Journal Articles

Permanent URI for this collectionhttps://dspace.univ-soukahras.dz/handle/123456789/25

Browse

Search Results

Now showing 1 - 5 of 5
  • Thumbnail Image
    Item
    Vulnerability of the Dynamic Array PIN Protocol
    (Ingénierie des Systèmes d’Information, 2022-02-28) Samir Chabbi; Djalel Chefrour
    We recently proposed the Dynamic Array PIN protocol (DAP), which is a novel approach for user authentication on Automated Teller Machines. DAP replaces bank cards with smartphones that support Near Field Communication (NFC) and allows a user to enter his PIN code in a secure way. We showed that DAP is resistant to 13 different attacks and is therefore better and more cost effective than several other solutions from the literature. However, after carrying a deeper analysis we found that DAP is vulnerable to a complex attack that might lead to unauthorized transactions on ATMs if the user smartphone and his PIN code are both stolen. In this paper we expose how the user PIN code can be discretely discovered using multiple eavesdropping videos or camera records. We also propose several fixes for this vulnerability.
  • Thumbnail Image
    Item
    An Intersection Attack on the CirclePIN Smartwatch Authentication Mechanism
    (IEEE Internet of Things Journal, 2024-04-01) Djalel Chefrour; Yasser Sedira; Samir Chabbi
    We present a thorough security analysis of a recent smartwatch authentication mechanism called CirclePIN, which was considered resilient to several attacks, including shoulder surfing and video recording. This mechanism avoids the direct entry of the personal identification number (PIN) by using consecutive screens of random colors that fool the attacker. We disclose a vulnerability in CirclePIN inherent to the way in which the users match the random colors to their PINs’ digits and we illustrate how to exploit it with an intersection attack. This attack uses the information extracted from multiple video recordings of legitimate authentication sessions. We prove that it has a high probability of revealing the user PIN with only three video recordings and always succeeds with five. Our proof is twofold. We formulate the theoretical probability of success for the attack as a function of the number of available video recordings. Then, we validate this formula with a simulation of a large number of attacks to compute their experimental probability of success. In our estimation, manual information extraction takes around 1 min per exploitable video recording. So, a complete intersection attack is cost effective in terms of time, as it lasts 5 min or less.
  • Thumbnail Image
    Item
    Dynamic array PIN: A novel approach to secure NFC electronic payment between ATM and smartphone
    (Taylor & Francis, 2020-06-04) Samir Chabbi; Rachid Boudour; Fouzi Semchedine; Djalel Chefrour
    Near Field Communication (NFC) technology has been used recently for electronic payment between an Automated Teller Machine (ATM) and a Smartphone. It is threatened by several attacks that can steal the user personal data like the password or the Personal Identification Number (PIN). In this paper, we present Dynamic Array PIN (DAP), a novel approach for user authentication on a Smartphone that uses NFC electronic payment with an ATM. Our analysis and experimentation prove that this technique protects against thirteen different attacks and is cost-effective in terms of required hardware, authentication time, computing power and storage space.
  • Thumbnail Image
    Item
    Evolution of network time synchronization towards nanoseconds accuracy: A survey
    (Elsevier, 2022-07) Djalel Chefrour
    We expose the state of the art in the topic of network time synchronization. Many distributed applications require a common notion of time to function properly. Without time synchronization, the nodes clocks will drift and report different values for the same instant. This problem is exacerbated by varying network delays between the cooperating nodes. Our survey covers how this issue is tackled by standard time synchronization mechanisms and a representative range of recent research works. We expose how some of them achieve micro and nanoseconds accuracy in wired networks. The reviewed techniques are classified in two categories based on whether they change the hosts clocks or not. The latter category includes schemes that detect and remove clock skew from network traffic trace. We discuss the advantages and drawbacks of the techniques in each category; compare them according to their application environment, accuracy and cost; and conclude this survey with a summary of learned lessons and insights into future work.
  • Thumbnail Image
    Item
    One-Way Delay Measurement From Traditional Networks to SDN: A Survey
    (2021-07) Djalel Chefrour
    We expose the state of the art in the topic of one-way delay measurement in both traditional and software-defined networks. A representative range of standard mechanisms and recent research works, including Open-Flow and Programming Protocol-independent Packet Processors (P4)-based schemes, are covered. We classify them, discuss their advantages and drawbacks, and compare them according to their application environment, accuracy, cost, and robustness. The discussion extends to the reuse of traditional schemes in software-defined networks and the benefits and limitations of the latter with respect to reducing the overhead of network wide measurements. We conclude with a summary of learned lessons and open challenges for future work.