Multi-factor Authentication : System proposal and analysis of continuous authentication methods

Fält, Markus

January 2020

It is common knowledge that the average user has multiple online accounts which all require a password. Some studies have shown that the number password for the average user is around 25. Considering this, one can see that it is unreasonable to expect the average user to have 25 truly unique passwords. Because of this multi-factor authentication could potentially be used to reduce the number of passwords to remember while maintaining and possibly exceeding the security of unique passwords. This thesis therefore, aims to examine continuous authentication methods as well as proposing an authentication system for combining various authentication methods. This was done by developing an authentication system using three different authentication factors. This system used a secret sharing scheme so that the authentication factors could be weighted according to their perceived security. The system also proposes a secure storage method for the secret shares and the feasibility of this is shown. The continuous authentication methods tests were done by testing various machine learning methods on two public datasets. The methods were graded on accuracy and the rate at which the wrong user was accepted. This showed that random forest and decision trees worked well on the particular datasets. Ensemble learning was then tested to see how the two continuous factors performed once combined into a single classifier. This gave an equal error rate of around 5% which is comparable to state-of-the-art methods used for similar datasets.

continuous authentication

machine learning

Computer Systems

Datorsystem

Continuous Authentication using Stylometry

Brocardo, Marcelo Luiz

30 April 2015

Static authentication, where user identity is checked once at login time, can be circumvented no matter how strong the authentication mechanism is. Through attacks such as man-in-the-middle and its variants, an authenticated session can be hijacked later after the initial login process has been completed. In the last decade, continuous authentication (CA) using biometrics has emerged as a possible remedy against session hijacking. CA consists of testing the authenticity of the user repeatedly throughout the authenticated session as data becomes available. CA is expected to be carried out unobtrusively, due to its repetitive nature, which means that the authentication information must be collectible without any active involvement of the user and without using any special purpose hardware devices (e.g. biometric readers). Stylometry analysis, which consists of checking whether a target document was written or not by a specific individual, could potentially be used for CA. Although stylometric techniques can achieve high accuracy rates for long documents, it is still challenging to identify an author for short documents, in particular when dealing with large author populations. In this dissertation, we propose a new framework for continuous authentication using authorship verification based on the writing style. Authorship verification can be checked using stylometric techniques through the analysis of linguistic styles and writing characteristics of the authors. Different from traditional authorship verification that focuses on long texts, we tackle the use of short messages. Shorter authentication delay (i.e. smaller data sample) is essential to reduce the window size of the re-authentication period in CA. We validate our method using different block sizes, including 140, 280, and 500 characters, and investigate shallow and deep learning architectures for machine learning classification. Experimental evaluation of the proposed authorship verification approach based on the Enron emails dataset with 76 authors yields an Equal Error Rate (EER) of 8.21% and Twitter dataset with 100 authors yields an EER of 10.08%. The evaluation of the approach using relatively smaller forgery samples with 10 authors yields an EER of 5.48%. / Graduate

Continuous authentication

Stylometry

Deep Belief Network

short message verification

Context-Awareness for Adversarial and Defensive Machine Learning Methods in Cybersecurity

Quintal, Kyle

14 August 2020

Machine Learning has shown great promise when combined with large volumes of historical data and produces great results when combined with contextual properties. In the world of the Internet of Things, the extraction of information regarding context, or contextual information, is increasingly prominent with scientific advances. Combining such advancements with artificial intelligence is one of the themes in this thesis. Particularly, there are two major areas of interest: context-aware attacker modelling and context-aware defensive methods. Both areas use authentication methods to either infiltrate or protect digital systems. After a brief introduction in chapter 1, chapter 2 discusses the current extracted contextual information within cybersecurity studies, and how machine learning accomplishes a variety of cybersecurity goals. Chapter 3 introduces an attacker injection model, championing the adversarial methods. Then, chapter 4 extracts contextual data and provides an intelligent machine learning technique to mitigate anomalous behaviours. Chapter 5 explores the feasibility of adopting a similar defensive methodology in the cyber-physical domain, and future directions are presented in chapter 6. Particularly, we begin this thesis by explaining the need for further improvements in cybersecurity using contextual information and discuss its feasibility, now that ubiquitous sensors exist in our everyday lives. These sensors often show a high correlation with user identity in surprising combinations. Our first contribution lay within the domain of Mobile CrowdSensing (MCS). Despite its benefits, MCS requires proper security solutions to prevent various attacks, notably injection attacks. Our smart-injection model, SINAM, monitors data traffic in an online-learning manner, simulating an injection model with undetection rates of 99%. SINAM leverages contextual similarities within a given sensing campaign to mimic anomalous injections. On the flip-side, we investigate how contextual features can be utilized to improve authentication methods in an enterprise context. Also motivated by the emergence of omnipresent mobile devices, we expand the Spatio-temporal features of unfolding contexts by introducing three contextual metrics: document shareability, document valuation, and user cooperation. These metrics are vetted against modern machine learning techniques and achieved an average of 87% successful authentication attempts. Our third contribution aims to further improve such results but introducing a Smart Enterprise Access Control (SEAC) technique. Combining the new contextual metrics with SEAC achieved an authenticity precision of 99% and a recall of 97%. Finally, the last contribution is an introductory study on risk analysis and mitigation using context. Here, cyber-physical coupling metrics are created to extract a precise representation of unfolding contexts in the medical field. The presented consensus algorithm achieves initial system conveniences and security ratings of 88% and 97% with these news metrics. Even as a feasibility study, physical context extraction shows good promise in improving cybersecurity decisions. In short, machine learning is a powerful tool when coupled with contextual data and is applicable across many industries. Our contributions show how the engineering of contextual features, adversarial and defensive methods can produce applicable solutions in cybersecurity, despite minor shortcomings.

Continuous Authentication

Machine Learning

Cybersecurity

Artificial Intelligence

Online Learning

Feature Engineering

Context Awareness

Adversarial Methods

Evasion Attacks Against Behavioral Biometric Continuous Authentication Using a Generative Adversarial Network

Blenneros, Herman, Sävenäs, Erik

January 2021

The aim of the project was to examine the feasibilityof evading continuous authentication systems with a generativeadversarial network. To this end, a group of supervised andunsupervised state-of-the-art classifiers were trained on a publiclyavailable dataset of stroke patterns on mobile devices. To find thebest configurations for each classifier, hyper-parameter searcheswere performed. To attack the classifiers, a generative adversarialnetwork was trained on the dataset to reproduce samples followingthe same distribution. The generative adversarial networkwas optimized to maximize the Equal Error Rate metric of theclassifiers on the reproduced data. Our results show that theEqual Error Rate and the Threshold False Acceptance Rateincreased on generated samples compared to random evasionattacks. Across the classifiers, the greatest increase in Equal ErrorRate was 26 percent (for the artificial neural network), and thegreatest increase in Threshold False Acceptance Rate was 60percent for the same classifier. Moreover, it was found that, ingeneral, the unsupervised classifiers were more robust towardsthis type of attack. The results indicate that evasion attacksagainst continuous authentication systems using a generativeadversarial network are feasible and thus constitute a real threat. / Målet med detta projekt var att undersökamöjligheten att undgå ett aktivt verifieringssystem med hjälpav ett generativt nätverk. För att göra detta valde vi ut ettantal moderna klassifieringsalgoritmer och tränade dem på enoffentlig datasamling av svepmönster på mobiltelefoner. För atterhålla de bästa konfigurationerna för varje klassifieringsalgoritmutfördes hyper-parameter sökningar. För att attackera klassifieringsalgorithmernaimplementerades ett generative adversarialnetwork som tränades på datasamlingen för att reproduceraliknande svepmönster. Det generativa nätverket optimerades föratt maximera klassifieringsalgoritmernas likvärdiga felkvot medden reproducerade datan. Resultaten visar att den likvärdigafelkvoten och tröskeln av den felaktiga verifieringskvoten ökademed den reproducerade datan jämfört med slumpmässiga tester.Den högsta ökningen av den likvärdiga felkvoten var 26 procent(för det artificiella neurala nätverket) och den högsta ökningenav tröskeln av den felaktiga verifieringskvoten var 60 procent forsamma algoritm. Därutöver fann vi att de oövervakade klassifieringsalgoritmernavar mer motståndskraftiga mot denna typenav attack jämfört med de övervakade klassifieringsalgoritmerna.Resultaten tyder på att det är möjligt att till viss del undgå ettaktivt verifieringssystem med hjälp av ett generative adversarialnetwork och att denna typen av attacker utgör ett konkret hot. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm

Continuous Authentication

Generative Adversarial Network

evasion

biometrics

Elektroteknik och elektronik

An Adaptive Approach to Securing Ubiquitous Smart Devices in IoT Environment with Probabilistic User Behavior Prediction

January 2016

abstract: Cyber systems, including IoT (Internet of Things), are increasingly being used ubiquitously to vastly improve the efficiency and reduce the cost of critical application areas, such as finance, transportation, defense, and healthcare. Over the past two decades, computing efficiency and hardware cost have dramatically been improved. These improvements have made cyber systems omnipotent, and control many aspects of human lives. Emerging trends in successful cyber system breaches have shown increasing sophistication in attacks and that attackers are no longer limited by resources, including human and computing power. Most existing cyber defense systems for IoT systems have two major issues: (1) they do not incorporate human user behavior(s) and preferences in their approaches, and (2) they do not continuously learn from dynamic environment and effectively adapt to thwart sophisticated cyber-attacks. Consequently, the security solutions generated may not be usable or implementable by the user(s) thereby drastically reducing the effectiveness of these security solutions. In order to address these major issues, a comprehensive approach to securing ubiquitous smart devices in IoT environment by incorporating probabilistic human user behavioral inputs is presented. The approach will include techniques to (1) protect the controller device(s) [smart phone or tablet] by continuously learning and authenticating the legitimate user based on the touch screen finger gestures in the background, without requiring users’ to provide their finger gesture inputs intentionally for training purposes, and (2) efficiently configure IoT devices through controller device(s), in conformance with the probabilistic human user behavior(s) and preferences, to effectively adapt IoT devices to the changing environment. The effectiveness of the approach will be demonstrated with experiments that are based on collected user behavioral data and simulations. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016

Computer science

continuous authentication

dynamic IoT environment assessment

intelligent IoT device adaptation

pro-active protection

probabilistic human behaviors

probabilistic reasoning

Dynamic Template Adjustment in Continuous Keystroke Dynamics / Dynamic Template Adjustment in Continuous Keystroke Dynamics

Kulich, Martin

January 2015

Dynamika úhozů kláves je jednou z behaviorálních biometrických charakteristik, kterou je možné použít pro průběžnou autentizaci uživatelů. Vzhledem k tomu, že styl psaní na klávesnici se v čase mění, je potřeba rovněž upravovat biometrickou šablonu. Tímto problémem se dosud, alespoň pokud je autorovi známo, žádná studie nezabývala. Tato diplomová práce se pokouší tuto mezeru zaplnit. S pomocí dat o časování úhozů od 22 dobrovolníků bylo otestováno několik technik klasifikace, zda je možné je upravit na online klasifikátory, zdokonalující se bez učitele. Výrazné zlepšení v rozpoznání útočníka bylo zaznamenáno u jednotřídového statistického klasifikátoru založeného na normované Euklidovské vzdálenosti, v průměru o 23,7 % proti původní verzi bez adaptace, zlepšení však bylo pozorováno u všech testovacích sad. Změna míry rozpoznání správného uživatele se oproti tomu různila, avšak stále zůstávala na přijatelných hodnotách.

