Design and Evaluation of Accelerometer Based User Authentication Methods

Haitham, Seror

January 2017

Smartphone's are extremely popular and in high demand nowadays. They are easy to handle and very intuitive compared with old phones for end users. Approximately two billion people use Smartphones all over the world, so it is clear that these phones are very popular. One of the major issues of these smart phones is theft. What happens if someone steals your phone? Why should we try to secure our phones? The reason is that, even if the phone is stolen, the thief should not be able to open and use it through unlocking easily. People are generally careless while typing their password/pin code or drawing a pattern while others are watching. Maybe someone can see it just by standing next to or behind the person who is typing the pin or drawing the pattern. This scenario of getting the information is called shoulder surfing. Another scenario is to use a hidden camera, so-called Record monitoring. Shoulder surfing can be used by an attacker/observer to get passwords or PINs. Shoulder surfing is very easy to perform by just looking over the shoulder when a user is typing the PIN or drawing the unlock pattern. Record monitoring needs more preparation, but is not much more complicated to perform. Sometimes it also happens that the phone gets stolen and by seeing fingerprints or smudge patterns on the phone, the attacker can unlock it. These above two are general security threats for smart phone users. This thesis introduces some different approaches to overcome the above mentioned security threats in Smartphones. The basic aim is to make it more difficult to perform shoulder surfing or record monitoring, and these will not be easy to perform by the observer after switching to the new techniques introduced in the thesis. In this thesis, the usability of each method developed will be described and also future use of these approaches. There are a number of techniques by which a user can protect the phone from observation attacks. Some of these will be considered, and a user interface evaluation will be performed in the later phase of development. I will also consider some important aspects while developing the methods such as -user friendliness, Good UI concepts etc. I will also evaluate the actual security added by the methods, and the overall user impression. Two separate user studies have been performed, first one with students from the Computer Science department, and then one with students from other departments. The results indicate that students from Computer Science are more attracted to the new security solution than students from other departments.

Authentication

Smartphone security

Shoulder surfing

Accelerometer

Natural Sciences

Naturvetenskap

Short Message ServiceVulnerability Analysis : An attempt to attack the Serial Line on Symbian Smartphone In Orderto Inject Arbitrary SMS

Ilaghi, Mahya

January 2011

Short Message Service (SMS) is a permanently available service on mobile phone networks. In addition to text messages, it supports binary messages to provide various services to mobile phones. SMS security has a strong relationship to the security of mobile phones. Due to the open functionality of mobile phone networks, SMS can be exposed to dierent kind of attacks. To cope with the increasing demand for secure SMS, it is crucial to perform a vulnerability analysis of SMS-implementations to nd out potential security vulnerabilities that smartphones may be exposed to. Conducting vulnerability analyses of SMS is dicult, as one would need to send a large amount of SMS through the mobile phone network in order to conduct such analyses. However, if the need for a mobile phone network is removed from the vulnerability analysis, the diculties of performing it can be considerably reduced. Collin Mulliner and Challie Miller (2009) presented a testing platform (without the engagement of a mobile phone network) for this purpose in three popular mobile phone operating systems: the iPhone, Android and Windows Mobile. They claimed that their testing platform could be ported to other smartphone operating systems (OS). Since the Symbian operating system is one of the most popular smartphone platforms, this thesis focuses on how to port this testing platform to the Symbian OS for vulnerability analysis of SMS-implementations. The research methodology behind this study was an experimental research method, conducted by presenting a hypothesis and developing an artifact to test it. This research produced a key finding: that it is not feasible to implement this vulnerability analysis for SMS-implementations on the Symbian OS, when considering the prerequisites that Collin Mulliner and Charlie Miller dened in their work. They claimed that, if there is an application level access to the serial line for the modem or the ability to add or remove the arbitrary driver, then it is feasible to port their testing framework to other operating systems. This research discovers that neither of these conditions exists in the Symbian OS.

