Navigating the Malweb: Authentication Schemes for Mobile Devices

Posted on:2012-12-08

Degree:