China
Africa
Explore chapters and articles related to this topic
WLAN Security and Defense
Published in Rihai Wu, Xun Yang, Xia Zhou, Yibo Wang, Enterprise Wireless Local Area Network Architectures and Technologies, 2021
Rihai Wu, Xun Yang, Xia Zhou, Yibo Wang
In a WLAN, the applicant is a client (such as a mobile phone or a laptop) which must be able to support EAPOL on the WLAN. The authenticator is a wireless access controller (WAC) or an AP. It sends the authentication credentials submitted by the applicant to the authentication server and controls applicant access according to the authentication server’s instructions. The authentication server, usually a RADIUS server, performs authentication, authorization, and accounting (AAA) on the applicant. The structure is more reliable because authentication really happens between the applicant and the authentication server, and the AP and WAC do not store the applicant’s credentials. This facilitates unified management of authentication credentials on large-scale networks.
Network Security
Published in Mário Marques da Silva, Cable and Wireless Networks, 2018
As can be seen from Figure 16.33, the authentication process starts after a wireless device has been associated with the AP. At this stage, the AP creates a virtual port for communicating with the wireless device, only accepting 802.1x traffic, and blocking all other traffic types, that is, data traffic cannot go beyond the AP. Once the wireless association has been performed, the AP, acting as authenticator, sends to the wireless device (client) an identity request message. The client responds with the identity response message that includes the authenticating credentials. These credentials may include a username and password, a smart card, and a digital certificate if PKI is established. Note that this corresponds to a second level of authentication, in addition to the PSK. The authenticator forwards such credentials to the authentication server (typically a RADIUS database) for verification. If the authentication procedure succeeds, the server sends an EAP success message to the authenticator, and this message is forwarded to the client. In this case, the client is then authorized to send data traffic through the virtual port of the AP, after the establishment of a data link encryption between the client and this specific virtual port of the AP. Note that for the sake of security, each authenticated wireless device exchanges data with the AP using a different virtual port. Finally, when the wireless device intends to logoff, it sends an EAP logoff message to the authenticator, and the virtual port is modified to disabled mode, blocking again non-802.1x traffic.
Wireless Security Wi-Fi
Published in Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle, Wi-Fi Enabled Healthcare, 2014
Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, Aaron Earle
The next available option is to use preshared keys. This option requires a key to be applied to the devices and the wireless access points. This also means that everything has the same password entered into them. To combat someone using this key to eavesdrop on other conversations WPA uses a method that creates a unique session key for each device. This is done by having a preshared key called the group master key (GMK) that drives a pair transient key (PTK). How this works will be explained in the section on 802.11i. This second solution was added to WPA for home and small office support. In a house or small office, you are unlikely to have an authentication server such as RADIUS. A PSK is a 256-bit number or a passphrase 8 to 63 bytes long. WPA does support TKIP and Message Integrity Check (MIC) for older devices.
Internet of Medical Things (IoMT): Overview, Emerging Technologies, and Case Studies
Published in IETE Technical Review, 2022
Sahshanu Razdan, Sachin Sharma
For this case study, we based our IoMT authentication server on 10.0.0.253. This is where every device in our e-health infrastructure will get authenticated based on its credentials and associated PUF signature. An administrator account has been created for registration and remote operation of the devices. For the device, Motorola 1 with PUF the IPv4 Address, its DNS server (10.0.0.254), and the default gateway for packet transmission are configured and represented in 10. Similarly, for other end devices in our ecosystem like SmartPhone-PT Motorola 2 with PUF, Laptop-PT Lenovo 320 with PUF, IoT device DOOR with PUF, Wearable device, siren, temperature, and sound monitor, an RFID reader and an air detector, we have used similar configurations for IP generation. The state of these devices framework can be controlled remotely using other end devices like SmartPhone-PT Motorola 2 with PUF, Laptop-PT Lenovo 320 with PUF, SmartPhone-PT Motorola 1 with PUF.
Improving cloud data security through hybrid verification technique based on biometrics and encryption system
Published in International Journal of Computers and Applications, 2022
Md. Alamgir Hossain, Md. Abdullah Al Hasan
First of all its needs to collect the biometric sample from the user which is basically the client section. Now using the minutiae extraction algorithm features will be extracted from the biometric sample which is the template. One another template is also stored in the cloud database. Basically clients entered the template when he/she enlist by utilizing fingerprints. Its time to verify the template using the stored template in the cloud database. If both templates are the same then this system sends the login request to the server. The cloud authentication server randomly generates a OTP using unique characters. And then encrypt the user data using the advanced encryption algorithm and send the encrypted data to the client which is called ED(Encrypted Data). Most important thing is that the cloud authentication server also sends the one time password using the HTTP gateway to the user. That means, the OTP is now present in the user's mail. Since the data is encrypted or unreadable. So for understanding the data users need to convert into a readable format. Using the OTP users can decrypt or convert the encrypted data into a readable format. From the next section, the framework will be implemented and we will calculate the average time and also compare it to the others implemented system.
On improving the memorability of system-assigned recognition-based passwords
Published in Behaviour & Information Technology, 2022
Mahdi Nasrullah Al-Ameen, Sonali T. Marne, Kanis Fatema, Matthew Wright, Shannon Scielzo
The deployment of a secure and memorable authentication scheme is important not only for the everyday computer and Internet usage of people (Boss et al. 2015; Al-Ameen and Kocabas 2020), but also to provide security for emerging technologies (Roman, Zhou, and Lopez 2013), maintain security and privacy in information management systems (Chatterjee, Sarker, and Valacich 2015; Silic, Barlow, and Back 2017), offer secure collaboration among professionals in sensitive profession (Watkins et al. 2016; McGregor et al. 2017; Watkins et al. 2017), and to address the general security concerns within business and organisational settings (Siponen, Mahmood, and Pahnila 2014; Lowry et al. 2015; Safa, Von Solms, and Furnell 2016; Dang-Pham, Pittayachawan, and Bruno 2017; Haque et al. 2020). The deployment of GraphicV in a real-life scenario does not require any change in the current authentication server compared to traditional textual passwords. In this regard, a textual password comprising of lowercase letters (used to select system-assigned keywords) would be stored at the server for each user. At the client-end, users do not need to memorise the characters used to select the keyword; rather, they could remember the system-assigned keyword with the help of given memory cues. During authentication, users recognise the keywords and select them by entering the corresponding lowercase letters that remain fixed across the login sessions.