2015 GenCyber Cybersecurity Workshop Mobile Phone SecurityJuly 10, 2015 Design and User Acceptability Testing of Secure Mobile Phone Authentication Mechanism.

Slides:



Advertisements
Similar presentations
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 9 Emerging Trends and Technologies: Business, People,
Advertisements

Touch-Screen Mobile- Device Data Collection for Biometrics Studies W. Ciaurro, B. Major, D. Martinez, D. Panchal, G. Perez, M. Rana, R. Rana, R. Reyes,
Automation of the home, housework or household activity. Linked systems/appliances to centralized control. Remote monitoring of the home from a tabletop.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Using Apple iBeacons to Deliver Context-Aware Social Data CON8918 Chris Bales Director of Client Development Oracle Social Network Anthony Lai UX Architext.
What’s new in this release? September 6, Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.
Copyright 2007, Paradigm Publishing Inc. EXCEL 2007 Chapter 6 BACKNEXTEND 6-1 LINKS TO OBJECTIVES Workbook properties Workbook properties Workbook Sharing.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Group 2 : Belle, Fiona, Bryant, Jaki, Jarvis and Shine.
Mobile phone based environment control/security system Christopher Carroll B.E. Electronic and Computer Engineering.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
© 2009 Research In Motion Limited Methods of application development for mobile devices.
Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.
How secure is Darren Adams, Kyle Coble, and Lakshmi Kasoji.
Indoor 3D, Cape Town Dec 2013 Tristian Lacroix IndoorLBS.
Confidential Company Internal396/ LXE Uen PA2Xperia Transfer Mobile Communication Material Company Internal396/ LXE.
CAPSTONE PROJECT: MOBILE PHONE SECURITY TEAM MEMBERS: Javier Castillo Ashley Haigler Mychal Wilson Sara Siddiqui INTERNAL CUSTOMER: Leigh Anne Clevenger.
Digital innovation. Introduction Personalised Videos iBeacons Reactive Websites.
OCR GCSE ICT DATA CAPTURE METHODS. LESSON OVERVIEW In this lesson you will learn about the various methods of capturing data.
EMu New Features 2015 Ian Brown. EMu 4.2 Edit in a single language 4.2 (Previously for multi-lingual systems all languages had to be edited simultaneously)
App Rights or wrongs ? A look at smartphone apps or: why RTFM* is not just important for geeks and “computer types” * = Read The F+*#ing (or “Fine”) Manual.
 Definition  Components  Advantages  Limitations Contents  Definition Definition  Functions Functions.
DATA COLLECTION METHODS CONTENT PAGE How data is collected via questionnaires. How data is collected via questionnaires. How data is collected with mark.
Intelligently Converting Online Consumers into Offline Shoppers Peje Kharrazi | VP National Ad Sales| Can Mobile Ads Work to Drive.
GEOREMINDERS ANDROID APPLICATION BY: ADRIENNE KECK.
Ignite Presentation: Near Field Communication Harry Yang.
Frequently Asked Questions NCSC Product Certification Payroll Anytime, Anywhere!
SecureLocation Abhinav Tyagi. What is SecureLocation? SecureLocation demonstrate use of BluetoothLE based beacons for securing a region. The application.
Getting the most out of ArcGIS Web Application Templates
Maryam Mehrnezhad Feng Hao Siamak F. Shahandashti Newcastle university, UK CryptoForma meeting, Belfast 4 May 2015 Tap-Tap and Pay (TTP): Preventing The.
Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.
A Use Case Primer 1. The Benefits of Use Cases  Compared to traditional methods, use cases are easy to write and to read.  Use cases force the developers.
Rick Conrad Efrain Lopez III Saeed Noori. What is Experience Sampling? Survey method People’s experiences Real-time Format Paper and Pencil Handheld devices.
The rising standards of EU Mobile Payments October 2015 Jeremy King, International Director.
Payment and Wireless Technologies. Engineering Services. July 2015.
FriendFinder Location-aware social networking on mobile phones.
Copyright 2014 by Persona GLOBAL, Inc. All rights reserved PC GAMEPLAN Application.
PAYware Mobile Android Comparison June 2013 For Internal Use Only.
Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.
Company LOGO Network Architecture By Dr. Shadi Masadeh 1.
Dextrosoft SCHEDULED PHONE BACKUP Backup your mobile life Version Copyright © 2015 Dextrosoft Private Limited. All Rights Reserved.
Automated Data Capture Technologies O It is often necessary or convenient to capture data automatically, for example the delivery of a package by an Cable.
Thobani Shaba COSC 101.  What is an Operating System  What is iOS?  History  Features  iOS Jailbreaking  Conclusion.
Near Field Communication Armando Octavio Yesenia Sunny Nidia.
BEACONS Grabbing Attention, Enticing Patrons. BEACONS Low-cost pieces of hardware Small enough to attach to a Wall Surface Counter-top Uses battery-friendly.
| Mobile Accessibility Development Making an Accessible App Usable Scott McCormack.
By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.
training-in-chennai.
Fundamentals of Information Systems, Sixth Edition
iPhones and iPads and iTunes, Oh My!
DATA SECURITY FOR MEDICAL RESEARCH
English for Advance Learners I
Computer-User-Input Behavioral Biometrics Dr. Charles C
Computer-User-Input Behavioral Biometrics The Biometrics we focus on at Pace University Dr. Charles C. Tappert Seidenberg School of CSIS, Pace University.
Mobile Application Development
HID Mobile Access Bringing the Magic Back to PACS Brian Bloomingdale
ETS Inside Product Launch
OCR GCSE ICT Data capture methods.
OCR GCSE ICT Data capture methods.
Cesar Lomeli.
MetaShare, Powered by Azure, Gives SharePoint a User-Friendly, Intuitive User Interface and Added App Features with No Added Administrative Tasks OFFICE.
ETS Inside Product Launch
Wearable Sensors: Creating Research Projects for New Technologies
Computer-User-Input Behavioral Biometrics Dr. Charles C
This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.
2N Access Unit 2.0 Multi-technology access control readers.
PLANNING A SECURE BASELINE INSTALLATION
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Computer-User-Input Behavioral Biometrics Dr. Charles C
Presentation transcript:

2015 GenCyber Cybersecurity Workshop Mobile Phone SecurityJuly 10, 2015 Design and User Acceptability Testing of Secure Mobile Phone Authentication Mechanism Based on Fingerprint Sensing and Geo-Fencing LEIGH ANNE CLEVENGER PACE UNIVERSITY DOCTOR OF PROFESSIONAL STUDIES IN COMPUTING PROGRAM

2015 GenCyber Cybersecurity Workshop Acknowledgements  The authors to would like to thank Verizon for sponsoring the study. This study is solely the independent work of the authors. Any Verizon documents and trademarks included in this paper are the property of Verizon and are reproduced with permission.

2015 GenCyber Cybersecurity Workshop Project Overview  To come up with a unique user authentication mechanism to achieve phone security without the user having to enter a passcode to unlock their phone

2015 GenCyber Cybersecurity Workshop Agenda  Deciding on project details  Use Cases  Hardware and Software choices  Tasks Accomplished  Operation of user authentication app  Survey of interest in password-free security  New Directions for Future Projects  Smartwatch sensors

2015 GenCyber Cybersecurity Workshop User Story Under Consideration Unlock Student’s Phone in Dorm Room  A user story is a tool used in Agile software development to capture a description of a software feature from an end - user perspective. The user story describes the type of user, what they want and why. A user story helps to create a simplified description of a requirement.  User stories were developed keeping in mind the following:  Do they reflect the user’s mental model of protection?  Is the mechanism psychologically acceptable?  Is it close to transparent to the users?  Does it fit with their natural phone interactions?  Focus: student’s phone will unlock in their dorm room and lock at other times. This can be extended for future use cases.

2015 GenCyber Cybersecurity Workshop Tasks Accomplished  A survey was conducted to evaluate user interest in a password-free mobile device authentication mechanism  An iOS app “Authenticator” was designed with authentication functionality based on fingerprint sensing and location information.  Developed by Tanya Sahin

2015 GenCyber Cybersecurity Workshop Security Mechanisms  Widely used today:  Passwords / PINs  Pattern locks  Using an unlock mechanism would make it harder for unauthorized users to access valuable data

2015 GenCyber Cybersecurity Workshop Burden of PIN-code Entry  Frequency of entering PIN-code  Although locking a phone may provide maximum protection, it also decreases usability by increasing PIN-code entry burden  As a result companies have launched user specific and easy unlock mechanisms:  Touch ID fingerprint reader (Apple and Samsung)

2015 GenCyber Cybersecurity Workshop User Authentication Mechanisms  Bluetooth Low Energy (BLE) and Beacons  NFC (Near Field Communication)  Geofencing  Sensor capabilities 9

2015 GenCyber Cybersecurity Workshop iBeacons and Geofencing  iBeacon is Apple's implementation of Bluetooth low-energy (BLE) wireless technology to provide location-based information and services to iPhones and other iOS devices.implementation of Bluetooth low-energy (BLE) wireless technology  The beacons themselves are small, cheap Bluetooth transmitters. Apps installed on your iPhone listen out for the signal transmitted by these beacons and respond accordingly when the phone comes into range.  For example, if you pass a beacon in a shop, the retailer's app (assuming you have it installed) could display a special offer alert for you. On a visit to a museum, the museum's app would provide information about the closest display, using your distance from beacons placed near exhibits to work out your position

iBeacons

2015 GenCyber Cybersecurity Workshop Geo-fencing  Geofencing is a feature in a software program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries.  Our app uses iBeacons to define the geofence. When user enters the defined geofence, phone unlocks automatically

