Privacy-Preserving and Scalable Authentication based on Network Connection Traces

Since password-based authentication is no longer sufficient for web applications, additional authentication factors are required. Especially in the context of mobile devices and with regard to usability, there is an increasing focus on methods where the user's behavior is used as authentication factor (e.g., touchscreen interactions or sensors). As this typically requires the processing of large amounts of sensitive data, issues related to privacy and scalability arise. Our work addresses the issues by presenting a scalable and privacy-friendly approach for authenticating users of mobile applications based on information about their network connections

mPSAuth: Privacy-Preserving and Scalable Authentication for Mobile Web Applications

As nowadays most web application requests originate from mobile devices, authentication of mobile users is essential in terms of security considerations. To this end, recent approaches rely on machine learning techniques to analyze various aspects of user behavior as a basis for authentication decisions. These approaches face two challenges: first, examining behavioral data raises significant privacy concerns, and second, approaches must scale to support a large number of users. Existing approaches do not address these challenges sufficiently. We propose mPSAuth, an approach for continuously tracking various data sources reflecting user behavior (e.g., touchscreen interactions, sensor data) and estimating the likelihood of the current user being legitimate based on machine learning techniques. With mPSAuth, both the authentication protocol and the machine learning models operate on homomorphically encrypted data to ensure the users' privacy. Furthermore, the number of machine learning models used by mPSAuth is independent of the number of users, thus providing adequate scalability. In an extensive evaluation based on real-world data from a mobile application, we illustrate that mPSAuth can provide high accuracy with low encryption and communication overhead, while the effort for the inference is increased to a tolerable extent.Comment: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl

Incremental Calibration of Architectural Performance Models with Parametric Dependencies

Architecture-based Performance Prediction (AbPP) allows evaluation of the performance of systems and to answer what-if questions without measurements for all alternatives. A difficulty when creating models is that Performance Model Parameters (PMPs, such as resource demands, loop iteration numbers and branch probabilities) depend on various influencing factors like input data, used hardware and the applied workload. To enable a broad range of what-if questions, Performance Models (PMs) need to have predictive power beyond what has been measured to calibrate the models. Thus, PMPs need to be parametrized over the influencing factors that may vary. Existing approaches allow for the estimation of parametrized PMPs by measuring the complete system. Thus, they are too costly to be applied frequently, up to after each code change. They do not keep also manual changes to the model when recalibrating. In this work, we present the Continuous Integration of Performance Models (CIPM), which incrementally extracts and calibrates the performance model, including parametric dependencies. CIPM responds to source code changes by updating the PM and adaptively instrumenting the changed parts. To allow AbPP, CIPM estimates the parametrized PMPs using the measurements (generated by performance tests or executing the system in production) and statistical analysis, e.g., regression analysis and decision trees. Additionally, our approach responds to production changes (e.g., load or deployment changes) and calibrates the usage and deployment parts of PMs accordingly. For the evaluation, we used two case studies. Evaluation results show that we were able to calibrate the PM incrementally and accurately.Comment: Manar Mazkatli is supported by the German Academic Exchange Service (DAAD

Continuous Integration of Architectural Performance Models with Parametric Dependencies – The CIPM Approach

Explicitly considering the software architecture supports efficient assessments of quality attributes. In particular, Architecture-based Performance Prediction (AbPP) supports performance assessment for future scenarios (e.g., alternative workload, design, deployment, etc.) without expensive measurements for all such alternatives. However, accurate AbPP requires an up-to-date architectural Performance Model (aPM) that is parameterized over factors impacting performance like input data characteristics. Especially in agile development, keeping such a parametric aPM consistent with software artifacts is challenging due to frequent evolutionary, adaptive and usage-related changes. The shortcoming of existing approaches is the scope of consistency maintenance since they do not address the impact of all aforementioned changes. Besides, extracting aPM by static and/or dynamic analysis after each impacting change would cause unnecessary monitoring overhead and may overwrite previous manual adjustments. In this article, we present our Continuous Integration of architectural Performance Model (CIPM) approach, which automatically updates the parametric aPM after each evolutionary, adaptive or usage change. To reduce the monitoring overhead, CIPM calibrates just the affected performance parameters (e.g., resource demand), using adaptive monitoring. Moreover, CIPM proposes a self-validation process that validates the accuracy, manages the monitoring and recalibrates the inaccurate parts. As a result, CIPM will automatically keep the aPM up-to-date throughout the development time and operation time, which enables AbPP for a proactive identification of upcoming performance problems and evaluating alternatives at low costs. CIPM is evaluated using three case studies, considering (1) the accuracy of the updated aPMs and associated AbPP and (2) the applicability of CIPM in terms of the scalability and the required monitoring overhead

Intelligence Artificielle et système d'identification sur le territoire du Rhin supérieur

Efficient identity management is not only a concern of the virtual world but also paramount for modern open societies like the European Union. Non-intrusive, AI-based techniques of continuous authentication have recently been proposed to increase the security, efficiency and user friendliness of online systems and services. We introduce the research project aura.ai that will investigate how to transfer and apply these novel means of AI-based authentication in the public transportation area of the Upper-Rhine region

Intelligence Artificielle et système d'identification sur le territoire du Rhin supérieur

Efficient identity management is not only a concern of the virtual world but also paramount for modern open societies like the European Union. Non-intrusive, AI-based techniques of continuous authentication have recently been proposed to increase the security, efficiency and user friendliness of online systems and services. We introduce the research project aura.ai that will investigate how to transfer and apply these novel means of AI-based authentication in the public transportation area of the Upper-Rhine region