Cargando…

Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism

The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security...

Descripción completa

Detalles Bibliográficos
Autores principales: Bhatia, Kavita, Pandey, Santosh K., Singh, Vivek K., Gupta, Deena Nath
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2023
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10384883/
https://www.ncbi.nlm.nih.gov/pubmed/37514605
http://dx.doi.org/10.3390/s23146307
_version_ 1785081266660442112
author Bhatia, Kavita
Pandey, Santosh K.
Singh, Vivek K.
Gupta, Deena Nath
author_facet Bhatia, Kavita
Pandey, Santosh K.
Singh, Vivek K.
Gupta, Deena Nath
author_sort Bhatia, Kavita
collection PubMed
description The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security Risks, 2023 Edition, indicates the prominent vulnerabilities of API security risks. Broken authentication, however, is placed in second position with level-3 exploitability, level-2 prevalence, level-3 detectability, and level-3 technical impact. To mitigate this vulnerability, many mitigation strategies have been proposed by using the cryptographic primitives wherein two techniques, namely hashing and PUF, are used. Some of the proposals have integrated the concepts of hashing and PUF. However, the unnecessarily lengthy and complex mathematics used in these proposals makes them unsuitable for current API-based application scenarios. Therefore, in this paper, the authors propose a privacy-preserving authentication protocol that incorporates the capability of both mechanisms in an easy and low-complexity manner. In addition to overcoming existing limitations, the proposed protocol is tested to provide more security properties over existing schemes. Analysis of their performance has demonstrated that the proposed solutions are secure, efficient, practical, and effective for API-based web applications in an enterprise environment.
format Online
Article
Text
id pubmed-10384883
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-103848832023-07-30 Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism Bhatia, Kavita Pandey, Santosh K. Singh, Vivek K. Gupta, Deena Nath Sensors (Basel) Article The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security Risks, 2023 Edition, indicates the prominent vulnerabilities of API security risks. Broken authentication, however, is placed in second position with level-3 exploitability, level-2 prevalence, level-3 detectability, and level-3 technical impact. To mitigate this vulnerability, many mitigation strategies have been proposed by using the cryptographic primitives wherein two techniques, namely hashing and PUF, are used. Some of the proposals have integrated the concepts of hashing and PUF. However, the unnecessarily lengthy and complex mathematics used in these proposals makes them unsuitable for current API-based application scenarios. Therefore, in this paper, the authors propose a privacy-preserving authentication protocol that incorporates the capability of both mechanisms in an easy and low-complexity manner. In addition to overcoming existing limitations, the proposed protocol is tested to provide more security properties over existing schemes. Analysis of their performance has demonstrated that the proposed solutions are secure, efficient, practical, and effective for API-based web applications in an enterprise environment. MDPI 2023-07-11 /pmc/articles/PMC10384883/ /pubmed/37514605 http://dx.doi.org/10.3390/s23146307 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Bhatia, Kavita
Pandey, Santosh K.
Singh, Vivek K.
Gupta, Deena Nath
Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
title Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
title_full Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
title_fullStr Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
title_full_unstemmed Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
title_short Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
title_sort hash and physical unclonable function (puf)-based mutual authentication mechanism
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10384883/
https://www.ncbi.nlm.nih.gov/pubmed/37514605
http://dx.doi.org/10.3390/s23146307
work_keys_str_mv AT bhatiakavita hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism
AT pandeysantoshk hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism
AT singhvivekk hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism
AT guptadeenanath hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism