1.
Abbas Acar, Shoukat Ali, Koray Karabina, Cengiz Kaygusuz, Hidayet Aksu, Kemal Akkaya, Selcuk Uluagac
A lightweight privacy-aware continuous authentication protocol-paca Journal Article
In: ACM Transactions on Privacy and Security (TOPS), vol. 24, iss. 4, no. 4, pp. 1–28, 2021.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {A lightweight privacy-aware continuous authentication protocol-paca},
author = {Abbas Acar and Shoukat Ali and Koray Karabina and Cengiz Kaygusuz and Hidayet Aksu and Kemal Akkaya and Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3464690},
year = {2021},
date = {2021-09-02},
journal = {ACM Transactions on Privacy and Security (TOPS)},
volume = {24},
number = {4},
issue = {4},
pages = {1–28},
publisher = {ACM},
school = {Florida International University},
abstract = {As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously
2.
CENGIZ KAYGUSUZ, HIDAYET AKSU, KEMAL AKKAYA, SELCUK ULUAGAC
A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA Journal Article
In: 2021.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA},
author = {CENGIZ KAYGUSUZ and HIDAYET AKSU and KEMAL AKKAYA and SELCUK ULUAGAC},
url = {https://csl.fiu.edu/wp-content/uploads/2023/05/abbas_paca.pdf},
year = {2021},
date = {2021-00-00},
school = {Florida International University},
abstract = {Efforts to improve the security of the authentication services have historically progressed from what-you-know (ie, passwords) to what-you-have (ie, tokens), then to what-you-are (ie, biometrics) as attacks have increased in sophistication and become widespread [80, 85]. While the deployment of biometric authentication systems increases the usability of the authentication systems, the plethora of cyber-attacks demands more user information from biometrics, which introduces additional security and privacy challenges in the authentication systems. In this landscape, another challenge is due to the nature of one-time authentication, which verifies users only at the initial login session regardless of being single-or multi-factor. This is a serious security risk as once the attacker bypasses the initial authentication, it will have a forever access or if the user leaves the system intentionally/unintentionally unlocked, anyone such as an insider or a strong outsider adversary [11], who has physical access to the system will have access to the system without the actual user notification. Therefore, the user should be continuously monitored and re-authenticated. In the literature, several solutions such as time-out or token (or even RFID) based solutions are proposed to address these issues in the authentication systems [55]. Indeed, biometric-based systems are considered to be ideal and usable for such cases as they cannot be easily misplaced unlike tokens, or forgotten unlike passwords, or easily forged by an imposter. The method of verifying and authorizing the user throughout the session is called continuous authentication. A motivational example for},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
Efforts to improve the security of the authentication services have historically progressed from what-you-know (ie, passwords) to what-you-have (ie, tokens), then to what-you-are (ie, biometrics) as attacks have increased in sophistication and become widespread [80, 85]. While the deployment of biometric authentication systems increases the usability of the authentication systems, the plethora of cyber-attacks demands more user information from biometrics, which introduces additional security and privacy challenges in the authentication systems. In this landscape, another challenge is due to the nature of one-time authentication, which verifies users only at the initial login session regardless of being single-or multi-factor. This is a serious security risk as once the attacker bypasses the initial authentication, it will have a forever access or if the user leaves the system intentionally/unintentionally unlocked, anyone such as an insider or a strong outsider adversary [11], who has physical access to the system will have access to the system without the actual user notification. Therefore, the user should be continuously monitored and re-authenticated. In the literature, several solutions such as time-out or token (or even RFID) based solutions are proposed to address these issues in the authentication systems [55]. Indeed, biometric-based systems are considered to be ideal and usable for such cases as they cannot be easily misplaced unlike tokens, or forgotten unlike passwords, or easily forged by an imposter. The method of verifying and authorizing the user throughout the session is called continuous authentication. A motivational example for
3.
David Gabay, Kemal Akkaya, Mumin Cebe
Privacy-preserving authentication scheme for connected electric vehicles using blockchain and zero knowledge proofs Proceedings Article
In: pp. 5760–5772, IEEE, 2020.
