Basic Search / Detailed Display

Author: 李權衛
Henry - Roes Lie
Thesis Title: Dynamic Multi-factor Authentication for Mobile Devices
Dynamic Multi-factor Authentication for Mobile Devices
Advisor: 羅乃維
Nai-Wei Lo
Committee: 楊傳凱
Chuan-Kai Yang
賴源正
Yuan-Cheng Lai
Degree: 碩士
Master
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2016
Graduation Academic Year: 104
Language: 英文
Pages: 52
Keywords (in other languages): Implicit Authentication, BLE, Wi-Fi
Reference times: Clicks: 296Downloads: 6
Share:
School Collection Retrieve National Library Collection Retrieve Error Report

  • Nowadays, people use smart mobile devices such as smartphones and wearable devices everywhere they go. Smartphones have become such a vital tool for both productivity and entertainment that most people can’t live without them. Wearable devices such as smartwatches, smart bands, and smart glasses are slowly gaining traction in the consumer marketplace and infusing technology deeper into our daily life, augmenting people’s daily activities with information that matters to each individual.
    Due to the widespread usage of mobile devices for both personal and professional purposes, many people consider them to be private property. This means other people should not be able to freely gain access to their mobile devices, because they contain a lot of sensitive data. Therefore, security in mobile space is a very important research area with the potential to benefit millions of people in the world. A security system that protects owners from any breaches of privacy is needed to ensure the data inside mobile devices stays private.
    In this thesis, we propose a new system for securing mobile devices. We incorporate a multi-factor authentication method to provide high security. Our system also incorporates an implicit authentication method to continuously authenticate the user and prevent unauthorized individuals from accessing the mobile device. A prototype based on the proposed system is also constructed.

    Abstract I Acknowledgement II Contents III List of Figures V List of Tables VI Chapter 1 Introduction 1 Chapter 2 Literature Review 5 2.1 Multi-factor Authentication 5 2.2 Implicit Authentication 8 Chapter 3 System Environment and Design 11 3.1 Assumptions 11 3.2 Applicable Scenario 11 3.3 System Architecture 13 Chapter 4 The Proposed Security System 18 4.1 Explicit Authentication 18 4.2 Implicit Authentication 23 4.3 Trust Level Determination 25 Chapter 5 Prototype Implementation 30 5.1 Prototype Design 30 5.2 Prototype Experiment 35 Chapter 6 Conclusion 46 References 48

