Continuous user authentication using multi-modal biometrics

Saevanee, Hataichanok

January 2014

It is commonly acknowledged that mobile devices now form an integral part of an individual’s everyday life. The modern mobile handheld devices are capable to provide a wide range of services and applications over multiple networks. With the increasing capability and accessibility, they introduce additional demands in term of security. This thesis explores the need for authentication on mobile devices and proposes a novel mechanism to improve the current techniques. The research begins with an intensive review of mobile technologies and the current security challenges that mobile devices experience to illustrate the imperative of authentication on mobile devices. The research then highlights the existing authentication mechanism and a wide range of weakness. To this end, biometric approaches are identified as an appropriate solution an opportunity for security to be maintained beyond point-of-entry. Indeed, by utilising behaviour biometric techniques, the authentication mechanism can be performed in a continuous and transparent fashion. This research investigated three behavioural biometric techniques based on SMS texting activities and messages, looking to apply these techniques as a multi-modal biometric authentication method for mobile devices. The results showed that linguistic profiling; keystroke dynamics and behaviour profiling can be used to discriminate users with overall Equal Error Rates (EER) 12.8%, 20.8% and 9.2% respectively. By using a combination of biometrics, the results showed clearly that the classification performance is better than using single biometric technique achieving EER 3.3%. Based on these findings, a novel architecture of multi-modal biometric authentication on mobile devices is proposed. The framework is able to provide a robust, continuous and transparent authentication in standalone and server-client modes regardless of mobile hardware configuration. The framework is able to continuously maintain the security status of the devices. With a high level of security status, users are permitted to access sensitive services and data. On the other hand, with the low level of security, users are required to re-authenticate before accessing sensitive service or data.

005.8

Signature-based User Authentication / Signature-based User Authentication

Hámorník, Juraj

January 2015

This work aims on missing handwritten signature authentication in Windows. Result of this work is standalone software that allow users to log into Windows by writing signature. We focus on security of signature authentification and best overall user experience. We implemented signature authentification service that accept signature and return user access token if signature is genuine. Signature authentification is done by comparing given signature to signature patterns by their similarity. Signatures similarity is calculated by dynamic time warp on dynamic signature features such as speed, acceleration and pressure. User access token is used by our Windows login plugin called signature credential provider to decrypt user credentials and perform log in. Result of this work is solution that allow user log to windows by handwritten signatures, with equal error rate of 4.17\%.

Trust- and clustering-based authentication service in MANET.

January 2004

Ngai Cheuk Han. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 110-117). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background Study --- p.5 / Chapter 2.1 --- Mobile Ad Hoc Networks --- p.5 / Chapter 2.1.1 --- Definition --- p.5 / Chapter 2.1.2 --- Characteristics --- p.5 / Chapter 2.1.3 --- Applications --- p.6 / Chapter 2.1.4 --- Standards --- p.7 / Chapter 2.1.5 --- Routing Protocols --- p.8 / Chapter 2.2 --- Security in Mobile Ad Hoc Networks --- p.11 / Chapter 2.2.1 --- Vulnerabilities --- p.11 / Chapter 2.2.2 --- Motivation for the Attacks --- p.12 / Chapter 2.2.3 --- Types of Attacks --- p.13 / Chapter 2.3 --- Cryptography --- p.13 / Chapter 2.3.1 --- Cryptographic goals --- p.13 / Chapter 2.3.2 --- Symmetric-key encryption --- p.14 / Chapter 2.3.3 --- Asymmetric-key encryption --- p.14 / Chapter 2.3.4 --- Digital Signatures --- p.15 / Chapter 2.3.5 --- Digital Certificates --- p.15 / Chapter 2.3.6 --- Certificate Authority --- p.16 / Chapter 2.4 --- Literature Review --- p.17 / Chapter 3 --- Related Work --- p.23 / Chapter 4 --- Architecture and Models --- p.26 / Chapter 4.1 --- Architecture of the Authentication Service --- p.26 / Chapter 4.2 --- The Network Model --- p.28 / Chapter 4.2.1 --- Clustering-Based Structure --- p.31 / Chapter 4.2.2 --- Clusterhead Selection Criteria and Role --- p.33 / Chapter 4.3 --- The Trust Model --- p.37 / Chapter 4.3.1 --- Direct TVust --- p.40 / Chapter 4.3.2 --- Recommendation Trust --- p.41 / Chapter 4.3.3 --- Deriving Direct Trust --- p.41 / Chapter 5 --- Trust- and Clustering-Based Authentication Service --- p.43 / Chapter 5.1 --- Clustering Structure Formation and Maintenance --- p.43 / Chapter 5.1.1 --- Clustering Structure Formation --- p.43 / Chapter 5.1.2 --- Network Maintenance --- p.45 / Chapter 5.2 --- Security Operations --- p.50 / Chapter 5.2.1 --- Public Key Certification --- p.51 / Chapter 5.2.2 --- Identification of Malicious Nodes --- p.55 / Chapter 5.2.3 --- Trust Value Update --- p.58 / Chapter 5.3 --- Special Scenarios --- p.60 / Chapter 5.3.1 --- Join the network --- p.60 / Chapter 5.3.2 --- Move to another cluster --- p.61 / Chapter 5.3.3 --- Not Enough Introducer --- p.62 / Chapter 6 --- Simulations and Results --- p.65 / Chapter 6.1 --- Authentication Service Based on Trust and Network Mod- els --- p.65 / Chapter 6.1.1 --- Experiments Set-Up --- p.65 / Chapter 6.1.2 --- Simulation Results --- p.67 / Chapter 6.2 --- Clusters Formation and Maintenance --- p.85 / Chapter 6.2.1 --- Experiments Set-Up --- p.85 / Chapter 6.2.2 --- Simulation Results --- p.86 / Chapter 6.3 --- Authentication Service Based on Trust and Network Mod- els with Clusters Formation and Maintenance --- p.91 / Chapter 6.3.1 --- Experiments Set-Up --- p.91 / Chapter 6.3.2 --- Simulation Results --- p.94 / Chapter 7 --- Conclusion --- p.108 / Bibliography --- p.117

Wireless LANs--Security measures

Authentication

PGP und authentisierte Kommunikation mit Nutzern des URZ

Mueller, Thomas

21 June 1995

Im Vortrag werden die Funktionsprinzipien von PGP sowie verwendete Verfahren dargelegt. Ziel ist die Schaffung einer geeigneten Technologie im Universitaetsrechenzentrum zur Sicherung des Mailbetriebs.

