Innovative Authentication Methods

A special issue of Computers (ISSN 2073-431X). This special issue belongs to the section "ICT Infrastructures for Cybersecurity".

Deadline for manuscript submissions: closed (28 February 2023) | Viewed by 12251

Special Issue Editors


E-Mail Website
Guest Editor
Cyber Security Cooperative Research Centre, Building 15 Level 2/270 Joondalup Dr, Joondalup, WA 6027, Australia
Interests: cyber security of critical infrastructure; operational technology; IIoT and IoT; access control; policy-based management; cyber-warfare and peacekeeping
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Faculty of Computing, Engineering and Media, De Montfort University, Leicester LE1 9BH, UK
Interests: cyber security; intrusion detection systems; network security; connected vehicles
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Due to the rapid increase in sophisticated cyber threats that target critical infrastructures with significant destructive effects, the cyber security of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. Initial compromise of the systems through Remote Desktop (RDP) has been the major attack vector over the last few years, especially since the COVID-19 outbreak. Such a compromise is possible due to weak credentials, lack of two-factor authentication or use of a secure tunnel (VPN) to access the RDP.

Single-factor authentication using passwords has inherent security flaws from multiple perspectives. Severe security breaches such as the Adobe password database hack caused the security community to understand that centralising security credentials can have disastrous consequences, even if the credentials are encrypted. As a result, there has been an increasing demand from large organisations for provision of a second method of authentication to protect their users. Due to this demand, development of multi-factor authentication tools has become increasingly pertinent for companies such as Google and Microsoft as a way of authenticating users with something more than just their password. Some companies, such as Yahoo, have even replaced passwords with a push notification on the user’s mobile device when they log in.

In this Special Issue, both research and practical aspects of Innovative authentication methods are of interest. Aligned with the interdisciplinary nature of cyber security, authors from academia, governments, and industry are welcome to contribute. We seek original and high-quality submissions on, but not limited to, one or more of the following topics:

  • User authentication
  • Software-based authentication solutions
  • Hardware-based authentication solutions
  • Biometrics
  • Dynamic face authentication systems
  • Password-based authentication
  • Authentication methods with PIN codes
  • Authentication methods for electronic medical record access
  • Authentication methods for UAV communication
  • Blockchain-based authentication methods
  • Authentication strategies for online banking
  • Passwordless authentication

Prof. Dr. Leandros Maglaras
Prof. Dr. Helge Janicke
Dr. Mohamed Amine Ferrag
Dr. Francisco J. Aparicio-Navarro
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Computers is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (4 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

24 pages, 20100 KiB  
Article
Continuous Authentication in the Digital Age: An Analysis of Reinforcement Learning and Behavioral Biometrics
by Priya Bansal and Abdelkader Ouda
Computers 2024, 13(4), 103; https://doi.org/10.3390/computers13040103 - 18 Apr 2024
Viewed by 658
Abstract
This research article delves into the development of a reinforcement learning (RL)-based continuous authentication system utilizing behavioral biometrics for user identification on computing devices. Keystroke dynamics are employed to capture unique behavioral biometric signatures, while a reward-driven RL model is deployed to authenticate [...] Read more.
This research article delves into the development of a reinforcement learning (RL)-based continuous authentication system utilizing behavioral biometrics for user identification on computing devices. Keystroke dynamics are employed to capture unique behavioral biometric signatures, while a reward-driven RL model is deployed to authenticate users throughout their sessions. The proposed system augments conventional authentication mechanisms, fortifying them with an additional layer of security to create a robust continuous authentication framework compatible with static authentication systems. The methodology entails training an RL model to discern atypical user typing patterns and identify potentially suspicious activities. Each user’s historical data are utilized to train an agent, which undergoes preprocessing to generate episodes for learning purposes. The environment involves the retrieval of observations, which are intentionally perturbed to facilitate learning of nonlinear behaviors. The observation vector encompasses both ongoing and summarized features. A binary and minimalist reward function is employed, with principal component analysis (PCA) utilized for encoding ongoing features, and the double deep Q-network (DDQN) algorithm implemented through a fully connected neural network serving as the policy net. Evaluation results showcase training accuracy and equal error rate (EER) ranging from 94.7% to 100% and 0 to 0.0126, respectively, while test accuracy and EER fall within the range of approximately 81.06% to 93.5% and 0.0323 to 0.11, respectively, for all users as encoder features increase in number. These outcomes are achieved through RL’s iterative refinement of rewards via trial and error, leading to enhanced accuracy over time as more data are processed and incorporated into the system. Full article
(This article belongs to the Special Issue Innovative Authentication Methods)
Show Figures

