User Authentication Methods for Mobile Systems Dr Steven Furnell



Similar documents
User Authentication using Combination of Behavioral Biometrics over the Touchpad acting like Touch screen of Mobile Device

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

Deployment of Keystroke Analysis on a Smartphone

By Ian Kilpatrick, chairman Wick Hill Group, specialists in secure infrastructure solutions.

Personal Identification Techniques Based on Operational Habit of Cellular Phone

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS

BehavioSec participation in the DARPA AA Phase 2

NFC & Biometrics. Christophe Rosenberger

Assignment 1 Biometric authentication

Two-Factor Authentication Making Sense of all the Options

Alternative authentication what does it really provide?

22 nd NISS Conference

Voice Authentication for ATM Security

May For other information please contact:

Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs

The 4 forces that generate authentication revenue for the channel

French Justice Portal. Authentication methods and technologies. Page n 1

Authentication Solutions Through Keystroke Dynamics

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Chapter 5 Understanding Input. Discovering Computers Your Interactive Guide to the Digital World

Progressive Authentication on Mobile Devices. They are typically restricted to a single security signal in the form of a PIN, password, or unlock

Two Factor Authentication for VPN Access

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Consumers Awareness of, Attitudes Towards and Adoption of Mobile Phone Security

Continuous Biometric User Authentication in Online Examinations

Detecting Credit Card Fraud

solutions Biometrics integration

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger.

A Behavioral Biometric Approach Based on Standardized Resolution in Mouse Dynamics

Security Levels for Web Authentication using Mobile Phones

SCB Access Single Sign-On PC Secure Logon

Framework for Biometric Enabled Unified Core Banking

Physical Security: A Biometric Approach Preeti, Rajni M.Tech (Network Security),BPSMV preetytushir@gmail.com, ratri451@gmail.com

International Journal of Innovative Research in Computer and Communication Engineering

How Secure is your Authentication Technology?

Strengths and Weaknesses of Access Control Systems. Eric Schmiedl and Mike Spindel

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper

Internet and Computing Core Certification Guide Module A Computing Fundamentals

Beyond Security Awareness Achieving culture and avoiding fatigue

Multi-factor authentication

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

GROUPTALK FOR ANDROID VERSION for Android

Multi-factor Mobile Authentication

Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France

SECURITY SYSTEM WITH AUTHENTICATION CODE AND ADAPTIVE PHOTO LOG

SECURE WEB MARKETING USING EAR BIOMETRICS

Biometrics: Advantages for Employee Attendance Verification. InfoTronics, Inc. Farmington Hills, MI

De-duplication The Complexity in the Unique ID context

Moving Beyond Passwords: Consumer Attitudes on Online Authentication A Study of US, UK and German Consumers

ADVANCE AUTHENTICATION TECHNIQUES

Decision on adequate information system management. (Official Gazette 37/2010)

User Behaviour Analytics

Data Security 2. Implement Network Controls

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

Multi-Factor Authentication FAQs

Standardizing Information and Communication Systems

Cloud Voice Service Cloud Communicator User Guide. (Version 1.0)

Token Security or Just Token Security? A Vanson Bourne report for Entrust

Role of Multi-biometrics in Usable Multi- Factor Authentication

Is Skype Safe for Judges?

How To Understand How To Authenticate On A Mobile Device

Secure Remote Photo Identification With ID card

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

BIOMETRIC AUTHENTICATION SECURITY AND USABILITY

HIPAA Security Checklist for Healthcare Providers - Self-Evaluation Checklist

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

Executive Brief for Sharing Sites & Digital Content Providers. Leveraging Hybrid P2P Technology to Enhance the Customer Experience and Grow Profits

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Biometric Authentication using Online Signature

A MOBILE PAYMENT SYSTEM WITH AN EXTRA TOKEN OF SECURITY Nael Hirzallah 1 and Sana Nseir 2

Voice Authentication On-Demand: Your Voice as Your Key

Multi-Factor Authentication Core User Policy and Procedures

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Biometrics for Payment Applications. The SPA Vision on Financial Match-on-Card

