Time: February 28, 2017, h. 10:00 am
Location: Room Ofek, Polo scientifico e tecnologico “Fabio Ferrari”, Building Povo 1 - Povo (Trento)
Dr. Attaullah Buriro
Abstract of Dissertation
Pervasive in nature and extensively used for a wide range of features, smartphone provides functionality such as social networking, online shopping, mobile gaming, private/group communication, etc. While using these services, a user has to provide private information such as account credentials, credit card details, etc., which are then stored on the device. This information, if lost, can result in a user's privacy leakage and monetary loss. Therefore, the significance of securing a smartphone from adversarial access becomes paramount. Despite being security and privacy critical, smartphones are still protected by traditional authentication mechanisms such as PINs and passwords, whose limitations and drawbacks are well known and well documented in the security community. The recent introduction of physical biometrics like facial, fingerprint and iris recognition, in smartphone authentication, has mitigated the problems with user input, however, they still suffer from other usability and security issues. Hence, new, accurate, and user-friendly authentication mechanisms are required. In this direction, behavior-based authentication solutions have recently attracted a significant amount of interest in both commercial and academic contexts.
Most of the smartphone users prefer convenience over security and consider authentication mechanism more annoying as compared to other technological problems, such as lack of coverage, power consumption, etc. In this dissertation, we discuss limitations of existing authentication methods in terms of security and usability and propose their replacements with behavioral biometric based authentication mechanisms. The underlying principle of our approach is to design solutions that authenticate users with either minimal or no cooperation from the users. We design, prototype and test the proposed authentication mechanisms based on our identified human behavior, such as how a person holds the phone, lifts the phone, types free-text PIN on the phone, signs her name on the touchscreen, etc. Moreover, we provide a comparative evaluation, based on accuracy, performance, and usability, of our proposed mechanisms with the available state-of-the-art solutions. All of our solutions exploit the existing hardware (avoiding additional hardware requirement) and hence can be implemented on most of the smartphones available in the market today.