Figure 1

18 pages, 618 KiB  
Article
Enhancing JWT Authentication and Authorization in Web Applications Based on User Behavior History
by Ahmet Bucko, Kamer Vishi, Bujar Krasniqi and Blerim Rexha
Computers 2023, 12(4), 78; https://doi.org/10.3390/computers12040078 - 13 Apr 2023
Cited by 3 | Viewed by 5116
Abstract
The rapid growth of the web has transformed our daily lives and the need for secure user authentication and authorization has become a crucial aspect of web-based services. JSON Web Tokens (JWT), based on RFC 7519, are widely used as a standard for [...] Read more.
The rapid growth of the web has transformed our daily lives and the need for secure user authentication and authorization has become a crucial aspect of web-based services. JSON Web Tokens (JWT), based on RFC 7519, are widely used as a standard for user authentication and authorization. However, these tokens do not store information about the user’s behavior history. To address this issue, this paper presents a solution to enhance the trustworthiness of user authentication in web applications based on their behavior history. The solution considers factors such as the number of password attempts, IP address consistency, and user agent type and assigns a weight or percentage to each. These weights are summed up and stored in the user’s account, and updated after each transaction. The proposed approach was implemented using the .NET framework, C# programming language, and PostgreSQL database. The results show that the proposed solution effectively increases the level of trust in user authentication. The paper concludes by highlighting the strengths and limitations of the proposed solution. Full article
(This article belongs to the Special Issue Innovative Authentication Methods)
Show Figures

Figure 1

24 pages, 8147 KiB  
Article
User Authentication and Authorization Framework in IoT Protocols
by Ammar Mohammad, Hasan Al-Refai and Ali Ahmad Alawneh
Computers 2022, 11(10), 147; https://doi.org/10.3390/computers11100147 - 27 Sep 2022
Cited by 5 | Viewed by 3156 | Correction
Abstract
The Internet of Things (IoT) has become one of the most attractive domains nowadays. It works by creating a special network between physical devices such as vehicles, home equipment, and other items. In recent days, the common technologies of communication such as Wi-Fi [...] Read more.
The Internet of Things (IoT) has become one of the most attractive domains nowadays. It works by creating a special network between physical devices such as vehicles, home equipment, and other items. In recent days, the common technologies of communication such as Wi-Fi and 2G/3G/4G cellular networks are insufficient for IoT networks because they are designed to serve appliances with immense processing capabilities such as laptops and PCs. Moreover, most of these technologies are centralized and use an existing infrastructure. Currently, new communication technologies such as Z-Wave, 6LowPAN, and Thread are dedicated to the IoT and have been developed to meet its requirements. These technologies can handle many factors such as range, data requirements, security, power demands, and battery life. Nevertheless, the security issues in IoT systems have major concerns and issues because vulnerabilities in such systems may result in fatal catastrophes. In this paper, an enhanced IoT security framework for authentication and authorization is proposed and implemented to protect the IoT protocols from different types of attacks such as man-in-the-middle attacks, reply attacks, and brute force attacks. The proposed framework combines an enhanced token authentication that has identity verification capabilities and a new sender verification mechanism on the IoT device side based on time stamps, which in turn can mitigate the need for local identity verification methods in IoT devices. The proposed IoT security framework was tested using security analysis with different types of attacks compared with previous related frameworks. The analysis shows the high capability of the proposed framework to protect IoT networks against many types of attacks compared with the currently available security frameworks. Finally, the proposed framework was developed using Windows applications to simulate the framework phases, check its validity through the real network, and calculate the payload time added. Full article
(This article belongs to the Special Issue Innovative Authentication Methods)
Show Figures

Figure 1

14 pages, 1660 KiB  
Article
The Use of Reactive Programming in the Proposed Model for Cloud Security Controlled by ITSS
by Dhuratë Hyseni, Nimete Piraj, Betim Çiço and Isak Shabani
Computers 2022, 11(5), 62; https://doi.org/10.3390/computers11050062 - 25 Apr 2022
Cited by 1 | Viewed by 2361
Abstract
Reactive programming is a popular paradigm that has been used as a new solution in our proposed model for security in the cloud. In this context, we have been able to reduce the execution time compared to our previous work for the model [...] Read more.
Reactive programming is a popular paradigm that has been used as a new solution in our proposed model for security in the cloud. In this context, we have been able to reduce the execution time compared to our previous work for the model proposed in cloud security, where the control of security depending on the ITSS (IT security specialist) of a certain organization based on selecting options. Some of the difficulties we encountered in our previous work while using traditional programming were the coordination of parallel processes and the modification of real-time data. This study provides results for two methods of programming based on the solutions of the proposed model for cloud security, with the first method of traditional programming and the use of reactive programming as the most suitable solution in our case. While taking the measurements in this paper, we used the same algorithms, and we present comparative results between the first and second methods of programming. The results in the paper are presented in tables and graphs, which show that reactive programming in the proposed model for cloud security offers better results compared to traditional programming. Full article
(This article belongs to the Special Issue Innovative Authentication Methods)
Show Figures

Figure 1

Back to TopTop