Talent Solutions. LinkedIn Certified Professional. Program Handbook. LinkedIn Certified Professional Recruiter

To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence:

BIOMETRICS AUTHENTICATION TECHNIQUE FOR INTRUSION DETECTION SYSTEMS USING FINGERPRINT RECOGNITION

Multi-Factor Authentication of Online Transactions

RCN BUSINESS OFFICE MOBILITY FOR DESKTOP

MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO

Online Proctoring Services

Module 1 Concepts of Infor mation Technology (IT) Module Goals

Personal Telepresence

Cloud Video Service Cisco DX650 User Guide. (Version 1.0)

Behavioural Biometrics for Multi-Factor Authentication in Biomedicine

Authentication in an Internet Banking Environment

Mobile Phone Terminology Simplifying telecoms management

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Basics. How can I use the Internet to make free calls?

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

2 factor + 2. Authentication. way

Question Bank June 2015 R001 Mock

Trust Digital Best Practices

WHITE PAPER Usher Mobile Identity Platform

PARTNER Advanced Communications System (ACS)

Mobile Operating Systems & Security

Transcription:

User Authentication Methods for Mobile Systems Dr Steven Furnell Network Research Group University of Plymouth United Kingdom

Overview The rise of mobility and the need for user authentication A survey of mobile phone subscribers Advanced authentication options An experimental example Conclusions

Introduction Substantial growth of mobile devices e.g. mobile phones - 768m in 2001 to 1,848m in 2004 Increasing device functionality e.g. convergence of PDA and phone devices Mobile devices contain an increasing amount of sensitive information What protects these devices from attack?

Introduction Mobile devices are already prime targets for theft Advanced capabilities of new devices will make them even more desirable Increased bandwidth and wireless connectivity will facilitate new services Expansion of services and private data will require increased level of protection

Background Network Research Group Postgraduate and postdoctoral research 13 current PhD projects Significant focus in IT security Links to Orange in a number of projects Including two sponsored PhDs relating to authentication for mobile devices

Mobile Service Convergence Telephony E-commerce Internet / Web Personal Digital Assistant Telework Entertainment Banking Video Conferencing

The need for Authentication Expansion of services will lead to storage of more sensitive information: full contact details of family and associates financial details enabling mobile electronic commerce transactions commercially sensitive miscellaneous information (e.g. scheduler/notepad files) medical records PLUS potential for remote access into corporate systems

Making Headlines Huge surge in mobile phone thefts BBC News (Jan 2002) MoD loses 600 laptops BBC News (Jan 2002) Laptop theft causing global havoc ZDNet News (Aug 2001) Worm turns on Wireless Wired News (June 2000)

Authentication Strategies Three main approaches to user authentication: Something the user knows (e.g. password or PIN)? Something the user has (e.g. a card or other token) Something the user is (i.e. a biometric characteristic)

Weaknesses of traditional methods Passwords and PINs are often: badly selected (and easily guessed) written down shared with colleagues or friends infrequently changed the same on multiple systems

Assessing Attitudes Towards Security Relevant to determine user attitudes towards security Questionnaire distributed to 161 mobile phone subscribers Aim to assess: usage of mobile services usage of current authentication methods likely acceptance of more advanced methods

100 99 Usage of Mobile Services 90 80 60 40 66 46 48 20 0 15 19 9 6 1 0 1 Voice Text Messages Info. Services WAP Yes No Unavailable

Future Mobile Services Respondents support convergence of devices In total, 88% of respondents want some form of additional service from their phone: 73% would like personal organiser functions 58% would use the web 53% to download music Additional services suggested included: Digital money, radio, GPS

PINs on mobile handsets 4-6 digit number to be entered on the numerical keypad of the phone. Two possible levels of protection, both of which can be independently enabled or disabled: at switch on (all phones) to enable phone to come out of a standby mode (some phones)

Use of the PIN in practice 89% had knowledge of the PIN facility The 11% that were unaware would scale to approximately 84.5 million users worldwide Although 89% knew about the PIN facility only 56% used it 65% of those who did not use it blamed inconvenience 41% did not have confidence in the protection of the PIN facility Of the 24% who had 2 level PIN security, 64% did not use it, finding it inconvenient

Compromising the PIN Yes No Forgot it 17% 83% Told it to someone else 26% 74% Wrote it down 6% 94%

Attitudes towards Future Security 81% believed additional security a good idea Of these, 63% would even accept continuous authentication / supervision Only 2 out of 161 respondents considered additional security to be a bad idea Users are already concerned about security... but don t use available protection Need to consider alternative approaches

Future Authentication Requirements Inconvenience was a major reason why survey respondents did not use PINs require methods that can be non-intrusive Also desirable to have methods that users cannot easily invalidate Token based methods not likely to be viable for mobile systems tokens could be carried with devices or left permanently in situ

Biometric Approaches Physiological Fingerprints Hand Geometry Vein Checking Iris Scanning Retinal Scanning Faceprint Facial Thermogram Behavioural Voiceprint Signature Recognition Keystroke Analysis Mouse Dynamics

Error Rates False Acceptance Rate (FAR) errors where impostors are falsely believed to be legitimate users False Rejection Rate (FRR) errors where the system falsely identifies the legitimate user as an impostor

FAR / FRR relationship 100 False Acceptance Rate (FAR) False Rejection Rate (FRR) Rate (%) Equal Error Rate 0 Slack Tolerance / Threshold Setting Tight Increasing end-user rejection

Biometrics on mobile devices? Face recognition An internal camera could capture a digital image Processed to determine a series of characteristic vectors

Biometrics on mobile devices? Speaker recognition An internal microphone could capture voiceprint information Verification may be text dependant or independent

Biometrics on mobile devices? Signature verification A touch screen could capture the user s signature May be measured statically or dynamically

Biometrics on mobile devices? Iris Scanning Based upon unique characteristics of the eye Could be done using a high resolution still image camera

Biometrics on mobile devices? Keystroke Dynamics Based upon analysis of typing rhythms May be implemented in static or dynamic modes

Biometrics on mobile devices? Fingerprint Recognition Same principle as standard approach in criminology Based upon forks and ridge Requires specialist reader on mobile device

Advanced Mobile Authentication in action British Government's computerised ministerial red box Unlocked through a combination of: a minister's fingerprint special personal signet ring

Biometric Preferences 80 74 70 60 55 50 41 40 30 29 28 20 10 0 Fingerprint Voiceprint Facial Recognition Iris Scanning Typing Style

Mobile biometrics in practice Initial experiments to assess keystroke dynamics on a mobile phone aim to authenticate users by assessing keypad activity build profiles of characteristic inter-keystroke latency timings for different users Two distinct advantages: no additional hardware required completely transparent to the user

Mobile biometrics in practice The study involved 16 test subjects and assessed two types of keypad input: 4-digit PIN codes standard telephone numbers Neural networks were trained to differentiate between legitimate users and impostors Samples collected from a modified handset, via a PC

Mobile biometrics in practice FAR FRR EER PIN Code 18.1% 12.5% 15% Telephone numbers 16% 15% 15%

Mobile biometrics in practice Performance of Keystroke Dynamics in the PIN experiments 120 100 Percentage 80 60 40 20 0 0 0.075 0.125 0.175 0.225 0.275 0.325 0.375 0.425 0.475 Threshold 0.525 0.575 0.625 0.675 0.725 0.775 0.825 FRR 0.875 0.925 0.975 FAR

Potential for improvement The initial study was limited in terms of: test samples obtained network training Some individual users performed as well as 0% FRR and 1.3% FAR Previous experiments with full alphanumeric keyboard have observed similar results as the average

Potential for improvement Keystroke dynamics will work for some users in some contexts e.g. only non-intrusive if user is already interacting with the keyboard Other techniques will exhibit similar characteristics Potential solution combine techniques in a hybrid manner utilise context and user profile to determine appropriate method

A future scenario?

Conclusions User authentication is a key security requirement for mobile systems Survey results show that current methods may be compromised Biometric technologies offer a means to make authentication more transparent Unfortunately, one size does not fit all

Dr Steven Furnell sfurnell@plymouth.ac.uk Network Research Group www.plymouth.ac.uk/nrg

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information