Featured Research

from universities, journals, and other organizations

Simple arithmetic for faster, more secure websites

Date:
April 7, 2011
Source:
Inderscience
Summary:
Faster, more secure logins for multimedia sites might be possible thanks to a new approach to website and database security. Boolean logins would allow thousands if not millions of users to more quickly access the content to which they are entitled, such as music, video and images. The same approach might also reduce the risk of hackers accessing the materials illicitly.

Faster, more secure logins for multimedia sites might be possible thanks to a new approach to website and database security. Boolean logins would allow thousands if not millions of users to more quickly access the content to which they are entitled, such as music, video and images. The same approach might also reduce the risk of hackers accessing the materials illicitly.

Classic user identification requires the remote user sending a username and a password to the system to which they want to be authenticated. The system looks up the username in its locally stored database and if the password submitted matches the stored password, then access is granted. This method for identification works under the assumption that there exist no malicious users and that their local terminals cannot be infected by viruses.

Increasingly, however, these assumptions are too naοve. Not all users can be assumed to have good intentions. Technology continuously facilitates the capture of transactions in wireless channels. Usernames and passwords can therefore be easily obtained by malicious third parties (other users or viruses) and be used for illegal accesses to systems.

Now, Nikolaos Bardis of the University of Military Education, in Vari, Greece and colleagues there and at the Polytechnic Institute of Kiev, in Ukraine, have developed an innovative approach to logins, which implements the advanced concept of zero knowledge identification. The system is based on a set of relatively simple mathematical functions, known as one-way Boolean operators, to verify a login rather than the standard encryption-decryption calculations used today. The team explains that preliminary testing shows that their approach to a login algorithm could be hundreds or thousands of times faster than conventional logins. Importantly, the system will reduce the overall computing requirements on the provider side of the system as well as making logins much more secure.

"The efficiency of information security algorithms is defined based on two factors: the level of security and the amount of computational resources required for the implementation of the security functions," Bardis and colleagues explain in the latest issue of the International Journal of Multimedia Intelligence and Security.

Underpinning any information security algorithm is an analytically insoluble mathematical problem that can be defined as a function applied to "x" to give "y"; Y = F(X). The function is made to be so complex that reversing it is impossible, like trying to unmix different coloured paints in a pot. Asymmetric cryptographic algorithms (public key encryption algorithms) use this approach and are common in web browser logins and access systems for many different types of database. This type of login requires a lot of computational power and is inherently slow. The team points out that a Boolean function can be just as sophisticated but requires a fraction of the computational power and so could be much, much faster.

Zero order user authentication schemes supply the user with a special function that produces an extremely large number of different results for all its possible inputs. A set of inputs that produce a common result is selected. These inputs are the user's passwords. A new user registers by submitting to the system their function and the common result. The user authenticates for a normal session using each password only once. The user provides the password at the beginning of each session. The system calculates the value produced when this password is used as input to the function. If this is equal to the common result, then authentication is successful and access is granted. Someone that is trying to gain access without the necessary knowledge (an illicit user) will practically have to try all possible password combinations, before reaching the correct one.

Normally, the functions used involve raising large numbers to large powers and dividing large numbers to find their remainder. These are operations make processors of ordinary computer systems run very slow and impose a significant burden even on larger information systems with large numbers of users. The proposed scheme uses systems of non-linear Boolean equations to construct the unique function. Boolean equations process binary data, using simple binary operations between bits. Such an operation is the eXclusive OR operation (XOR). Calculations are hence much simpler for the simple reason that it is much easier to calculate a logic expression than to raise a 100 digit number to a 10 digit power and then divide the result by another large number. The series of exchanges for registration and authentication is the same as before. However the inputs and the common results are binary vectors.

"Zero knowledge user identification solves the security issues by using passwords that change for every session and are not known to the system beforehand. The system can only check their validity," team member Nikolaos Doukas explains. "The proposed scheme has potential use in any system where malicious users have incentives to gain illegal access and perform actions they are not entitled to. The number of such systems increases rapidly as information gains value," he concludes.


Story Source:

The above story is based on materials provided by Inderscience. Note: Materials may be edited for content and length.


Journal Reference:

  1. Nikolaos Bardis, Nikolaos Doukas, Oleksandr P. Markovskyi. Fast subscriber identification based on the zero knowledge principle for multimedia content distribution. International Journal of Multimedia Intelligence and Security, 2010; 1 (4): 363 DOI: 10.1504/IJMIS.2010.039237

Cite This Page:

Inderscience. "Simple arithmetic for faster, more secure websites." ScienceDaily. ScienceDaily, 7 April 2011. <www.sciencedaily.com/releases/2011/04/110407093120.htm>.
Inderscience. (2011, April 7). Simple arithmetic for faster, more secure websites. ScienceDaily. Retrieved October 22, 2014 from www.sciencedaily.com/releases/2011/04/110407093120.htm
Inderscience. "Simple arithmetic for faster, more secure websites." ScienceDaily. www.sciencedaily.com/releases/2011/04/110407093120.htm (accessed October 22, 2014).

Share This



More Computers & Math News

Wednesday, October 22, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Thanks, Marty McFly! Hoverboards Could Be Coming In 2015

Thanks, Marty McFly! Hoverboards Could Be Coming In 2015

Newsy (Oct. 21, 2014) — If you've ever watched "Back to the Future Part II" and wanted to get your hands on a hoverboard, well, you might soon be in luck. Video provided by Newsy
Powered by NewsLook.com
Robots to Fly Planes Where Humans Can't

Robots to Fly Planes Where Humans Can't

Reuters - Innovations Video Online (Oct. 21, 2014) — Researchers in South Korea are developing a robotic pilot that could potentially replace humans in the cockpit. Unlike drones and autopilot programs which are configured for specific aircraft, the robots' humanoid design will allow it to fly any type of plane with no additional sensors. Ben Gruber reports. Video provided by Reuters
Powered by NewsLook.com
Japanese Scientists Unveil Floating 3D Projection

Japanese Scientists Unveil Floating 3D Projection

Reuters - Innovations Video Online (Oct. 20, 2014) — Scientists in Tokyo have demonstrated what they say is the world's first 3D projection that floats in mid air. A laser that fires a pulse up to a thousand times a second superheats molecules in the air, creating a spark which can be guided to certain points in the air to shape what the human eye perceives as an image. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Apple Enters Mobile Payment Business

Apple Enters Mobile Payment Business

AP (Oct. 20, 2014) — Apple is making a strategic bet with the launch of Apple Pay, the mobile pay service aimed at turning your iPhone into your wallet. (Oct. 20) Video provided by AP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins