Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department."— Presentation transcript:

1 Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department

2 Background A ‘secret’ question is the question that will often times be asked as a secondary authentication question Examples include: ‘What is your per’s name?’ ‘What is your favorite song?’ ‘What was the name of your first school?’ This sort of security has appeared on: Gmail, Yahoo! Mail, Hotmail, AOL, Facebook…

3 Secret Questions Online

4 Negative Results of Secret Questions A Microsoft study* found that currently implemented secret questions are far from foolproof Focused on top four email providers ‘secret’ questions 17% of a user’s friends could guess the answer on first try 13% could do it within 5 tries 13% are statically guessable The study focused on making secret questions easier to remember for the user Have proposed a multiple questions, printing out user answers, among other methods to help users remember * Schechter, S, Brush, A. J., & Egelman, S (2008). It's No Secret: Measuring the security and reliability of authentication via 'secret' questions. 1-16.

5 Goals A more challenging approach to authentication through the use of the user’s personal knowledge To create a series of questions to identify the user from an invisible/bot intruder or malicious user Bot - a compromised machine which acts autonomously To identify human users from bots by utilizing human interaction with their machines To use the findings from previous studies to create improved secret questions

6 Characterization Study on Individuals’ Web Usage Patterns A statistical and temporal analysis on 500 users’ 4-month long HTTP port 80 trace at Rutgers was preformed Found that Users tend to visit the same IPs Xiong, H, & Yao, D (2008). Towards Personalized Security: Analysis of Individual Usage Patterns in Organizational Wireless Networks.

7 User’s Traffic Recognition Ability Experiment methodology: While a user’s surfing, inject arbitrary traffic Ask user to classify traffic as own or bot 7 users, 10-minute sessions Findings: <1% false negative rate - injected bot URLs are easily detected by users 40% false positive rate - tend to classify unknown URLs as malicious 91% false positives are due to third-party content Xiong, H, & Yao, D (2008). Towards Personalized Security: Analysis of Individual Usage Patterns in Organizational Wireless Networks.

8 Approach We plan on developing questions that are based off of user activities Network Activities Browsing History, Emails… Physical Events Planned Meetings, Calendar Items… Conceptual Opinions Opinions as derived from emails, still conceptual These questions will be generated and then replace the less secure ‘secret questions’

9 Process Plan to develop a novel approach to secret questions because the areas we are focusing on Are dynamic, personal, and have less vulnerabilities Plan Develop Questions Find out the security of them through a user study Solicit Help from SurveyMonkey Use a Parallel Attack Model

Download ppt "Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department."

Similar presentations

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
GETS Transformation Kick Off Active Directory eMail and Blackberry Migration Firewall and Network Changes 04/21/2010 1.

GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.

Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.

Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,

BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,
Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.

Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.
INTRODUCTION TO COMPUTER TECHNOLOGY INTRODUCTION TO THE INTERNET & ELECTRONIC COMMERCE Part 4-Session_1 Akanferi Albert

INTRODUCTION TO COMPUTER TECHNOLOGY INTRODUCTION TO THE INTERNET & ELECTRONIC COMMERCE Part 4-Session_1 Akanferi Albert
Monitoring botnets from within Students: Yevgeni Sabin, Alexander Chigirintsev Supervisor: Amichai Shulman Technion - Israel Institute of Technology COMPUTER.

Monitoring botnets from within Students: Yevgeni Sabin, Alexander Chigirintsev Supervisor: Amichai Shulman Technion - Israel Institute of Technology COMPUTER.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.

Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
Melissa Harrigan. Podcasts Podcasts are mini-broadcasts that can be viewed on the internet or downloaded to MP3 players It’s the new way to watch TV or.

Melissa Harrigan. Podcasts Podcasts are mini-broadcasts that can be viewed on the internet or downloaded to MP3 players It’s the new way to watch TV or.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Similar presentations

Ads by Google