1,269 research outputs found
Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning
Authentication of smartphone users is important because a lot of sensitive
data is stored in the smartphone and the smartphone is also used to access
various cloud data and services. However, smartphones are easily stolen or
co-opted by an attacker. Beyond the initial login, it is highly desirable to
re-authenticate end-users who are continuing to access security-critical
services and data. Hence, this paper proposes a novel authentication system for
implicit, continuous authentication of the smartphone user based on behavioral
characteristics, by leveraging the sensors already ubiquitously built into
smartphones. We propose novel context-based authentication models to
differentiate the legitimate smartphone owner versus other users. We
systematically show how to achieve high authentication accuracy with different
design alternatives in sensor and feature selection, machine learning
techniques, context detection and multiple devices. Our system can achieve
excellent authentication performance with 98.1% accuracy with negligible system
overhead and less than 2.4% battery consumption.Comment: Published on the IEEE/IFIP International Conference on Dependable
Systems and Networks (DSN) 2017. arXiv admin note: substantial text overlap
with arXiv:1703.0352
Secure Pick Up: Implicit Authentication When You Start Using the Smartphone
We propose Secure Pick Up (SPU), a convenient, lightweight, in-device,
non-intrusive and automatic-learning system for smartphone user authentication.
Operating in the background, our system implicitly observes users' phone
pick-up movements, the way they bend their arms when they pick up a smartphone
to interact with the device, to authenticate the users.
Our SPU outperforms the state-of-the-art implicit authentication mechanisms
in three main aspects: 1) SPU automatically learns the user's behavioral
pattern without requiring a large amount of training data (especially those of
other users) as previous methods did, making it more deployable. Towards this
end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW)
algorithm to effectively quantify similarities between users' pick-up
movements; 2) SPU does not rely on a remote server for providing further
computational power, making SPU efficient and usable even without network
access; and 3) our system can adaptively update a user's authentication model
to accommodate user's behavioral drift over time with negligible overhead.
Through extensive experiments on real world datasets, we demonstrate that SPU
can achieve authentication accuracy up to 96.3% with a very low latency of 2.4
milliseconds. It reduces the number of times a user has to do explicit
authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies
(SACMAT) 201
Protecting Cache States Against Both Speculative Execution Attacks and Side-channel Attacks
Hardware caches are essential performance optimization features in modern
processors to reduce the effective memory access time. Unfortunately, they are
also the prime targets for attacks on computer processors because they are
high-bandwidth and reliable side or covert channels for leaking secrets.
Conventional cache timing attacks typically leak secret encryption keys, while
recent speculative execution attacks typically leak arbitrary
illegally-obtained secrets through cache timing channels. While many hardware
defenses have been proposed for each class of attacks, we show that those for
conventional (non-speculative) cache timing channels do not work for all
speculative execution attacks, and vice versa. We maintain that a cache is not
secure unless it can defend against both of these major attack classes.
We propose a new methodology and framework for covering such relatively large
attack surfaces to produce a Speculative and Timing Attack Resilient (STAR)
cache subsystem. We use this to design two comprehensive secure cache
architectures, STAR-FARR and STAR-NEWS, that have very low performance
overheads of 5.6% and 6.8%, respectively. To the best of our knowledge, these
are the first secure cache designs that cover both non-speculative cache side
channels and cache-based speculative execution attacks.
Our methodology can be used to compose and check other secure cache designs.
It can also be extended to other attack classes and hardware systems.
Additionally, we also highlight the intrinsic security and performance benefits
of a randomized cache like a real Fully Associative cache with Random
Replacement (FARR) and a lower-latency, speculation-aware version (NEWS)
Random and Safe Cache Architecture to Defeat Cache Timing Attacks
Caches have been exploited to leak secret information due to the different
times they take to handle memory accesses. Cache timing attacks include
non-speculative cache side and covert channel attacks and cache-based
speculative execution attacks. We first present a systematic view of the attack
and defense space and show that no existing defense has addressed both
speculative and non-speculative cache timing attack families, which we do in
this paper. We propose Random and Safe (RaS) cache architectures to decorrelate
the cache state changes from memory requests. RaS fills the cache with ``safe''
cache lines that are likely to be used in the future, rather than with
demand-fetched, security-sensitive lines. RaS captures a group of safe
addresses during runtime and fetches addresses randomly displaced from these
addresses. Our proposed RaS architecture is flexible to allow
security-performance trade-offs. We show different designs of RaS architectures
that can defeat cache side-channel attacks and cache-based speculative
execution attacks. The RaS variant against cache-based speculative execution
attacks has 4.2% average performance overhead and other RaS variants against
both attack families have 7.9% to 45.2% average overhead. For some benchmarks,
RaS defenses improve the performance while providing security
- …