Most user authentication methods rely on a single verifier being stored at a central location within the information system. Such information storage presents a single point of compromise from a security perspective. ...
详细信息
Most user authentication methods rely on a single verifier being stored at a central location within the information system. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities if the verifier can be extracted from the system. This paper proposes a distributedauthentication environment in which there is no such single point of compromise. We propose an architecture that does not rely on a single verifier to authenticate users, but rather a distributedauthentication architecture where several authentication servers are used to authenticate a user. We consider an authentication environment in which the user authentication process is distributed among independent servers. Each server independently performs its own authentication of the user, for example by asking the user to complete a challenge in order to prove his claim to a digital identity. The proposed architecture allows each server to use any authentication factor. We provide a security analysis of the proposed architecture and protocol, which shows they are secure against the attacks chosen in the analysis.
Securing System-on-Chips (SoCs) is challenging due to the globally distributed supply chain involving untrusted entities and integrating multiple third-party hardware intellectual properties (IPs) with varying trust l...
详细信息
ISBN:
(纸本)9798350354119
Securing System-on-Chips (SoCs) is challenging due to the globally distributed supply chain involving untrusted entities and integrating multiple third-party hardware intellectual properties (IPs) with varying trust levels. Each IP has distinct security needs, requiring a comprehensive strategy that addresses both individual IP-level security and overall SoC protection. Common threats, such as reverse engineering and tampering, pose significant risks to the confidentiality, integrity, and availability of secure assets. In this paper, we introduce a novel architecture-level solution for distributedauthentication of unlocking keys in obfuscated/locked IP cores based on secret-splitting techniques from cryptography. We propose secret-splitting methods for IP-level countermeasures and define a distributed authentication protocol (DAP) for secure key splitting, which can operate in a point-to-point (P2P) mode or through a Centralized Engine for Secure Secret Splitting (CES3). We also discuss how CES3 can integrate a Security Policy Engine and a Trusted Platform Module to create a robust framework for cooperative security and trust in SoCs. The estimated black-box and white-box attack complexities are provided for an SoC containing multiple locked IPs with distributedauthentication.
Energy Internet provides important support to power transmission and substation distribution links, security is particularly significant. However, access authentication centralized to the certification center has brou...
详细信息
ISBN:
(纸本)9781538685495
Energy Internet provides important support to power transmission and substation distribution links, security is particularly significant. However, access authentication centralized to the certification center has brought great pressure on computing and communications. In this paper, a distributedauthentication scheme for the energy Internet is proposed based on the blockchain technology, which is decentralized and undeniable. A PBFT consensus mechanism is implemented with the Shamir threshold secret sharing mechanism. Experiments show that the scheme can effectively improve the concurrent access efficiency of Energy Internet terminals.
Energy Internet provides important support to power transmission and substation distribution links, security is particularly significant. However, access authentication centralized to the certification center has brou...
详细信息
Energy Internet provides important support to power transmission and substation distribution links, security is particularly significant. However, access authentication centralized to the certification center has brought great pressure on computing and communications. In this paper, a distributedauthentication scheme for the energy Internet is proposed based on the blockchain technology, which is decentralized and undeniable. A PBFT consensus mechanism is implemented with the Shamir threshold secret sharing mechanism. Experiments show that the scheme can effectively improve the concurrent access efficiency of Energy Internet terminals.
暂无评论