Usability analysis of a novel biometric authentication approach for android-based mobile devices

Mobile devices are widely replacing the standard personal computers thanks to their small size and user-friendly use. As a consequence, the amount of information, often confidential, exchanged through these devices is raising. This makes them potential targets of malicious network hackers. The use of simple passwords or PIN are not sufficient to provide a suitable security level for those applications requiring high protection levels on data and services. In this paper a biometric authentication system, as a running Android application, has been developed and implemented on a real mobile device. A system test on real users has been also carried out in order to evaluate the human-machine interaction quality, the recognition accuracy of the proposed technique, and the scheduling latency of the operating system and its degree of acceptance. Several measures, such as system usability, users satisfaction, and tolerable speed for identification, have been carried out in order to evaluate the performance of the proposed approach

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Model for cryptography protection of confidential information

УДК 004.056 Борсуковський Ю.В., Борсуковська В.Ю. Модель криптографічного захисту конфіденційної інформації В даній статті проведено детальний аналіз вимог щодо формування моделі криптографічного захисту конфіденційної інформації. Розглянуто використання засобів криптографічного захисту інформації з метою реалізації організаційних та технічних заходів по запобіганню витокам конфіденційної інформації на об’єктах критичної інфраструктури. Сформульовані базові вимоги та рекомендації щодо структури та функціональних складових моделі захисту конфіденційної інформації. Формалізовані вимоги щодо створення, впровадження та експлуатації превентивних процедур управління багатоступінчатим захистом конфіденційної інформації. Наведено приклад використання моделі криптографічного захисту інформації для створення захищеної і прозорої в використанні бази аутентифікаційних даних користувача. Запропонована модель захисту дозволяє мати кілька ступенів програмного та апаратного захисту, що із однієї сторони спрощує їх використання при виконанні чинних політик безпеки і зменшує ймовірність дискредитації аутентифікаційних даних, а із іншої сторони підвищує ймовірність виявлення зловмисних дій третьої сторони за рахунок багатоступінчатої системи захисту. Враховано практичний досвід створення типових моделей захисту конфіденційної інформації для розробки, впровадження та управління сучасними політиками інформаційної безпеки щодо питань використання засобів криптографічного захисту конфіденційної інформації на підприємствах різних форми власності.UDC 004.056 Borsukovskyi Y., Borsukovska V. Model for Cryptography Protection of Confidential Information Current article provides the detailed analysis of requirements for creation of model for cryptography protection of confidential information. Article defines the use of information cryptography protection tools in order to ensure the application of organizational and technical actions to prevent leakage of confidential information at critical infrastructure assets. It provides the basic requirements for the structure and functional elements of model for protection of confidential information. Formalize requirements on creation, implementation and exploitation of preventive procedure in management of multi-level protection of confidential information. The article includes example of use of model for cryptography protection of information for creation of secure and transparent in use the authenticating data base of user. The presented model of protection ensures to have a few levels of firewalls, that, on one hand, simplifies its use in execution of acting security policies and decrease the probability of discrediting of authenticating data, and, on other hand, increase the probability to detect the criminal actions of third party by means of multi-level protection system. It considers the practical experience in creation of standard models for protection of confidential information for development, implementation and management of modern policies on information security in part of use of cryptography protection tools for confidential information at enterprises of different forms of incorporation

Usability Analysis of a Novel Biometric Authentication Approach for Android-Based Mobile Devices, Journal of Telecommunications and Information Technology, 2014, nr 4

Mobile devices are widely replacing the standard personal computers thanks to their small size and userfriendly use. As a consequence, the amount of information, often confidential, exchanged through these devices is raising. This makes them potential targets of malicious network hackers. The use of simple passwords or PIN are not sufficient to provide a suitable security level for those applications requiring high protection levels on data and services. In this paper a biometric authentication system, as a running Android application, has been developed and implemented on a real mobile device. A system test on real users has been also carried out in order to evaluate the human-machine interaction quality, the recognition accuracy of the proposed technique, and the scheduling latency of the operating system and its degree of acceptance. Several measures, such as system usability, users satisfaction, and tolerable speed for identification, have been carried out in order to evaluate the performance of the proposed approach

MULTI-AGENT SYSTEM OF PROTECTING INFORMATION FROM UNAUTHORIZED ACCESS

This article lists methods and tools for unlocking data from the local network. Modern methods and software tools for protecting data from unauthorized access from local area network have been analyzed. The advantages and disadvantages of the DLP (Data Loss / Leakage Prevention) system are demonstrated to protect data from unauthorized access. The criteria for increasing the effectiveness of the DLP system and the multi-intellect DLP system were suggested.Перечислены методы и инструменты для разблокировки данных из локальной сети. Проанализированы современные методы и программные средства защиты данных от несанкционированного доступа из локальной сети. Показаны преимущества и недостатки системы DLP, предназначенной для предотвращения потери / утечки данных от несанкционированного доступа. Предложены критерии повышения эффективности системы DLP и системы DLP с многоагентным интеллектом

Future consumer mobile phone security: a case study using the data centric security model

In the interconnected world that we live in, traditional security barriers are\ud broken down. Developments such as outsourcing, increased usage of mobile\ud devices and wireless networks each cause new security problems.\ud To address the new security threats, a number of solutions have been suggested,\ud mostly aiming at securing data rather than whole systems or networks.\ud However, these visions (such as proposed by the Jericho Forum [9] and IBM\ud [4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is\ud unclear what data-centric security could mean for other systems and environments.\ud One particular category of systems that has been neglected is that of\ud consumer mobile phones. Currently, data security is usually limited to a PIN\ud number on startup and the option to disable wireless connections. The lack of\ud protection does not seem justified, as these devices have steadily increased in\ud capabilities and capacity; they can connect wirelessly to the Internet and have\ud a high risk of being lost or stolen [8]. This not only puts end users at risk, but\ud also their contacts, as phones can contain privacy sensitive data of many others.\ud For example, if birth dates and addresses are kept with the contact records, in\ud many cases a thief will have enough information to impersonate a contact and\ud steal his identity.\ud Could consumer mobile phones benefit from data-centric security? How\ud useful is data-centric security in this context? These are the core questions we\ud will try to address here