Non-Intrusive Continuous User Authentication for Mobile Devices

The modern mobile device has become an everyday tool for users and business. Technological advancements in the device itself and the networks that connect them have enabled a range of services and data access which have introduced a subsequent increased security risk. Given the latter, the security requirements need to be re-evaluated and authentication is a key countermeasure in this regard. However, it has traditionally been poorly served and would benefit from research to better understand how authentication can be provided to establish sufficient trust. This thesis investigates the security requirements of mobile devices through literature as well as acquiring the user’s perspectives. Given the findings it proposes biometric authentication as a means to establish a more trustworthy approach to user authentication and considers the applicability and topology considerations. Given the different risk and requirements, an authentication framework that offers transparent and continuous is developed. A thorough end-user evaluation of the model demonstrates many positive aspects of transparent authentication. The technical evaluation however, does raise a number of operational challenges that are difficult to achieve in a practical deployment. The research continues to model and simulate the operation of the framework in an controlled environment seeking to identify and correlate the key attributes of the system. Based upon these results and a number of novel adaptations are proposed to overcome the operational challenges and improve upon the impostor detection rate. The new approach to the framework simplifies the approach significantly and improves upon the security of the system, whilst maintaining an acceptable level of usability

Keystroke Analysis as an authentication Method for thumb-based keyboards on mobile handsets

The evolution of mobile networking and the introduction of third generation systems brought a revolution to the functionality and services that mobile handsets are able to offer. As a result, the sensitivity and the volume of information that today's handsets can store and access has grown, and unauthorised access to them can conclude to serious personal and financial loss. Current authentication provided mainly by the use of the Personal Identification Number (PIN), can not be relied upon to safeguard the subscriber's assets, and the need of a stronger and more robust authentication is identified. This study is taking place to assess the feasibility of keystroke analysis as an authentication method on handsets that deploy thumb-based keyboards, looking to authenticate users while they type text messages. The experimental procedure showed the ability of the technique to classify users using a thumb-based keyboard interface, achieving a best Equal Error Rate (EER) of 12.2% utilising the inter-key latency of defined keywords. An additional evaluation of hold-time on the most recurrent letters in English did not prove that it could provide the information needed to achieve classification, using the specific interface. The results of inter-key latency characteristic support the potential use of the method for authentication purposes. Despite the error rates are higher than other approaches, as keystroke analysis can provide transparent and thus continuous authentication, the cooperation with other security mechanisms can offer enhanced security in mobile handsets in a cost-effective way.Faculty of Technolog

Simulation in digital forensic education

The paper starts by describing the role of simulation and role play in education and training. A variety of examples, such as flight simulation, medical simulation, military personnel and stress, simulation in computer science education. The core definition of simulation is that it allows students to explore a problem area in a safe and controlled environment. We contrast different approaches, such as high versus low fidelity simulation. Virtual worlds represent one strand of simulation, and have been used in education to teach a variety of subjects. Simulation is already used in many areas of the forensic subject area, for example by giving students suspect disks to analyse, asking them to seize a computer system in different scenarios, or delivering evidence in a simulated court. Forensic simulation both teaches cognitive practical skills, and acts to reduce the anxiety related to working as a digital forensics practitioner. We are evaluating the use of virtual worlds to extend the range of convenience of forensic simulation and t