Featured Research

from universities, journals, and other organizations

Simple arithmetic for faster, more secure websites

Date:
April 7, 2011
Source:
Inderscience
Summary:
Faster, more secure logins for multimedia sites might be possible thanks to a new approach to website and database security. Boolean logins would allow thousands if not millions of users to more quickly access the content to which they are entitled, such as music, video and images. The same approach might also reduce the risk of hackers accessing the materials illicitly.

Faster, more secure logins for multimedia sites might be possible thanks to a new approach to website and database security. Boolean logins would allow thousands if not millions of users to more quickly access the content to which they are entitled, such as music, video and images. The same approach might also reduce the risk of hackers accessing the materials illicitly.

Related Articles


Classic user identification requires the remote user sending a username and a password to the system to which they want to be authenticated. The system looks up the username in its locally stored database and if the password submitted matches the stored password, then access is granted. This method for identification works under the assumption that there exist no malicious users and that their local terminals cannot be infected by viruses.

Increasingly, however, these assumptions are too naοve. Not all users can be assumed to have good intentions. Technology continuously facilitates the capture of transactions in wireless channels. Usernames and passwords can therefore be easily obtained by malicious third parties (other users or viruses) and be used for illegal accesses to systems.

Now, Nikolaos Bardis of the University of Military Education, in Vari, Greece and colleagues there and at the Polytechnic Institute of Kiev, in Ukraine, have developed an innovative approach to logins, which implements the advanced concept of zero knowledge identification. The system is based on a set of relatively simple mathematical functions, known as one-way Boolean operators, to verify a login rather than the standard encryption-decryption calculations used today. The team explains that preliminary testing shows that their approach to a login algorithm could be hundreds or thousands of times faster than conventional logins. Importantly, the system will reduce the overall computing requirements on the provider side of the system as well as making logins much more secure.

"The efficiency of information security algorithms is defined based on two factors: the level of security and the amount of computational resources required for the implementation of the security functions," Bardis and colleagues explain in the latest issue of the International Journal of Multimedia Intelligence and Security.

Underpinning any information security algorithm is an analytically insoluble mathematical problem that can be defined as a function applied to "x" to give "y"; Y = F(X). The function is made to be so complex that reversing it is impossible, like trying to unmix different coloured paints in a pot. Asymmetric cryptographic algorithms (public key encryption algorithms) use this approach and are common in web browser logins and access systems for many different types of database. This type of login requires a lot of computational power and is inherently slow. The team points out that a Boolean function can be just as sophisticated but requires a fraction of the computational power and so could be much, much faster.

Zero order user authentication schemes supply the user with a special function that produces an extremely large number of different results for all its possible inputs. A set of inputs that produce a common result is selected. These inputs are the user's passwords. A new user registers by submitting to the system their function and the common result. The user authenticates for a normal session using each password only once. The user provides the password at the beginning of each session. The system calculates the value produced when this password is used as input to the function. If this is equal to the common result, then authentication is successful and access is granted. Someone that is trying to gain access without the necessary knowledge (an illicit user) will practically have to try all possible password combinations, before reaching the correct one.

Normally, the functions used involve raising large numbers to large powers and dividing large numbers to find their remainder. These are operations make processors of ordinary computer systems run very slow and impose a significant burden even on larger information systems with large numbers of users. The proposed scheme uses systems of non-linear Boolean equations to construct the unique function. Boolean equations process binary data, using simple binary operations between bits. Such an operation is the eXclusive OR operation (XOR). Calculations are hence much simpler for the simple reason that it is much easier to calculate a logic expression than to raise a 100 digit number to a 10 digit power and then divide the result by another large number. The series of exchanges for registration and authentication is the same as before. However the inputs and the common results are binary vectors.

"Zero knowledge user identification solves the security issues by using passwords that change for every session and are not known to the system beforehand. The system can only check their validity," team member Nikolaos Doukas explains. "The proposed scheme has potential use in any system where malicious users have incentives to gain illegal access and perform actions they are not entitled to. The number of such systems increases rapidly as information gains value," he concludes.


Story Source:

The above story is based on materials provided by Inderscience. Note: Materials may be edited for content and length.


Journal Reference:

  1. Nikolaos Bardis, Nikolaos Doukas, Oleksandr P. Markovskyi. Fast subscriber identification based on the zero knowledge principle for multimedia content distribution. International Journal of Multimedia Intelligence and Security, 2010; 1 (4): 363 DOI: 10.1504/IJMIS.2010.039237

Cite This Page:

Inderscience. "Simple arithmetic for faster, more secure websites." ScienceDaily. ScienceDaily, 7 April 2011. <www.sciencedaily.com/releases/2011/04/110407093120.htm>.
Inderscience. (2011, April 7). Simple arithmetic for faster, more secure websites. ScienceDaily. Retrieved December 19, 2014 from www.sciencedaily.com/releases/2011/04/110407093120.htm
Inderscience. "Simple arithmetic for faster, more secure websites." ScienceDaily. www.sciencedaily.com/releases/2011/04/110407093120.htm (accessed December 19, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Friday, December 19, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Building Google Into Cars

Building Google Into Cars

Reuters - Business Video Online (Dec. 19, 2014) — Google's next Android version could become the standard that'll power your vehicle's entertainment and navigation features, Reuters has learned. Fred Katayama reports. Video provided by Reuters
Powered by NewsLook.com
After Sony Hack, What's Next?

After Sony Hack, What's Next?

Reuters - US Online Video (Dec. 19, 2014) — The hacking attack on Sony Pictures has U.S. government officials weighing their response to the cyber-attack. Linda So reports. Video provided by Reuters
Powered by NewsLook.com
Navy Unveils Robot Fish

Navy Unveils Robot Fish

Reuters - Light News Video Online (Dec. 18, 2014) — The U.S. Navy unveils an underwater device that mimics the movement of a fish. Tara Cleary reports. Video provided by Reuters
Powered by NewsLook.com
How 2014 Shaped The Future Of The Internet

How 2014 Shaped The Future Of The Internet

Newsy (Dec. 18, 2014) — It has been a long, busy year for Net Neutrality. The stage is set for an expected landmark FCC decision sometime in 2015. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins