Seed-based authentication for mobile clients across multiple devices

Authenticating users for mobile cloud apps has been a major security issue in recent years. Traditional passwords ensure the security of mobile applications, but it also requires extra effort from users to memorize complex passwords. Seed-based authentication can simplify the process of authentication for mobile users. In the seed-based authentication, images can be used as credentials for a mobile app. A seed is extracted from an image and used to generate one-time tokens for login. Compared to complex passwords, images are more friendly to mobile users. Previous work had been done in seed-based authentication which focused on providing authentication from a single device. It is common that a mobile user may have two or more mobile devices. Authenticating the same user on different devices is challenging due to several aspects, such as maintaining the same credential for multiple devices and distinguishing different users. In this article, we aimed at developing a solution to address these issues. We proposed multiple-device authentication algorithms to identify users. We adopted a one-time token paradigm to ensure the security of mobile applications. In addition, we tried to minimize the authentication latency for better performance. Our simulation showed that the proposed algorithms can improve the average latency of authentication for 40% at most, compared to single-device solutions.     

Keystroke dynamics-based authentication for mobile devices

Recently, mobile devices are used in financial applications such as banking and stock trading. However, unlike desktops and notebook computers, a 4-digit personal identification number (PIN) is often adopted as the only security mechanism for mobile devices. Because of their limited length, PINs are vulnerable to shoulder surfing and systematic trial-and-error attacks. This paper reports the effectiveness of user authentication using keystroke dynamics-based authentication (KDA) on mobile devices. We found that a KDA system can be effective for mobile devices in terms of authentication accuracy. Use of artificial rhythms leads to even better authentication performance.     

普适环境下基于生物加密的认证机制

普适计算的出现对网络通信中的安全和隐私提出了新的挑战,传统的认证技术已经不能满足普适环境的安全需求。提出了一种普适环境中用于完成服务使用者与提供者之间双向认证及密钥建立的机制。该机制高度融合了生物加密技术和Diffie-Hellman密钥交换技术,在不泄露用户隐私的情况完成双向认证。该机制提供了安全的建立密钥的算法,并且通过使用生物加密技术实现了访问控制策略的区别对待。经分析证明,该协议能很好地抵抗各种攻击,尤其是拒绝服务（DoS）攻击。     

A review on performance,security and various biometric template protection schemes for biometric authentication systems

Identifying a person based on their behavioral and biological qualities in an automated manner is called biometrics. The authentication system substituting traditional password and token for authentication and relies gradually on biometric authentication methods for verification of the identity of an individual. This proves the fact that society has started depending on biometric-based authentication systems. Security of biometric authentication needs to be reviewed and discussed as there are multiple points related to integrity and public reception of biometric-based authentication systems. Security and recognition accuracy are the two most important aspects which must be considered while designing biometric authentication systems. During enrollment phase scanning of biometric data is done to determine a set of distinct biometric feature set known as biometric template. Protection of biometric templates from various hacking efforts is a topic of vital importance as unlike passwords or tokens, compromised biometric templates cannot be reissued. Therefore, giving powerful protection techniques for biometric templates and still at that very moment preparing great identification accuracy is a good research problem nowadays, as well as in the future. Furthermore, efficiency under non-ideal conditions is also supposed to be inadequate and thus needs special attention in the design of a biometric authentication system. Disclosure of various biometric traits in miscellaneous applications creates a severe compromise on the privacy of the user. Biometric authentication can be utilized for remote user authentication. In this case, the biometric data of users typically called templates are stored in a server. The uniqueness and stability of biometrics ended it useful over traditional authentication systems. But, a similar thing made the enduring harm of a user’s identity in biometric systems. The architecture of the biometric system leads to several hazards that lead to numerous security concerns and privacy threats. To address this issue, biometric templates are secured using several schemes that are categorized as biometric cryptosystems, cancelable biometrics, hybrid methods, Homomorphic Encryption, visual cryptography based methods. Biometric cryptosystems and cancelable biometrics techniques provide reliable biometric security at a great level. However, there persist numerous concerns and encounters that are being faced during the deployment of these protection technologies. This paper reviews and analyses various biometric template protection methods. This review paper also reflects the limitations of various biometric template protection methods being used in present times and highlights the scope of future work.

     

An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security

Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks and can not provide provable security. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. The proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. The scheme also provides the known session key security, the perfect forward secrecy, the no key-compromise impersonation, the no unknown key-share and the no key control. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices. We also give a security proof under the random oracle.     

An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most remote user authentication schemes on ECC are based on public-key cryptosystem, in which the public key in the system requires the associated certificate to prove its validity. Thus, the user needs to perform additional computations to verify the certificate in these schemes. In addition, we find these schemes do not provide mutual authentication or a session key agreement between the user and the remote server. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. Based upon the ID-based concept, the proposed scheme does not require public keys for users such that the additional computations for certificates can be reduced. Moreover, the proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices.     

Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices

With the rapidly escalating use of smart devices and fraudulent transaction of users data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques.     