    [1]Alizadeh, M., Hassan, W.H. and Khodadadi, T. 2014. Feasibility of Implementing Multi-factor Schemes Mobile Cloud Computing Authentication. Fifth International Conference on Intelligent Systems, Modelling and Simulation. (2014), 615–618. DOI= http://dx.doi.org/10.1109/ISMS.2014.111.
    [2]Cavdar, D. and Tomur, E. 2015. A Practical NFC Relay Attack on Mobile Devices Using Card Emulation Mode. 2015 38th International Convention on Information and Communication Technology, Electronics, and Microelectronics (MIPRO). May (2015), 25–29. DOI= http://dx.doi.org/10.1109/MIPRO.2015.7160477.
    [3]Chaos Computer Club breaks Apple TouchID: 2013. http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid. Accessed: 2015- 12- 29.
    [4]Chaudhari, S., Tomar, S.S. and Rawat, A. 2011. Design, Implementation and Analysis of Multi Layer, Multi Factor Authentication (MFA) Setup for Webmail Access in Multi Trust Networks. 2011 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC). (2011), 27–32. DOI= http://dx.doi.org/10.1109/ETNCC.2011.5958480.
    [5]Crouse, D., Chandra, D. and Barbello, B. 2013. Continuous Authentication of Mobile User : Fusion of Face Image and Inertial Measurement Unit Data. (2013), 135–142. DOI= http://dx.doi.org/10.1109/ICB.2015.7139043.
    [6]Delac, G., Silic, M. and Krolo, J. 2011. Emerging Security Threats for Mobile Platforms. 2011 Proceedings of the 34th International Convention MIPRO. (2011), 1468–1473.
    [7]Fahmi, A., Kodirov, E., Choi, D.J., Lee, G.S., M. F. Azli A., and Sayeed, S. 2012. Implicit Authentication Based on Ear Shape Biometrics using Smartphone Camera During a Call. Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics. (2012), 2272–2276. DOI= http://dx.doi.org/10.1109/ICSMC.2012.6378079.
    [8]Falaki, H. and Estrin, D. 2010. Diversity in Smartphone Usage. Mobisys ’10 Proceedings of the 8th international Conference on Mobile Systems, Applications, and Services. (2010), 179-194. DOI= http://dx.doi.org/10.1145/1814433.1814453.
    [9]Huang, X., Xiang, Y., Bertino, E., Zhou, J. and Xu, L. 2014. Robust Multi-Factor Authentication for Fragile Communications. IEEE Transactions on Dependable and Secure Computing. 11, 6 (2014), 568–581. DOI= http://dx.doi.org/10.1109/TDSC.2013.2297110.
    [10]Jordan Frank, S.M.D.P., Frank, J., Mannor, S. and Precup, D. 2010. Activity and Gait Recognition with Time-Delay Embeddings. AAAI Conference on Artificial Intelligence. (2010), 407–408.
    [11]Khan, H., Atwater, A. and Hengartner, U. 2014. A Comparative Evaluation of Implicit Authentication Schemes. Springer International Publishing Switzerland 2014. (2014), 255-275. DOI= http://dx.doi.org/10.1007/978-3-319-11379-1_13.
    [12]Khandelwal, A. and Mohapatra, A.K. 2015. An Insight into the Security Issues and Their Solutions for Android Phones. 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom). (2015), 106–109.
    [13]Liou, J.-C., Egan, G., Patel, J.K. and Bhashyam, S. 2011. A Sophisticated RFID Application on Multi-Factor Authentication. 2011 Eighth International Conference on Information Technology: New Generations. (2011), 180–185. DOI= http://dx.doi.org/10.1109/ITNG.2011.38.
    [14]Mohammed, M.M. and Elsadig, M. 2013. A Multi-layer of Multi Factors Authentication Model for Online Banking Services. 2013 International Conference on Computing, Electrical and Electronic Engineering (Icceee). (2013), 220–224. DOI= http://dx.doi.org/10.1109/ICCEEE.2013.6633936.
    [15]Moyers, B.R., Dunning, J.P., Marchany, R.C. and Tront, J.G. 2010. Effects of Wi-Fi and Bluetooth Battery Exhaustion Attacks on Mobile Devices. Proceedings of the Annual Hawaii International Conference on System Sciences. (2010), 1–9. DOI= http://dx.doi.org/10.1109/HICSS.2010.170.
    [16]Mtibaa, A., Harras, K.A. and Alnuweiri, H. 2014. Malicious Attacks in Mobile Device Clouds : A Data Driven Risk Assessment. 2014 23rd International Con-ference on Computer Communication and Networks (ICCCN). (2014), 1-8. DOI= http://dx.doi.org/10.1109/ICCCN.2014.6911812.
    [17]Number of Smartphone Users Worldwide from 2014 to 2019 (in millions): 2015. http://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/. Accessed: 2015- 12- 29.
    [18]Rahman, F., Gani, M.O., Ahsan, G.M.T. and Ahamed, S.I. 2014. Seeing Beyond Visibility: A Four Way Fusion of User Authentication for Efficient Usable Security on Mobile Devices. 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion. (2014), 121–129. DOI= http://dx.doi.org/10.1109/SERE-C.2014.30.
    [19]Roland, M., Langer, J. and Scharinger, J. 2012. Practical Attack Scenarios on Secure Element-Enabled Mobile Devices. 2012 4th International Workshop on Near Field Communication. (2012), 19–24. DOI= http://dx.doi.org/10.1109/NFC.2012.10.
    [20]Shi; W.; Yang; F.; Jiang; Y.; and Xiong; Y. 2011. SenGuard: Passive User Identification on Smartphones using Multiple Sensors. International Conference on Wireless and Mobile Computing, Networking and Communications. (2011), 141–148. DOI= http://dx.doi.org/10.1109/WiMOB.2011.6085412.
    [21]Sun, C., Wang, Y. and Zheng, J. 2014. Dissecting Pattern Unlock: The Effect of Pattern Strength Meter on Pattern Selection. Journal of Information Security and Applications. 19, 4-5 (2014), 308–320. DOI= http://dx.doi.org/10.1016/j.jisa.2014.10.009.
    [22]Szongott, C., Henne, B. and Smith, M. 2012. Evaluating the Threat of Epidemic Mobile Malware. 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). (2012), 443–450. DOI= http://dx.doi.org/10.1109/WiMOB.2012.6379111.
    [23]Uellenbeck, S., Dürmuth, M., Wolf, C. and Holz, T. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS ’13. 44, 4 (2013), 161–172. DOI= http://dx.doi.org/10.1145/2508859.2516700.
    [24]Yeh, H., Chen, T., Hu, K. and Shih, W. 2013. Robust Elliptic Curve Cryptography-based Three Factor User Authentication Providing Privacy of Biometric Data. IET Information Security. 7, 3 (2013), 247–252. DOI= http://dx.doi.org/10.1049/iet-ifs.2011.0348.
    [25]Yu, J., Wang, G., Mu, Y., Member, S. and Gao, W. 2014. An Efficient Generic Framework for Three-Factor Authentication with Provably Secure Instantiation. IEEE Transactions on Information Forensics and Security. 9, 12 (2014), 2302–2313. DOI= http://dx.doi.org/10.1109/TIFS.2014.2362979.

    QR CODE