Ryan V. Johnson, Rahul Murmuria, A. Stavrou, Vincent Sritapan
{"title":"将持续身份验证与主动平台加固相结合","authors":"Ryan V. Johnson, Rahul Murmuria, A. Stavrou, Vincent Sritapan","doi":"10.1109/PERCOMW.2017.7917532","DOIUrl":null,"url":null,"abstract":"Mobile authentication has always been a usability and security challenge. In the past, researchers have discovered various methods to bypass the screen lock protection mechanism without entering authentication credentials on mobile devices. There is a clear need for authentication to be seamless and continuous but also address the security threats that stem from the current unlock-once, always-on mechanisms. To that end, we developed a framework for continuous behavioral authentication of users. In addition, we introduce a configurable “authentication level” for access to resources and applications. For example, if a user's authentication level declines below a pre-specified threshold, all external communications are disabled to prevent exfiltration of sensitive data. Similarly, viewing or modifying any sensitive data on the device is also restricted by moderating access to the underlying file system based on the user's authentication level. We will perform a live demonstration of our entire system implemented for Android 6.0.1, and show how it can successfully defend against a wide range of attacks while improving the usability of the mobile device by offering a seamless authentication experience.","PeriodicalId":319638,"journal":{"name":"2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Pairing continuous authentication with proactive platform hardening\",\"authors\":\"Ryan V. Johnson, Rahul Murmuria, A. Stavrou, Vincent Sritapan\",\"doi\":\"10.1109/PERCOMW.2017.7917532\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile authentication has always been a usability and security challenge. In the past, researchers have discovered various methods to bypass the screen lock protection mechanism without entering authentication credentials on mobile devices. There is a clear need for authentication to be seamless and continuous but also address the security threats that stem from the current unlock-once, always-on mechanisms. To that end, we developed a framework for continuous behavioral authentication of users. In addition, we introduce a configurable “authentication level” for access to resources and applications. For example, if a user's authentication level declines below a pre-specified threshold, all external communications are disabled to prevent exfiltration of sensitive data. Similarly, viewing or modifying any sensitive data on the device is also restricted by moderating access to the underlying file system based on the user's authentication level. We will perform a live demonstration of our entire system implemented for Android 6.0.1, and show how it can successfully defend against a wide range of attacks while improving the usability of the mobile device by offering a seamless authentication experience.\",\"PeriodicalId\":319638,\"journal\":{\"name\":\"2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-03-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PERCOMW.2017.7917532\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PERCOMW.2017.7917532","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Pairing continuous authentication with proactive platform hardening
Mobile authentication has always been a usability and security challenge. In the past, researchers have discovered various methods to bypass the screen lock protection mechanism without entering authentication credentials on mobile devices. There is a clear need for authentication to be seamless and continuous but also address the security threats that stem from the current unlock-once, always-on mechanisms. To that end, we developed a framework for continuous behavioral authentication of users. In addition, we introduce a configurable “authentication level” for access to resources and applications. For example, if a user's authentication level declines below a pre-specified threshold, all external communications are disabled to prevent exfiltration of sensitive data. Similarly, viewing or modifying any sensitive data on the device is also restricted by moderating access to the underlying file system based on the user's authentication level. We will perform a live demonstration of our entire system implemented for Android 6.0.1, and show how it can successfully defend against a wide range of attacks while improving the usability of the mobile device by offering a seamless authentication experience.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
