P/key: PUF based second factor authentication için kapak resmi
P/key: PUF based second factor authentication
Başlık:
P/key: PUF based second factor authentication
Yazar:
Uysal, Ertan, author.
Yazar Ek Girişi:
Fiziksel Tanımlama:
ix, 51 leaves: 1 computer laser optical disc.
Özet:
Second-factor authentication mechanisms increase the security of authentication processes by implementing an additional auxiliary layer to a single factor. As a second factor, using one-time passwords (OTP) is mainly preferred due to their hardware independence and easy generation. OTP generation protocols should be evaluated in two main categories: time and security. In time-based OTP mechanisms (TOTP), client and server store a shared secret key. However, if attackers compromise the server, attackers can generate new OTPs using the key and impersonate the client. To solve this problem, protocols based on the hash chain mechanism have been proposed; however, these methods have weaknesses mainly due to the authentication speed and the limited number of OTPs they generate. This thesis proposes a server-side tamper-proof and fast response physical unclonable function (PUF) based second-factor authentication protocol on overcoming these problems. PUF is a digital fingerprint that ensures that every device produced is unique due to uncontrollable factors in the production stages of devices. It generates responses that correspond to challenges. Since PUF is based on the micro-level differences in devices, micro-level structure changes in the event of an attack, and the PUF takes to generate different responses. Although PUF is a fast response function, it is impossible to reach the challenge from the response it generates. In the proposed protocol, the PUF inside the server generates key values and used to store clients’ secret seed values securely. In case of side-channel attack on server-side, the key values of the clients cannot be obtained by the attackers, as the PUF structure will be corrupted. Even if the attacker obtains the server’s credentials and gains access to the system, they cannot get the secret seed values of the clients and cannot generate the OTPs. In this way, the attacker cannot authenticate by impersonating the client.
Yazar Ek Girişi:

Tek Biçim Eser Adı:
Thesis (Master)--İzmir Institute of Technology:Computer Engineering.

İzmir Institute of Technology: Energy Engineering --Thesis (Master).
Elektronik Erişim:
Access to Electronic Versiyon.
Ayırtma: Copies: