A preliminary investigation of distributed and cooperative user authentication

Smartphones and other highly mobile yet sophisticated technologies are rapidly spreading through society and increasingly finding their way into pockets and handbags. As reliance upon these intensifies and familiarity grows, human nature dictates that more and more personal details and information is now to be found upon such devices. The need to secure and protect this valuable and desirable information is becoming ever more prevalent. Building upon previous work which proposed a novel approach to user authentication, an Authentication Aura, this paper investigates the latent security potential contained in surrounding devices in everyday life. An experiment has been undertaken to ascertain the technological infrastructure, devices and inert objects that surround individuals to establish if these items might be significant. The results suggest that inert possessions may offer a surprisingly large potential with some being in close proximity to experimental subjects for over 45% of the entire period. With other graphical analysis illustrating the consistency of presence, this work suggests that everyday possessions and devices can be leveraged to augment traditional approaches and even in certain circumstances, during device activation remove the need to authenticate

A conceptual model for federated authentication in the cloud

Authentication is a key security control for any computing system, whether that is a PC, server, laptop, tablet or mobile phone. However, authentication is traditionally poorly served, with existing implementations falling foul of a variety of weaknesses. Passwords are poorly selected, reused and shared (to name but a few). Research has suggested novel approaches to authentication such as transparent authentication and cooperative and distributed authentication. However, these technologies merely focus upon individual platforms rather than providing a universal and federated authentication approach that can be used across technologies and services. The advent of cloud computing, its universal connectivity, scalability and flexibility, offers a new opportunity of achieving usable and convenient authentication seamlessly in a technology and service independent fashion. The approach introduces a new dedicated authentication provider - the Managed Authentication Service Provider - that is able to provide state-of-the-art centralised verification of authenticity. However, relying upon such an environment also introduces a range of technology, privacy and trust-related issues that must be overcome

A conceptual model for federated authentication in the cloud

Authentication is a key security control for any computing system, whether that is a PC, server, laptop, tablet or mobile phone. However, authentication is traditionally poorly served, with existing implementations falling foul of a variety of weaknesses. Passwords are poorly selected, reused and shared (to name but a few). Research has suggested novel approaches to authentication such as transparent authentication and cooperative and distributed authentication. However, these technologies merely focus upon individual platforms rather than providing a universal and federated authentication approach that can be used across technologies and services. The advent of cloud computing, its universal connectivity, scalability and flexibility, offers a new opportunity of achieving usable and convenient authentication seamlessly in a technology and service independent fashion. The approach introduces a new dedicated authentication provider - the Managed Authentication Service Provider - that is able to provide state-of-the-art centralised verification of authenticity. However, relying upon such an environment also introduces a range of technology, privacy and trust-related issues that must be overcome

Authentication Aura: A cooperative and distributed approach to user authentication on mobile devices

As information technology pervades our lives we have increasingly come to rely on these evermore sophisticated and ubiquitous items of equipment. Portability and the desire to be connected around the clock has driven the rapid growth in adoption of mobile devices that enable us to talk, message, tweet and inform at will, whilst providing a means to shop and administer bank accounts. These high value, high risk, desirable devices are increasingly the target of theft and improvement in their protection is actively sought by Governments and security agencies. Although forms of security are in place they are compromised by human reluctance and inability to administer them effectively. With typical users operating across multiple devices, including traditional desktop PCs, laptops, tablets and smartphones, they can regularly find themselves having a variety of devices open concurrently. Even if the most basic security is in place, there is a resultant need to repeatedly authenticate, representing a potential source of hindrance and frustration. This thesis explores the need for a novel approach to user authentication, which will reduce the authentication burden whilst providing a secure yet adaptive security mechanism; a so called Authentication Aura. It proposes that the latent security potential contained in surrounding devices and possessions in everyday life can be leveraged to augment security, and provides a framework for a distributed and cooperative approach. An experiment was performed to ascertain the technological infrastructure, devices and inert objects that surround individuals throughout the day. Using twenty volunteers, over a fourteen-day period a dataset of 1.57 million recorded observations was gathered, which confirmed that between 6am and 12pm a significant device or possession is in near proximity 97.84% of the time. Using the data provided by the experiment as the basis for a simulation of the framework, it suggests a reduction of up to 80.36% in the daily number of required authentications for a user operating a device once every 30 minutes, with a 10 minute screen lock in place. Examining the influence of location alone indicated a reduction of 50.74% in user interventions lowering the average from 32 to 15.76, the addition of the surroundings reducing this further to 13.00. The analysis also investigated how a user’s own authentication status could be used to negate the need to repeatedly manually authenticate and it was found that it delayed the process for up to 90 minutes for an individual user. Ultimately, it confirms that during device activation it is possible to remove the need to authenticate with the Authentication Aura providing sufficient assurance.Orange/France Teleco

