Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Community-based Authentication Factor

Published byNigel Lynch Modified over 7 years ago

Similar presentations

Presentation on theme: "On Community-based Authentication Factor"— Presentation transcript:

1 On Community-based Authentication Factor
By Khalid Alkhattabi Master Thesis Proposal Committee Members Dr. C. Edward Chow Dr. Chuan Yue Dr. Jia Rao Advisor Member Member

2 OUTLINE OF THE TALK INTRODUCTION MULTI-FACTOR AUTHENTICATION
RELATE WORK RESEARCH QUESTIONS EVALUATE THE SUCCESS OF PROPOSED RESEARCH REFERENCES Community Authentication/Khalid Alkhattabi 3/10/15

3 INTRODUCTION The demand of security and authentication has been rising these days The current authentication systems suffers from many drawbacks: - Username and password can be forgotten, disclosed, lost, or stolen - Passwords can be guessed based on : - GPU - Brute force algorithm - looking for a dictionary In Oct 14, 2014, Dropbox was compromised by a hacker who posted usernames and passwords on pastebin.com - To remedy the vulnerabilities, Dropbox has enabled two-factor authentication Community Authentication/Khalid Alkhattabi 3/10/15

4 MULTI-FACTOR AUTHENTICATION
Multi-Factor Authentication requires more steps than traditional authentication Basically it comes down to these factors: Knowledge - something you know ( Password, PIN, Someone you know) Possession - something you have ( home address, phone number, Credit Card, Key ) Biometrics something you are (face, fingerprint and iris) Community relationship - who know me ( identified by trust group people) Challenges: How to weigh and choose a combination of factors for effective authentication. The use of community relationship in authentication is new and not much software implementation is available. Community Authentication/Khalid Alkhattabi 3/10/15

5 RELATE WORK 1 Group authentication :
It can be applied to authenticate group members in group communication It considered as a new type of authentication Most of group authentications that proposed [L. Harn and C. Lin ; L. Harn] are for group-oriented applications , but it is not meant for Multifactor Authentication [Harn 2013] proposed “ Group authentication” design which is much close to my thesis idea. Group Manager (GM) is responsible to register all group members to a group. After all the members are registered, GM will generate a token (Shamir's secret sharing scheme) for each user. The group members’ will used this token to authenticate him by other group members’ base on that token Community Authentication/Khalid Alkhattabi 3/10/15

6 RELATE WORK 2 [Haya2013] “CASA: Context- Aware Scalable Authentication”, which talking about how can chooses an appropriate form of active authentication based on the combination of multiple passive factors. The most weight passive factor was users’ location. 84.3% of logins took place at home (59.2%) and work (25.1%). My Research question: Can we take location of my friends or group members location’s as a factor ? Oauth is open authentication protocol which allows applications to access remote resources on web server [Yang2013; RFC ] : Oauth is widely used on smartphone with client apps 58% of American adults have smartphones Facebook, Google, twitter, Instagram, yahoo and Flickr are supported Oauth 2. 40% of people use their smartphones to login to theirs social networking site Community Authentication/Khalid Alkhattabi 3/10/15

7 RELATE WORK 3 [Chau 2011] proposed multi-layer multi-factor authentication for webmail application based on intranet, Internet , extranet users [4]. Single Layer Single Factor authentication (password) ((Internal) Single Layer Multi factor authentication (userID/password , and OPT) (Intranet) Multilayer multifactor authentication scheme implementation (OpenID , and (userID/password , and OPT) ) (Public Network) Research question: How can we weight the trustworthiness of multi-factor authentication? Community Authentication/Khalid Alkhattabi 3/10/15

8 RESEARCH QUESTIONS Can a community based authentication be effective as a key technology for multi-factor authentication? How can we weight the trustworthiness of multi-factor authentication? How we can add factor for Multi-factor authentication from social networking ? Can we take location of my friends or group members location’s as a factor ? Community Authentication/Khalid Alkhattabi 3/10/15

9 COMMUNITY BASED AUTHENTICATION
Fact : We live in groups : My wife and me are group, my friends are group, my classmates are group , … etc E.g., Inheritance court in Saudi Arabia, a person is identified by Your social security number Two or more “witness” and their social security number as proofs Family card which shows all family members. Ideas for new community based authentication Create website or app for register users. Every user can declare the trust of one person or a group. After the trust group members are created, the system will use them to authenticate a member. Community Authentication/Khalid Alkhattabi 3/10/15