Abstract | Links | BibTeX | Tags: User Authentication
@inproceedings{nokey,
title = {Privacy-preserving authentication scheme for connected electric vehicles using blockchain and zero knowledge proofs},
author = {David Gabay and Kemal Akkaya and Mumin Cebe},
url = {https://ieeexplore.ieee.org/abstract/document/9019886/},
year = {2020},
date = {2020-03-02},
journal = {IEEE Transactions on Vehicular Technology},
volume = {69},
number = {6},
issue = {6},
pages = {5760–5772},
publisher = {IEEE},
school = {Florida International University},
abstract = {With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage per charge on EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided anyway. While there have been many studies to address the problem of privacy-preserving authentication for vehicular networks, such solutions will be void if charging payments are made through traditional means. In this paper, we tackle this problem by},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {inproceedings}
}
With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage per charge on EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided anyway. While there have been many studies to address the problem of privacy-preserving authentication for vehicular networks, such solutions will be void if charging payments are made through traditional means. In this paper, we tackle this problem by
4.
Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya
A usable and robust continuous authentication framework using wearables Proceedings Article
In: pp. 2140–2153, IEEE, 2020.
Abstract | Links | BibTeX | Tags: User Authentication
@inproceedings{nokey,
title = {A usable and robust continuous authentication framework using wearables},
author = {Abbas Acar and Hidayet Aksu and A Selcuk Uluagac and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/9001165/},
year = {2020},
date = {2020-02-18},
journal = {IEEE Transactions on Mobile Computing},
volume = {20},
number = {6},
issue = {6},
pages = {2140–2153},
publisher = {IEEE},
school = {Florida International University},
abstract = {One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. Continuous authentication, which re-verifies the user identity without breaking the continuity of the session, can address this issue. However, existing methods for Continuous Authentication are either not reliable or not usable. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {inproceedings}
}
One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. Continuous authentication, which re-verifies the user identity without breaking the continuity of the session, can address this issue. However, existing methods for Continuous Authentication are either not reliable or not usable. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with
5.
Wesam Al Amiri, Mohamed Baza, Karim Banawan, Mohamed Mahmoud, Waleed Alasmary, Kemal Akkaya
Privacy-preserving smart parking system using blockchain and private information retrieval Proceedings Article
In: 2019 international conference on smart applications, communications and networking (SmartNets), pp. 1–6, IEEE, 2019.
Abstract | Links | BibTeX | Tags: User Authentication
@inproceedings{nokey,
title = {Privacy-preserving smart parking system using blockchain and private information retrieval},
author = {Wesam Al Amiri and Mohamed Baza and Karim Banawan and Mohamed Mahmoud and Waleed Alasmary and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/9069783/},
year = {2019},
date = {2019-12-17},
booktitle = {2019 international conference on smart applications, communications and networking (SmartNets)},
pages = {1–6},
publisher = {IEEE},
school = {Florida International University},
abstract = {Searching for available parking spaces is a major problem for drivers in crowded cities, causing traffic congestion, air pollution, and wasting drivers' time. Smart parking systems enable drivers to solicit real-time parking information and book parking slots. However, current smart parking systems require drivers to disclose their sensitive information, such as their desired destinations. Moreover, existing schemes are centralized, which makes them vulnerable to bottlenecks and single point of failure problems and privacy breaches by service providers. In this paper, we propose a privacy-preserving smart parking system using blockchain and private information retrieval. First, a consortium blockchain is created by different parking lot owners to ensure security, transparency, and availability of the parking offers. Then, to preserve the drivers' location privacy, we adopt private information retrieval technique to privately},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {inproceedings}
}
Searching for available parking spaces is a major problem for drivers in crowded cities, causing traffic congestion, air pollution, and wasting drivers' time. Smart parking systems enable drivers to solicit real-time parking information and book parking slots. However, current smart parking systems require drivers to disclose their sensitive information, such as their desired destinations. Moreover, existing schemes are centralized, which makes them vulnerable to bottlenecks and single point of failure problems and privacy breaches by service providers. In this paper, we propose a privacy-preserving smart parking system using blockchain and private information retrieval. First, a consortium blockchain is created by different parking lot owners to ensure security, transparency, and availability of the parking offers. Then, to preserve the drivers' location privacy, we adopt private information retrieval technique to privately
6.
Abbas Acar, Wenyi Liu, Raheem Beyah, Kemal Akkaya, Arif Selcuk Uluagac
A privacy‐preserving multifactor authentication system Journal Article
In: Security and Privacy, vol. 2, iss. 5, no. 5, pp. e88, 2019.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {A privacy‐preserving multifactor authentication system},
author = {Abbas Acar and Wenyi Liu and Raheem Beyah and Kemal Akkaya and Arif Selcuk Uluagac},
url = {https://onlinelibrary.wiley.com/doi/abs/10.1002/spy2.88},
year = {2019},
date = {2019-09-00},
journal = {Security and Privacy},
volume = {2},
number = {5},
issue = {5},
pages = {e88},
publisher = {Wiley Periodicals, Inc.},
school = {Florida International University},
abstract = {In recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anythingthey simply communicate how you type to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacypreserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes hostbased and network flowbased features. Since the features include users' sensitive information, it needs to be protected},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
In recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anythingthey simply communicate how you type to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacypreserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes hostbased and network flowbased features. Since the features include users' sensitive information, it needs to be protected
7.
Mohamed Baza Baza, Kemal Akkaya Akkaya, Wesam Al Amiri Amiri, Mohamed Mahmoud Mahmoud, Karim Banawan Banawan, Waleed Alasmary Alasmary
Privacy-preserving smart parking system using blockchain and private information retrieval Journal Article
In: vol. 2019, 2019.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {Privacy-preserving smart parking system using blockchain and private information retrieval},
author = {Mohamed Baza Baza and Kemal Akkaya Akkaya and Wesam Al Amiri Amiri and Mohamed Mahmoud Mahmoud and Karim Banawan Banawan and Waleed Alasmary Alasmary},
url = {https://scholar.google.com/scholar?cluster=5996066950105868818&hl=en&oi=scholarr},
year = {2019},
date = {2019-01-01},
volume = {2019},
school = {Florida International University},
abstract = {Searching for available parking spaces is a major problem for drivers in big cities, causing traffic congestion and air pollution, and wasting drivers' time. Smart parking systems enable drivers to have real-time parking information for pre-booking. However, current smart parking requires drivers to disclose their private information, such as desired destinations. Moreover, the existing schemes are centralized and vulnerable to the bottleneck of the single point of failure and data breaches. In this paper, we propose a distributed privacy-preserving smart parking system using blockchain. A consortium blockchain created by different parking lot owners to ensure security, transparency, and availability is proposed to store their parking offers on the blockchain. To preserve drivers' location privacy, we adopt private information retrieval (PIR) technique to enable drivers to retrieve parking offers from blockchain nodes privately},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
Searching for available parking spaces is a major problem for drivers in big cities, causing traffic congestion and air pollution, and wasting drivers' time. Smart parking systems enable drivers to have real-time parking information for pre-booking. However, current smart parking requires drivers to disclose their private information, such as desired destinations. Moreover, the existing schemes are centralized and vulnerable to the bottleneck of the single point of failure and data breaches. In this paper, we propose a distributed privacy-preserving smart parking system using blockchain. A consortium blockchain created by different parking lot owners to ensure security, transparency, and availability is proposed to store their parking offers on the blockchain. To preserve drivers' location privacy, we adopt private information retrieval (PIR) technique to enable drivers to retrieve parking offers from blockchain nodes privately
8.
Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya
Waca: Wearable-assisted continuous authentication Proceedings Article
In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 264–269, IEEE, 2018.
Abstract | Links | BibTeX | Tags: User Authentication
@inproceedings{nokey,
title = {Waca: Wearable-assisted continuous authentication},
author = {Abbas Acar and Hidayet Aksu and A Selcuk Uluagac and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/8424658/},
year = {2018},
date = {2018-05-24},
booktitle = {2018 IEEE Security and Privacy Workshops (SPW)},
pages = {264–269},
publisher = {IEEE},
school = {Florida International University},
abstract = {One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with one-way classifiers. With this, WACA continuously ensures that the current user is the user who logged in initially. We implemented the WACA framework and evaluated its performance on real devices with real users. The},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {inproceedings}
}
One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with one-way classifiers. With this, WACA continuously ensures that the current user is the user who logged in initially. We implemented the WACA framework and evaluated its performance on real devices with real users. The
Citations: 18671
h-index: 54
i10-index: 162