Towards A User-Centric Identity-Usage Monitoring System - ICIMP 2008 - Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Slides:

Advertisements

Similar presentations

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Advertisements

User-centric Handling of Identity Agent Compromise Daisuke Mashima Dr. Mustaque Ahamad Swagath Kannan College of Computing Georgia Institute of Technology.

Sharing Content and Experience in Smart Environments Johan Plomp, Juhani Heinila, Veikko Ikonen, Eija Kaasinen, Pasi Valkkynen 1.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

MedVault: Ensuring Security and Privacy for Medical Data Mustaque Ahamad, Douglas Blough, Ling Liu, David Bauer, Apurva Mohan, Daisuke Mashima, Bhuvan.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®

Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.

Credit Card Fingerprint Scanner Dennis Seran CS 410 / Spring 2004.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

Cyber X-Force-SMS alert system for threats.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Security Models for Trusting Network Appliances From ： IEEE ( 2002 ) Author ： Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Applied Cryptography for Network Security

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Cloud Usability Framework

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Internet safety By Lydia Snowden.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Protecting Your Information Assets

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Protecting Data on Smartphones and Tablets from Memory Attacks

The Data Grid: Towards an Architecture for the Distributed Management and Analysis of Large Scientific Dataset Caitlin Minteer & Kelly Clynes.

The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,

Using Identity Credential Usage Logs to Detect Anomalous Service Accesses Daisuke Mashima Dr. Mustaque Ahamad College of Computing Georgia Institute of.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Amit Warke Jerry Philip Lateef Yusuf Supraja Narasimhan Back2Cloud: Remote Backup Service.

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Cryptography and Network Security Sixth Edition by William Stallings.

Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.

Medication Compliance Alarm (MCA) Mid Semester Presentation.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

Staff addresses Availability tradeoffs December 13, 2012.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Unit Five Your Money – Keeping It Safe and Secure Identity Theft Part II Resource: NEFE High School Financial Planning Program.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

WHAT IS IDENTITY THEFT?  Identity thieves take your personal information and use it to harm you in various ways, including these:  User names, passwords,

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Clouding with Microsoft Azure

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

Threat Modeling for Cloud Computing

Do you know who your employees are sharing their credentials with

Advantages and Disadvantage of Online shopping

Biometric Identity Misrepresentation Risk in Transactional Processes

Tax Identity Theft Presenter Date

Detecting Insider Information Theft Using Features from File Access Logs Every action, on your phone, on your computer, online, has some risk associated.

The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.

A Framework of Remote Biometric Authentication on the Open Network

Securing Windows 7 Lesson 10.

Shielding applications from an untrusted cloud with Haven

Security in mobile technologies

Presentation transcript:

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology Georgia, USA Partly Supported by I3P

Outline Background and motivation Limitations of existing approaches Design goals for user-centric monitoring Proof of concept in OpenID setting Conclusion

Background and Motivation Increasing threat of online identity theft and misuse –Ranked in the first place for the 7 th year in a row in FTC report Prevention is not perfect –Insufficient attention to Site Authentication Image or SSL icon –Physical theft of a device and removable storage –Malwares –Social engineering –And more… Monitoring and detection mechanisms are also required.

Existing Schemes: Fraud Detection Systems Aim to detect fraudulent activities –Misuse of stolen credit card information –Cellular cloning, theft of calling card or cellular phone

Limitations of Existing Schemes Limited or no user control –Users do not have option to enable or disable monitoring Privacy concern –Users have no choice about what kind of information is captured and stored on SP Lack of generality –System is designed in service-specific way –A dedicated system is required for each site

Design Goals Users must be able to trust the monitoring system –Users should be able to choose an entity that they can trust Preferably resides on a networked trusted party –Identity usage must be reliably captured and made available to monitoring system Users should have flexible control over the monitoring system –Legitimate users should be able to turn on/off the monitoring system –Users should have choice about what information is captured and used for monitoring purpose

Design Goals Contd. Monitoring system must offer generality without lowering effectiveness –By using context information, the monitoring system can handle identity credentials used for accessing general services –Engaging users closely in the anomaly detection process is important. Make users attentive –Push alert or periodic reports Provide interface to obtain feedback from user

Overview of Proposed Architecture

Context Information for Monitoring Who? –What platform a user commonly uses to access online services OS fingerprinting (nmap, p0f, etc.) User-Agent in web setting To whom? –Identifier of a service provider that a user is talking to Where? –IP Geolocation (MaxMind, Delay-based schemes, etc.) –Whois record When? –Timestamp of usage –Day of week, week of month, hour of day etc.

Context-based Anomaly Detection Time –Significant change in frequency of access –Anomalous access pattern Location –Deviation of geographic location in normal usage pattern –Light-speed contradiction Device Fingerprint –Unseen device type in the past

Basic OpenID Architecture Authentication credential for OpenID provider could be stolen by phishing An adversary could imitate service provider site to retrieve identity credential from legitimate OpenID provider

Proof of Concept in OpenID

Evaluation: Generality Can support any kind of services that rely on OpenID No change is required at user side Can be modified and applied to other types of systems

Evaluation: Performance Increase of response time is acceptable even when multi-user setting. NetworkThreadsMonitoringReq. / SecTime / Req. LAN1YES NO CATV1YES NO YES NO3.708-

Evaluation: Security Context-based monitoring makes identity misuse more difficult Risk of phishing attack can be mitigated Periodic reports help shorten the window of vulnerability Authentication to control monitoring system must be isolated from OpenID authentication

Evaluation: Usability Pushing usage summary periodically reduces users’ burden Context information makes reports or alerts easy to understand

Conclusion Proposed requirements for user-centric monitoring and identified design goals Showed a proof of concept in OpenID setting and evaluated it Future work –Implementation in other types of architecture Other identity management systems –GUIDE-ME -based system –Explore more sophisticated mechanism for context-based anomalous usage detection

18 Thank you very much.