Further observations on smart-card-based password-authenticated key agreement in distributed systems

This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols. © 2013 IEEE.

Personality and responses to appetitive and aversive stimuli: the joint influence of behavioural approach and behavioural inhibition systems

Gray’s reinforcement sensitivity theory (RST) posits two separable neurological systems involved in the regulation of personality and behaviour. The behavioural approach and inhibition systems facilitate the expression of appetitive (impulsive-sensation seeking traits) and aversive motivation (anxiety traits), respectively. Inconsistent findings regarding associations between measures of personality and behavioural responses to appetitive and aversive stimuli has led to a modification of RST including the notion that, rather than separable as first hypothesised, the two systems jointly influence behaviour. The current study was designed to investigate this proposal with an additional focus on the role of reinforcement expectancies. Seventy-eight participants completed two questionnaire measures of BIS/BAS activity (EPQ-R, SPSRQ) and two behavioural measures (Q-TASK, Card Arranging Reward Responsivity Objective Task). Findings were in general consistent with the original separable systems approach, however they also showed that aversive responses were highest in high BAS/high BIS individuals, thus suggesting an interactive account of BIS/BAS processes. Further, stronger positive correlations between self-report BAS traits and behavioural reward responsiveness were found for participants who perceived the task as more rewarding than initially expected. Discussion focuses on the role of reward expectancies and on the issue regarding separable vs. joint BIS/BAS systems.

A generic framework for three-factor authentication : preserving security and privacy in distributed systems

As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.