Vulnerability Analysis for the Authentication Protocols in Trusted Computing Platforms and a Proposed Enhancement of the OffPAD Protocol

Mada Alhaidary; Sk Md Mizanur Rahman; Mohammed Zakariah; M. Shamim Hossain; Atif Alamri; Md Sarwar M. Haque; B. B. Gupta

doi:10.1109/ACCESS.2017.2789301

Vulnerability Analysis for the Authentication Protocols in Trusted Computing Platforms and a Proposed Enhancement of the OffPAD Protocol

Mada Alhaidary, Sk Md Mizanur Rahman, Mohammed Zakariah, M. Shamim Hossain^*, Atif Alamri, Md Sarwar M. Haque, B. B. Gupta

^*Corresponding author for this work

Preparatory Year Program

Research output: Contribution to journal › Article › peer-review

14 Scopus citations

Abstract

Trusted computing architecture ensures the behavior of software that runs on a user machine by protecting software-level attacks. Due to the potential of exposing a user's private information while accessing a system, many studies have focused on analyzing existing protocols to develop new methods based on biometrics or additional devices to add new layers of security to the authentication process. For a few years, the idea of utilizing the combination of something you know with something you have and a personal authentication device (PAD) has become common in verification protocols. Very recently, a more secure PAD, namely the Offline Personal Authentication Device (OffPAD), was invented to improve the authentication process. This single device can be used to manage the identities of both users and service providers as well as support the authentication process, while being offline most of the time. In this paper, a rigorous vulnerability analysis for OffPAD-based authentication techniques is conducted using an attack tree analysis. Finally, to overcome the vulnerabilities, mitigation techniques are proposed.

Original language	English
Pages (from-to)	6071-6081
Number of pages	11
Journal	IEEE Access
Volume	6
DOIs	https://doi.org/10.1109/ACCESS.2017.2789301
State	Published - 2 Jan 2018

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

Data origin authentication
biometric authentication
entity authentication
offline personal authentication device (OffPAD)
vulnerability analysis

ASJC Scopus subject areas

General Computer Science
General Materials Science
General Engineering

Access to Document

10.1109/ACCESS.2017.2789301

Cite this

@article{6532e2639e4446d58cfdc5844965fa75,

title = "Vulnerability Analysis for the Authentication Protocols in Trusted Computing Platforms and a Proposed Enhancement of the OffPAD Protocol",

abstract = "Trusted computing architecture ensures the behavior of software that runs on a user machine by protecting software-level attacks. Due to the potential of exposing a user's private information while accessing a system, many studies have focused on analyzing existing protocols to develop new methods based on biometrics or additional devices to add new layers of security to the authentication process. For a few years, the idea of utilizing the combination of something you know with something you have and a personal authentication device (PAD) has become common in verification protocols. Very recently, a more secure PAD, namely the Offline Personal Authentication Device (OffPAD), was invented to improve the authentication process. This single device can be used to manage the identities of both users and service providers as well as support the authentication process, while being offline most of the time. In this paper, a rigorous vulnerability analysis for OffPAD-based authentication techniques is conducted using an attack tree analysis. Finally, to overcome the vulnerabilities, mitigation techniques are proposed.",

keywords = "Data origin authentication, biometric authentication, entity authentication, offline personal authentication device (OffPAD), vulnerability analysis",

author = "Mada Alhaidary and Rahman, \{Sk Md Mizanur\} and Mohammed Zakariah and \{Shamim Hossain\}, M. and Atif Alamri and Haque, \{Md Sarwar M.\} and Gupta, \{B. B.\}",

note = "Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2018",

month = jan,

day = "2",

doi = "10.1109/ACCESS.2017.2789301",

language = "English",

volume = "6",

pages = "6071--6081",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Vulnerability Analysis for the Authentication Protocols in Trusted Computing Platforms and a Proposed Enhancement of the OffPAD Protocol

AU - Alhaidary, Mada

AU - Rahman, Sk Md Mizanur

AU - Zakariah, Mohammed

AU - Shamim Hossain, M.

AU - Alamri, Atif

AU - Haque, Md Sarwar M.

AU - Gupta, B. B.

PY - 2018/1/2

Y1 - 2018/1/2

N2 - Trusted computing architecture ensures the behavior of software that runs on a user machine by protecting software-level attacks. Due to the potential of exposing a user's private information while accessing a system, many studies have focused on analyzing existing protocols to develop new methods based on biometrics or additional devices to add new layers of security to the authentication process. For a few years, the idea of utilizing the combination of something you know with something you have and a personal authentication device (PAD) has become common in verification protocols. Very recently, a more secure PAD, namely the Offline Personal Authentication Device (OffPAD), was invented to improve the authentication process. This single device can be used to manage the identities of both users and service providers as well as support the authentication process, while being offline most of the time. In this paper, a rigorous vulnerability analysis for OffPAD-based authentication techniques is conducted using an attack tree analysis. Finally, to overcome the vulnerabilities, mitigation techniques are proposed.

AB - Trusted computing architecture ensures the behavior of software that runs on a user machine by protecting software-level attacks. Due to the potential of exposing a user's private information while accessing a system, many studies have focused on analyzing existing protocols to develop new methods based on biometrics or additional devices to add new layers of security to the authentication process. For a few years, the idea of utilizing the combination of something you know with something you have and a personal authentication device (PAD) has become common in verification protocols. Very recently, a more secure PAD, namely the Offline Personal Authentication Device (OffPAD), was invented to improve the authentication process. This single device can be used to manage the identities of both users and service providers as well as support the authentication process, while being offline most of the time. In this paper, a rigorous vulnerability analysis for OffPAD-based authentication techniques is conducted using an attack tree analysis. Finally, to overcome the vulnerabilities, mitigation techniques are proposed.

KW - Data origin authentication

KW - biometric authentication

KW - entity authentication

KW - offline personal authentication device (OffPAD)

KW - vulnerability analysis

UR - https://www.scopus.com/pages/publications/85040066766

U2 - 10.1109/ACCESS.2017.2789301

DO - 10.1109/ACCESS.2017.2789301

M3 - Article

AN - SCOPUS:85040066766

SN - 2169-3536

VL - 6

SP - 6071

EP - 6081

JO - IEEE Access

JF - IEEE Access

ER -

Vulnerability Analysis for the Authentication Protocols in Trusted Computing Platforms and a Proposed Enhancement of the OffPAD Protocol

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this