标准模型下隐私保护的多因素密钥交换协议

多因素认证密钥交换协议融合多种不同的认证因素来实现强安全的身份认证和访问控制,在具有高级别安全应用需求的移动泛在服务中具有巨大的应用潜力.现阶段多因素协议的研究成果还不丰富,并且已有协议都是在随机预言模型下可证明安全的.以两方口令认证密钥交换协议、鲁棒的模糊提取器以及签名方案为基本组件提出了一个标准模型下可证明安全的多因素协议.本文的协议中服务器不知道用户的生物模板,因此实现了对生物信息的隐私保护.与已有的随机预言模型下的多因素协议相比,本文的协议在满足更高安全性的同时具有更高的计算效率和通信效率,因此更满足高级别安全的移动泛在服务的应用需求.     

A Proposed Biometric Authentication Model to Improve Cloud Systems Security

Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password. Unfortunately, this approach has many security problems because personal data can be stolen or recognized by hackers. This paper aims to present a cloud-based biometric authentication model (CBioAM) for improving and securing cloud services. The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system (CBioAS), where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’ information. The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy, sensitivity, and specificity. The research study introduces a novel algorithm called “Bio_Authen_as_a_Service” for implementing and evaluating the proposed model. The proposed system performs the biometric authentication process securely and preserves the privacy of user information. The experimental result was highly promising for securing cloud services using the proposed model. The experiments showed encouraging results with a performance average of 93.94%, an accuracy average of 96.15%, a sensitivity average of 87.69%, and a specificity average of 97.99%.     

基于用户使用移动设备习惯的隐式认证初探

在移动设备(特别是手机)上输入密码是非常麻烦的。随着越来越多的人使用移动设备访问Internet服务,或者从事移动商务活动,人们希望能够简化身份认证操作。为此,提出一种新的身份认证方法——隐式认证,它直接利用用户使用设备的习惯来认证用户,免除了用户输入密码的麻烦;给出了可用于隐式认证的数据及其来源,探讨了可用于隐式认证的具体方法和隐式认证的系统体系结构。所述技术对于隐式认证的进一步研究和应用具有实际意义。     

Fast periocular authentication in handheld devices with reduced phase intensive local pattern

To ensure highest security in handheld devices, biometric authentication has emerged as a reliable methodology. Deployment of mobile biometric authentication struggles due to computational complexity. For a fast response from a mobile biometric authentication method, it is desired that the feature extraction and matching should take least time. In this article, the periocular region captured through frontal camera of a mobile device is considered under investigation for its suitability to produce a reduced feature that takes least time for feature extraction and matching. A recently developed feature Phase Intensive Local Pattern (PILP) is subjected to reduction giving birth to a feature termed as Reduced PILP (R-PILP), which yields a matching time speed-up of 1.56 times while the vector is 20% reduced without much loss in authentication accuracy. The same is supported by experiment on four publicly available databases. The performance is also compared with one global feature: Phase Intensive Global Pattern, and three local features: Scale Invariant Feature Transform, Speeded-up Robust Features, and PILP. The amount of reduction can be varied with the requirement of the system. The amount of reduction and the performance of the system bears a trade-off. Proposed R-PILP attempts to make periocular suitable for mobile devices.     

Active authentication for mobile devices utilising behaviour profiling

With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is designed to overcome this problem by utilising biometric techniques to continuously assess user identity. This paper describes a feasibility study into a behaviour profiling technique that utilises historical application usage to verify mobile users in a continuous manner. By utilising a combination of a rule-based classifier, a dynamic profiling technique and a smoothing function, the best experimental result for a users overall application usage was an equal error rate of 9.8 %. Based upon this result, the paper proceeds to propose a novel behaviour profiling framework that enables a user’s identity to be verified through their application usage in a continuous and transparent manner. In order to balance the trade-off between security and usability, the framework is designed in a modular way that will not reject user access based upon a single application activity but a number of consecutive abnormal application usages. The proposed framework is then evaluated through simulation with results of 11.45 and 4.17 % for the false rejection rate and false acceptance rate, respectively. In comparison with point-of-entry-based approaches, behaviour profiling provides a significant improvement in both the security afforded to the device and user convenience.     

Trust-based authentication scheme with user rating for low-resource devices in smart environments

In smart environments, pervasive computing contributes in improving daily life activities for dependent people by providing personalized services. Nevertheless, those environments do not guarantee a satisfactory level for protecting the user privacy and ensuring the trust between communicating entities. In this study, we propose a trust evaluation model based on user past and present behavior. This model is associated with a lightweight authentication key agreement protocol (Elliptic Curve-based Simple Authentication Key Agreement). The aim is to enable the communicating entities to establish a level of trust and then succeed in a mutual authentication using a scheme suitable for low-resource devices in smart environments. An innovation in our trust model is that it uses an accurate approach to calculate trust in different situations and includes a human-based feature for trust feedback, which is user rating. Finally, we tested and implemented our scheme on Android mobile phones in a smart environment dedicated for handicapped people.     

