Cargando…
Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism
The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security...
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2023
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10384883/ https://www.ncbi.nlm.nih.gov/pubmed/37514605 http://dx.doi.org/10.3390/s23146307 |
_version_ | 1785081266660442112 |
---|---|
author | Bhatia, Kavita Pandey, Santosh K. Singh, Vivek K. Gupta, Deena Nath |
author_facet | Bhatia, Kavita Pandey, Santosh K. Singh, Vivek K. Gupta, Deena Nath |
author_sort | Bhatia, Kavita |
collection | PubMed |
description | The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security Risks, 2023 Edition, indicates the prominent vulnerabilities of API security risks. Broken authentication, however, is placed in second position with level-3 exploitability, level-2 prevalence, level-3 detectability, and level-3 technical impact. To mitigate this vulnerability, many mitigation strategies have been proposed by using the cryptographic primitives wherein two techniques, namely hashing and PUF, are used. Some of the proposals have integrated the concepts of hashing and PUF. However, the unnecessarily lengthy and complex mathematics used in these proposals makes them unsuitable for current API-based application scenarios. Therefore, in this paper, the authors propose a privacy-preserving authentication protocol that incorporates the capability of both mechanisms in an easy and low-complexity manner. In addition to overcoming existing limitations, the proposed protocol is tested to provide more security properties over existing schemes. Analysis of their performance has demonstrated that the proposed solutions are secure, efficient, practical, and effective for API-based web applications in an enterprise environment. |
format | Online Article Text |
id | pubmed-10384883 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2023 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-103848832023-07-30 Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism Bhatia, Kavita Pandey, Santosh K. Singh, Vivek K. Gupta, Deena Nath Sensors (Basel) Article The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security Risks, 2023 Edition, indicates the prominent vulnerabilities of API security risks. Broken authentication, however, is placed in second position with level-3 exploitability, level-2 prevalence, level-3 detectability, and level-3 technical impact. To mitigate this vulnerability, many mitigation strategies have been proposed by using the cryptographic primitives wherein two techniques, namely hashing and PUF, are used. Some of the proposals have integrated the concepts of hashing and PUF. However, the unnecessarily lengthy and complex mathematics used in these proposals makes them unsuitable for current API-based application scenarios. Therefore, in this paper, the authors propose a privacy-preserving authentication protocol that incorporates the capability of both mechanisms in an easy and low-complexity manner. In addition to overcoming existing limitations, the proposed protocol is tested to provide more security properties over existing schemes. Analysis of their performance has demonstrated that the proposed solutions are secure, efficient, practical, and effective for API-based web applications in an enterprise environment. MDPI 2023-07-11 /pmc/articles/PMC10384883/ /pubmed/37514605 http://dx.doi.org/10.3390/s23146307 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Bhatia, Kavita Pandey, Santosh K. Singh, Vivek K. Gupta, Deena Nath Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism |
title | Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism |
title_full | Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism |
title_fullStr | Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism |
title_full_unstemmed | Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism |
title_short | Hash and Physical Unclonable Function (PUF)-Based Mutual Authentication Mechanism |
title_sort | hash and physical unclonable function (puf)-based mutual authentication mechanism |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10384883/ https://www.ncbi.nlm.nih.gov/pubmed/37514605 http://dx.doi.org/10.3390/s23146307 |
work_keys_str_mv | AT bhatiakavita hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism AT pandeysantoshk hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism AT singhvivekk hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism AT guptadeenanath hashandphysicalunclonablefunctionpufbasedmutualauthenticationmechanism |