Smartphone Security

Vulnerability Analysis

Short Message Service Injection

Symbian

Engineering and Technology

Teknik och teknologier

Hardware encryption of AES algorithm on Android platform

Joshi, Yogesh

08 October 2012

No description available.

Computer Engineering

Hardware Encryption

AES-128 bit

Android platform

FPGA Encryption

Smartphone Security

Secure Mobile Transactions

Context-Aware Malicious Code Detection

Gu, Boxuan

19 December 2012

No description available.

Computer Science

intrusion detection

malicious code detection

web security

javascript security

smartphone security

android security

information flow tracking

information leaking

worm detection

shellcode

shellcode detection

Empirical Analysis of Socio-Cognitive Factors Affecting Security Behaviors and Practices of Smartphone Users

Simpson, Joseph P.

01 January 2016

The overall security posture of information systems (IS) depends on the behaviors of the IS users. Several studies have shown that users are the greatest vulnerability to IS security. The proliferation of smartphones is introducing an entirely new set of risks, threats, and vulnerabilities. Smartphone devices amplify this data exposure problem by enabling instantaneous transmission and storage of personally identifiable information (PII) by smartphone users, which is becoming a major security risk. Moreover, companies are also capitalizing on the availability and powerful computing capabilities of these smartphone devices and developing a bring-your-own-device (BYOD) program, which makes companies susceptible to divulgence of organizational proprietary information and sensitive customer information. In addition to users being the greatest risk to IS security, several studies have shown that many people do not implement even the most basic security countermeasures on their smartphones. The lack of security countermeasures implementation, risky user behavior, and the amount of sensitive information stored and transmitted on smartphones is becoming an ever-increasing problem. A literature review revealed a significant gap in literature pertaining to smartphone security. This study identified six socio-cognitive factors from the domain of traditional computer security which have shown to have an impact on user security behaviors and practices. The six factors this study identified and analyzed are mobile information security self-efficacy, institutional trust, party trust, and awareness of smartphone risks, threats, and vulnerabilities and their influence on smartphone security practices and behaviors. The analysis done in this research was confirmatory factor analysis (CFA) – structural equation modeling (SEM). The goal of this study was to cross-validate previously validated factors within the context of traditional computer security and assess their applicability in the context of smartphone security. Additionally, this study assessed the influential significance of these factors on the security behaviors and practices of smartphone users. This study used a Web-based survey and was distributed to approximately 539 users through Facebook® and LinkedIn® social media outlets which resulted in 275 responses for a 51% response rate. After pre-analysis data screening was completed, there were a total of 19 responses that had to be eliminated due to unengaged responses and outliers leaving 256 responses left to analyze. The results of the analysis found that vulnerability awareness, threat awareness, and risk awareness are interrelated to one another which all in turn had significance in predicting self-efficacy, security practices, and behaviors. This intricate relationship revealed in this study indicates that a user has to have an increased awareness in all three categories of awareness before they can fully understand how to protect themselves. Having an increased awareness in one category does not impact the overall security posture of the user and that risk, threat, and vulnerability awareness all work together. Another interesting find was that as risk awareness increased the less the smartphone users protected themselves. This finding warrants additional research to investigate why the user is more averse to risk, and willing to accept the risk, despite their increased awareness. Finally, institutional trust and party trust was found not to have any significance on any of the factors. These findings should give smartphone users and organizations insight into specific areas to focus on in minimizing inappropriate security behaviors and practices of smartphone users. More specifically, users and organizations need to focus on educating users on all three factors of threats, risks, and vulnerabilities in order for there to have any impact on increasing self-efficacy and reducing inappropriate security behaviors and practices.

social media

smartphones

security

smartphone security

third party apps

institutional trust

Facebook

LinkedIn

confirmatory factor analysis

structural equation modeling

computer science

information systems

Computer Sciences

Computer Security

Databases and Information Systems

Science and Technology Studies

Social Media