10,108 research outputs found
Secure Pick Up: Implicit Authentication When You Start Using the Smartphone
We propose Secure Pick Up (SPU), a convenient, lightweight, in-device,
non-intrusive and automatic-learning system for smartphone user authentication.
Operating in the background, our system implicitly observes users' phone
pick-up movements, the way they bend their arms when they pick up a smartphone
to interact with the device, to authenticate the users.
Our SPU outperforms the state-of-the-art implicit authentication mechanisms
in three main aspects: 1) SPU automatically learns the user's behavioral
pattern without requiring a large amount of training data (especially those of
other users) as previous methods did, making it more deployable. Towards this
end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW)
algorithm to effectively quantify similarities between users' pick-up
movements; 2) SPU does not rely on a remote server for providing further
computational power, making SPU efficient and usable even without network
access; and 3) our system can adaptively update a user's authentication model
to accommodate user's behavioral drift over time with negligible overhead.
Through extensive experiments on real world datasets, we demonstrate that SPU
can achieve authentication accuracy up to 96.3% with a very low latency of 2.4
milliseconds. It reduces the number of times a user has to do explicit
authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies
(SACMAT) 201
S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard
Nowadays, mobile banking becomes a popular tool which consumers can conduct
financial transactions such as shopping, monitoring accounts balance,
transferring funds and other payments. Consumers dependency on mobile needs,
make people take a little bit more interest in mobile banking. The use of the
one-time password which is sent to the user mobile phone by short message
service (SMS) is a vulnerability which we want to solve with proposing a new
scheme called S-Mbank. We replace the authentication using the one-time
password with the contactless smart card to prevent attackers to use the
unencrypted message which is sent to the user's mobile phone. Moreover, it
deals vulnerability of spoofer to send an SMS pretending as a bank's server.
The contactless smart card is proposed because of its flexibility and security
which easier to bring in our wallet than the common passcode generators. The
replacement of SMS-based authentication with contactless smart card removes the
vulnerability of unauthorized users to act as a legitimate user to exploit the
mobile banking user's account. Besides that, we use public-private key pair and
PIN to provide two factors authentication and mutual authentication. We use
signcryption scheme to provide the efficiency of the computation. Pair based
text authentication is also proposed for the login process as a solution to
shoulder-surfing attack. We use Scyther tool to analyze the security of
authentication protocol in S-Mbank scheme. From the proposed scheme, we are
able to provide more security protection for mobile banking service.Comment: 6 page
eIDeCert: a user-centric solution for mobile identification
The necessity to certify one's identity for different purposes and the evolution of mobile technologies have led to the generation of electronic devices such as smart cards, and electronic identities designed to meet daily needs. Nevertheless, these mechanisms have a problem: they don't allow the user to set the scope of the information presented. That problem introduces interesting security and privacy challenges and requires the development of a new tool that supports user-centrity for the information being handled. This article presents eIDeCert, a tool for the management of electronic identities (eIDs) in a mobile environment with a user-centric approach. Taking advantage of existing eCert technology we will be able to solve a real problem. On the other hand, the application takes us to the boundary of what the technology can cope with: we will assess how close we are to the boundary, and we will present an idea of what the next step should be to enable us to reach the goal
Implicit Sensor-based Authentication of Smartphone Users with Smartwatch
Smartphones are now frequently used by end-users as the portals to
cloud-based services, and smartphones are easily stolen or co-opted by an
attacker. Beyond the initial log-in mechanism, it is highly desirable to
re-authenticate end-users who are continuing to access security-critical
services and data, whether in the cloud or in the smartphone. But attackers who
have gained access to a logged-in smartphone have no incentive to
re-authenticate, so this must be done in an automatic, non-bypassable way.
Hence, this paper proposes a novel authentication system, iAuth, for implicit,
continuous authentication of the end-user based on his or her behavioral
characteristics, by leveraging the sensors already ubiquitously built into
smartphones. We design a system that gives accurate authentication using
machine learning and sensor data from multiple mobile devices. Our system can
achieve 92.1% authentication accuracy with negligible system overhead and less
than 2% battery consumption.Comment: Published in Hardware and Architectural Support for Security and
Privacy (HASP), 201
- …