Continuous User Authentication Using Multi-Modal Biometrics

It is commonly acknowledged that mobile devices now form an integral part of an individual’s everyday life. The modern mobile handheld devices are capable to provide a wide range of services and applications over multiple networks. With the increasing capability and accessibility, they introduce additional demands in term of security. This thesis explores the need for authentication on mobile devices and proposes a novel mechanism to improve the current techniques. The research begins with an intensive review of mobile technologies and the current security challenges that mobile devices experience to illustrate the imperative of authentication on mobile devices. The research then highlights the existing authentication mechanism and a wide range of weakness. To this end, biometric approaches are identified as an appropriate solution an opportunity for security to be maintained beyond point-of-entry. Indeed, by utilising behaviour biometric techniques, the authentication mechanism can be performed in a continuous and transparent fashion. This research investigated three behavioural biometric techniques based on SMS texting activities and messages, looking to apply these techniques as a multi-modal biometric authentication method for mobile devices. The results showed that linguistic profiling; keystroke dynamics and behaviour profiling can be used to discriminate users with overall Equal Error Rates (EER) 12.8%, 20.8% and 9.2% respectively. By using a combination of biometrics, the results showed clearly that the classification performance is better than using single biometric technique achieving EER 3.3%. Based on these findings, a novel architecture of multi-modal biometric authentication on mobile devices is proposed. The framework is able to provide a robust, continuous and transparent authentication in standalone and server-client modes regardless of mobile hardware configuration. The framework is able to continuously maintain the security status of the devices. With a high level of security status, users are permitted to access sensitive services and data. On the other hand, with the low level of security, users are required to re-authenticate before accessing sensitive service or data

Perceiving is Believing. Authentication with Behavioural and Cognitive Factors

Most computer users have experienced login problems such as, forgetting passwords, loosing token cards and authentication dongles, failing that complicated screen pattern once again, as well as, interaction difficulties in usability. Facing the difficulties of non-flexible strong authentication solutions, users tend to react with poor acceptance or to relax the assumed correct use of authentication procedures and devices, rendering the intended security useless. Biometrics can, sort of, solve some of those problems. However, despite the vast research, there is no perfect solution into designing a secure strong authentication procedure, falling into a trade off between intrusiveness, effectiveness, contextual adequacy and security guarantees. Taking advantage of new technology, recent research onmulti-modal, behavioural and cognitive oriented authentication proposals have sought to optimize trade off towards precision and convenience, reducing intrusiveness for the same amount of security. But these solutions also fall short with respect to different scenarios. Users perform currently multiple authentications everyday, through multiple devices, in panoply of different situations, involving different resources and diverse usage contexts, with no "better authentication solution" for all possible purposes. The proposed framework enhances the recent research in user authentication services with a broader view on the problems involving each solution, towards an usable secure authentication methodology combining and exploring the strengths of each method. It will than be used to prototype instances of new dynamic multifactor models (including novel models of behavioural and cognitive biometrics), materializing the PiB (perceiving is believing) authentication. Ultimately we show how the proposed framework can be smoothly integrated in applications and other authentication services and protocols, namely in the context of SSO Authentication Services and OAuth

Machine Learning Models for Educational Platforms

Scaling up education online and onlife is presenting numerous key challenges, such as hardly manageable classes, overwhelming content alternatives, and academic dishonesty while interacting remotely. However, thanks to the wider availability of learning-related data and increasingly higher performance computing, Artificial Intelligence has the potential to turn such challenges into an unparalleled opportunity. One of its sub-fields, namely Machine Learning, is enabling machines to receive data and learn for themselves, without being programmed with rules. Bringing this intelligent support to education at large scale has a number of advantages, such as avoiding manual error-prone tasks and reducing the chance that learners do any misconduct. Planning, collecting, developing, and predicting become essential steps to make it concrete into real-world education. This thesis deals with the design, implementation, and evaluation of Machine Learning models in the context of online educational platforms deployed at large scale. Constructing and assessing the performance of intelligent models is a crucial step towards increasing reliability and convenience of such an educational medium. The contributions result in large data sets and high-performing models that capitalize on Natural Language Processing, Human Behavior Mining, and Machine Perception. The model decisions aim to support stakeholders over the instructional pipeline, specifically on content categorization, content recommendation, learners’ identity verification, and learners’ sentiment analysis. Past research in this field often relied on statistical processes hardly applicable at large scale. Through our studies, we explore opportunities and challenges introduced by Machine Learning for the above goals, a relevant and timely topic in literature. Supported by extensive experiments, our work reveals a clear opportunity in combining human and machine sensing for researchers interested in online education. Our findings illustrate the feasibility of designing and assessing Machine Learning models for categorization, recommendation, authentication, and sentiment prediction in this research area. Our results provide guidelines on model motivation, data collection, model design, and analysis techniques concerning the above applicative scenarios. Researchers can use our findings to improve data collection on educational platforms, to reduce bias in data and models, to increase model effectiveness, and to increase the reliability of their models, among others. We expect that this thesis can support the adoption of Machine Learning models in educational platforms even more, strengthening the role of data as a precious asset. The thesis outputs are publicly available at https://www.mirkomarras.com

