Zengpeng Li¹, Jiuru Wang^{2, *}, Chang Choi³, Wenyin Zhang²

CMC-Computers, Materials & Continua, Vol.63, No.2, pp. 663-674, 2020, DOI:10.32604/cmc.2020.06565

Abstract Multi-factor authentication (MFA) was proposed by Pointcheval et al. [Pointcheval and Zimmer (2008)] to improve the security of single-factor (and two-factor) authentication. As the backbone of multi-factor authentication, biometric data are widely observed. Especially, how to keep the privacy of biometric at the password database without impairing efficiency is still an open question. Using the vulnerability of encryption (or hash) algorithms, the attacker can still launch offline brute-force attacks on encrypted (or hashed) biometric data. To address the potential risk of biometric disclosure at the password database, in this paper, we propose a novel efficient and secure MFA key exchange… More >

Wen Zhang¹, Keyue Li^1,*, Tianyang Li¹, Shaozhang Niu¹, Zhenguang Gao²

CMC-Computers, Materials & Continua, Vol.59, No.1, pp. 181-198, 2019, DOI:10.32604/cmc.2019.05813

Abstract Android applications are associated with a large amount of sensitive data, therefore application developers use encryption algorithms to provide user data encryption, authentication and data integrity protection. However, application developers do not have the knowledge of cryptography, thus the cryptographic algorithm may not be used correctly. As a result, security vulnerabilities are generated. Based on the previous studies, this paper summarizes the characteristics of password misuse vulnerability of Android application software, establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability. And on this basis,… More >