Dynamic Control System Based On Context for Mobile Devices

“To render the accurate information, at correct place in real period with custom-made setup and locality sensitiveness” is the inspiration for every location based information scheme. Android applications in mobile devices may often have access to susceptible data and resources on user device. “Location Based Services” can only provide services that give a data and information to person, wherever he might be through various android applications. To avoid the data misuse by malicious applications, an application may get privilege on the specific user location and thus a Context Based Access Control Mechanism (CBACM) is needed so that privileges can be established and revoked vigorously. A very interesting application include shadowing where immediate information is required to choose if the people being monitored are valid intimidation or an flawed object. The execution of CBACM differentiates between the narrowly located sub-areas within the distinct area. Android operating system is modified such that context based access restriction can be precise and imposed. DOI: 10.17762/ijritcc2321-8169.15057

An adaptive framework for combating advanced persistent threats

Advanced persistent threats (APTs) pose a significant risk to nearly every organization. Due to the sophistication of these attacks, they can bypass existing security systems and largely infiltrate the target network. The prevention and detection of APT are challenging because attackers constantly change and evolve their attacking techniques and methods to stay undetected. As a result, APT often successfully compromises companies, organizations, or public authorities. This paper developed an adaptive security framework that continuously investigates the behavior of users of a network to protect it against threats. The framework constitutes of three main sections namely; Intrusion prevention, Intrusion detection, and Response to intrusions. The design model comprises the front end, middleware, and back end. The front end is implemented using HTML and Cascading Style Sheet (CSS) in Netbeans Integrated Development Environment (IDE) version 8.0.2. The middleware is implemented using Java Web of NetBeans IDE while the back end is implemented using MySQL server. The results show that the runtime security of the system is adapted according to the behavior patterns exhibited by the user hence, our system can detect zero-day attacks which signature-based intrusion detection systems cannot detect, thus protecting against these attacks. The work is recommended as a countermeasure against emerging persistent attacks

Adaptive threshold scheme for touchscreen gesture continuous authentication using sensor trust

In this study we produce a continuous authentication scheme for mobile devices that adjusts an adaptive threshold for touchscreen interactions based on trust in passively collected sensor data. Our framework unobtrusively compares real-time sensor data of a user to historic data and adjusts a trust parameter based on the similarity. We show that the trust parameter can be used to adjust an adaptive threshold in continuous authentication schemes. The framework passively models temporal, spatial and activity scenarios using sensor data such as location, surrounding devices, wi-fi networks, ambient noise, movements, user activity, ambient light, proximity to objects and atmospheric pressure from study participants. Deviations from the models increases the level of threat the device perceives from the scenario. We also model the user touchscreen interactions. The touchscreen interactions are authenticated against a threshold that is continually adjusted based on the perceived trust. This scheme provides greater nuance between security and usability, enabling more refined decisions. We present our novel framework and threshold adjustment criteria and validate our framework on two state-of-the-art sensor datasets. Our framework more than halves the false acceptance and false rejection rates of a static threshold system

ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

CONTEXT BASED ANDROID APPLICATIONADMINISTRATIVE ACCESS CONTROL (CBAA–AAC) FOR SMART PHONES

Android applications in smart phones are generally towards provide greater flexibility and convince for users. Considering the fact that the Android applications are having privilege to access data and resources in mobile after it gets installed (one time permission provided by end user on the time installation), these application may also lead to issues in security for the user data as well as issues relate smart phone with peripheral environment. A practical example for an issue which relates smart phone with peripheral environment can be even an Android smart phone application of a college student use camera resource to capture photos of R&D cell and transfer without user or organization permission. The security of the organization and user should be prevented by providing an adoptable solution. The proposed concept of CBAA-AAC (Context Based Android Application Administrative Access Control) is used to control the privileges of any Android application over a corresponding longitude and latitude by the organization administrator. In this way, administrator is able to block malicious application of every individual smart phone which can have activity towards utilizing services and resources that may affect the security of the organization, such an move is must for assuring security of any organization and educational institutions while they allow users to “bring their own smart phones/mobile devices” into the campus