TOWARD THE SYSTEMATIZATION OF ACTIVE AUTHENTICATION RESEARCH

Authentication is the vital link between your real self and your digital self. As our digital selves become ever more powerful, the price of failing authentication grows. The most common authentication protocols are static data and employed only once at login. This allows for authentication to be spoofed just once to gain access to an entire user session. Behaviometric protocols continuously consume a user’s behavior as a token of authentication and can be applied throughout a session, thereby eliminating a fixed token to spoof. Research into these protocols as viable forms of authentication is relatively recent and is being conducted on a variety of data sources, features and classification schemes. This work proposes an extensible research framework to aid the systemization and preservation of research in this field by standardizing the interface for raw data collection, processing and interpretation. Specifically, this framework contributes transparent management of data collection and persistence, the presentation of past research in a highly configurable and extensible form, and the standardization of data forms to enhance innovative reuse and comparative analysis of prior research

Medical Systems Data Security and Biometric Authentication in Public Cloud Servers

Advances in distributed computing and virtualization allowed cloud computing to establish itself as a popular data management and storage option for organizations. However, unclear safeguards, practices, as well as the evolution of legislation around privacy and data protection, contribute to data security being one of the main concerns in adopting this paradigm. Another important aspect hindering the absolute success of cloud computing is the ability to ensure the digital identity of users and protect the virtual environment through logical access controls while avoiding the compromise of its authentication mechanism or storage medium. Therefore, this paper proposes a system that addresses data security wherein unauthorized access to data stored in a public cloud is prevented by applying a fragmentation technique and a NoSQL database. Moreover, a system for managing and authenticating users with multimodal biometrics is also suggested along with a mechanism to ensure the protection of biometric features. When compared with encryption, the proposed fragmentation method indicates better latency performance, highlighting its strong potential use-case in environments with lower latency requirements such as the healthcare IT infrastructure

Intelligent interface agents for biometric applications

This thesis investigates the benefits of applying the intelligent agent paradigm to biometric identity verification systems. Multimodal biometric systems, despite their additional complexity, hold the promise of providing a higher degree of accuracy and robustness. Multimodal biometric systems are examined in this work leading to the design and implementation of a novel distributed multi-modal identity verification system based on an intelligent agent framework. User interface design issues are also important in the domain of biometric systems and present an exceptional opportunity for employing adaptive interface agents. Through the use of such interface agents, system performance may be improved, leading to an increase in recognition rates over a non-adaptive system while producing a more robust and agreeable user experience. The investigation of such adaptive systems has been a focus of the work reported in this thesis. The research presented in this thesis is divided into two main parts. Firstly, the design, development and testing of a novel distributed multi-modal authentication system employing intelligent agents is presented. The second part details design and implementation of an adaptive interface layer based on interface agent technology and demonstrates its integration with a commercial fingerprint recognition system. The performance of these systems is then evaluated using databases of biometric samples gathered during the research. The results obtained from the experimental evaluation of the multi-modal system demonstrated a clear improvement in the accuracy of the system compared to a unimodal biometric approach. The adoption of the intelligent agent architecture at the interface level resulted in a system where false reject rates were reduced when compared to a system that did not employ an intelligent interface. The results obtained from both systems clearly express the benefits of combining an intelligent agent framework with a biometric system to provide a more robust and flexible application