Research Publications
Permanent URI for this communityhttps://rda.sliit.lk/handle/123456789/4194
This main community comprises five sub-communities, each representing the academic contribution made by SLIIT-affiliated personnel.
Browse
2 results
Filters
Advanced Search
Filter by
Settings
Search Results
Publication Embargo A steganography-based fingerprint authentication mechanism to counter fake physical biometrics and trojan horse attacks(IEEE, 2021-12-06) Karunathilake, H; Shahan, A. R. M; Shamry, M. N. M; De Silva, M. W. D. S; Senarathne, A. N; Yapa, KIn the modern world, unique biometrics of every individual play a vital role in authentication processes. However, as convenient as it seems, biometrics come with their own set of drawbacks. For instance, if a passphrase is compromised (which is highly likely), changing it to a new passphrase would solve the issue. However, when someone's biometrics are compromised, there is no turning back. Simultaneously, biometric systems are often compromised due to the use of fake physical biometrics and trojan horse attacks that are capable of modifying the authentication process to fulfill a malicious user's intents. This research focuses on proposing a novel and secure authentication process that uses steganography. This “all-in-one” solution also focuses on mitigating the aforementioned drawbacks with the use of four modules, namely, the feature extraction module, the payload generation and authentication module, the fake physical biometrics countering module and the trojan horse countering module. This solution is implemented such that the idea behind it can be easily adopted to enhance the existing biometric authentication systems as well as improve the overall condition and user experience of the multi-factor authentication processes that are widely in use today.Publication Embargo A layered defense mechanism for a social engineering aware perimeter(IEEE, 2016-07-13) Abeywardana, K. Y; Pfluegel, E; Tunnicliffe, M. JWhile many cyber security organizations urge the corporate world to use defence-in-depth to create vigilant network perimeters, the human factor is often overlooked. Security evaluation frameworks focus mostly on critical assets of an organization and technical aspects of prevailing risks. There is consequently no specific framework to identify, categorize, analyse and mitigate social engineering related risks. This paper identifies the requirement for such a framework through an in-depth investigation of an actual organization and extensive analysis of existing methodologies. On the basis of this a layered defence strategy SERA is developed, starting with the basic building blocks for social-engineering aware risk analysis. A chronological attack classification framework is presented as an enhancement of existing frameworks on social engineering.