Non-Intrusive Continuous User Authentication for Mobile Devices

The modern mobile device has become an everyday tool for users and business. Technological advancements in the device itself and the networks that connect them have enabled a range of services and data access which have introduced a subsequent increased security risk. Given the latter, the security requirements need to be re-evaluated and authentication is a key countermeasure in this regard. However, it has traditionally been poorly served and would benefit from research to better understand how authentication can be provided to establish sufficient trust. This thesis investigates the security requirements of mobile devices through literature as well as acquiring the user’s perspectives. Given the findings it proposes biometric authentication as a means to establish a more trustworthy approach to user authentication and considers the applicability and topology considerations. Given the different risk and requirements, an authentication framework that offers transparent and continuous is developed. A thorough end-user evaluation of the model demonstrates many positive aspects of transparent authentication. The technical evaluation however, does raise a number of operational challenges that are difficult to achieve in a practical deployment. The research continues to model and simulate the operation of the framework in an controlled environment seeking to identify and correlate the key attributes of the system. Based upon these results and a number of novel adaptations are proposed to overcome the operational challenges and improve upon the impostor detection rate. The new approach to the framework simplifies the approach significantly and improves upon the security of the system, whilst maintaining an acceptable level of usability

Development of a typing behaviour recognition mechanism on Android

This paper proposes a biometric authentication system which use password based and behavioural traits (typing behaviours) authentication technology to establish user’s identity on a mobile phone. The proposed system can work on the latest smart phone platform. It uses mobile devices to capture user’s keystroke data and transmit it to web server. The authentication engine will establish if a user is genuine or fraudulent. In addition, a multiplier of the standard deviation “α” has been defined which aims to achieve the balance between security and usability. Experimental results indicate that the developed authentication system is highly reliable and very secure with an equal error rate is below 7.5%

A conceptual model for federated authentication in the cloud

Authentication is a key security control for any computing system, whether that is a PC, server, laptop, tablet or mobile phone. However, authentication is traditionally poorly served, with existing implementations falling foul of a variety of weaknesses. Passwords are poorly selected, reused and shared (to name but a few). Research has suggested novel approaches to authentication such as transparent authentication and cooperative and distributed authentication. However, these technologies merely focus upon individual platforms rather than providing a universal and federated authentication approach that can be used across technologies and services. The advent of cloud computing, its universal connectivity, scalability and flexibility, offers a new opportunity of achieving usable and convenient authentication seamlessly in a technology and service independent fashion. The approach introduces a new dedicated authentication provider - the Managed Authentication Service Provider - that is able to provide state-of-the-art centralised verification of authenticity. However, relying upon such an environment also introduces a range of technology, privacy and trust-related issues that must be overcome

A conceptual model for federated authentication in the cloud

Authentication is a key security control for any computing system, whether that is a PC, server, laptop, tablet or mobile phone. However, authentication is traditionally poorly served, with existing implementations falling foul of a variety of weaknesses. Passwords are poorly selected, reused and shared (to name but a few). Research has suggested novel approaches to authentication such as transparent authentication and cooperative and distributed authentication. However, these technologies merely focus upon individual platforms rather than providing a universal and federated authentication approach that can be used across technologies and services. The advent of cloud computing, its universal connectivity, scalability and flexibility, offers a new opportunity of achieving usable and convenient authentication seamlessly in a technology and service independent fashion. The approach introduces a new dedicated authentication provider - the Managed Authentication Service Provider - that is able to provide state-of-the-art centralised verification of authenticity. However, relying upon such an environment also introduces a range of technology, privacy and trust-related issues that must be overcome

A New Approach to Mobile Device Authentication

The effectiveness of primary and secondary authentication systems on mobile devices leaves room for improvement. Device manufacturers provide security features which require users to memorize long, complex passwords and/or provide biometric information. These approaches have drawbacks which make their continued usage untenable. Users are already inundated with passwords and regularly forget answers to security challenges. People are growing resistant to sharing their biometrics with device manufacturers. An authentication solution which overcome these limitations are essential. This research addresses this need by proposing a new method for mobile device authentication. First, it reviews past and current approaches to authentication. It then identifies design goals for future mobile device authentication systems. Finally, it describes a new model for backup mobile device authentication. The proposed model integrates video with social authentication for asynchronous secondary verification

Mobile Application Security Platforms Survey

Nowadays Smartphone and other mobile devices have become incredibly important in every aspect of our life. Because they have practically offered same capabilities as desktop workstations as well as come to be powerful in terms of CPU (Central processing Unit), Storage and installing numerous applications. Therefore, Security is considered as an important factor in wireless communication technologies, particularly in a wireless ad-hoc network and mobile operating systems. Moreover, based on increasing the range of mobile application within variety of platforms, security is regarded as on the most valuable and considerable debate in terms of issues, trustees, reliabilities and accuracy. This paper aims to introduce a consolidated report of thriving security on mobile application platforms and providing knowledge of vital threats to the users and enterprises. Furthermore, in this paper, various techniques as well as methods for security measurements, analysis and prioritization within the peak of mobile platforms will be presented. Additionally, increases understanding and awareness of security on mobile application platforms to avoid detection, forensics and countermeasures used by the operating systems. Finally, this study also discusses security extensions for popular mobile platforms and analysis for a survey within a recent research in the area of mobile platform security

Literature Survey on Keystroke Dynamics for User Authentication

Behavioural biometrics is the field of study related to the measure of uniquely identifying and measuring the patterns in human activities. Computer security plays a vital role as most of the sensitive data is stored on computers. Keystrokes Dynamics is a technique based on human behaviour for typing the password. Whenever any user logins into the system, username and password combinations are used for authenticating the users. The username is not secret, and the imposter acts as user to guess the password also because of simplicity of password, the system is prone to more attacks. In this case biometrics provide secure and convenient authentication. Our system uses a Support Vector Machine (SVM) which is one of the best known classifications and regression algorithm. Support Vectors (SV) that fall under different regions is separated using hyper planes linear as well as non-linear. Researchers have proved that SVM will converge to the best possible solution in very less time

Review Paper on Various Methods of Implicit Authentication

The quest (search) for a reliable and convenient security system to authenticate a computer user has existed since the inadequacy of conventional password mechanism was realized, first by the security community, and then gradually by the public. Verifying the identity of a user before granting access to objects or services is an vital step in nearly all applications or environments. Some applications (e.g. pervasive environment) may impose additional requirements for user authentication mechanism, such as to be continuous and unobtrusive. New system is hoped being transparent and with very minimum user involvement denoted as implicit authentication system. This paper tackles the issue of ambient systems adaptation to users' needs while the environment and users' preferences evolve continuously. DOI: 10.17762/ijritcc2321-8169.150512