381 research outputs found
Age Detection Through Keystroke Dynamics From User Authentication Failures
In this paper an incident response approach is proposed for handling detections of authentication failures in systems that employ dynamic biometric authentication and more specifically keystroke user recognition. The main component of the approach is a multi layer perceptron focusing on the age classification of a user. Empirical findings show that the classifier can detect the age of the subject with a probability that is far from the uniform random distribution, making the proposed method suitable for providing supporting yet circumstantial evidence during e-discovery
Passphrase and keystroke dynamics authentication: security and usability
It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation
User Authentication and Supervision in Networked Systems
This thesis considers the problem of user authentication and supervision in networked
systems. The issue of user authentication is one of on-going concern in modem IT systems
with the increased use of computer systems to store and provide access to sensitive
information resources. While the traditional username/password login combination can be
used to protect access to resources (when used appropriately), users often compromise the
security that these methods can provide. While alternative (and often more secure)
systems are available, these alternatives usually require expensive hardware to be
purchased and integrated into IT systems. Even if alternatives are available (and
financially viable), they frequently require users to authenticate in an intrusive manner (e.g.
forcing a user to use a biometric technique relying on fingerprint recognition). Assuming
an acceptable form of authentication is available, this still does not address the problem of
on-going confidence in the users’ identity - i.e. once the user has logged in at the
beginning of a session, there is usually no further confirmation of the users' identity until
they logout or lock the session in which they are operating. Hence there is a significant
requirement to not only improve login authentication but to also introduce the concept of
continuous user supervision.
Before attempting to implement a solution to the problems outlined above, a range of
currently available user authentication methods are identified and evaluated. This is
followed by a survey conducted to evaluate user attitudes and opinions relating to login
and continuous authentication. The results reinforce perceptions regarding the weaknesses
of the traditional username/password combination, and suggest that alternative techniques
can be acceptable. This provides justification for the work described in the latter part o f
the thesis.
A number of small-scale trials are conducted to investigate alternative authentication
techniques, using ImagePIN's and associative/cognitive questions. While these techniques
are of an intrusive nature, they offer potential improvements as either initial login
authentication methods or, as a challenge during a session to confirm the identity of the
logged-in user.
A potential solution to the problem of continuous user authentication is presented through
the design and implementation o f a system to monitor user activity throughout a logged-in
session. The effectiveness of this system is evaluated through a series of trials
investigating the use of keystroke analysis using digraph, trigraph and keyword-based
metrics (with the latter two methods representing novel approaches to the analysis of
keystroke data). The initial trials demonstrate the viability of these techniques, whereas
later trials are used to demonstrate the potential for a composite approach. The final trial
described in this thesis was conducted over a three-month period with 35 trial participants
and resulted in over five million samples. Due to the scope, duration, and the volume of
data collected, this trial provides a significant contribution to the domain, with the use of a
composite analysis method representing entirely new work. The results of these trials
show that the technique of keystroke analysis is one that can be effective for the majority
of users. Finally, a prototype composite authentication and response system is presented,
which demonstrates how transparent, non-intrusive, continuous user authentication can be
achieved
Biometrics
Biometrics uses methods for unique recognition of humans based upon one or more intrinsic physical or behavioral traits. In computer science, particularly, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. The book consists of 13 chapters, each focusing on a certain aspect of the problem. The book chapters are divided into three sections: physical biometrics, behavioral biometrics and medical biometrics. The key objective of the book is to provide comprehensive reference and text on human authentication and people identity verification from both physiological, behavioural and other points of view. It aims to publish new insights into current innovations in computer systems and technology for biometrics development and its applications. The book was reviewed by the editor Dr. Jucheng Yang, and many of the guest editors, such as Dr. Girija Chetty, Dr. Norman Poh, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park, Dr. Sook Yoon and so on, who also made a significant contribution to the book
TOWARD THE SYSTEMATIZATION OF ACTIVE AUTHENTICATION RESEARCH