Evaluating single sign on security failure in cloud services

The business use of cloud computing services is motivated by the ease of use and the potential financial cost reductions. Service failure may occur when the service provider does not protect information or when the use of the services becomes overly complex and difficult. The benefits also bring optimisation challenges for the information owners who must assess the service security risk and the degree to which new human behaviours are required. In this research we look at the risk of identity theft when ease of service access is provided through a Single Sign On (SSO) authorisation and ask: What are the optimal behavioural expectations for a Cloud service information owner? Federated identity management is a well-developed design literature for solutions to optimising human behaviours in relation to the new technologies. We briefly review the literature and then propose a working solution that optimises the trade-off between disclosure risk, human user risk and service security. Both breech and non-use of a system are failures

Continuous and transparent multimodal authentication: reviewing the state of the art

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner

Criteria for Evaluating Authentication Systems

User authentication is an important component of information security. It is critical in addressing many concerns that consumers and business have over the risk of identity theft. However, there is no systematic method to measure how good an authentication mechanism is in a given business context. This paper outlines nine criteria businesses can use to assess authentication systems. With these criteria, businesses are better equipped to select authentication systems that meet the needs of both their organization and their customers, and provide better protection against identity theft and other computer crimes

Intelligent Citizenship Identity through Family Pedigree Using Graph-Signature Based Random-Forest Model

There has been a global upsurge of interest in the topic of citizenship identity over the past decades, specifically in the world dominated by profound insecurity, inequalities, proliferation of identities, and rise of identity politics,engendered by capitalism. However finding effective solution to these problems has been rendered difficult. To alleviate these problems, this paper presents an analytical Machine learning model that suitably combined the graph signature with random forest techniques. This study presents the design and realization of a novel Intelligent Citizenship Identity through family pedigree using Graph Signature based random forest (GSB-RF) model. The study also showcases the development of a novel graph signature technique referred to as Canonical Code Signature(CCS) method. The CCS method is used at the pre-processing stage of the identification process to build signature for any given tuple. Performance comparisim between the present system and the baseline techniques which includes: the K-Nearest Neighbour and the traditional Random Forest shows that the present system outperformed the baseline method studied. The proposed system shows capability to perform continuous re-identification of Citizens based on their family pedigree with ability to select best sample with low computational complexity, high identification accuracy and speed. Our experimental result shows that the precision rate and identification quality of our system in most cases are equal to or greater than 70%. Therefore, the proposed Citizenship Identification machine is capable of providing usable, consistent, efficient, faster and accurate identification, to the users, security agents, government agents and institutions on-line, real-time and at any-time

Real-World Smartphone-based Gait Recognition

As the smartphone and the services it provides are becoming targets of cybercrime, it is critical to secure smartphones. However, it is important security controls are designed to provide continuous and user-friendly security. Amongst the most important of these is user authentication, where users have experienced a significant rise in the need to authenticate to the device and individually to the numerous apps that it contains. Gait authentication has gained attention as a mean of non-intrusive or transparent authentication on mobile devices, capturing the information required to verify the authenticity of the user whilst the person is walking. Whilst prior research in this field has shown promise with good levels of recognition performance, the results are constrained by the gait datasets utilised being based upon highly controlled laboratory-based experiments which lack the variability of real-life environments. This paper introduces an advanced real-world smartphone-based gait recognition system that recognises the subject within real-world unconstrained environments. The proposed model is applied to the uncontrolled gait dataset, which consists of 44 users over a 7–10 day capture – where users were merely asked to go about their daily activities. No conditions, controls or expectations of particular activities were placed upon the participants. The experiment has modelled four types of motion normal walking, fast walking and down and upstairs for each of the users. The evaluation of the proposed model has achieved an equal error rate of 11.38%, 11.32%, 24.52%, 27.33% and 15.08% for the normal, fast, down and upstairs and all activities respectively. The results illustrate, within an appropriate framework, that gait recognition is a viable technique for real-world use