2,651 research outputs found
Implicit Sensor-based Authentication of Smartphone Users with Smartwatch
Smartphones are now frequently used by end-users as the portals to
cloud-based services, and smartphones are easily stolen or co-opted by an
attacker. Beyond the initial log-in mechanism, it is highly desirable to
re-authenticate end-users who are continuing to access security-critical
services and data, whether in the cloud or in the smartphone. But attackers who
have gained access to a logged-in smartphone have no incentive to
re-authenticate, so this must be done in an automatic, non-bypassable way.
Hence, this paper proposes a novel authentication system, iAuth, for implicit,
continuous authentication of the end-user based on his or her behavioral
characteristics, by leveraging the sensors already ubiquitously built into
smartphones. We design a system that gives accurate authentication using
machine learning and sensor data from multiple mobile devices. Our system can
achieve 92.1% authentication accuracy with negligible system overhead and less
than 2% battery consumption.Comment: Published in Hardware and Architectural Support for Security and
Privacy (HASP), 201
Defending cache memory against cold-boot attacks boosted by power or EM radiation analysis
Some algorithms running with compromised data select cache memory as a type of secure memory where data is confined and not transferred to main memory. However, cold-boot attacks that target cache memories exploit the data remanence. Thus, a sudden power shutdown may not delete data entirely, giving the opportunity to steal data. The biggest challenge for any technique aiming to secure the cache memory is performance penalty. Techniques based on data scrambling have demonstrated that security can be improved with a limited reduction in performance. However, they still cannot resist side-channel attacks like power or electromagnetic analysis. This paper presents a review of known attacks on memories and countermeasures proposed so far and an improved scrambling technique named random masking interleaved scrambling technique (RM-ISTe). This method is designed to protect the cache memory against cold-boot attacks, even if these are boosted by side-channel techniques like power or electromagnetic analysis.Postprint (author's final draft
Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning
Authentication of smartphone users is important because a lot of sensitive
data is stored in the smartphone and the smartphone is also used to access
various cloud data and services. However, smartphones are easily stolen or
co-opted by an attacker. Beyond the initial login, it is highly desirable to
re-authenticate end-users who are continuing to access security-critical
services and data. Hence, this paper proposes a novel authentication system for
implicit, continuous authentication of the smartphone user based on behavioral
characteristics, by leveraging the sensors already ubiquitously built into
smartphones. We propose novel context-based authentication models to
differentiate the legitimate smartphone owner versus other users. We
systematically show how to achieve high authentication accuracy with different
design alternatives in sensor and feature selection, machine learning
techniques, context detection and multiple devices. Our system can achieve
excellent authentication performance with 98.1% accuracy with negligible system
overhead and less than 2.4% battery consumption.Comment: Published on the IEEE/IFIP International Conference on Dependable
Systems and Networks (DSN) 2017. arXiv admin note: substantial text overlap
with arXiv:1703.0352
Exploiting Split Browsers for Efficiently Protecting User Data
Offloading complex tasks to a resource-abundant environment like the cloud, can extend the capabilities of resource constrained mobile devices, extend battery life, and improve user experience. Split browsing is a new paradigm that adopts this strategy to improve web browsing on devices like smartphones and tablets. Split browsers offload computation to the cloud by design; they are composed by two parts, one running on the thin client and one in the cloud. Rendering takes place primarily in the latter, while a bitmap or a simplified web page is communicated to the client. Despite its difference with traditional web browsing, split browsing still suffers from the same types of threats, such as cross-site scripting. In this paper, we propose exploiting the design of split browsers to also utilize cloud resources for protecting against various threats efficiently. We begin by systematically studying split browsing architectures, and then proceed to propose two solutions, in parallel and inline cloning, that exploit the inherent features of this new browsing paradigm to accurately and efficiently protect user data against common web exploits. Our preliminary results suggest that our framework can be efficiently applied to Amazon’s Silk, the most widely deployed at the time of writing, split browser
Offline Model Guard: Secure and Private ML on Mobile Devices
Performing machine learning tasks in mobile applications yields a challenging
conflict of interest: highly sensitive client information (e.g., speech data)
should remain private while also the intellectual property of service providers
(e.g., model parameters) must be protected. Cryptographic techniques offer
secure solutions for this, but have an unacceptable overhead and moreover
require frequent network interaction. In this work, we design a practically
efficient hardware-based solution. Specifically, we build Offline Model Guard
(OMG) to enable privacy-preserving machine learning on the predominant mobile
computing platform ARM - even in offline scenarios. By leveraging a trusted
execution environment for strict hardware-enforced isolation from other system
components, OMG guarantees privacy of client data, secrecy of provided models,
and integrity of processing algorithms. Our prototype implementation on an ARM
HiKey 960 development board performs privacy-preserving keyword recognition
using TensorFlow Lite for Microcontrollers in real time.Comment: Original Publication (in the same form): DATE 202
ПІДХОДИ ДО БЕЗПЕКИ ХМАРО-ОРІЄНТОВАНОГО МОБІЛЬНОГО НАВЧАННЯ
The paper attempts to outline the security issues in the development and application of cloud-based mobile learning. A brief definition of the mobile learning, its components and related technologies and devices is given. The specific characteristics of social media, big data and cloud computing are summarized in relation with their integration in the mobile learning and its transformation to a cloud-based environment. The main security threats to this type of learning are pointed out and some recommendations for providing security learning are given are given.В статье делается попытка выделить проблемы безопасности при разработке и применении мобильной учебы с применением облачных технологий. Сделано короткое определение мобильной учебы, ее компонентов, сопутствующих технологий и устройств. Обобщены особенности социальных медиа, больших данных и облачных технологий в отношении к их интеграции в мобильную учебу и трансформацию в облачной среде. Определены основные угрозы для безопасности такого вида учебы и предоставлены некоторые рекомендации для обеспечения безопасности учебы. У статті робиться спроба окреслити проблеми безпеки при розробці та застосуванні мобільного навчання з застосуванням хмарних технологій. Зроблено коротке визначення мобільного навчання, його компонентів, супутніх технологій та пристроїв. Підсумовані особливості соціальних медіа, великих данних та хмарних технологій у відношенні до їх інтеграції у мобільне навчання та трансформацію в хмарному середовищі. Визначені основні загрози для безпеки такого виду навчання та надані деякі рекомендації для забезпечення безпеки навчання
EyeSpot: leveraging gaze to protect private text content on mobile devices from shoulder surfing
As mobile devices allow access to an increasing amount of private data, using them in public can potentially leak sensitive information through shoulder surfing. This includes personal private data (e.g., in chat conversations) and business-related content (e.g., in emails). Leaking the former might infringe on users’ privacy, while leaking the latter is considered a breach of the EU’s General Data Protection Regulation as of May 2018. This creates a need for systems that protect sensitive data in public. We introduce EyeSpot, a technique that displays content through a spot that follows the user’s gaze while hiding the rest of the screen from an observer’s view through overlaid masks. We explore different configurations for EyeSpot in a user study in terms of users’ reading speed, text comprehension, and perceived workload. While our system is a proof of concept, we identify crystallized masks as a promising design candidate for further evaluation with regard to the security of the system in a shoulder surfing scenario
- …