40 research outputs found
Advanced user authentification for mobile devices
Access to the full-text thesis is no longer available at the author's request, due to 3rd party copyright restrictions. Access removed on 28.11.2016 by CS (TIS).Metadata merged with duplicate record ( http://hdl.handle.net/10026.1/1101 - now deleted) on 20.12.2016 by CS (TIS).Recent years have witnessed widespread adoption of mobile devices. Whereas initial
popularity was driven by voice telephony services, capabilities are now broadening to
allow an increasing range of data orientated services. Such services serve to extend the
range of sensitive data accessible through such devices and will in turn increase the
requirement for reliable authentication of users.
This thesis considers the authentication requirements of mobile devices and proposes novel
mechanisms to improve upon the current state of the art. The investigation begins with an
examination of existing authentication techniques, and illustrates a wide range of
drawbacks. A survey of end-users reveals that current methods are frequently misused and
considered inconvenient, and that enhanced methods of security are consequently required.
To this end, biometric approaches are identified as a potential means of overcoming the
perceived constraints, offering an opportunity for security to be maintained beyond pointof-
entry, in a continuous and transparent fashion.
The research considers the applicability of different biometric approaches for mobile
device implementation, and identifies keystroke analysis as a technique that can offer
significant potential within mobile telephony. Experimental evaluations reveal the potential
of the technique when applied to a Personal Identification Number (PIN), telephone
number and text message, with best case equal error rates (EER) of 9%, 8% and 18%
respectively. In spite of the success of keystroke analysis for many users, the results
demonstrate the technique is not uniformly successful across the whole of a given
population. Further investigation suggests that the same will be true for other biometrics,
and therefore that no single authentication technique could be relied upon to account for all
the users in all interaction scenarios. As such, a novel authentication architecture is
specified, which is capable of utilising the particular hardware configurations and
computational capabilities of devices to provide a robust, modular and composite
authentication mechanism. The approach, known as IAMS (Intelligent Authentication
Management System), is capable of utilising a broad range of biometric and secret
knowledge based approaches to provide a continuous confidence measure in the identity of
the user. With a high confidence, users are given immediate access to sensitive services
and information, whereas with lower levels of confidence, restrictions can be placed upon
access to sensitive services, until subsequent reassurance of a user's identity.
The novel architecture is validated through a proof-of-concept prototype. A series of test
scenarios are used to illustrate how IAMS would behave, given authorised and impostor
authentication attempts. The results support the use of a composite authentication approach
to enable the non-intrusive authentication of users on mobile devices.Orange Personal Communication Services Ltd
Non-Intrusive Subscriber Authentication for Next Generation Mobile Communication Systems
Merged with duplicate record 10026.1/753 on 14.03.2017 by CS (TIS)The last decade has witnessed massive growth in both the technological development, and
the consumer adoption of mobile devices such as mobile handsets and PDAs. The recent
introduction of wideband mobile networks has enabled the deployment of new services
with access to traditionally well protected personal data, such as banking details or
medical records. Secure user access to this data has however remained a function of the
mobile device's authentication system, which is only protected from masquerade abuse by
the traditional PIN, originally designed to protect against telephony abuse.
This thesis presents novel research in relation to advanced subscriber authentication for
mobile devices. The research began by assessing the threat of masquerade attacks on
such devices by way of a survey of end users. This revealed that the current methods of
mobile authentication remain extensively unused, leaving terminals highly vulnerable to
masquerade attack. Further investigation revealed that, in the context of the more
advanced wideband enabled services, users are receptive to many advanced
authentication techniques and principles, including the discipline of biometrics which
naturally lends itself to the area of advanced subscriber based authentication.
To address the requirement for a more personal authentication capable of being applied
in a continuous context, a novel non-intrusive biometric authentication technique was
conceived, drawn from the discrete disciplines of biometrics and Auditory Evoked
Responses. The technique forms a hybrid multi-modal biometric where variations in the
behavioural stimulus of the human voice (due to the propagation effects of acoustic
waves within the human head), are used to verify the identity o f a user. The resulting
approach is known as the Head Authentication Technique (HAT).
Evaluation of the HAT authentication process is realised in two stages. Firstly, the
generic authentication procedures of registration and verification are automated within a
prototype implementation. Secondly, a HAT demonstrator is used to evaluate the
authentication process through a series of experimental trials involving a representative
user community. The results from the trials confirm that multiple HAT samples from
the same user exhibit a high degree of correlation, yet samples between users exhibit a
high degree of discrepancy. Statistical analysis of the prototypes performance realised
early system error rates of; FNMR = 6% and FMR = 0.025%. The results clearly
demonstrate the authentication capabilities of this novel biometric approach and the
contribution this new work can make to the protection of subscriber data in next
generation mobile networks.Orange Personal Communication Services Lt
Non-Intrusive Continuous User Authentication for Mobile Devices
The modern mobile device has become an everyday tool for users and business. Technological advancements in the device itself and the networks that connect them have enabled a range of services and data access which have introduced a subsequent increased security risk. Given the latter, the security requirements need to be re-evaluated and authentication is a key countermeasure in this regard. However, it has traditionally been poorly served and would benefit from research to better understand how authentication can be provided to establish sufficient trust. This thesis investigates the security requirements of mobile devices through literature as well as acquiring the user’s perspectives. Given the findings it proposes biometric authentication as a means to establish a more trustworthy approach to user authentication and considers the applicability and topology considerations. Given the different risk and requirements, an authentication framework that offers transparent and continuous is developed. A thorough end-user evaluation of the model demonstrates many positive aspects of transparent authentication. The technical evaluation however, does raise a number of operational challenges that are difficult to achieve in a practical deployment.
The research continues to model and simulate the operation of the framework in an controlled environment seeking to identify and correlate the key attributes of the system. Based upon these results and a number of novel adaptations are proposed to overcome the operational challenges and improve upon the impostor detection rate. The new approach to the framework simplifies the approach significantly and improves upon the security of the system, whilst maintaining an acceptable level of usability
Device- versus Network-Centric Authentication Paradigms for Mobile Devices: Operational and Perceptual Trade-Offs
The increasing capability and functionality of mobile devices is leading to a corresponding increase in the need for security to prevent unauthorised access. Indeed, as the data and services accessed via mobile devices become more sensitive, the existing method of user authentication (predominately based upon Personal Identification Numbers) appears increasingly insufficient. An alternative basis for authentication is offered by biometric approaches; which have the potential to be implemented in a non-intrusive manner and also enable authentication to be applied in an ongoing manner, beyond initial point-of-entry. However, the implementation of any authentication mechanism, particularly biometric approaches, introduces considerations of where the main elements of functionality (such as the processing of authentication data, decisions making, and storing user templates/profiles) should reside. At the extremes, there are two alternatives: a device-centric paradigm, in which the aforementioned aspects are handled locally; or a network-centric paradigm, in which the actions occur remotely and under the jurisdiction of the network operator. This paper examines the alternatives and determines that each context introduces considerations in relation to the privacy of user data, the processing and storage of authentication data, network bandwidth demands, and service availability. In view of the various advantages and disadvantages, it is concluded that a hybrid approach represents the most feasible solution; enabling data storage and processing to be split between the two locations depending upon individual circumstances. This represents the most flexible approach, and will enable an authentication architecture to be more adaptable to the needs of different users, devices and security requirements
Continuous User Authentication Using Multi-Modal Biometrics
It is commonly acknowledged that mobile devices now form an integral part of an individual’s everyday life. The modern mobile handheld devices are capable to provide a wide range of services and applications over multiple networks. With the increasing capability and accessibility, they introduce additional demands in term of security.
This thesis explores the need for authentication on mobile devices and proposes a novel mechanism to improve the current techniques. The research begins with an intensive review of mobile technologies and the current security challenges that mobile devices experience to illustrate the imperative of authentication on mobile devices. The research then highlights the existing authentication mechanism and a wide range of weakness. To this end, biometric approaches are identified as an appropriate solution an opportunity for security to be maintained beyond point-of-entry. Indeed, by utilising behaviour biometric techniques, the authentication mechanism can be performed in a continuous and transparent fashion.
