Nathan L. Clarke

Authenticating mobile phone users using keystroke analysis

Mobile handsets have found an important place in modern society, with hundreds of millions currently in use. The majority of these devices use inherently weak authentication mechanisms, based upon passwords and PINs. This paper presents a feasibility study into a biometric-based technique, known as keystroke analysis – which authenticates the user based upon their typing characteristic. In particular, this paper identifies two typical handset interactions, entering telephone numbers and typing text messages, and seeks to authenticate the user during their normal handset interaction. It was found that neural network classifiers were able to perform classification with average equal error rates of 12.8%. Based upon these results, the paper concludes by proposing a flexible and robust framework to permit the continuous and transparent authentication of the user, thereby maximising security and minimising user inconvenience, to service the needs of the insecure and evermore functional mobile handset.

Advanced user authentication for mobile devices

As mobile devices continue to evolve in terms of the capabilities and services offered, so they introduce additional demands in terms of security. An issue that has traditionally been poorly served is user authentication, with the majority of devices relying upon problematic secret knowledge approaches. This paper proposes the use of more advanced biometric methods as an alternative. After considering the general range of available techniques and their applicability to mobile devices, the discussion focuses upon the concept of keystroke analysis. Results of a practical evaluation are presented based upon the entry of both telephone numbers and text messages on a mobile phone. The findings reveal the technique to have promise for certain users with average error rates below 5%. The paper then proceeds to explain how the accuracy could be further improved by incorporating keystroke analysis within a composite authentication mechanism that utilises a portfolio of authentication techniques to provide robust, accurate and transparent authentication of the user.

From desktop to mobile: Examining the security experience

The use of mobile devices is becoming more commonplace, with data regularly able to make the transition from desktop systems to pocket and handheld devices such as smartphones and PDAs. However, although these devices may consequently contain or manipulate the same data, their security capabilities are not as mature as those offered in fully-fledged desktop operating systems. This paper explores the availability of security mechanisms from the perspective of a user who is security-aware in the desktop environment and wishes to consider utilising similar protection in a mobile context. Key issues of concern are whether analogous functionality can be found, and if so, whether it is offered in a manner that parallels the desktop experience (i.e. to ensure understanding and usability). The discussion is supported by an examination of the Windows XP and Windows Mobile environments, with specific consideration given to the facilities available for user authentication, secure connectivity, and content protection on the devices. It is concluded that although security aspects receive some attention, the provided means generally suffer from usability issues or limitations that would prevent a user from achieving the same level of protection that they might enjoy in the desktop environment.

Beyond the PIN: Enhancing user authentication for mobile devices

There is now an increasing need for an enhanced level of user authentication on mobile devices. In this article, Steven Furnell, Nathan Clarke and Sevasti Karazouni begin by examining the existing provision, which is dominated by PIN and password-based approaches. They established that these may be both inconvenient and inadequate for securing modern devices and services. Mobile devices have changed significantly over the last decade, in terms of both their form factor and underlying capabilities. The introduction of third generation (3G) technologies has provided the underlying mechanism for a wide variety of innovative data-orientated services, with approximately one million users every day adopting these new features. 1

Acceptance of Subscriber Authentication Methods For Mobile Telephony Devices

Mobile phones are now an accepted part of everyday life, with users becoming more reliant on the services that they can provide. In the vast majority of systems, the only security to prevent unauthorized use of the handset is a four digit Personal Identification Number (PIN). This paper presents the findings of a survey into the opinions of subscribers regarding the need for security in mobile devices, their use of current methods, and their attitudes towards alternative approaches that could be employed in the future. It is concluded that, although the need for security is understood and appreciated, the current PIN-based approach is under-utilized and can, therefore, be considered to provide inadequate protection in many cases. Surveyed users responded positively towards alternative methods of authentication, such as fingerprint scanning and voice verification. Based upon these findings, the paper concludes that a non-intrusive, and possibly hybrid, method of authentication (using a combination of techniques) would best satisfy the needs of future subscribers.

