The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The two-factor authentication scheme combined password with smart card is one of the most widely used methods. This paper analyzes the security performance of a latest proposed remote user authentication scheme and simulates the attacks it suffers: it's vulnerability to the password guessing attack, the server masquerade attack and lacks of password backward security. Based on the detailed security...
Embedded Systems are being used for the development and implementation of Safety and Mission Critical Systems. Malfunctions of such type of embedded systems will lead to disasters at times. The embedded systems must be fully secured from outside intervention in order to have effective functioning as well as to provide protective environment to these mission critical systems. Fault injection attacks...
Providing confidentiality, integrity, and availability is indispensable for secure systems. In particular, almost every commerce application requires that integrity be provided in a secure manner, such that the integrity of data is retained even if the owner of the data is malicious. However, providing secure integrity in mobile environments, where participating nodes and their communication channels...
This paper describes security extensions of various Windows components based on usage of FIPS 201 (PIV) smart cards. Compared to some other similar solutions, this system has two significant advantages: first, smart cards are based on FIPS 201 standard and not on some proprietary technology; second, smart card security extensions represent an integrated solution, so the same card is used for security...
The paper describes secure service-oriented architecture for mobile transactions. The architecture comprises components, protocols, applications and interfaces and it provides various security services to various mobile applications: registration, certification, authentication, and authorization of users, secure messaging at an application-level (end-to-end security), protection of data in databases,...
Cloud computing technologies have conflicting advantages and disadvantages with smartcards. Smartcards have high level of security but severe hardware restrictions, while clouds computing technologies are made available as utility computing but face with challenges and issues in security. We combine cloud computing technologies with smartcards and design our system by overcoming each of the weakness...
We propose in this paper to reuse the existing payment infrastructure to introduce a proof of transaction genuineness computed by a smart card chip. The idea is to divide the amount of the transaction into several sub-amounts, which added together give the total amount. The sub-amounts are function of a secret shared with the bank, which can verify that the split is correct, thus proving that the...
To the best of our knowledge, all most previously proposed schemes based on smart cards which have the tamper resistance assumption for the smart card. However, many researches have shown that the secrets stored in a smart card can be breaches by analyzing the leaked information or monitoring the power consumption. This article will propose a new mutual authentication scheme based on nonce and smart...
This paper describes the mechanism of the object sharing in Java Card and analysis of the existed security problems which lead to the attack, at same time it puts forward two methods to solve the attack. By comparing and analyzing the two methods, we will develop more protecting mechanism to protect the security of Java Card.
As 3G networks provide enhanced capabilities of data transportation, a considerable amount of mobile applications and services, which involve mass of unstructured digital content, e.g., video, audio, are available. Meanwhile, pirate and illegal distribution of these digital contents are severe issues. Digital Rights Management (DRM) aims at protecting unstructured digital contents from being abused...
Online auctions of governmental bonds and CO2 certificates are challenged by high availability requirements in face of high peak loads around the auction deadline. Traditionally, these requirements are addressed by cluster solutions. However, with strong requirements regarding hardware ownership and only a few auctions per owner per year hardware clusters are a rather ineffective solution.Consequently,...
Digital information has become a social infrastructure and with the expansion of the Internet, network infrastructure has become an indispensable part of social life and industrial activity for mankind. In recent years, the demand for online banking has increased and the number of people who rely on online transactions has tremendously increased. Thus, necessity for a reliable security for online...
The paper presents a technical solution to issue proxy certificate for grid end users using hardware and software token in grid systems. These tokens consist of user identity certificate and keys associated with the certificate. The discussion is initiated with the adoption of current solution; MyProxy as a generator of proxy certificate and credential repository for grid systems. Ongoing efforts...
The proposed scheme presents the real time security managing methods that can be implemented using RFID, biometric and smart messaging. Entry doors to restricted areas are controlled using the biometric machines. Registered staff manages their entry through their RFID card, which is verified with biometric. The relay in the biometric reader will unlock the door if the verification is successful after...
In 2004, Das et al. proposed a ldquoDynamic ID-based Remote User Authentication Scheme using Smart Cardsrdquo. This scheme have the advantage that users can choose and change their password freely and the server does not maintain any verifier table, which avoid the risk of stolen/modifying this table. However, in 2005, Liao et al. demonstrated that Das et al.'s scheme suffers from guessing attacks,...
The National Institutes of Health, along with other healthcare related agencies, continue to define the importance of exchanging medical data between hospitals and other healthcare providers. However, issues within the medical field such as interoperability, scalability and security continue to plague electronic exchange of information within the healthcare sector. In this paper we present an approach,...
This paper presents a medium attack to current shareable interface object mechanism. This method can invoke the shareable interface service functions without triggering the security checks in the Applet. Then a trust model is used to clarify the relationship of the inter-Applet shareable objects. According to the constraint of trust transfer we infer that a global security policy of card is necessary...
Purchasing goods by electronic transactions on point-of-sale (POS) terminals is a popular payment method. POS terminals are sensitive devices that require constant attention and supervision from merchant. A frequent operation performed by merchant on POS terminal is the process of updating terminal software configuration. Such tasks are of a sensitive nature due to their strong impact on POS terminal...
Authentication is one of the important security properties in applications ranging from border security to consumer electronics. This paper presents an efficient mutual authentication scheme for remote systems, which provides two-factor user authentication. The scheme attains two interesting features such as avoids the possibility of many logged in users with the same login identity and eliminates...
Nowadays, the TLS protocol (transport layer security) is the de facto standard for securing transactions across the Internet. It provides end-to-end secure communications with one way or mutual authentication between two network nodes. However, this protocol suffers from serious vulnerabilities because classical software implementations are not trusted and allow the use of falsified credentials (e...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.