Authentication is the vital link between your real self and your digital self. As our digital selves become ever more powerful, the price of failing authentication grows. The most common authentication protocols are static data and employed only once at login. This allows for authentication to be spoofed just once to gain access to an entire user session. Behaviometric protocols continuously consume a user’s behavior as a token of authentication and can be applied throughout a session, thereby eliminating a fixed token to spoof. Research into these protocols as viable forms of authentication is relatively recent and is being conducted on a variety of data sources, features and classification schemes. This work proposes an extensible research framework to aid the systemization and preservation of research in this field by standardizing the interface for raw data collection, processing and interpretation. Specifically, this framework contributes transparent management of data collection and persistence, the presentation of past research in a highly configurable and extensible form, and the standardization of data forms to enhance innovative reuse and comparative analysis of prior research
Non-Intrusive Subscriber Authentication for Next Generation Mobile Communication Systems
Merged with duplicate record 10026.1/753 on 14.03.2017 by CS (TIS)The last decade has witnessed massive growth in both the technological development, and
the consumer adoption of mobile devices such as mobile handsets and PDAs. The recent
introduction of wideband mobile networks has enabled the deployment of new services
with access to traditionally well protected personal data, such as banking details or
medical records. Secure user access to this data has however remained a function of the
mobile device's authentication system, which is only protected from masquerade abuse by
the traditional PIN, originally designed to protect against telephony abuse.
This thesis presents novel research in relation to advanced subscriber authentication for
mobile devices. The research began by assessing the threat of masquerade attacks on
such devices by way of a survey of end users. This revealed that the current methods of
mobile authentication remain extensively unused, leaving terminals highly vulnerable to
masquerade attack. Further investigation revealed that, in the context of the more
advanced wideband enabled services, users are receptive to many advanced
authentication techniques and principles, including the discipline of biometrics which
naturally lends itself to the area of advanced subscriber based authentication.
To address the requirement for a more personal authentication capable of being applied
in a continuous context, a novel non-intrusive biometric authentication technique was
conceived, drawn from the discrete disciplines of biometrics and Auditory Evoked
Responses. The technique forms a hybrid multi-modal biometric where variations in the
behavioural stimulus of the human voice (due to the propagation effects of acoustic
waves within the human head), are used to verify the identity o f a user. The resulting
approach is known as the Head Authentication Technique (HAT).
Evaluation of the HAT authentication process is realised in two stages. Firstly, the
generic authentication procedures of registration and verification are automated within a
prototype implementation. Secondly, a HAT demonstrator is used to evaluate the
authentication process through a series of experimental trials involving a representative
user community. The results from the trials confirm that multiple HAT samples from
the same user exhibit a high degree of correlation, yet samples between users exhibit a
high degree of discrepancy. Statistical analysis of the prototypes performance realised
early system error rates of; FNMR = 6% and FMR = 0.025%. The results clearly
demonstrate the authentication capabilities of this novel biometric approach and the
contribution this new work can make to the protection of subscriber data in next
generation mobile networks.Orange Personal Communication Services Lt
Keystrokes and clicks : measuring stress on e-learning students
In traditional learning, teachers can easily get an insight into how their
students work and learn and how they interact in the classroom. However, in
online learning, it is more difficult for teachers to see how individual students
behave. With the enormous growing of e-learning platforms, as complementary or
even primary tool to support learning in organizations, monitoring students’
success factors becomes a crucial issue. In this paper we focus on the importance
of stress in the learning process. Stress detection in an E-learning environment is
an important and crucial factor to success. Estimating, in a non-invasive way, the
students’ levels of stress, and taking measures to deal with it, is then the goal of
this paper. Moodle, by being one of the most used e-learning platforms is used to
test the log tool referred in this work.(undefined
Seamless Authentication for Ubiquitous Devices