This research investigated three behavioural biometric techniques based on SMS texting activities and messages, looking to apply these techniques as a multi-modal biometric authentication method for mobile devices. The results showed that linguistic profiling; keystroke dynamics and behaviour profiling can be used to discriminate users with overall Equal Error Rates (EER) 12.8%, 20.8% and 9.2% respectively. By using a combination of biometrics, the results showed clearly that the classification performance is better than using single biometric technique achieving EER 3.3%. Based on these findings, a novel architecture of multi-modal biometric authentication on mobile devices is proposed. The framework is able to provide a robust, continuous and transparent authentication in standalone and server-client modes regardless of mobile hardware configuration. The framework is able to continuously maintain the security status of the devices. With a high level of security status, users are permitted to access sensitive services and data. On the other hand, with the low level of security, users are required to re-authenticate before accessing sensitive service or data
Behaviour Profiling for Mobile Devices
With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life.
The modern mobile handheld device is capable of providing many multimedia services through a
wide range of applications over multiple networks as well as on the handheld device itself. These
services are predominantly driven by data, which is increasingly associated with sensitive
information. Such a trend raises the security requirement for reliable and robust verification
techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel
Behaviour Profiling security framework for mobile devices. The research starts with a critical
review of existing mobile technologies, security threats and mechanisms, and highlights a broad
range of weaknesses. Therefore, attention is given to biometric verification techniques which have
the ability to offer better security. Despite a large number of biometric works carried out in the
area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have
a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a
specific behaviour to enable the system to function or only capable of providing security for
network based services. To this end, the behaviour profiling technique is identified as a potential
candidate to provide high level security from both authentication and IDS aspects, operating in a
continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users
general applications usage, telephone, text message and multi-instance application usage with the
best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively.
Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is
proposed. The framework is able to provide a robust, continuous and non-intrusive verification
mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The
framework is able to utilise user behaviour to continuously evaluate the system security status of
the device. With a high system security level, users are granted with instant access to sensitive
services and data, while with lower system security levels, users are required to reassure their
identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a
simulation system. A series of security scenarios are designed to demonstrate the effectiveness of
the novel framework to verify legitimate and imposter activities. By employing the smoothing
function of three applications, verification time of 3 minutes and a time period of 60 minutes of
the degradation function, the Behaviour Profiling framework achieved the best performance with
False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall
applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09%
for their counterparts
A Survey on Security for Mobile Devices
Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach
Protecting the infrastructure: 3rd Australian information warfare & security conference 2002
The conference is hosted by the We-B Centre (working with a-business) in the School of Management Information System, the School of Computer & Information Sciences at Edith Cowan University. This year\u27s conference is being held at the Sheraton Perth Hotel in Adelaide Terrace, Perth. Papers for this conference have been written by a wide range of academics and industry specialists. We have attracted participation from both national and international authors and organisations.
The papers cover many topics, all within the field of information warfare and its applications, now and into the future.
The papers have been grouped into six streams:
• Networks
• IWAR Strategy
• Security
• Risk Management
• Social/Education
• Infrastructur
Behaviour based anomaly detection system for smartphones using machine learning algorithm
In this research, we propose a novel, platform independent behaviour-based anomaly detection system for smartphones. The fundamental premise of this system is that every smartphone user has unique usage patterns. By modelling these patterns into a profile we can uniquely identify users. To evaluate this hypothesis, we conducted an experiment in which a data collection application was developed to accumulate real-life dataset consisting of application usage statistics, various system metrics and contextual information from smartphones. Descriptive statistical analysis was performed on our dataset to identify patterns of dissimilarity in smartphone usage of the participants of our experiment. Following this analysis, a Machine Learning algorithm was applied on the dataset to create a baseline usage profile for each participant. These profiles were compared to monitor deviations from baseline in a series of tests that we conducted, to determine the profiling accuracy. In the first test, seven day smartphone usage data consisting of eight features and an observation interval of one hour was used and an accuracy range of 73.41% to 100% was achieved. In this test, 8 out 10 user profiles were more than 95% accurate. The second test, utilised the entire dataset and achieved average accuracy of 44.50% to 95.48%. Not only these results are very promising in differentiating participants based on their usage, the implications of this research are far reaching as our system can also be extended to provide transparent, continuous user authentication on smartphones or work as a risk scoring engine for other Intrusion Detection System