Fuzzy logic-based implicit authentication for mobile access control

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.In order to address the increasing compromise of user privacy on mobile devices, a Fuzzy Logic based implicit authentication scheme is proposed in this paper. The proposed scheme computes an aggregate score based on selected features and a threshold in real-time based on current and historic data depicting user routine. The tuned fuzzy system is then applied to the aggregated score and the threshold to determine the trust level of the current user. The proposed fuzzy-integrated implicit authentication scheme is designed to: operate adaptively and completely in the background, require minimal training period, enable high system accuracy while provide timely detection of abnormal activity. In this paper, we explore Fuzzy Logic based authentication in depth. Gaussian and triangle-based membership functions are investigated and compared using real data over several weeks from different Android phone users. The presented results show that our proposed Fuzzy Logic approach is a highly effective, and viable scheme for lightweight real-time implicit authentication on mobile devices

Why aren't users using protection? Investigating the usability of smartphone locking

One of the main reasons why smartphone users do not adopt screen locking mechanisms is due to the inefficiency of entering a PIN/pattern each time they use their phone. To address this problem we designed a context-sensitive screen locking application which asked participants to enter a PIN/pattern only when necessary, and evaluated its impact on efficiency and satisfaction. Both groups of participants, who prior to the study either locked or did not lock their phone, adopted our application and felt that unlocking their phone only when necessary was more efficient, did not annoy them and offered a reasonable level of security. Participants responded positively to the option of choosing when a PIN/pattern is required in different contexts. Therefore, we recommend that designers of smartphone locking mechanisms should consider ceding a reasonable level of control over security settings to users to increase adoption and convenience, while keeping smartphones reasonably secure

Gestión de riesgo en dispositivos Android basada en eliminación de vulnerabilidades y detección de contextos

En la actualidad, los smartphones se han convertido, en poco tiempo, en los dispositivos de comunicación más utilizados. Las diversas funcionalidades que ofrecen estos terminales implican la exposición y el acceso a una gran cantidad de información personal y confidencial por parte de las aplicaciones instaladas en ellos. Android se trata del sistema operativo móvil más utilizado. Sin embargo, al tratarse de un sistema joven, no cuenta aún con suficientes mecanismos para la mitigación del riesgo presente en él y sus aplicaciones. Asimismo, su configuración de seguridad se trata de una labor tediosa que conlleva la falta de implicación por parte del usuario. Este proyecto tiene como objetivo proporcionar un mayor control sobre los riesgos de seguridad en Android. Más concretamente, se pretende incrementar el conocimiento y el control sobre las posibles vulnerabilidades presentes en las aplicaciones, además de contribuir a la adaptabilidad automática de la seguridad del dispositivo en función de su entorno. El sistema implementado cuenta con un gestor de vulnerabilidades y un módulo de seguridad por contexto e interactúa con la NVD, repositorio público de vulnerabilidades software estadounidense y la API de Android, tras la evaluación de varias alternativas como posibles fuentes de información. En definitiva, se presenta el desarrollo de una aplicación que, basada completamente en herramientas libres de desarrollo, logra mitigar el riesgo presente en smartphones con sistema operativo Android y se sientan unas bases para, a partir de esta aplicación, continuar con la investigación y mejora de la seguridad en él.In only a few years, smartphones have become one of the most commonly used communication devices due to their versatility. But all that different functionalities imply the access to a lot of personal and confidential information from the installed applications. Nowadays, Android is one of the most important mobile operative systems. However, due to its youth, there is a lack of risk mitigation mechanisms. Besides, its security configuration is tedious, which involves no implication of the user. This project pretends to provide a better control over security risks in Android. Its main is to increase the knowledge and control over possible vulnerabilities in applications and contribute to an automatic adaptable security device configuration depending on the environment the smartphone is in. The implemented system counts with a vulnerability manager and a context based security module, and it interacts with the NVD, U.S. government repository of software vulnerability data, and the Android’s API, after the evaluation of other alternatives as information sources. In conclusion, it is introduced an application that, based on free software development tools, contributes to mitigate risks in Android and that lays the foundations of new ideas for the security investigation on this operative system.Ingeniería de Telecomunicació