User authentication is an integral part of our lives; we authenticate ourselves to personal computers and a variety of other things several times a day. Authentication is burdensome. When we wish to access to a computer or a resource, it is an additional task that we need to perform~-- an interruption in our workflow. In this dissertation, we study people\u27s authentication behavior and attempt to make authentication to desktops and smartphones less burdensome for users. First, we present the findings of a user study we conducted to understand people\u27s authentication behavior: things they authenticate to, how and when they authenticate, authentication errors they encounter and why, and their opinions about authentication. In our study, participants performed about 39 authentications per day on average; the majority of these authentications were to personal computers (desktop, laptop, smartphone, tablet) and with passwords, but the number of authentications to other things (e.g., car, door) was not insignificant. We saw a high failure rate for desktop and laptop authentication among our participants, affirming the need for a more usable authentication method. Overall, we found that authentication was a noticeable part of all our participants\u27 lives and burdensome for many participants, but they accepted it as cost of security, devising their own ways to cope with it. Second, we propose a new approach to authentication, called bilateral authentication, that leverages wrist-wearable technology to enable seamless authentication for things that people use with their hands, while wearing a smart wristband. In bilateral authentication two entities (e.g., user\u27s wristband and the user\u27s phone) share their knowledge (e.g., about user\u27s interaction with the phone) to verify the user\u27s identity. Using this approach, we developed a seamless authentication method for desktops and smartphones. Our authentication method offers quick and effortless authentication, continuous user verification while the desktop (or smartphone) is in use, and automatic deauthentication after use. We evaluated our authentication method through four in-lab user studies, evaluating the method\u27s usability and security from the system and the user\u27s perspective. Based on the evaluation, our authentication method shows promise for reducing users\u27 authentication burden for desktops and smartphones
Data security in European healthcare information systems
This thesis considers the current requirements for data security in European healthcare systems and
establishments. Information technology is being increasingly used in all areas of healthcare
operation, from administration to direct care delivery, with a resulting dependence upon it by
healthcare staff. Systems routinely store and communicate a wide variety of potentially sensitive
data, much of which may also be critical to patient safety. There is consequently a significant
requirement for protection in many cases.
The thesis presents an assessment of healthcare security requirements at the European level, with a
critical examination of how the issue has been addressed to date in operational systems. It is
recognised that many systems were originally implemented without security needs being properly
addressed, with a consequence that protection is often weak and inconsistent between establishments.
The overall aim of the research has been to determine appropriate means by which security may be
added or enhanced in these cases.
The realisation of this objective has included the development of a common baseline standard for
security in healthcare systems and environments. The underlying guidelines in this approach cover
all of the principal protection issues, from physical and environmental measures to logical system
access controls. Further to this, the work has encompassed the development of a new protection
methodology by which establishments may determine their additional security requirements (by
classifying aspects of their systems, environments and data). Both the guidelines and the
methodology represent work submitted to the Commission of European Communities SEISMED
(Secure Environment for Information Systems in MEDicine) project, with which the research
programme was closely linked.
The thesis also establishes that healthcare systems can present significant targets for both internal
and external abuse, highlighting a requirement for improved logical controls. However, it is also
shown that the issues of easy integration and convenience are of paramount importance if security is
to be accepted and viable in practice. Unfortunately, many traditional methods do not offer these
advantages, necessitating the need for a different approach.
To this end, the conceptual design for a new intrusion monitoring system was developed, combining
the key aspects of authentication and auditing into an advanced framework for real-time user
supervision. A principal feature of the approach is the use of behaviour profiles, against which user
activities may be continuously compared to determine potential system intrusions and anomalous
events.
The effectiveness of real-time monitoring was evaluated in an experimental study of keystroke
analysis -a behavioural biometric technique that allows an assessment of user identity from their
typing style. This technique was found to have significant potential for discriminating between
impostors and legitimate users and was subsequently incorporated into a fully functional security
system, which demonstrated further aspects of the conceptual design and showed how transparent
supervision could be realised in practice.
The thesis also examines how the intrusion monitoring concept may be integrated into a wider
security architecture, allowing more comprehensive protection within both the local healthcare
establishment and between remote domains.Commission of European Communities
SEISMED proje
- …