Light-weight encryption using Changeable Variables for Formula based password authentication and One Time Password
وكيل مرتبط
Alasaadi, Abdulla Ahmed , مشرف الرسالة العلمية
اللغة
الأنجليزية
مدى
[3], 9, 63, [2] pages
مكان المؤسسة
Sakhir, Bahrain
نوع الرسالة الجامعية
Thesis (Master)
الجهه المانحه
University of Bahrain ,College of Information Technology
الوصف
Abstract:
Regardless of the advancement of multi-factor authentication, they all have their issues and weaknesses. For example, there are many ways to steal credentials; social engineering, malware, insecure environment, shoulder-surfing attacks. In addition, One-Time-Passwords (OTP) through mobile phone Short-Message-Service (SMS) are exposed to new attacks based on attacking the mobile-phone Subscriber-Identity-Module (SIM) cards and eSIM. Compromising a user’s account by changing their passwords to gain access.
All comes down to text-based passwords that are the basis of access authentication. These passwords are not being changed and remains the same until compromised through many attack vectors. In addition, a single user can have many devices with the adoption of the Internet-of-Things (IoT) devices that have an unlimited number of applications and connected to the internet all the time. However, they usually neglect exemplary security implementation.
This thesis will introduce Changeable Variables (CV) that address these problems by introducing changeable variables; having a way of passwords being changed automatically after the initial setup, which is also equal to be expired automatically. This will limit the window of an adversary who got the password for future access (the adversary stays between 11 days to 15 months before executing an attack (Sophos Security Firm, 2021)), Furthermore, the suggested approach can narrow the attacker’s ability to maintain an active session with the password changing every session. This also can address the password expiration without having to change the password.
This approach can work in combination with multi-factor authentication originating from the device itself without relying on an external entity to send OTP, besides that improving One Time-Password security regardless if it is compromised.furthermore this approach can also generate keys for encryption that will change automatically with Changeable Variables after the first initial setup phase without agreeing on a key every time the two entities want to exchange data.
The thesis will explain how this is accomplished from encoding, decoding, bit level representation and with examples of changeable variables possible. Finally a performance measurement for creating hashes with different iteration count.
Regardless of the advancement of multi-factor authentication, they all have their issues and weaknesses. For example, there are many ways to steal credentials; social engineering, malware, insecure environment, shoulder-surfing attacks. In addition, One-Time-Passwords (OTP) through mobile phone Short-Message-Service (SMS) are exposed to new attacks based on attacking the mobile-phone Subscriber-Identity-Module (SIM) cards and eSIM. Compromising a user’s account by changing their passwords to gain access.
All comes down to text-based passwords that are the basis of access authentication. These passwords are not being changed and remains the same until compromised through many attack vectors. In addition, a single user can have many devices with the adoption of the Internet-of-Things (IoT) devices that have an unlimited number of applications and connected to the internet all the time. However, they usually neglect exemplary security implementation.
This thesis will introduce Changeable Variables (CV) that address these problems by introducing changeable variables; having a way of passwords being changed automatically after the initial setup, which is also equal to be expired automatically. This will limit the window of an adversary who got the password for future access (the adversary stays between 11 days to 15 months before executing an attack (Sophos Security Firm, 2021)), Furthermore, the suggested approach can narrow the attacker’s ability to maintain an active session with the password changing every session. This also can address the password expiration without having to change the password.
This approach can work in combination with multi-factor authentication originating from the device itself without relying on an external entity to send OTP, besides that improving One Time-Password security regardless if it is compromised.furthermore this approach can also generate keys for encryption that will change automatically with Changeable Variables after the first initial setup phase without agreeing on a key every time the two entities want to exchange data.
The thesis will explain how this is accomplished from encoding, decoding, bit level representation and with examples of changeable variables possible. Finally a performance measurement for creating hashes with different iteration count.
المجموعة
المعرف
https://digitalrepository.uob.edu.bh/id/7ecbe8fe-952c-4e5b-9702-88ce836fc89b
https://digitalrepository.uob.edu.bh/id/7ecbe8fe-952c-4e5b-9702-88ce836fc89b
5
0
مواد أخرى لنفس الموضوع
