181 research outputs found

    SAW: Wristband-Based Authentication for Desktop Computers

    Get PDF
    Token-based proximity authentication methods that authenticate users based on physical proximity are effortless, but lack explicit user intentionality, which may result in accidental logins. For example, a user may get logged in when she is near a computer or just passing by, even if she does not intend to use that computer. Lack of user intentionality in proximity-based methods makes them less suitable for multi-user shared computer environments, despite their desired usability benefits over passwords. \par We present an authentication method for desktops called Seamless Authentication using Wristbands (SAW), which addresses the lack of intentionality limitation of proximity-based methods. SAW uses a low-effort user input step for explicitly conveying user intentionality, while keeping the overall usability of the method better than password-based methods. In SAW, a user wears a wristband that acts as the user\u27s identity token, and to authenticate to a desktop, the user provides a low-effort input by tapping a key on the keyboard multiple times or wiggling the mouse with the wristband hand. This input to the desktop conveys that someone wishes to log in to the desktop, and SAW verifies the user who wishes to log in by confirming the user\u27s proximity and correlating the received keyboard or mouse inputs with the user\u27s wrist movement, as measured by the wristband. In our feasibility user study (n=17), SAW proved quick to authenticate (within two seconds), with a low false-negative rate of 2.5% and worst-case false-positive rate of 1.8%. In our user perception study (n=16), a majority of the participants rated it as more usable than passwords

    Towards Seamless and Secure Mobile Authentication

    Get PDF
    abstract: With the rise of mobile technology, the personal lives and sensitive information of everyday citizens are carried about without a thought to the risks involved. Despite this high possibility of harm, many fail to use simple security to protect themselves because they feel the benefits of securing their devices do not outweigh the cost to usability. The main issue is that beyond initial authentication, sessions are maintained using optional timeout mechanisms where a session will end if a user is inactive for a period of time. This interruption-based form of continuous authentication requires constant user intervention leading to frustration, which discourages its use. No solution currently exists that provides an implementation beyond the insecure and low usability of simple timeout and re-authentication. This work identifies the flaws of current mobile authentication techniques and provides a new solution that is not limiting to the user, has a system for secure, active continuous authentication, and increases the usability and security over current methods.Dissertation/ThesisMasters Thesis Computer Science 201

    Kaistan ulkopuolisten todennuskanavien arviointi

    Get PDF
    One of the challenges in entirely wireless communication systems is authentication. In pervasive computing and peer-to-peer networks, it is often not possible to rely on the existence of a trusted third party or other infrastructure. Therefore, ad hoc verification of keys via an out-of-band (OOB) channel is often the only way to achieve authentication. Nimble out-of-band for EAP (EAP-NOOB) protocol is intended for bootstrapping security between IoT devices with no provisioned authentication credentials and minimal user interface. The protocol supports a user-assisted OOB channel to mutually authenticate the key-exchange performed over an insecure wireless network between the peer and the server. The protocol allows peers to scan for available networks and, based on the results, generate multiple dynamic OOB messages. The user then delivers one of these messages to the server to register the device and authenticate the key-exchange. We implemented the OOB channels using NFC, QR codes and sound with EAP-NOOB as the bootstrapping protocol. The implementation requires an auxiliary device such as the user's smartphone. We evaluated the usability and security as well as the benefits and limitations of the OOB channels. Our results show that NFC and QR codes are capable in displaying multiple OOB messages while the sound-based channel is suitable for one or two messages due to its lower bandwidth. When the peer device generates multiple OOB messages, the process becomes more complex for the user who needs to browse through them and identify the correct server. However, we showed that this cumbersome step can be removed with the help of a mobile application. Furthermore, we identified vulnerabilities in each technology when used as an OOB channel. While some of these vulnerabilities can be mitigated with the mobile application, some require more refined solutions.Yksi täysin langattomien järjestelmien haasteista on todennus. Sulautetussa tietotekniikassa sekä vertaisverkkoissa ei usein voida luottaa maailmanlaajuisesti luotettavan kolmannen osapuolen olemassaoloon. Siksi salausavainten ad hoc-varmennus erillistä tiedonsiirtokanavaa (OOB) käyttäen on usein ainoa ratkaisu turvallisen kommunikaation käynnistämiseksi. Se luo resilienssiä eri hyökkäyksiä vastaan tuomalla järjestelmään toisen, itsenäisen tiedonsiirtokanavan. EAP-NOOB protokolla on tarkoitettu IoT-laitteille, joilla on minimaalinen käyttöliittymä eikä esiasennettuja avaimia. EAP-NOOB tukee käyttäjäavustettua OOB-tiedonsiirtokanavaa, jota käytetään todentamaan suojaamattomassa verkossa suoritettu laitteen ja palvelimen keskinäinen salausavainten vaihto. Protokolla sallii laitteiden kartoittaa käytettävissä olevia verkkoja ja tuottaa sen perusteella dynaamisia todennusviestejä, jotka käyttäjä toimittaa palvelimelle laitteen rekisteröimiseksi. Tässä työssä tutkittiin EAP-NOOB protokollan OOB kanavaa käyttäen NFC:tä, QR-koodeja ja ääntä. Todennusviestin lukeminen laitteelta vaatii käyttäjältä älypuhelimen. Työssä arvioitiin toteutettujen todennuskanavien käytettävyyttä, tietoturvaa, hyötyjä sekä näitä rajoittavia tekijöitä. Työn tulokset osoittavat, että NFC ja QR-koodit soveltuvat näyttämään useita OOB-viestejä. Sen sijaan äänipohjainen kanava soveltuu vain yhdelle tai kahdelle viestille hitaamman tiedonsiirron johdosta. Kun IoT-laite tuottaa useita OOB-viestejä, käyttäjäkokemus muuttuu monimutkaisemmaksi, koska käyttäjän on tunnistettava oikea viesti ja palvelin. Työssä osoitetaan, että tämä käyttäjälle hankala vaihe voidaan välttää erillisellä mobiilisovelluksella. Lisäksi työssä tunnistettiin toteutettujen tiedonsiirtomenetelmien haavoittuvuuksia, kun niitä käytettiin OOB-kanavana. Vaikka osa näistä haavoittuvuuksista voidaan eliminoida mobiilisovelluksen avulla, jotkut niistä vaativat tehokkaampia ratkaisuja