API de Segurança e Armazenamento de uma Arquitetura Multibiométrica para Controle de Acesso com Autenticação Contínua. / Security and Persistence APIs of a Multi-biometric Access Control Architecture for Continuous Authentication.

Oliveira, Adriana Esmeraldo de

16 September 2011

Made available in DSpace on 2015-05-14T12:36:30Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 4594295 bytes, checksum: bd4f4df655903b796eb6cf79a5060ded (MD5) Previous issue date: 2011-09-16 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / A biometric system that employs one single biometric characteristic is constrained. This limitation can be reduced by fusing the information presented by multiple sources. A system that consolidates the evidence presented by multiple biometric sources is known as a multibiometric system. In such a context, this work proposes the security and persistence APIs of a multi-biometric architecture, which is capable of using one or more biometric modalities. In access control applications, a user might be forced to authenticate in order to give an unauthorized access to a criminal. As an alternative to this problem, the API uses a continuous authentication process, which verifies if the user identified at the start of the software application is still able to remain on the system, without human interferences or breaks in the process. Much of the literature on biometric system design has focused on system error rates and scaling equations. However, it is also important to have a solid foundation for future progress as the processes and systems architecture for the new biometric application are designed. Hence, the designed architecture made it possible to create a well-defined API for multibiometric systems, which may help developers to standardize, among other things, their data structure, in order to enable and facilitate templates fusion and interoperability. Therefore, the developed security and persistence APIs support a multi-biometric access control architecture. This architecture is extensible, that is, capable of easily comprising new biometric characteristics and processes, yet making it possible to use a template security mechanism. The APIs were designed and implemented. They were demonstrated by a prototype application, through which it was possible to conduct the test experiments. / Um sistema biométrico que empregue uma única peculiaridade ou traço característico é restrito. Esta limitação pode ser suavizada pela fusão dos dados apresentados por múltiplas fontes. Um sistema que consolida a evidência apresentada por múltiplas fontes biométricas é conhecido como um sistema multibiométrico. Nesse contexto, este trabalho propõe a interface de aplicação (API) de segurança e armazenamento de uma arquitetura multibiométrica, com habilidade de empregar uma ou mais modalidades biométricas. Em aplicações de controle de acesso, um usuário pode ser coagido a se autenticar para permitir um acesso indevido. Como alternativa para este problema, a API utiliza um processo de autenticação contínua, que verifica se o usuário que se identificou no início de uma aplicação de software ainda está apto a continuar no sistema, sem interferências humanas ou paralisações do processo. Grande parte da literatura sobre projeto de sistemas biométricos tem o foco nas taxas de erro do sistema e na simplificação de equações. No entanto, também é importante que se tenha uma base sólida para progressos futuros no momento em que os processos e a arquitetura da nova aplicação biométrica estiverem sendo projetados. Neste sentido, a arquitetura projetada permitiu a construção de uma API bem definida para sistemas multibiométricos, que deverá auxiliar os desenvolvedores a padronizar, entre outras coisas, sua estrutura de dados, de forma a possibilitar e facilitar a fusão de modelos biométricos e a interoperabilidade. Deste modo, a API de segurança e armazenamento desenvolvida suporta uma arquitetura multibiométrica de controle de acesso para autenticação contínua extensível, isto é, capaz de receber novas características e processos biométricos com facilidade, permitindo, ainda, o uso de um mecanismo de segurança de templates biométricos. A API foi projetada e implementada. Sua demonstração foi feita através de uma aplicação protótipo, por meio da qual foi possível realizar os testes.

Multibiometria

Biometria

Multimodalidade

Controle de acesso

Autenticação contínua

Arquitetura de software

Segurança de templates

Multi-biometrics

Biometrics

Multimodality

Access control

Continuous authentication

Software architecture

Template security