A Secure Mobile-based Authentication System

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable.We propose a challengeresponse based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.La informació financera és extremadament sensible. Per tant, la banca electrònica ha de proporcionar un sistema robust per autenticar als seus clients i fer-los accedir a les dades de forma remota. D'altra banda, aquest sistema ha de ser usable, accessible, i portàtil. Es proposa una resposta al desafiament basat en una contrasenya única (OTP), esquema que utilitza la criptografia simètrica en combinació amb un mòdul de maquinari de seguretat. Amés, aquesta solució ofereix mobilitat convenient per als usuaris que volen bancària en línia en qualsevol moment i en qualsevol lloc, no només des dels seus propis equips de confiança.La información financiera es extremadamente sensible. Por lo tanto, la banca electrónica debe proporcionar un sistema robusto para autenticar a sus clientes y hacerles acceder a sus datos de forma remota. Por otra parte, dicho sistema debe ser usable, accesible, y portátil. Se propone una respuesta al desafío basado en una contraseña única (OTP), esquema que utiliza la criptografía simétrica en combinación con un módulo hardware de seguridad hardware. Además, esta solución ofrece una movilidad conveniente para los usuarios que quieren la entidad bancaria en línea en cualquier momento y en cualquier lugar, no sólo des de sus propios equipos de confianza

Anonymous reputation based reservations in e-commerce (AMNESIC)

Online reservation systems have grown over the last recent years to facilitate the purchase of goods and services. Generally, reservation systems require that customers provide some personal data to make a reservation effective. With this data, service providers can check the consumer history and decide if the user is trustable enough to get the reserve. Although the reputation of a user is a good metric to implement the access control of the system, providing personal and sensitive data to the system presents high privacy risks, since the interests of a user are totally known and tracked by an external entity. In this paper we design an anonymous reservation protocol that uses reputations to profile the users and control their access to the offered services, but at the same time it preserves their privacy not only from the seller but the service provider

Computational and Energy Costs of Cryptographic Algorithms on Handheld Devices

Networks are evolving toward a ubiquitous model in which heterogeneous devices are interconnected. Cryptographic algorithms are required for developing security solutions that protect network activity. However, the computational and energy limitations of network devices jeopardize the actual implementation of such mechanisms. In this paper, we perform a wide analysis on the expenses of launching symmetric and asymmetric cryptographic algorithms, hash chain functions, elliptic curves cryptography and pairing based cryptography on personal agendas, and compare them with the costs of basic operating system functions. Results show that although cryptographic power costs are high and such operations shall be restricted in time, they are not the main limiting factor of the autonomy of a device

Product Perfect Codes and Steganography

A new coding technique to be used in steganography is evaluated. The performance of this new technique is computed and comparisons with the well-known theoretical upper bound, Hamming upper bound and basic LSB are established

Cryptographic Energy Costs are Assumable in Ad Hoc Networks

Performance of symmetric and asymmetric cryptography algorithms in small devices is presented. Both temporal and energy costs are measured and compared with the basic functional costs of a device. We demonstrate that cryptographic power costs are not a limiting factor of the autonomy of a device and explain how processing delays can be conveniently managed to minimize their impact

Application of the measured equation of invariance to radiation and scattering by flat surfaces

Because on flat surfaces the electric currents are confined to two dimensions, a simple vector potential formulation can be used. The problem of radiation and scattering by rectangular strip dipoles is solved, including the transversal variation of the current across the dipole width. Also of interest are the currents induced on antennas with step variations in width, and with bends and T-junctions.Peer ReviewedPostprint (published version

A Fair and Secure Cluster Formation Process for Ad Hoc Networks

An efficient approach for organizing large ad hoc networks is to divide the nodes into multiple clusters and designate, for each cluster, a clusterhead which is responsible for holding intercluster control information. The role of a clusterhead entails rights and duties. On the one hand, it has a dominant position in front of the others because it manages the connectivity and has access to other node¿s sensitive information. But on the other hand, the clusterhead role also has some associated costs. Hence, in order to prevent malicious nodes from taking control of the group in a fraudulent way and avoid selfish attacks from suitable nodes, the clusterhead needs to be elected in a secure way. In this paper we present a novel solution that guarantees the clusterhead is elected in a cheat-proof manner

Fully Distributed Cooperative Spectrum Sensing for Cognitive Radio Networks

Cognitive radio networks (CRN) sense spectrum occupancy and manage themselves to operate in unused bands without disturbing licensed users. The detection capability of a radio system can be enhanced if the sensing process is performed jointly by a group of nodes so that the effects of wireless fading and shadowing can be minimized. However, taking a collaborative approach poses new security threats to the system as nodes can report false sensing data to force a wrong decision. Providing security to the sensing process is also complex, as it usually involves introducing limitations to the CRN applications. The most common limitation is the need for a static trusted node that is able to authenticate and merge the reports of all CRN nodes. This paper overcomes this limitation by presenting a protocol that is suitable for fully distributed scenarios, where there is no static trusted node