Power to the people? The evolving recognition of human aspects of security

It is perhaps unsurprising to find much of the focus in IT and computer security being drawn towards the technical aspects of the discipline. However, it is increasingly recognised that technology alone cannot deliver a complete solution, and there is also a tangible need to address human aspects. At the core, people must understand the threats they face and be able to use the protection available to them, and although this has not been entirely ignored, it has not received the level of attention that it merits either. Indeed, security surveys commonly reveal that the more directly user-facing aspects such as policy, training and education are prone to receiving significantly less attention than technical controls such as firewalls, antivirus and intrusion detection. The underlying reason for such disparity is that the human aspects are in many ways a more challenging problem to approach, not least because they cannot be easily targeted with a product-based solution. There is also a direct overlap into the technical area, with issues such as the usability and acceptability of technology solutions having a direct impact upon the actual protection that they are able to deliver. This paper explores these themes, highlighting the need for human aspects to form part of a holistic security strategy alongside the necessary technologies. Taking the specific examples of security awareness and two user-facing technical controls (user authentication and antivirus), the discussion examines how things have evolved to the present day and considers how they need to be positioned for the future.

A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm

Intrusion Detection Systems (IDSs) play a vital role in the overall security infrastructure. Although the IDS has become an essential part of corporate network infrastructure, the art of detecting intrusion is still far from perfect. A significant problem is that of false alarms, as generating a huge volume of such alarms could render the system inefficient. In this paper, we propose a new method to reduce the number of false alarms. We develop a two-stage classification system using a SOM neural network and K-means algorithm to correlate the related alerts and to further classify the alerts into classes of true and false alarms. Preliminary experiments show that our approach effectively reduces all superfluous and noisy alerts, which often contribute to more than 50% of false alarms generated by a common IDS.

Keystroke Analysis for Thumb-based Keyboards on Mobile Devices

The evolution of mobile networking has opened the door to a wide range of service opportunities for mobile devices, increasing at the same time the sensitivity of the information stored and access through them. Current PIN-based authentication has proved to be an insufficient and an inconvenient approach. Biometrics have proven to be a reliable approach to identity verification and can provide a more robust means of security, as they rely upon personal identifiers. Amongst various biometric techniques available, keystroke analysis combines features that can offer a cost effective, non-intrusive and continuous authentication solution for mobile devices. This research has been undertaken in order to investigate the performance of keystroke analysis on thumb-based keyboards that are being widely deployed upon PDA’s and Smartphone devices. The investigation sought to authenticate users whilst typing text messages, using two keystroke characteristics, the inter-keystroke latency and hold-time. The results demonstrate the approach to be promising, achieving an average EER=12.2% with the inter-keystroke latency based upon 50 participants. Uniquely to this tactile environment however, the hold-time characteristic, did not prove to be a reliable feature to be utilised.

An agent based business aware incident detection system for cloud environments

AbstractClassic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous agents, which are aware of underlying business driven intercommunication of cloud services. This enables the presented SAaaS architecture to be flexible and to supported cross customer event monitoring within a cloud infrastructure. A contribution of this paper it to provide a high-level design of the SAaaS architecture, an introduction into the proposed Security Business Flow Language (SBFL), a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture. It is shown that autonomous agents and behaviour analysis are fertile approaches to detect cloud specific security problems and can create a cloud audit system.

Evaluation of anomaly‐based IDS for mobile devices using machine learning classifiers

Mobile devices have evolved and experienced an immense popularity over the last few years. This growth however has exposed mobile devices to an increasing number of security threats. Despite the variety of peripheral protection mechanisms described in the literature, authentication and access control cannot provide integral protection against intrusions. Thus, a need for more intelligent and sophisticated security controls such as intrusion detection systems (IDSs) is necessary. Whilst much work has been devoted to mobile device IDSs, research on anomaly-based or behaviour-based IDS for such devices has been limited leaving several problems unsolved. Motivated by this fact, in this paper, we focus on anomaly-based IDS for modern mobile devices. A dataset consisting of iPhone users data logs has been created, and various classification and validation methods have been evaluated to assess their effectiveness in detecting misuses. Specifically, the experimental procedure includes and cross-evaluates four machine learning algorithms (i.e. Bayesian networks, radial basis function, K-nearest neighbours and random Forest), which classify the behaviour of the end-user in terms of telephone calls, SMS and Web browsing history. In order to detect illegitimate use of service by a potential malware or a thief, the experimental procedure examines the aforementioned services independently as well as in combination in a multimodal fashion. The results are very promising showing the ability of at least one classifier to detect intrusions with a high true positive rate of 99.8%. Copyright