42,892 research outputs found
Transparent code authentication at the processor level
The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes
Deployment of Keystroke Analysis on a Smartphone
The current security on mobile devices is often limited to the Personal Identification Number (PIN), a secretknowledge based technique that has historically demonstrated to provide ineffective protection from misuse. Unfortunately, with the increasing capabilities of mobile devices, such as online banking and shopping, the need for more effective protection is imperative. This study proposes the use of two-factor authentication as an enhanced technique for authentication on a Smartphone. Through utilising secret-knowledge and keystroke analysis, it is proposed a stronger more robust mechanism will exist. Whilst keystroke analysis using mobile devices have been proven effective in experimental studies, these studies have only utilised the mobile device for capturing samples rather than the more computationally challenging task of performing the actual authentication. Given the limited processing capabilities of mobile devices, this study focuses upon deploying keystroke analysis to a mobile device utilising numerous pattern classifiers. Given the trade-off with computation versus performance, the results demonstrate that the statistical classifiers are the most effective
TOWARD THE SYSTEMATIZATION OF ACTIVE AUTHENTICATION RESEARCH
Authentication is the vital link between your real self and your digital self. As our digital selves become ever more powerful, the price of failing authentication grows. The most common authentication protocols are static data and employed only once at login. This allows for authentication to be spoofed just once to gain access to an entire user session. Behaviometric protocols continuously consume a user’s behavior as a token of authentication and can be applied throughout a session, thereby eliminating a fixed token to spoof. Research into these protocols as viable forms of authentication is relatively recent and is being conducted on a variety of data sources, features and classification schemes. This work proposes an extensible research framework to aid the systemization and preservation of research in this field by standardizing the interface for raw data collection, processing and interpretation. Specifically, this framework contributes transparent management of data collection and persistence, the presentation of past research in a highly configurable and extensible form, and the standardization of data forms to enhance innovative reuse and comparative analysis of prior research
Artificial-Noise-Aided Physical Layer Phase Challenge-Response Authentication for Practical OFDM Transmission
Recently, we have developed a PHYsical layer Phase Challenge-Response
Authentication Scheme (PHY-PCRAS) for independent multicarrier transmission. In
this paper, we make a further step by proposing a novel artificial-noise-aided
PHY-PCRAS (ANA-PHY-PCRAS) for practical orthogonal frequency division
multiplexing (OFDM) transmission, where the Tikhonov-distributed artificial
noise is introduced to interfere with the phase-modulated key for resisting
potential key-recovery attacks whenever a static channel between two legitimate
users is unfortunately encountered. Then, we address various practical issues
for ANA-PHY-PCRAS with OFDM transmission, including correlation among
subchannels, imperfect carrier and timing recoveries. Among them, we show that
the effect of sampling offset is very significant and a search procedure in the
frequency domain should be incorporated for verification. With practical OFDM
transmission, the number of uncorrelated subchannels is often not sufficient.
Hence, we employ a time-separated approach for allocating enough subchannels
and a modified ANA-PHY-PCRAS is proposed to alleviate the discontinuity of
channel phase at far-separated time slots. Finally, the key equivocation is
derived for the worst case scenario. We conclude that the enhanced security of
ANA-PHY-PCRAS comes from the uncertainty of both the wireless channel and
introduced artificial noise, compared to the traditional challenge-response
authentication scheme implemented at the upper layer.Comment: 33 pages, 13 figures, submitted for possible publicatio
- …