2015 GenCyber Cybersecurity Workshop Programming Tasks Accomplished  An iOS app “Authenticator” was designed with authentication functionality based on fingerprint sensing and geofencing with Beacons  Since third party apps are not allowed to unlock the phone in iOS, successful authentication into the app displays some sensitive content  Display of sensitive information should be a useful example for user authentication using biometrics and geofencing

2015 GenCyber Cybersecurity Workshop Authenticator - New iOS App  Supports three means of authentication:  geofencing using iBeacon when in range of iBeacon  fingerprint biometrics (TouchID) if outside of iBeacon range  password as fallback  Displays sensitive content if authentication is successful

2015 GenCyber Cybersecurity Workshop Authenticator - iBeacons  Use CoreLocation framework to sense for iBeacons with specific UUID  If beacon is ranged the app bypasses the authentication screen and proceeds to the confidential content right away  If no beacon is ranged biometric authentication with Touch ID will be attempted next

Authenticator - Touch ID  fingerprints are evaluated using the method TouchIDevaluatePolicy —> sensitive content is unlocked  choice of Verizon statement or Terms (exemplary for sensitive content)

Authenticator - Document Access

Authenticator - Password Fallback  password prompt if beacons not in range (or user chose to not share location) and TouchID not available  set the UIA ApplicationExitsOnSus pend flag in the info.plist to true —> prevents the app from running in the background

2015 GenCyber Cybersecurity Workshop Survey Results  The survey consisted of 10 questions, most multiple choice with a few fill- in data boxes.  Based on the results of the survey, the popular way of securing the mobile device seems to be with a password/PIN authentication with 54% of the participants.  As an alternate to password or swipe pattern entry, 73% of the participants stated in the survey that they would be most comfortable with interacting with the device with fingerprint or face recognition scan.  60% of the participants felt that fingerprint sensing is a more secure authentication than password/PIN authentication or other authentication mechanism.  Most people were unaware of NFC/ Geofencing based authentication mechanisms. Only 38% had similar apps installed on their phones  Majority of the people said they are uncomfortable having an app that requires location and bluetooth services turned on all the time  Overall, participants want a simple and easy way of unlocking their mobile device within minimal time, also giving them a secure feeling.

2015 GenCyber Cybersecurity Workshop Future Work  A research study can be conducted for usability testing of designed apps and to test the comfort level of people with the current authentication mechanisms vs. the designed mechanism  Other physiological and behavioral sensors on smartphones and smartwatches can be used for user authentication.  Sensor data can be read using apps available from the Google Playstore or Apple AppStore or using a free, open source Software Development Kit for Android or iOS

Smartwatches and their Sensors - July 2015 (1 of 2) 21

Smartwatches and their Sensors - July 2015 (2 of 2) 22

2015 GenCyber Cybersecurity Workshop References for Smartwatches and Smartphones to get you started – more added every day  Smartwatches:   motorola-moto-360-vs-samsung-gear-live.html motorola-moto-360-vs-samsung-gear-live.html   devices/microsoft-band-5-things-you-need-to-know devices/microsoft-band-5-things-you-need-to-know  Galaxy S5 (has a lot of sensors, and open source android software development kit)   hidden-features/ hidden-features/  orbox orbox  /SM-G900F_UM_EU_Kitkat_Eng_D06_ pdf /SM-G900F_UM_EU_Kitkat_Eng_D06_ pdf 23

2015 GenCyber Cybersecurity Workshop Contributors  Spring 2015 Pace University Master’s Students Nikhita Gopidi Nishant Patel Nitish Pisal Tanya Sahin Shreyansh Shah Sara Siddiqui  Customers Dr Kalyanasundaram, Verizon Dr Charles Tappert, CSIS Leigh Anne Clevenger, DPS’ 16 Javid Maghsoudi, DPS’ 16 Vinnie Monaco, PhD’ 15

2015 GenCyber Cybersecurity Workshop Copyright for Material Reuse  Copyright© 2015 Leigh Anne Clevenger and Charles Tappert Pace University. Please properly acknowledge the source for any reuse of the materials as below.  Leigh Anne Clevenger and Charles Tappert, 2015 GenCyber Cybersecurity Workshop, Pace University  Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation. A copy of the license is available at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.