    Computer science I like proceedings of miniconference on 4.11.2011

    Get PDF

    Survey and Systematization of Secure Device Pairing

    Full text link
    Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

    Non Minitia Fingerprint Recognition based on Segmentation

    Get PDF
    The biometric identification of a person has an advantage over traditional technique. Widely used biometric is Fingerprint to identify and authenticate a person. In this paper we propose Non Minutia Fingerprint Recognition based on Segmentation (NMFRS) algorithm. The variance of each block is determined by segmenting the finger print into 8* 8 blocks. Area of Interest (AOI) is obtained by removing the blocks with minimum variance. Features of Finger Print is obtained by applying Discrete Cosine Transform (DCT) on AOI and converted to major and minor non-overlapping blocks to determine variance. The percentage recognition rate is better in the proposed algorithm compared to the existing algorithms

    A Test Environment for Wireless Hacking in Domestic IoT Scenarios

    Get PDF
    Security is gaining importance in the daily life of every citizen. The advent of Internet of Things devices in our lives is changing our conception of being connected through a single device to a multiple connection in which the centre of connection is becoming the devices themselves. This conveys the attack vector for a potential attacker is exponentially increased. This paper presents how the concatenation of several attacks on communication protocols (WiFi, Bluetooth LE, GPS, 433 Mhz and NFC) can lead to undesired situations in a domestic environment. A comprehensive analysis of the protocols with the identification of their weaknesses is provided. Some relevant aspects of the whole attacking procedure have been presented to provide some relevant tips and countermeasures.This work has been partially supported by the Spanish Ministry of Science and Innovation through the SecureEDGE project (PID2019-110565RB-I00), and by the by the Andalusian FEDER 2014-2020 Program through the SAVE project (PY18-3724). // Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. // Funding for open access charge: Universidad de Málaga / CBU

    State of the Art, Trends and Future of Bluetooth Low Energy, Near Field Communication and Visible Light Communication in the Development of Smart Cities

    Get PDF
    The current social impact of new technologies has produced major changes in all areas of society, creating the concept of a smart city supported by an electronic infrastructure, telecommunications and information technology. This paper presents a review of Bluetooth Low Energy (BLE), Near Field Communication (NFC) and Visible Light Communication (VLC) and their use and influence within different areas of the development of the smart city. The document also presents a review of Big Data Solutions for the management of information and the extraction of knowledge in an environment where things are connected by an “Internet of Things” (IoT) network. Lastly, we present how these technologies can be combined together to benefit the development of the smart city

    Context and communication profiling for IoT security and privacy: techniques and applications

    Get PDF
    During the last decade, two major technological changes have profoundly changed the way in which users consume and interact with on-line services and applications. The first of these has been the success of mobile computing, in particular that of smartphones, the primary end device used by many users for access to the Internet and various applications. The other change is the emergence of the so-called Internet-of-Things (IoT), denoting a technological transition in which everyday objects like household appliances that traditionally have been seen as stand-alone devices, are given network connectivity by introducing digital communication capabilities to those devices. The topic of this dissertation is related to a core challenge that the emergence of these technologies is introducing: how to effectively manage the security and privacy settings of users and devices in a user-friendly manner in an environment in which an ever-growing number of heterogeneous devices live and co-exist with each other? In particular we study approaches for utilising profiling of contextual parameters and device communications in order to make autonomous security decisions with the goal of striking a better balance between a system's security on one hand, and, its usability on the other. We introduce four distinct novel approaches utilising profiling for this end. First, we introduce ConXsense, a system demonstrating the use of user-specific longitudinal profiling of contextual information for modelling the usage context of mobile computing devices. Based on this ConXsense can probabilistically automate security policy decisions affecting security settings of the device. Further we develop an approach utilising the similarity of contextual parameters observed with on-board sensors of co-located devices to construct proofs of presence that are resilient to context-guessing attacks by adversaries that seek to fool a device into believing the adversary is co-located with it, even though it is in reality not. We then extend this approach to a context-based key evolution approach that allows IoT devices that are co-present in the same physical environment like the same room to use passively observed context measurements to iteratively authenticate their co-presence and thus gradually establish confidence in the other device being part of the same trust domain, e.g., the set of IoT devices in a user's home. We further analyse the relevant constraints that need to be taken into account to ensure security and usability of context-based authentication. In the final part of this dissertation we extend the profiling approach to network communications of IoT devices and utilise it to realise the design of the IoTSentinel system for autonomous security policy adaptation in IoT device networks. We show that by monitoring the inherent network traffic of IoT devices during their initial set-up, we can automatically identify the type of device newly added to the network. The device-type information is then used by IoTSentinel to adapt traffic filtering rules automatically to provide isolation of devices that are potentially vulnerable to known attacks, thereby protecting the device itself and the rest of the network from threats arising from possible compromise of vulnerable devices
    corecore