authentication
play

Authentication Nashad Safa Rei Safavi-Naini Siamak Shahandashti 2 - PowerPoint PPT Presentation

May 11, 2023 •364 likes •547 views

Privacy-Preserv rving Im Implicit Authentication Nashad Safa Rei Safavi-Naini Siamak Shahandashti 2 Outline Device, Implicit Authentication Usage patterns, authentication decision making Cost: privacy! Our Basic Protocol

  1. Privacy-Preserv rving Im Implicit Authentication Nashad Safa Rei Safavi-Naini Siamak Shahandashti

  2. 2 Outline • Device, Implicit Authentication • Usage patterns, authentication decision making • Cost: privacy! • Our Basic Protocol • Preserves privacy against carrier, benign illegitimate users • Our Improved Protocol • Preserves privacy against malicious illegitimate users as well • Privacy Guarantees, Computation & Communication Cost • Concluding Remarks 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  3. 3 Implicit Authentication • Idea: authentication by device usage pattern • Implicit: does not need user interaction, runs in the background • Usage pattern is compared with history • If conforming: no action • If not conforming: user asked to provide the first factor for authentication • Result: legitimate user not burdened much, illegitimate user caught Authentication Protocol Carrier Device 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  4. 4 Example Scenario App Server 3. Authentication Protocol Jakobsson, Shi, Golle, Chow – USENIX 2009 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  5. 5 Storage of Usage Pattern History Usage pattern history needs to be stored on the carrier side! • Otherwise, loss of device = loss of usage pattern history = ability to mimic (physically or artificially) the usage pattern = loss of authentication security! = loss of privacy! 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  6. 6 Usage Pattern Data • 3 categories of usage pattern data: • 3 rd party (App server / cloud) data: app usage pattern, app data, … • Carrier data: call, sms, data usage patterns, location pattern, … • Device data: WiFi usage pattern, sensor data, device usage pattern, … • Device (, 3 rd party) data needs to be shared with carrier for effective implicit authentication • We claim this is unnecessary! • and propose “privacy - preserving implicit authentication” • Idea: store encrypted usage pattern data 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  7. 7 User Profiles & Authentication • User profile: vector of features • Each feature belongs to a user-specific distribution • Feature distributions are approximated by feature history • On a new reading, a decision is made if it belongs to the distribution • Observation: often the distribution is a collection of clusters e.g. based on time of day 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  8. 8 A Simple Decision Maker • For a distribution 𝐸 , calculate a measure of dispersion 𝑒 • E.g. standard deviation, average absolute deviation (AAD) • On a new reading 𝑦 , calculate the area under the distribution curve between 𝑦 − 𝑒 and 𝑦 + 𝑒 • This ‘similarity measure’ is between 0 and 1 • Can be approximated by the number of points recorded in the history • Only needs comparison, addition, calculation of dispersion 𝑒 −𝑒 +𝑒 𝑦 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  9. 9 Calculation in the Ciphertext Space • Homomorphic Encryption (HE): enables addition in ciphertext space • 𝐼. 𝐹𝑜𝑑 𝑏 + 𝑐 = 𝐼. 𝐹𝑜𝑑 𝑏 ⊕ 𝐼. 𝐹𝑜𝑑 𝑐 • Hence, 𝐼. 𝐹𝑜𝑑 𝑑 ⋅ 𝑏 = 𝑑 ⊙ 𝐼. 𝐹𝑜𝑑(𝑏) • Comparison in the ciphertext space • Possible using homomorphic encryption, but needs interaction • Order-Preserving Symmetric Encryption (OPSE) Boldyreva et al. EuroCrypt’09 • 𝑏 > 𝑐 ⇔ 𝑃𝑄. 𝐹𝑜𝑑 𝑏 > 𝑃𝑄. 𝐹𝑜𝑑 𝑐 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  10. 10 Our Protocol: Idea, Pre-computation Basic idea: • Device sends encrypted readings to carrier periodically, which are stored on the carrier side as history: 𝐼. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 , 𝑃𝑄. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 Pre-computation: • Carrier finds order in history using order-preserving encryptions, finds encrypted median, calculates average absolute deviation (AAD): 𝐼. 𝐹𝑜𝑑 𝐵𝐵𝐸 𝑤 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  11. 11 Our Protocol: Authentication, Update Authentication: • Carrier calculates, sends them to device: 𝐼. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 − 𝐵𝐵𝐸 𝑤 , 𝐼. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 + 𝐵𝐵𝐸 𝑤 • Device decrypts, calculates OP encryptions, sends back: 𝑃𝑄. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 − 𝐵𝐵𝐸 𝑤 , 𝑃𝑄. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 + 𝐵𝐵𝐸 𝑤 • Carrier locates values, counts no. of ciphertexts within the range Update: • If authentication succeeds (either implicit or explicit), update AAD • Only needs a few calculations to account for the difference 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  12. 12 Privacy of our Protocol • Definition based on secure two-party computation guarantees: • Device only learns AAD of history • Carrier only learns order of current reading compared to history • Proven our protocol secure against an honest-but-curious device, an honest-but-curious carrier • User privacy is preserved against carrier • If device stolen or lost, user privacy preserved against illegitimate users, as long as the device is not ‘hacked’ • For ‘hacked’ devices, need to consider privacy against malicious devices 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  13. 13 Improving Security • To achieve security against malicious devices: • Device required to send a proof of knowledge of plaintext with the ciphertext 𝐼. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 Baudron et al. PODC’01 • Order-preserving encryption replaced by interaction with device to compare ciphertexts • Compare 𝑃𝑄. 𝐹𝑜𝑑 𝑤 𝑢 𝑗 ± 𝐵𝐵𝐸 𝑤 with history records via binary tree search • log ℓ rounds of interaction for a history of size ℓ • Proven our protocol secure against a malicious device • If device stolen or lost, user privacy preserved, even if device ‘hacked’ 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  14. 14 Comparing Homomorphic Ciphertexts • Goal: compare 𝑏, 𝑐 given 𝐼. 𝐹𝑜𝑑 𝑏 , 𝐼. 𝐹𝑜𝑑(𝑐) , device has key • Naïve: send to device, get response, but device learns 𝑏, 𝑐 , might cheat • Equivalent: Calculate 𝐼. 𝐹𝑜𝑑 𝑏 − 𝑐 , compare with zero • Randomise: 𝐼. 𝐹𝑜𝑑 𝑠(𝑏 − 𝑐) , so device does not learn 𝑏 − 𝑐 , but still might cheat • Mix with 𝑙 − 1 other values 𝐼. 𝐹𝑜𝑑 𝑑 𝑗 for known 𝑑 𝑗 , now device might still cheat, but will be caught with high probability 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  15. 15 Computation & Communication Cost Cost of privacy for device: encryption • Basic protocol: • 3 homomorphic, 3 order-preserving encryptions • Authentication: 300ms on 2.66 GHz single-core processor • Only 2 rounds of communication • Improved protocol: • 𝑙 log ℓ homomorphic encryptions for security parameter 𝑙 • Authentication failure discovered 4 seconds with 𝑙 = 2 , ℓ = 100 • log ℓ rounds of communication 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  16. 16 Final Remarks • Implicit authentication improves security without degrading usability • However it requires giving up on privacy! Is this necessary? • We proposed privacy-preserving implicit authentication • Guarantees privacy against carrier, also illegitimate users in case of loss of device • Does not incur prohibitive extra computation, communication cost • A step towards showing that the trade-off between privacy & security is a false one! 4 June 2014 IFIP SEC 2014 ncl.ac.uk