10 COMMUNITY BASED AUTHENTICATION
Scenario: Register to website CAFProejctCs700.com to create group of trust people. Whenever a user wants to use this service, he will login. All his trust group members will receive SMS on their mobile devices containing a link, they open that link. If a group member knows the user , It approves and notify the server. The server will allow the user to login. Otherwise , will waiting for a period of time until condition is satisfied (Depending on the situation, it could require one vote or all votes). Community Authentication/Khalid Alkhattabi 3/10/15

11 TRUSTWORTHINESS OF MULTI-FACTOR AUTHENTICATION
Study how it can weigh numbers of factors in multi- factors authentication based on one or more factors: Current Location or History of Locations Time (normal time login or not normal) Kind of requests Community Authentication/Khalid Alkhattabi 3/10/15

12 EVALUATE THE SUCCESS OF PROPOSED RESEARCH
Correctness Trustworthiness of the authentication - Location - Current Time (normal time ,or midnight or not normal time ) - Kind of request ( what kind of operation you try to do) Performance - Execution time - Storage requirements. Community Authentication/Khalid Alkhattabi 3/10/15

13 RESEARCH PLAN Phase One One or Two Weeks (Completed)
Find techniques and tools that I need to start my work : - Swift Programming language - Web development languages (HTML5, CSS3, Javascript, PHP) - Database platform (MySQL) Phase Two Three Weeks (Completed) Installation and learning the new tools Phase Three Three Weeks to Four Weeks (In progress) Implement the group authentication module (done) Integrate with a set of multi-factor authentication modules Phase Four One Week (Future work) Evaluate the performance Phase Five Two Weeks (Future work) Writing report Analysis the result Community Authentication/Khalid Alkhattabi 3/10/15

14 DELIVERABLES Thesis report documents the research results
A working prototype which demonstrates the basic concepts Community Authentication/Khalid Alkhattabi 3/10/15

15 REFERENCES [Haya2013] E. Hayashi, S. Das, S. Amini, J. Hong, and I. Oakley, “Casa: context-aware scalable authentication,” in Proceedings of the Ninth Symposium on Usable Privacy and Security, 2013, p. 3. [2] F. Yang and S. Manoharan, “A security analysis of the OAuth protocol,” in Communications, Computers and Signal Processing (PACRIM), 2013 IEEE Pacific Rim Conference on, 2013, pp. 271–276. [3] “RFC The OAuth 2.0 Authorization Framework.” [Online]. Available: [Accessed: 05-Dec-2014]. [4] S. Chaudhari, S. S. Tomar, and A. Rawat, “Design, implementation and analysis of multi layer, Multi Factor Authentication (MFA) setup for webmail access in multi trust networks,” in Emerging Trends in Networks and Computer Communications (ETNCC), 2011 International Conference on, 2011, pp. 27–32. [5] “Facebook Boosts Security with Encryption, ‘Social Authentication’ | News & Opinion | PCMag.com.” [Online]. Available: [Accessed: 05-Dec-2014]. Community Authentication/Khalid Alkhattabi 3/10/15

16 [6] (L. Harn) , “Group Authentication,” IEEE Trans. Comput. , vol
[6] (L. Harn) , “Group Authentication,” IEEE Trans. Comput., vol. 62, no. 9, pp. 1893– 1898, Sep [7] (L. Harn and C. Lin) , “An Efficient Group Authentication for Group Communications,” Int. J. Netw. Secur. Its Appl., vol. 5, no. 3, pp. 9–16, May 2013. Community Authentication/Khalid Alkhattabi 3/10/15

17 Community Authentication/Khalid Alkhattabi
3/10/15

18 Community Authentication/Khalid Alkhattabi
3/10/15

Download ppt "On Community-based Authentication Factor"

Similar presentations

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Chapter 1 – Introduction

Chapter 1 – Introduction
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.
Pitfalls and Mistakes. Agenda Who We Are Social Media Today Pitfalls and Mistakes –Policies –Poor Decisions Online Reputation Accepting Random People.

Pitfalls and Mistakes. Agenda Who We Are Social Media Today Pitfalls and Mistakes –Policies –Poor Decisions Online Reputation Accepting Random People.
REAL TIME GPS TRACKING SYSTEM MSE PROJECT PHASE I PRESENTATION Bakor Kamal CIS 895.

REAL TIME GPS TRACKING SYSTEM MSE PROJECT PHASE I PRESENTATION Bakor Kamal CIS 895.
Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory PIV Pilot Usability Lessons Learned.

Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory PIV Pilot Usability Lessons Learned.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Similar presentations

Ads by Google