4,538 research outputs found
Implicit Sensor-based Authentication of Smartphone Users with Smartwatch
Smartphones are now frequently used by end-users as the portals to
cloud-based services, and smartphones are easily stolen or co-opted by an
attacker. Beyond the initial log-in mechanism, it is highly desirable to
re-authenticate end-users who are continuing to access security-critical
services and data, whether in the cloud or in the smartphone. But attackers who
have gained access to a logged-in smartphone have no incentive to
re-authenticate, so this must be done in an automatic, non-bypassable way.
Hence, this paper proposes a novel authentication system, iAuth, for implicit,
continuous authentication of the end-user based on his or her behavioral
characteristics, by leveraging the sensors already ubiquitously built into
smartphones. We design a system that gives accurate authentication using
machine learning and sensor data from multiple mobile devices. Our system can
achieve 92.1% authentication accuracy with negligible system overhead and less
than 2% battery consumption.Comment: Published in Hardware and Architectural Support for Security and
Privacy (HASP), 201
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
PIANO: Proximity-based User Authentication on Voice-Powered Internet-of-Things Devices
Voice is envisioned to be a popular way for humans to interact with
Internet-of-Things (IoT) devices. We propose a proximity-based user
authentication method (called PIANO) for access control on such voice-powered
IoT devices. PIANO leverages the built-in speaker, microphone, and Bluetooth
that voice-powered IoT devices often already have. Specifically, we assume that
a user carries a personal voice-powered device (e.g., smartphone, smartwatch,
or smartglass), which serves as the user's identity. When another voice-powered
IoT device of the user requires authentication, PIANO estimates the distance
between the two devices by playing and detecting certain acoustic signals;
PIANO grants access if the estimated distance is no larger than a user-selected
threshold. We implemented a proof-of-concept prototype of PIANO. Through
theoretical and empirical evaluations, we find that PIANO is secure, reliable,
personalizable, and efficient.Comment: To appear in ICDCS'1
DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification
Copresence verification based on context can improve usability and strengthen
security of many authentication and access control systems. By sensing and
comparing their surroundings, two or more devices can tell whether they are
copresent and use this information to make access control decisions. To the
best of our knowledge, all context-based copresence verification mechanisms to
date are susceptible to context-manipulation attacks. In such attacks, a
distributed adversary replicates the same context at the (different) locations
of the victim devices, and induces them to believe that they are copresent. In
this paper we propose DoubleEcho, a context-based copresence verification
technique that leverages acoustic Room Impulse Response (RIR) to mitigate
context-manipulation attacks. In DoubleEcho, one device emits a wide-band
audible chirp and all participating devices record reflections of the chirp
from the surrounding environment. Since RIR is, by its very nature, dependent
on the physical surroundings, it constitutes a unique location signature that
is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR
data with various mobile devices and in a range of different locations. We show
that DoubleEcho mitigates context-manipulation attacks whereas all other
approaches to date are entirely vulnerable to such attacks. DoubleEcho detects
copresence (or lack thereof) in roughly 2 seconds and works on commodity
devices
Active User Authentication for Smartphones: A Challenge Data Set and Benchmark Results
In this paper, automated user verification techniques for smartphones are
investigated. A unique non-commercial dataset, the University of Maryland
Active Authentication Dataset 02 (UMDAA-02) for multi-modal user authentication
research is introduced. This paper focuses on three sensors - front camera,
touch sensor and location service while providing a general description for
other modalities. Benchmark results for face detection, face verification,
touch-based user identification and location-based next-place prediction are
presented, which indicate that more robust methods fine-tuned to the mobile
platform are needed to achieve satisfactory verification accuracy. The dataset
will be made available to the research community for promoting additional
research.Comment: 8 pages, 12 figures, 6 tables. Best poster award at BTAS 201
PATH: Person Authentication using Trace Histories
In this paper, a solution to the problem of Active Authentication using trace
histories is addressed. Specifically, the task is to perform user verification
on mobile devices using historical location traces of the user as a function of
time. Considering the movement of a human as a Markovian motion, a modified
Hidden Markov Model (HMM)-based solution is proposed. The proposed method,
namely the Marginally Smoothed HMM (MSHMM), utilizes the marginal probabilities
of location and timing information of the observations to smooth-out the
emission probabilities while training. Hence, it can efficiently handle
unforeseen observations during the test phase. The verification performance of
this method is compared to a sequence matching (SM) method , a Markov
Chain-based method (MC) and an HMM with basic Laplace Smoothing (HMM-lap).
Experimental results using the location information of the UMD Active
Authentication Dataset-02 (UMDAA02) and the GeoLife dataset are presented. The
proposed MSHMM method outperforms the compared methods in terms of equal error
rate (EER). Additionally, the effects of different parameters on the proposed
method are discussed.Comment: 8 pages, 9 figures. Best Paper award at IEEE UEMCON 201
- …