Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department.

Slides:



Advertisements
Similar presentations
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
Advertisements

GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.
Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,
Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.
INTRODUCTION TO COMPUTER TECHNOLOGY INTRODUCTION TO THE INTERNET & ELECTRONIC COMMERCE Part 4-Session_1 Akanferi Albert
Monitoring botnets from within Students: Yevgeni Sabin, Alexander Chigirintsev Supervisor: Amichai Shulman Technion - Israel Institute of Technology COMPUTER.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
Melissa Harrigan. Podcasts Podcasts are mini-broadcasts that can be viewed on the internet or downloaded to MP3 players It’s the new way to watch TV or.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
By: Justin Mauss Privacy vs. Convenience. Agenda Finding the Balance: Privacy vs. Convenience Revisit Privacy vs. Convenience Overview of Online Tracking.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Presentation to Integrated Communications Corporation.
On the Security of Picture Gesture Authentication Ziming Zhao †‡, Gail-Joon Ahn †‡, Jeong-Jin Seo †, Hongxin Hu § † Arizona State University ‡ GFS Technology.
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.
Enforcing Concurrent Logon Policies with UserLock.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Network and Systems Security By, Vigya Sharma (2011MCS2564) FaisalAlam(2011MCS2608) DETECTING SPAMMERS ON SOCIAL NETWORKS.
Staying Safe Online Keep your Information Secure.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
2013 Walk MS Online Fundraising Guide. Walk MS: Step by Step Guide Learn How To: Access Your Participant Center Fundraise With Facebook Navigate Your.
Web Application Firewall (WAF) RSA ® Conference 2013.
Windows Tutorial 4 Working with the Internet and
It’s no secret It’s no secret Measuring the security and reliability of authentication via ‘secret’ questions By Schechter, Brush and Egelman ® 2009 Presenter:
2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.
Jhih-sin Jheng 2009/09/01 Machine Learning and Bioinformatics Laboratory.
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.
How to create DNS rule that allow internal network clients DNS access Right click on Firewall Policy ->New- >Access Rule Right click on Firewall.
Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Network Security, CS6262 Richard G. Personal Information Masquerading, Profiling, Snooping.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
1 Robust Defenses for Cross-Site Request Forgery Adam Barth, Collin Jackson, John C. Mitchell Stanford University 15th ACM CCS.
Unconstrained Endpoint Profiling Googling the Internet Ionut Trestian, Supranamaya Ranjan, Alekandar Kuzmanovic, Antonio Nucci Reviewed by Lee Young Soo.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Security Analytics Thrust Anthony D. Joseph (UCB) Rachel Greenstadt (Drexel), Ling Huang (Intel), Dawn Song (UCB), Doug Tygar (UCB)
Cryptography and Network Security Sixth Edition by William Stallings.
Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Usable Privacy and Security and Mobile Social Services Jason Hong
Intrusion Detection System
Secondary Evidence for User Satisfaction With Community Information Systems Gregory B. Newby University of North Carolina at Chapel Hill ASIS Midyear Meeting.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
COMPUTER NETWORKS Hwajung Lee. Image Source:
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
E-Commerce Theories & Practices
Introduction to Cloud Computing
Honeypots Visit for more Learning Resources 1.
Cybersecurity Simplified: Phishing
Presentation transcript:

Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department

Background A ‘secret’ question is the question that will often times be asked as a secondary authentication question Examples include: ‘What is your per’s name?’ ‘What is your favorite song?’ ‘What was the name of your first school?’ This sort of security has appeared on: Gmail, Yahoo! Mail, Hotmail, AOL, Facebook…

Secret Questions Online

Negative Results of Secret Questions A Microsoft study* found that currently implemented secret questions are far from foolproof Focused on top four providers ‘secret’ questions 17% of a user’s friends could guess the answer on first try 13% could do it within 5 tries 13% are statically guessable The study focused on making secret questions easier to remember for the user Have proposed a multiple questions, printing out user answers, among other methods to help users remember * Schechter, S, Brush, A. J., & Egelman, S (2008). It's No Secret: Measuring the security and reliability of authentication via 'secret' questions

Goals A more challenging approach to authentication through the use of the user’s personal knowledge To create a series of questions to identify the user from an invisible/bot intruder or malicious user Bot - a compromised machine which acts autonomously To identify human users from bots by utilizing human interaction with their machines To use the findings from previous studies to create improved secret questions

Characterization Study on Individuals’ Web Usage Patterns A statistical and temporal analysis on 500 users’ 4-month long HTTP port 80 trace at Rutgers was preformed Found that Users tend to visit the same IPs Xiong, H, & Yao, D (2008). Towards Personalized Security: Analysis of Individual Usage Patterns in Organizational Wireless Networks.

User’s Traffic Recognition Ability Experiment methodology: While a user’s surfing, inject arbitrary traffic Ask user to classify traffic as own or bot 7 users, 10-minute sessions Findings: <1% false negative rate - injected bot URLs are easily detected by users 40% false positive rate - tend to classify unknown URLs as malicious 91% false positives are due to third-party content Xiong, H, & Yao, D (2008). Towards Personalized Security: Analysis of Individual Usage Patterns in Organizational Wireless Networks.

Approach We plan on developing questions that are based off of user activities Network Activities Browsing History, s… Physical Events Planned Meetings, Calendar Items… Conceptual Opinions Opinions as derived from s, still conceptual These questions will be generated and then replace the less secure ‘secret questions’

Process Plan to develop a novel approach to secret questions because the areas we are focusing on Are dynamic, personal, and have less vulnerabilities Plan Develop Questions Find out the security of them through a user study Solicit Help from SurveyMonkey Use a Parallel Attack Model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.