Public_Key_Encryption

Authentication

ddc:004

PGP

Biometric authentication system for secure digital cameras

Blythe, Paul A.

January 2005

Thesis (Ph. D.)--State University of New York at Binghamton, Watson School of Engineering and Applied Science (Systems Science), 2005. / Includes bibliographical references.

Design considerations for a computationally-lightweight authentication mechanism for passive RFID tags

Frushour, John H.

January 2009

Thesis (M.S. in Computer Science)--Naval Postgraduate School, September 2009. / Thesis Advisor(s): Fulp, J.D. ; Huffmire, Ted. "September 2009." Description based on title screen as viewed on November 6, 2009. Author(s) subject terms: Passive RFID Systems, Tags, Clock, Electro-magnetic induction, authentication, hash, SHA--1. Includes bibliographical references (p. 59-60). Also available in print.

Návrh a realizace autentizační metody pro přístup k webové službě v prostředí .NET / Design and implementation of authentication method for accessing web service in .NET environment

Tenora, Lukáš

January 2010

Work deals with the authentication methods for access to Web services. The first part of the authentication methods are explained and possible safety risks. The second part describes the design and implementation of custom authentication Web service environment.. NET

Studies in authentication

Yakoubov, Sophia

15 November 2020

This thesis presents advances in several areas of authentication. First, we consider cryptographic accumulators, which are compact digital objects representing arbitrarily large sets. They support efficient proofs of membership (or, alternatively, of non-membership). We give the first definition of cryptographic accumulators in the UC framework, and construct two new accumulators: one uniquely suited for use in a revokable anonymous credential scheme, and one uniquely suited for use in a distributed system such as a blockchain-based PKI. Next, we consider multi-designated verifier signatures (MDVS). An MDVS is a special kind of signature that can only be verified by parties explicitly specified by the signer; more than that, even if those designated verifiers wanted to prove to an external party (e.g. an adversary) that a certain message was signed by the signer, they should be unable to do so. This is crucial in contexts where off-the-record communication is desirable; the sender may not want to be provably linked to a possibly sensitive message, but still want the intended recipients to be able to verify the authenticity of the message. Existing literature defines and builds limited notions of MDVS, where the off-the-record property only holds when it is conceivable that all verifiers collude. We strengthen this property to support any subset of colluding verifiers, and give two constructions of our stronger notion of MDVS: one from functional encryption, and one from standard primitives (but with a slightly larger signature size). Finally, we consider fuzzy password authenticated key exchange (Fuzzy PAKE). PAKEs are protocols which enable two parties holding the same password (that is, the same potentially low-entropy, non-uniform string) to agree on a (high-entropy, uniform) secret key in a way that resists man-in-the-middle attacks and offline dictionary attacks on the password. We define Fuzzy PAKE, a special kind of PAKE where the passwords used for authentication may contain some errors. We provide the first efficient and general solutions to this problem that enable, for example, key agreement based on commonly used biometrics such as iris scans.

Computer science

Authentication

Cryptography

Security

Voice Authenticationa Study Of Polynomial Representation Of Speech Signals

Strange, John

01 January 2005

A subset of speech recognition is the use of speech recognition techniques for voice authentication. Voice authentication is an alternative security application to the other biometric security measures such as the use of fingerprints or iris scans. Voice authentication has advantages over the other biometric measures in that it can be utilized remotely, via a device like a telephone. However, voice authentication has disadvantages in that the authentication system typically requires a large memory and processing time than do fingerprint or iris scanning systems. Also, voice authentication research has yet to provide an authentication system as reliable as the other biometric measures. Most voice recognition systems use Hidden Markov Models (HMMs) as their basic probabilistic framework. Also, most voice recognition systems use a frame based approach to analyze the voice features. An example of research which has been shown to provide more accurate results is the use of a segment based model. The HMMs impose a requirement that each frame has conditional independence from the next. However, at a fixed frame rate, typically 10 ms., the adjacent feature vectors might span the same phonetic segment and often exhibit smooth dynamics and are highly correlated. The relationship between features of different phonetic segments is much weaker. Therefore, the segment based approach makes fewer conditional independence assumptions which are also violated to a lesser degree than for the frame based approach. Thus, the HMMs using segmental based approaches are more accurate. The speech polynomials (feature vectors) used in the segmental model have been shown to be Chebychev polynomials. Use of the properties of these polynomials has made it possible to reduce the computation time for speech recognition systems. Also, representing the spoken word waveform as a Chebychev polynomial allows for the recognition system to easily extract useful and repeatable features from the waveform allowing for a more accurate identification of the speaker. This thesis describes the segmental approach to speech recognition and addresses in detail the use of Chebychev polynomials in the representation of spoken words, specifically in the area of speaker recognition. .

speech polynomials voice authentication

Mathematics

Language Design for Token Server Authentication Policies

Busch, Rebecca Lynn

03 December 2004

No description available.

Computer Science

authentication policy

language