Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling

Gupta, Aditi; Miettinen, Markus; Asokan, N.; Nagy, Marcin

doi:10.1109/socialcom-passat.2012.60

Cited by 44 publications

(35 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, if a user is at a well known location (such as home), quick and easy explicit authentication is used. A similar scheme has been proposed by Gupta et al [20] for context profiling to determine authentication control. However, our work is different from these approaches since in addition to selectively invoking an authentication module based on the type of an application, we aim to delegate implicit authentication tasks to an application and not to the device.…”

Section: Related Workmentioning

confidence: 99%

Towards application-centric implicit authentication on smartphones

Khan

Hengartner

2014

Proceedings of the 15th Workshop on Mobile Computing Systems and Applications

View full text Add to dashboard Cite

Implicit authentication schemes are a secondary authentication mechanism that provides authentication by employing unique patterns of device use that are gathered from smartphone users without requiring deliberate actions. Contemporary implicit authentication schemes operate at the device level such that they neither discriminate between data from different applications nor make any assumption about the nature of the application that the user is currently using. In this paper, we challenge the device-centric approach to implicit authentication on smartphones. We argue that the conventional approach of misuse detection at the device level has inherent limitations for mobile platforms. To this end, we analyze and empirically evaluate the devicecentric nature of implicit authentication schemes to show their limitations in terms of detection accuracy, authentication overhead, and fine grained authentication control. To mitigate these limitations and for effective and pragmatic implicit authentication on the mobile platform, we propose a novel application-centric implicit authentication approach. We observe that for implicit authentication, an application knows best on when to authenticate and how to authenticate. Therefore, we delegate the implicit authentication task to the application and let the application provider decide when and how to authenticate a user in order to protect the owner's personal information. Our proposed applicationcentric implicit authentication approach improves accuracy and provides fine grained authentication control with low authentication overhead. Future research in this domain will benefit from our findings to provide pragmatic implicit authentication solutions.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards application-centric implicit authentication on smartphones

Khan

Hengartner

2014

Proceedings of the 15th Workshop on Mobile Computing Systems and Applications

View full text Add to dashboard Cite

show abstract

“…In [12] the authors use a publicly available dataset containing passively collected GPS data, wi-fi and Bluetooth data to build a context profiling framework. The familiarity of the wi-fi and Bluetooth devices at a location are used to estimate the safety of the context.…”

Section: Related Workmentioning

confidence: 99%

Adaptive Threshold Scheme for Touchscreen Gesture Continuous Authentication Using Sensor Trust

Smith-Creasey

Rajarajan

2017

2017 IEEE Trustcom/BigDataSE/Icess

View full text Add to dashboard Cite

Citation: Smith-Creasey, M. & Rajarajan, M. (2017). Adaptive threshold scheme for touchscreen gesture continuous authentication using sensor trust. 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 554-561. doi: 10.1109/Trustcom/BigDataSE/ICESS.2017 This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract-In this study we produce a continuous authentication scheme that adjusts an adaptive threshold for touchscreen interaction based on trust in passively collected sensor data. Our framework unobtrusively compares real-time sensor data of a user to historic data and adjusts a trust parameter based on the similarity. We show that the trust parameter can be used to adjust an adaptive threshold in continuous authentication schemes. The framework passively models temporal, spatial and activity scenarios using sensor data such as location, surrounding devices, wifi networks, ambient noise, movements, user activity, ambient light, proximity to objects and ambient pressure from study participants. Deviations from the models increases the level of threat the device perceives from the scenario. We also model the user touch-screen interactions. The touch-screen interactions are authenticated against a threshold that is continually adjusted based on the perceived trust. This scheme provides greater nuance between security and usability, enabling more refined decisions. We present our novel framework and threshold adjustment criteria and validate our framework on two state-of-the-art sensor datasets. Our framework achieves up to a 20.38% increase in accuracy compared to the static threshold system. Permanent

show abstract

“…The concept of using context-profiling for evaluating contexts for security enforcement has been discussed by Gupta et al [4]. Their work focuses on estimating the threat level in a particular context for the purpose of making access control decisions.…”

Section: Related Workmentioning

confidence: 99%

I Know Where You are

Miettinen

Asokan

Koushanfar

et al. 2015

Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

In the recent years, new services and businesses leveraging location-based services (LBS) are rapidly emerging. On the other hand this has raised the incentive of users to cheat about their locations to the service providers for personal benefits. Context-based proofs-of-presence (PoPs) have been proposed as a means to enable verification of users' location claims. However, as we show in this paper, they are vulnerable to context guessing attacks. To make PoPs resilient to malicious provers we propose two complementary approaches for making context-based PoPs: one approach focuses on surprisal filtering based on estimating the entropy of particular PoPs in order to detect context measurements vulnerable to such attacks. The other approach is based on utilizing longitudinal observations of ambient modalities like noise level and ambient luminosity. It is capable of extracting more entropy from the context to construct PoPs that are hard to guess by an attacker even in situations in which other context sensor modalities fail to provide reliable PoPs.

show abstract

Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling

Cited by 44 publications

References 6 publications

Towards application-centric implicit authentication on smartphones

Towards application-centric implicit authentication on smartphones

Adaptive Threshold Scheme for Touchscreen Gesture Continuous Authentication Using Sensor Trust

I Know Where You are

Contact Info

Product

Resources

About