Presentation is loading. Please wait.

Presentation is loading. Please wait.

2015 GenCyber Cybersecurity Workshop Mobile Phone SecurityJuly 10, 2015 Design and User Acceptability Testing of Secure Mobile Phone Authentication Mechanism.

Published byAngela Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "2015 GenCyber Cybersecurity Workshop Mobile Phone SecurityJuly 10, 2015 Design and User Acceptability Testing of Secure Mobile Phone Authentication Mechanism."— Presentation transcript:

1 2015 GenCyber Cybersecurity Workshop Mobile Phone SecurityJuly 10, 2015 Design and User Acceptability Testing of Secure Mobile Phone Authentication Mechanism Based on Fingerprint Sensing and Geo-Fencing LEIGH ANNE CLEVENGER PACE UNIVERSITY DOCTOR OF PROFESSIONAL STUDIES IN COMPUTING PROGRAM

2 2015 GenCyber Cybersecurity Workshop Acknowledgements  The authors to would like to thank Verizon for sponsoring the study. This study is solely the independent work of the authors. Any Verizon documents and trademarks included in this paper are the property of Verizon and are reproduced with permission.

3 2015 GenCyber Cybersecurity Workshop Project Overview  To come up with a unique user authentication mechanism to achieve phone security without the user having to enter a passcode to unlock their phone

4 2015 GenCyber Cybersecurity Workshop Agenda  Deciding on project details  Use Cases  Hardware and Software choices  Tasks Accomplished  Operation of user authentication app  Survey of interest in password-free security  New Directions for Future Projects  Smartwatch sensors

5 2015 GenCyber Cybersecurity Workshop User Story Under Consideration Unlock Student’s Phone in Dorm Room  A user story is a tool used in Agile software development to capture a description of a software feature from an end - user perspective. The user story describes the type of user, what they want and why. A user story helps to create a simplified description of a requirement.  User stories were developed keeping in mind the following:  Do they reflect the user’s mental model of protection?  Is the mechanism psychologically acceptable?  Is it close to transparent to the users?  Does it fit with their natural phone interactions?  Focus: student’s phone will unlock in their dorm room and lock at other times. This can be extended for future use cases.

6 2015 GenCyber Cybersecurity Workshop Tasks Accomplished  A survey was conducted to evaluate user interest in a password-free mobile device authentication mechanism  An iOS app “Authenticator” was designed with authentication functionality based on fingerprint sensing and location information.  Developed by Tanya Sahin

7 2015 GenCyber Cybersecurity Workshop Security Mechanisms  Widely used today:  Passwords / PINs  Pattern locks  Using an unlock mechanism would make it harder for unauthorized users to access valuable data

8 2015 GenCyber Cybersecurity Workshop Burden of PIN-code Entry  Frequency of entering PIN-code  Although locking a phone may provide maximum protection, it also decreases usability by increasing PIN-code entry burden  As a result companies have launched user specific and easy unlock mechanisms:  Touch ID fingerprint reader (Apple and Samsung)

9 2015 GenCyber Cybersecurity Workshop User Authentication Mechanisms  Bluetooth Low Energy (BLE) and Beacons  NFC (Near Field Communication)  Geofencing  Sensor capabilities 9

10 2015 GenCyber Cybersecurity Workshop iBeacons and Geofencing  iBeacon is Apple's implementation of Bluetooth low-energy (BLE) wireless technology to provide location-based information and services to iPhones and other iOS devices.implementation of Bluetooth low-energy (BLE) wireless technology  The beacons themselves are small, cheap Bluetooth transmitters. Apps installed on your iPhone listen out for the signal transmitted by these beacons and respond accordingly when the phone comes into range.  For example, if you pass a beacon in a shop, the retailer's app (assuming you have it installed) could display a special offer alert for you. On a visit to a museum, the museum's app would provide information about the closest display, using your distance from beacons placed near exhibits to work out your position

11 iBeacons

12 2015 GenCyber Cybersecurity Workshop Geo-fencing  Geofencing is a feature in a software program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries.  Our app uses iBeacons to define the geofence. When user enters the defined geofence, phone unlocks automatically

13 2015 GenCyber Cybersecurity Workshop Programming Tasks Accomplished  An iOS app “Authenticator” was designed with authentication functionality based on fingerprint sensing and geofencing with Beacons  Since third party apps are not allowed to unlock the phone in iOS, successful authentication into the app displays some sensitive content  Display of sensitive information should be a useful example for user authentication using biometrics and geofencing

14 2015 GenCyber Cybersecurity Workshop Authenticator - New iOS App  Supports three means of authentication:  geofencing using iBeacon when in range of iBeacon  fingerprint biometrics (TouchID) if outside of iBeacon range  password as fallback  Displays sensitive content if authentication is successful

15 2015 GenCyber Cybersecurity Workshop Authenticator - iBeacons  Use CoreLocation framework to sense for iBeacons with specific UUID  If beacon is ranged the app bypasses the authentication screen and proceeds to the confidential content right away  If no beacon is ranged biometric authentication with Touch ID will be attempted next

16 Authenticator - Touch ID  fingerprints are evaluated using the method TouchIDevaluatePolicy —> sensitive content is unlocked  choice of Verizon statement or Terms (exemplary for sensitive content)

17 Authenticator - Document Access

18 Authenticator - Password Fallback  password prompt if beacons not in range (or user chose to not share location) and TouchID not available  set the UIA ApplicationExitsOnSus pend flag in the info.plist to true —> prevents the app from running in the background

19 2015 GenCyber Cybersecurity Workshop Survey Results  The survey consisted of 10 questions, most multiple choice with a few fill- in data boxes.  Based on the results of the survey, the popular way of securing the mobile device seems to be with a password/PIN authentication with 54% of the participants.  As an alternate to password or swipe pattern entry, 73% of the participants stated in the survey that they would be most comfortable with interacting with the device with fingerprint or face recognition scan.  60% of the participants felt that fingerprint sensing is a more secure authentication than password/PIN authentication or other authentication mechanism.  Most people were unaware of NFC/ Geofencing based authentication mechanisms. Only 38% had similar apps installed on their phones  Majority of the people said they are uncomfortable having an app that requires location and bluetooth services turned on all the time  Overall, participants want a simple and easy way of unlocking their mobile device within minimal time, also giving them a secure feeling.

20 2015 GenCyber Cybersecurity Workshop Future Work  A research study can be conducted for usability testing of designed apps and to test the comfort level of people with the current authentication mechanisms vs. the designed mechanism  Other physiological and behavioral sensors on smartphones and smartwatches can be used for user authentication.  Sensor data can be read using apps available from the Google Playstore or Apple AppStore or using a free, open source Software Development Kit for Android or iOS

21 Smartwatches and their Sensors - July 2015 (1 of 2) 21

22 Smartwatches and their Sensors - July 2015 (2 of 2) 22

23 2015 GenCyber Cybersecurity Workshop References for Smartwatches and Smartphones to get you started – more added every day  Smartwatches:  https://moto360.motorola.com https://moto360.motorola.com  http://www.androidheadlines.com/2014/12/watch-comparisons- motorola-moto-360-vs-samsung-gear-live.html http://www.androidheadlines.com/2014/12/watch-comparisons- motorola-moto-360-vs-samsung-gear-live.html  http://www.macrumors.com/roundup/apple-watch http://www.macrumors.com/roundup/apple-watch  http://www.techradar.com/us/news/portable-devices/other- devices/microsoft-band-5-things-you-need-to-know-1271135 http://www.techradar.com/us/news/portable-devices/other- devices/microsoft-band-5-things-you-need-to-know-1271135  Galaxy S5 (has a lot of sensors, and open source android software development kit)  http://global.samsungtomorrow.com/?p=36031 http://global.samsungtomorrow.com/?p=36031  http://www.gottabemobile.com/2014/04/11/galaxy-s5-tips-tricks- hidden-features/ http://www.gottabemobile.com/2014/04/11/galaxy-s5-tips-tricks- hidden-features/  https://play.google.com/store/apps/details?id=imoblife.androidsens orbox https://play.google.com/store/apps/details?id=imoblife.androidsens orbox  http://downloadcenter.samsung.com/content/UM/201404/2014040 2111855054/SM-G900F_UM_EU_Kitkat_Eng_D06_140312.pdf http://downloadcenter.samsung.com/content/UM/201404/2014040 2111855054/SM-G900F_UM_EU_Kitkat_Eng_D06_140312.pdf 23

24 2015 GenCyber Cybersecurity Workshop Contributors  Spring 2015 Pace University Master’s Students Nikhita Gopidi Nishant Patel Nitish Pisal Tanya Sahin Shreyansh Shah Sara Siddiqui  Customers Dr Kalyanasundaram, Verizon Dr Charles Tappert, CSIS Leigh Anne Clevenger, DPS’ 16 Javid Maghsoudi, DPS’ 16 Vinnie Monaco, PhD’ 15

25 2015 GenCyber Cybersecurity Workshop Copyright for Material Reuse  Copyright© 2015 Leigh Anne Clevenger and Charles Tappert (ctappert@pace.edu), Pace University. Please properly acknowledge the source for any reuse of the materials as below.  Leigh Anne Clevenger and Charles Tappert, 2015 GenCyber Cybersecurity Workshop, Pace University  Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html.

Download ppt "2015 GenCyber Cybersecurity Workshop Mobile Phone SecurityJuly 10, 2015 Design and User Acceptability Testing of Secure Mobile Phone Authentication Mechanism."

Similar presentations

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 9 Emerging Trends and Technologies: Business, People,

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 9 Emerging Trends and Technologies: Business, People,
Touch-Screen Mobile- Device Data Collection for Biometrics Studies W. Ciaurro, B. Major, D. Martinez, D. Panchal, G. Perez, M. Rana, R. Rana, R. Reyes,

Touch-Screen Mobile- Device Data Collection for Biometrics Studies W. Ciaurro, B. Major, D. Martinez, D. Panchal, G. Perez, M. Rana, R. Rana, R. Reyes,
Automation of the home, housework or household activity. Linked systems/appliances to centralized control. Remote monitoring of the home from a tabletop.

Automation of the home, housework or household activity. Linked systems/appliances to centralized control. Remote monitoring of the home from a tabletop.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Using Apple iBeacons to Deliver Context-Aware Social Data CON8918 Chris Bales Director of Client Development Oracle Social Network Anthony Lai UX Architext.

Using Apple iBeacons to Deliver Context-Aware Social Data CON8918 Chris Bales Director of Client Development Oracle Social Network Anthony Lai UX Architext.
What’s new in this release? September 6, 2012. Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.

What’s new in this release? September 6, Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.
Copyright 2007, Paradigm Publishing Inc. EXCEL 2007 Chapter 6 BACKNEXTEND 6-1 LINKS TO OBJECTIVES Workbook properties Workbook properties Workbook Sharing.

Copyright 2007, Paradigm Publishing Inc. EXCEL 2007 Chapter 6 BACKNEXTEND 6-1 LINKS TO OBJECTIVES Workbook properties Workbook properties Workbook Sharing.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Group 2 : Belle, Fiona, Bryant, Jaki, Jarvis and Shine.

Group 2 : Belle, Fiona, Bryant, Jaki, Jarvis and Shine.
Mobile phone based environment control/security system Christopher Carroll B.E. Electronic and Computer Engineering.

Mobile phone based environment control/security system Christopher Carroll B.E. Electronic and Computer Engineering.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.

Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
© 2009 Research In Motion Limited Methods of application development for mobile devices.

© 2009 Research In Motion Limited Methods of application development for mobile devices.
Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.

Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.
How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.

How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.
Indoor 3D, Cape Town Dec 2013 Tristian Lacroix IndoorLBS.

Indoor 3D, Cape Town Dec 2013 Tristian Lacroix IndoorLBS.
Confidential Company Internal396/155 18-LXE 108 186 Uen PA2Xperia Transfer Mobile 1.1 - Communication Material2014-01-311Company Internal396/155 18-LXE.

Confidential Company Internal396/ LXE Uen PA2Xperia Transfer Mobile Communication Material Company Internal396/ LXE.
CAPSTONE PROJECT: MOBILE PHONE SECURITY TEAM MEMBERS: Javier Castillo Ashley Haigler Mychal Wilson Sara Siddiqui INTERNAL CUSTOMER: Leigh Anne Clevenger.

CAPSTONE PROJECT: MOBILE PHONE SECURITY TEAM MEMBERS: Javier Castillo Ashley Haigler Mychal Wilson Sara Siddiqui INTERNAL CUSTOMER: Leigh Anne Clevenger.
Digital innovation. Introduction Personalised Videos iBeacons Reactive Websites.

Digital innovation. Introduction Personalised Videos iBeacons Reactive Websites.
OCR GCSE ICT DATA CAPTURE METHODS. LESSON OVERVIEW In this lesson you will learn about the various methods of capturing data.

OCR GCSE ICT DATA CAPTURE METHODS. LESSON OVERVIEW In this lesson you will learn about the various methods of capturing data.
EMu New Features 2015 Ian Brown. EMu 4.2 Edit in a single language 4.2 (Previously for multi-lingual systems all languages had to be edited simultaneously)

EMu New Features 2015 Ian Brown. EMu 4.2 Edit in a single language 4.2 (Previously for multi-lingual systems all languages had to be edited simultaneously)

Similar presentations

Ads by Google