*2.4.1.4 Somebody you know*

*Computer and Network Security*

*2.3.3 Program-flow channels*

*2.4.1 Authentication process*

*2.4.1.1 Something you know*

*2.4.1.2 Something you have*

*2.4.1.3 Something you are*

exchange.

**2.4 Authentication and key exchange**

noisy. The covert channel can be noiseless if the transmitted data by the sender and received data by the receiver are the same with probability 1; otherwise, the channel is noisy. Usually, data transmitted through a covert channel is represented by bit "0" or "1." Nevertheless, if the receiver decodes every bit transmitted by the sender correctly, then the covert channel is considered noiseless. Thus, to reduce error rate,

I present a new type of covert channel, which is program-flow. The program-flow covert channel depends on the flow of program execution to convey information. In our proposed covert channel, the sender tries to guess the correct delta\_mmap (encoded information) of the vulnerable server program. The server code which executes in case of successful guess differs from which executes in a failed guess. The receiver distinguishes between server code executed in successful and failed guesses.

Authentication process identifies entities that are attempting to access some

Authentication is a process of checking whether someone or something is authorized or not to access some resources. Authentication can be computer to computer or process to process and mutual in both directions [7, 8]. Bob can authenticate

Alice sends a request to the server to access some resources; Bob authenticates Alice by asking her about a secret thing that she knows, such as password. If Alice issues a correct password, then Bob will accept her request for accessing some resources. Fortunately, a password is needed to login into the system and access its resources. Yet, unfortunately, the user is always asked to reuse the password when he wants to log into the system, which gives attackers opportunities to hack the password and reuse it. The solution for this problem is to use a onetime password (OTP) so that the user each time she logs into a system needs a new password.

One of the disadvantages of the first authentication factor (something you know) is that the user may forget his password. Thus, the second authentication factor (something you have) overcomes this problem, whereby the user has an object (e.g., automatic teller machine (ATM) cards, OTP cards [7], and smart cards [9]) to access the system. Unfortunately, the objects may get stolen by attackers.

The third authentication factor is based on the measurements of the user's physical characteristics such as the fingerprints, iris, and voice. The techniques that measure the behavioral characteristics of the user are called biometrics [7, 8]. This

resources. Diffie-Hellman (DH) algorithm is used as method of public key

which is produced by noise, correction codes are used [6].

Alice's identity depending on four factors [7, 9], which are:

**110**

Brainard et al. [9] proposes a fourth factor of authentication that is dependent on emergency authenticator, and it is used when the primary authenticator is unavailable to a user. A good example for emergency system is email; thus, when a user forgets his password, he often has the option of having password reset instructions. A system called "vouching" is introduced. A voucher system permits swapping of the roles of the token and PIN to deal with the case when the user has forgotten his PIN but still has his token.