A novel transparent user authentication approach for mobile applications

ABSTRACT

With the rapid growth of smartphones and tablets in our daily lives, securing the sensitive data stored upon them makes authentication of paramount importance. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after accessing a mobile phone. Accordingly, there is a security benefit if authentication can be applied continually and transparently (i.e., without obstructing the user’s activities) to authenticate legitimate users, which is maintained beyond the point of entry. To this end, this paper suggests a novel transparent user authentication method for mobile applications by applying biometric authentication on each service within a single application in a secure and usable manner based on the risk level. A study involving data collected from 76 users over a one-month period using 12 mobile applications was undertaken to examine the proposed approach. The experimental results show that this approach achieved desirable outcomes for applying a transparent authentication system at an intra-process level, with an average of 6% intrusive authentication requests. Interestingly, when the participants were divided into three levels of usage (high, medium and low), the average intrusive authentication request was 3% which indicates a clear enhancement and suggests that the system would add a further level of security without imposing significant inconvenience upon the user.     

A Behavioral Authentication Method for Mobile Based on Browsing Behaviors

The passwords for unlocking the mobile devices are relatively simple, easier to be stolen, which causes serious potential security problems. An important research direction of identity authentication is to establish user behavior models to authenticate users. In this paper, a mobile terminal APP browsing behavioral authentication system architecture which synthesizes multiple factors is designed. This architecture is suitable for users using the mobile terminal APP in the daily life. The architecture includes data acquisition, data processing, feature extraction, and sub model training. We can use this architecture for continuous authentication when the user uses APP at the mobile terminal.      

Personal authentication using digital retinal images

Traditional authentication (identity verification) systems, used to gain access to a private area in a building or to data stored in a computer, are based on something the user has (an authentication card, a magnetic key) or something the user knows (a password, an identification code). However, emerging technologies allow for more reliable and comfortable user authentication methods, most of them based on biometric parameters. Much work could be found in the literature about biometric-based authentication, using parameters like iris, voice, fingerprints, face characteristics, and others. In this work a novel authentication method is presented and preliminary results are shown. The biometric parameter employed for the authentication is the retinal vessel tree, acquired through retinal digital images, i.e., photographs of the fundus of the eye. It has already been asserted by expert clinicians that the configuration of the retinal vessels is unique for each individual and that it does not vary during his life, so it is a very well-suited identification characteristic. Before the verification process can be executed, a registration step is required to align both the reference image and the picture to be verified. A fast and reliable registration method is used to perform this step, so that the whole authentication process takes about 0.3 s.     

Bend Passwords: using gestures to authenticate on flexible devices

Upcoming mobile devices will have flexible displays, allowing us to explore alternate forms of user authentication. On flexible displays, users can interact with the device by deforming the surface of the display through bending. In this paper, we present Bend Passwords, a new type of user authentication that uses bend gestures as its input modality. We ran three user studies to evaluate the usability and security of Bend Passwords and compared it to PINs on a mobile phone. Our first two studies evaluated the creation and memorability of user-chosen and system-assigned passwords. The third study looked at the security problem of shoulder-surfing passwords on mobile devices. Our results show that bend passwords are a promising authentication mechanism for flexible display devices. We provide eight design recommendations for implementing Bend Passwords on flexible display devices.     

A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.     

面向移动终端的隐式身份认证机制综述

面向移动终端的隐式身份认证机制通过监测移动终端环境以及用户行为等信息对用户进行透明且持续地认证,能够增强现有身份认证机制的可用性与安全性。该文对隐式身份认证技术的研究现状进行介绍。介绍了基于本地与基于网络的隐式身份认证框架;归纳总结出五类数据采集方式;对基于机器学习等多种用户分类算法进行了介绍,分析比较了各算法的正确率;归纳出两类访问控制机制,并对隐式身份认证所面临的模拟行为攻击以及用户隐私泄漏安全问题进行了讨论。     

Enhanced authentication for outsourced educational contents through provable block possession

In recent years, the volume of educational contents has been explosively increased thanks to the rapid development of multimedia technologies. Furthermore, the development of smart devices has made various educational institutes use them as effective learning tools. Since more and more educational contents become available not only at school zone but at a variety of online learning systems, it becomes increasingly unaffordable for a single educational contents provider to store and process them locally. Therefore, many educational contents providers are likely to outsource the contents to cloud storage for cost saving. These phenomena raise one serious concern: how to authenticate educational contents users in a secure and efficient way? The most widely used password-based authentication suffers from numerous drawbacks in terms of security. Multi-factor authentication protocols based on diverse communication channels such as SMS, biometric, hardware token could enhance security, however they inevitably bring poor usability. To this end, we present a data block-based authentication scheme, which provides provable security and guarantees usability invariant such that users do nothing but entering a password. In addition, the proposed scheme supports efficient user revocation. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced educational contents that is provably secure without usability degradation. The experiment on Amazon EC2 cloud shows that the proposed scheme guarantees nearly constant time for user authentication.