  17. Thank you! Full version: eprint.iacr.org/2014/203 Contact me: siamak.shahandashti@ncl.ac.uk www.esperez.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Compiler Construction Lecture 11: Syntax Analysis VIII ( LALR (1) Parsing & Practical Issues)

Compiler Construction Lecture 11: Syntax Analysis VIII ( LALR (1) Parsing & Practical Issues)

Compiler Construction Lecture 11: Syntax Analysis VIII ( LALR (1) Parsing & Practical Issues) Thomas Noll Lehrstuhl f ur Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de

829 views • 79 slides
Basic Local Alignment Search Tool A blast from the past... AGATCAC A G A T C A C CGACAG

Basic Local Alignment Search Tool A blast from the past... AGATCAC A G A T C A C CGACAG

Basic Local Alignment Search Tool A blast from the past... AGATCAC A G A T C A C CGACAG 0 0 0 0 0 0 0 0 C 0 0 0 0 0 5 0 5 G 0 0 5 0 0 0 1 0 A 0 5 0 10 4 0 5 0 C 0 0 1 4 6 9 3 10 A GATCA 0 5

693 views • 10 slides
Decidable and Undecidable Fragments of Halpern and Shohams Interval Temporal Logic: Towards a

Decidable and Undecidable Fragments of Halpern and Shohams Interval Temporal Logic: Towards a

Decidable and Undecidable Fragments of Halpern and Shohams Interval Temporal Logic: Towards a Complete Classification LPAR - 2008 Davide Bresolin, University of Verona (Italy) Dario Della Monica , University of Udine (Italy) Angelo Montanari,

807 views • 58 slides
CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of

CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of

4.1 CS356 Unit 4 Intro to x86 Instruction Set 4.2 Why Learn Assembly To understand something of the limitation of the HW we are running on Helpful to understand performance To utilize certain HW options that high-level languages

954 views • 81 slides
UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident Response Models for Information and Resource Sharing Yun Zhang, Farhan Patwa , Ravi Sandhu Institute for Cyber Security University of Texas at

711 views • 20 slides
Engaging & Communicating with Hard -to- Reach Populations Public Health Communications

Engaging & Communicating with Hard -to- Reach Populations Public Health Communications

Engaging & Communicating with Hard -to- Reach Populations Public Health Communications Webinar Series June 25, 2019 Webinar Objectives Identify challenges to engaging hard -to- reach communities around public health issues

943 views • 55 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Asymptotics for Empirical Process and Bootstrap Marquis Hou University of California

Asymptotics for Empirical Process and Bootstrap Marquis Hou University of California

Asymptotics for Empirical Process and Bootstrap Marquis Hou University of California j7hou@ucsd.edu Marquis Hou (UCSD) Learning Proofs 1 / 16 Overview Introduction 1 Empirical Process on R 2 Glivenko-Cantelli Theorem C` adl` ag space

505 views • 16 slides

More recommend