IoT devices are still shipped with default credentials even though it is widely known that these settings are used in attacks. A number of cryptographic schemes have been proposed for securing communication among home IoT devices. However, the ability to handle such schemes, especially by devices with constrained computing resources, can be challenging. To address the above issues, this thesis introduces a contextual authentication framework for smart home environments that integrates a context-based user authentication method, a device-to-device message authentication scheme, and an app-based user authentication model. A proof of concept prototype of context-based authentication has been constructed. An identity-based signcryption scheme for securing data transmission between home IoT devices has been designed, and an app-based user authentication model has been developed. The results demonstrate that considerable contextual information can be retrieved and such information can be used in providing seamless, usable, and secure authentication. Furthermore, analysis and evaluation of the proposed signcryption scheme demonstrate that, in addition to providing authentication, it provides integrity and confidentiality as well as the ability to protect communication against possible attacks. The evaluation of the app-based user authentication model is performed on three datasets, and the results show that the model has the ability to authenticate users with high accuracy in terms of low false positive, false negative and equal error rates.
  • Thumbnail Image
    Item
    A Survey on Security and Attack Aspects of Passwords
    (2018-01-19) Ashibani, Yosef
    Despite many weaknesses, passwords are still mainly used, and will continue to be used in the near future, for the user authentication process. Passwords remain one of the important pillars of the protection structure even though they are not sufficiently robust against well-designed attacks. Thus, users need to select and protect robust passwords. The consequences of password disclosure to adversaries might have disastrous results, which in turn would increase the need to focus extensively on security factors in order to strengthen and protect passwords. Humans usually create far from random passwords that are vulnerable to attack. One important factor in estimating the impact of attacks and the strength of created passwords is to understand the ability of attackers to deduce passwords. Unfortunately, many efforts at strength estimation have failed. The main reason for this failure is that these efforts specifically focus on protection against Brute Force attacks. Other attempts have tried to design attacks against user passwords in order to test their strength and to accordingly improve them. This idea is expensive and insufficient to uncover or perhaps to identify professionally designed attacks. Another technique is to assign robust randomly generated passwords which could provide higher security. Assigning passwords by systems ensures that the users do not reuse the same passwords for different applications. On the other hand, it is challenging for users to remember such passwords. This has eventually led to the idea of using software management tools specifically designed for storing user passwords; however, the single point of failure will be the main drawback of such a method. Since password are remain the popular method for authentication, and will continue to be in the future, password security problems have become a global issue. Thus, designing robust, secure, and efficient password creation techniques needs to be urgently undertaken and with the utmost care. This paper briefly summarizes the most common attacks against passwords as well as some related works that have been conducted in the field of security and usability of passwords.