Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer.

Slides:



Advertisements
Similar presentations
The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,
Advertisements

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Chapter 21 Successfully Implementing The Information System
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Scheduling with Uncertain Resources Reflective Agent with Distributed Adaptive Reasoning RADAR.
Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lecture 11 Reliability and Security in IT infrastructure.
Searching and Researching the World Wide: Emphasis on Christian Websites Developed from the book: Searching and Researching on the Internet and World Wide.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Maintaining and Updating Windows Server 2008
Website Design. Designing and creating different elements involved in developing a website for e- commerce can help you identify and describe the components.
INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.
DashCommerce Infrastructure Tool. What is ? dashCommerce is an open source ecommerce software that you can use to set up your online store developed with.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Data Security.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.
Research paper: Web Mining Research: A survey SIGKDD Explorations, June Volume 2, Issue 1 Author: R. Kosala and H. Blockeel.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
On the Security of Picture Gesture Authentication Ziming Zhao †‡, Gail-Joon Ahn †‡, Jeong-Jin Seo †, Hongxin Hu § † Arizona State University ‡ GFS Technology.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Golden College Project IS3500 : Information Systems Design & Development - Martin Schedlbauer Anthony Kelley - Jackson MacKenzie - James Martinez - Alexa.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Detecting Client-side Exploits with Honeyclients Kathy Wang The Honeyclient Project 9/17/2008RAID 2008.
It’s no secret Measuring the security and reliability of authentication via ‘secret’ questions Stuart Schechter, A. J. Bernheim Brush, Serge Egelman IEEE.
Cloud Computing.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 2 This material was developed by Oregon Health.
It’s no secret It’s no secret Measuring the security and reliability of authentication via ‘secret’ questions By Schechter, Brush and Egelman ® 2009 Presenter:
Eric Holtel.  Introduction  Project Description  Demonstration  Deliverables  Conclusion.
CS480 Computer Science Seminar Introduction to Microsoft Solutions Framework (MSF)
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
Jhih-sin Jheng 2009/09/01 Machine Learning and Bioinformatics Laboratory.
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Introduction. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.
Semantics for Cybersecurity and Privacy Tim Finin, UMBC Joint work with Anupam Joshi, Karuna Joshi, Zareen Syed andmany UMBC graduate students
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Promotion of e-Commerce sites. A business which uses e- commerce to trade online must also advertise. Several traditional methods can be used, such as.
Just-in-Time Social Cloud: Computational Social Platform to Guide People’s Just-in-Time Decisions Author:Kwan Hong Lee, Andrew Lippman, Alex S. Pentland,
Faculty of Informatics and Information Technologies Slovak University of Technology Personalized Navigation in the Semantic Web Michal Tvarožek Mentor:
NUOL Internet Application Services Midterm presentation 22 nd March, 2004.
Secui.com Goh, Kyeongwon Secui.com Goh, Kyeongwon GRID Security Infrastructure
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Retroactive Answering of Search Queries Beverly Yang Glen Jeh.
Security Analytics Thrust Anthony D. Joseph (UCB) Rachel Greenstadt (Drexel), Ling Huang (Intel), Dawn Song (UCB), Doug Tygar (UCB)
Types of websites and improving user experience UNIT 13 – WEBSITE DEVELOPMENT.
A Social Approach to Security: Using Social Networks to Help Detect Malicious Web Content Michael Robertson, Yin Pan, and Bo Yuan Department of Networking,
Text Information Management ChengXiang Zhai, Tao Tao, Xuehua Shen, Hui Fang, Azadeh Shakery, Jing Jiang.
Thepul Ginige Lecture-5 Implementation of Information System Part - I Thepul Ginige.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
A Seminar On. What is Cloud Computing? Distributed computing on internet Or delivery of computing service over the internet. Eg: Yahoo!, GMail, Hotmail-
Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.
Chapter 21 Successfully Implementing The Information System.
Introduction to Cloud Computing
Virus Attack Final Presentation
Lecture-5 Implementation of Information System Part - I Thepul Ginige
Anupam Das , Nikita Borisov
Exploring DOM-Based Cross Site Attacks
Cross Site Request Forgery (CSRF)
Chapter 21 Successfully Implementing The Information System
Presentation transcript:

Building Robust and Automatic Authentication Systems with Activity- Based Personal Questions Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department

Background A ‘secret’ question is the question that will often times be asked as a secondary authentication question Examples include: ‘What is your per’s name?’ ‘What is your favorite song?’ ‘What was the name of your first school?’ This sort of security has appeared on: Gmail, Yahoo! Mail, Hotmail, AOL, Facebook…

Secret Questions Online

Negative Results of Secret Questions A Microsoft study* found that currently implemented secret questions are far from foolproof Focused on top four providers ‘secret’ questions 17% of a user’s friends could guess the answer on first try 13% could do it within 5 tries 13% are statically guessable The study focused on making secret questions easier to remember for the user Recognized Problems: Not secure, difficult to remember * Schechter, S, Brush, A. J., & Egelman, S (2008). It's No Secret: Measuring the security and reliability of authentication via 'secret' questions

Activity Based Authentication Requirements Question Requirements Secrecy: dynamically change questions whenever the challenge fails Memorability: recall the most their most recent activity Non-intrusiveness: run in the background, no user updating Adaptability: questions can be produced automatically and dynamically each day

Activity Based Authentication Categories Network activity : Focus on the size, type, history, and content of user network activity. Secrecy relative to popularity of sites visited Physical Events : Information gathered from s, virtual calendars, ect. Secrecy relative to how many people are attending the event Conceptual Opinions: Analyzes browsing history and s to generate questions Possibility they may be vulnerable to random guessing attacks. The k-out-of-n where users need to answer correctly k questions out of provided n ones For example, if there are three choices then the probability of correctly guessing k questions is (1/3)k assuming equal likelihood and uniform distribution  attack success rate is low or a reasonably small k, e.g., 1% for k = 4 (assuming equal likelihood

Architectural Design of System Client-server architecture server utilizes the logged user transaction data to extract questions and answers Two phases, setup and authentication General model deployable on severs that provide network related services server logs provide information T Maybe an /calendar server or an eCommerce server Image and Architecture designed by Huijun Xiong

Architecture of an Activity Based Authentication System Image and Architecture designed by Huijun Xiong

Preliminary Experiments and Results Survey of 12 questions, four from each activity based question category Participants were asked to answer then guess what the others had answered Had 4 participants, same mentor Temporal based questions most robust work-related questions were the most vulnerable opinion-based questions hard to attack All questions found to be memorable

Survey Results

Current and Future Work Currently planning a study to compare conventional authentication questions with ours Expanding our study to more diverse participants Plan to implement a prototype with the integration of semantic web and natural language processing techniques. Start with an server Plan to Explore the potential application of host- based detection system against malicious botnets.

Acknowledgements Danfeng Yao Huijun Xiong Alex Crowell Chih-Cheng Chang

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.