SmartAuth: Dynamic context fingerprinting for continuous user authentication

Proceedings of the ACM Symposium on Applied Computing

Volumn 13-17-April-2015, Issue , 2015, Pages 2185-2191

  Preuveneers, Davy ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

MOBILE DEVICES; MOBILE TELECOMMUNICATION SYSTEMS;

AUTHENTICATION SCHEME; CONTEXT INFORMATION; DYNAMIC CONTEXTS; IDENTITY AND ACCESS MANAGEMENTS; PRIVACY PREFERENCES; STATE OF PRACTICE; STRONG PASSWORD; USER AUTHENTICATION;

AUTHENTICATION;

EID: 84955451539     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2695664.2695908     Document Type: Conference Paper

References (25)

1. A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino. Privacy preserving multi-factor authentication with biometrics. In Proceedings of the Second ACM Workshop on Digital Identity Management, DIM '06, pages 63-72, New York, NY, USA, 2006. ACM.
2. A. Bifet, J. Read, B. Pfahringer, G. Holmes, and I. Zliobaite. Cd-moa: Change detection framework for massive online analysis. In A. Tucker, F. Höppner, A. Siebes, and S. Swift, editors, IDA, volume 8207 of Lecture Notes in Computer Science, pages 92-103. Springer, 2013.
3. J. Bonneau, C. Herley, P. C. V. Oorschot, and F. Stajano. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 553-567, Washington, DC, USA, 2012. IEEE Computer Society.
4. S. Chabridon, R. Laborde, T. Desprats, A. Oglaza, P. Marie, and S. M. Marquez. A survey on addressing privacy together with quality of context for context management in the internet of things. Annales des Télécommunications, 69(1-2):47-62, 2014.
5. B. Chen, L. H. Nguyen, and A. W. Roscoe. When context is better than identity: Authentication by context using empirical channels. In B. Christianson, B. Crispo, J. A. Malcolm, and F. Stajano, editors, Security Protocols XIX - 19th International Workshop, Cambridge, UK, March 28-30, 2011, Revised Selected Papers, volume 7114 of Lecture Notes in Computer Science, pages 115-125. Springer, 2011.
6. W. Cheswick. Rethinking passwords. Commun. ACM, 56(2):40-44, Feb. 2013.
7. M. D. Corner and B. D. Noble. Zero-interaction Authentication. In Proceedings of the 8th Annual International Conference on Mobile Computing and Networking, MobiCom '02, pages 1-11, New York, NY, USA, 2002. ACM.
8. D. E. Denning and P. F. MacDoran. Internet besieged. chapter Location-based Authentication: Grounding Cyberspace for Better Security, pages 167-174. ACM Press/Addison-Wesley Publishing Co., New York, NY, USA, 1998.
9. P. Domingos and G. Hulten. Mining high-speed data streams. In Proceedings of the Sixth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD '00, pages 71-80, New York, NY, USA, 2000. ACM.
10. P. Eckersley. How unique is your web browser? In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, PETS'10, pages 1-18, Berlin, Heidelberg, 2010. Springer-Verlag.
11. E. Grosse and M. Upadhyay. Authentication at scale. IEEE Security and Privacy, 11:15-22, 2013.
12. R. P. Guidorizzi. Security: Active authentication. IT Professional, 15(4):4-7, 2013.
13. E. Hayashi, S. Das, S. Amini, J. Hong, and I. Oakley. CASA: Context-aware Scalable Authentication. In Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS '13, pages 3:1-3:10, New York, NY, USA, 2013. ACM.
14. T. Henry. Adaptive Access Control Brings Together Identity, Risk and Context. Gartner Report. https://www.gartner.com/doc/2578515/adaptiveaccess- control-brings-identity, Aug 2013.
15. M. Jakobsson and M. Dhiman. The benefits of understanding passwords. In Proceedings of the 7th USENIX conference on Hot Topics in Security, HotSec'12, page 10, Berkeley, CA, USA, 2012. USENIX Association.
16. W. Jensen, S. Gavrila, and V. Korolev. Proximity-Based Authentication for Mobile Devices. In Proceedings of The 2005 International Conference on Security and Management, pages 398-404, June 2005.
17. R. Koch, M. Golling, and G. D. Rodosek. Geolocation and Verification of IP-Addresses with Specific Focus on IPv6. In G. Wang, I. Ray, D. Feng, and M. Rajarajan, editors, CSS, volume 8300 of Lecture Notes in Computer Science, pages 151-170. Springer, 2013.
18. A. Manzoor, H. L. Truong, and S. Dustdar. Quality of context: models and applications for context-aware systems in pervasive environments. Knowledge Eng. Review, 29(2):154-170, 2014.
19. N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP '13, pages 541-555, Washington, DC, USA, 2013. IEEE Computer Society.
20. H. Nissenbaum. A Contextual Approach to Privacy Online. Daedalus, 140(4):32-48, 2011.
21. J. Oliver, C. Cheng, and Y. Chen. Tlsh - a locality sensitive hash. In Proceedings of the 2013 Fourth Cybercrime and Trustworthy Computing Workshop, CTC '13, pages 7-13, Washington, DC, USA, 2013. IEEE Computer Society.
22. V. Roussev. Data fingerprinting with similarity digests. In Advances in Digital Forensics VI - Sixth IFIP WG 11.9 International Conference on Digital Forensics, Hong Kong, China, January 4-6, 2010, Revised Selected Papers, pages 207-226, 2010.
23. B. Schneier. Schneier on Security. Risk-Based Authentication. https://www.schneier.com/blog/archives/2013/11/risk-based.html, Nov. 2013.
24. E. Shi, Y. Niu, M. Jakobsson, and R. Chow. Implicit authentication through learning user behavior. Information Security, pages 99-113, 2011.
25. Verizon. 2013 Data Breach Investigations Report. http://www.verizonenterprise.com/resources/reports/rpdata-breach-investigations-report-2013enxg.pdf, 2013.