Behaviour profiling for mobile devices

Li, Fudong

January 2012

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many multimedia services through a wide range of applications over multiple networks as well as on the handheld device itself. These services are predominantly driven by data, which is increasingly associated with sensitive information. Such a trend raises the security requirement for reliable and robust verification techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel Behaviour Profiling security framework for mobile devices. The research starts with a critical review of existing mobile technologies, security threats and mechanisms, and highlights a broad range of weaknesses. Therefore, attention is given to biometric verification techniques which have the ability to offer better security. Despite a large number of biometric works carried out in the area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a specific behaviour to enable the system to function or only capable of providing security for network based services. To this end, the behaviour profiling technique is identified as a potential candidate to provide high level security from both authentication and IDS aspects, operating in a continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users general applications usage, telephone, text message and multi-instance application usage with the best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively. Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is proposed. The framework is able to provide a robust, continuous and non-intrusive verification mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The framework is able to utilise user behaviour to continuously evaluate the system security status of the device. With a high system security level, users are granted with instant access to sensitive services and data, while with lower system security levels, users are required to reassure their identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a simulation system. A series of security scenarios are designed to demonstrate the effectiveness of the novel framework to verify legitimate and imposter activities. By employing the smoothing function of three applications, verification time of 3 minutes and a time period of 60 minutes of the degradation function, the Behaviour Profiling framework achieved the best performance with False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09% for their counterparts.

004

Initial Comparative Empirical Usability Testing for the Collaborative Authentication System

Bursum, Kim

14 March 2017

The Collaborative Authentication (co-authentication) system is an authentication system that relies on some or all members of a pre-registered set of secure hardware tokens being concurrently present to an authentication server at the moment of authentication. Previous researchers have compared various embodiments of the co-authentication system to each other including using Quick Response (QR) codes/cellphone cameras and Near Field Communication (NFC) between tokens. This thesis concerns the initial design and implementation of empirical comparative testing mechanisms between one embodiment of the co-authentication system and other commonly used authentication systems. One contribution is the simulated standard user ID and password login in a computer browser and a simulated RSA SecureID ® one time password (OTP) and login with embedded usability testing mechanisms. Another contribution is the development and implementation of a new Bluetooth communication functionality between tokens. A third contribution is the addition of usability testing mechanisms to two versions of this new functionality.

device authentication

smart devices

token communication

access control

public key cryptography

Computer Sciences

EMBEDDED INCREASED ENTROPY PHYSICALLY UNCLONABLE FUNCTIONS

Harding, Jessica Catherine

26 August 2022

No description available.

Electrical Engineering

PUFs

physically unclonable functions

embedded PUFs

IoT security

device authentication

Authentication and Identification of Sensor Nodes to Avoid Unauthorized Access in Sensor Networks / Autentisering och identifiering av sensornoder för att undvika obehörig åtkomst i sensornätverk

Henriksson, Michael

January 2020

With the increasing popularity of Internet of Things (IoT), network connected devices and sensors, to easier collect data is security an aspect that must not be forgotten. When sensitive data, such as personal or private data, is sent over the network without protection can it easier be obtained by anyone who want to get their hands on it. This risk increases with the value of the data sent and an increase in security should therefore follow this value. Based on this is it therefore important to look at the security aspects of a sensor network to find ways to easy integrate security such as authentication. This to make sure that the only devices and users accessing or sending data on the network is authorized and not malicious devices. This thesis focuses on the authentication and identification of the devices joining the network to make sure that only trusted devices would be able to join. The protocol in focus is ZigBee but the proposed solution can be integrated with any protocol and utilizes a Key Distribution Center (KDC) together with an authentication method based on the Challenge Handshake Authentication Protocol (CHAP) to authenticate new devices before they are allowed into the network. This solution is secure and relatively simple which makes it easy to integrate with any sensor network. / Med en ökad popularitet av att koppla upp sensorer och apparater mot ett nät- verk för att enklare kunna samla in data är säkerhet en aspekt som inte får glömmas bort. När känslig data, så som personlig eller privat data, skickas över nätverket oskyddat kan någon som vill komma åt datan lättare få tag på den. Denna risk ökar med värdet av datan som skickas och en ökningen av säkerhet bör darav följa ökning av värdet på datan. Utav denna anledning är det viktigt att se över säkerheten i sensornätverk och finna lösningar som lätt kan integreras med ett sensornätverk. Detta för att säkerhetsställa att endast de snesornoder som har auktoritet kan gå med i, samt skicka data på nätverket och därmed undvika oönskad åtkomst. Denna avhandling fukuserar på autentisering och identifiering av de noder som ska anslutas till nätverket för att säkerhetsställa att endast pålitliga och auktoriserade noder blir insläppta. Det protokoll som är i fokus i denna avhandling är ZigBee men den föreslagna lösningen kan även integreras med andra protokoll. Den föreslagna lösning- en använder sig även av ett Key Distribution Center (KDC) samt en autentiseringsmetod som baseras på Challenge Handshake Authentication Protocol (CHAP) för att authentisera nya noder innan de blir insläppta i nätverket. Denna lösning är säker och relativt enkel vilket gör det enkelt att integrera med all typer av sensornätverk.

Sensor network

Key distribution center

Zigbee

CHAP

Device authentication

Sensornätverk

Key distribution center

Zigbee

CHAP

Autentisering

Elektroteknik och elektronik

Computer Engineering

Datorteknik

Memory-based Hardware-intrinsic Security Mechanisms for Device Authentication in Embedded Systems

Soubhagya Sutar (9187907)

30 July 2020

<div>The Internet-of-Things (IoT) is one of the fastest-growing technologies in computing, revolutionizing several application domains such as wearable computing, home automation, industrial manufacturing, <i>etc</i>. This rapid proliferation, however, has given rise to a plethora of new security and privacy concerns. For example, IoT devices frequently access sensitive and confidential information (<i>e.g.,</i> physiological signals), which has made them attractive targets for various security attacks. Moreover, with the hardware components in these systems sourced from manufacturers across the globe, instances of counterfeiting and piracy have increased steadily. Security mechanisms such as device authentication and key exchange are attractive options for alleviating these challenges.</div><div><br></div><div>In this dissertation, we address the challenge of enabling low-cost and low-overhead device authentication and key exchange in off-the-shelf embedded systems. The first part of the dissertation focuses on a hardware-intrinsic mechanism and proposes the design of two Physically Unclonable Functions (PUFs), which leverage the memory (DRAM, SRAM) in the system, thus, requiring minimal (or no) additional hardware for operation. Two lightweight authentication and error-correction techniques, which ensure robust operation under wide environmental and temporal variations, are also presented. Experimental results obtained from prototype implementations demonstrate the effectiveness of the design. The second part of the dissertation focuses on the application of these techniques in real-world systems through a new end-to-end authentication and key-exchange protocol in the context of an Implantable Medical Device (IMD) ecosystem. Prototype implementations exhibit an energy-efficient design that guards against security and privacy attacks, thereby making it suitable for resource-constrained devices such as IMDs.</div><div><br></div>

Computer Engineering

Computer System Security

physically unclonable functions

PUF

Dynamic Random Access Memories

DRAM

device authentication

key exchange

authentication protocol

authentication scheme

authentication mechanism

combination PUF

memory PUF

implantable medical devices

IMD

IMD security

hardware security

Embedded Systems Security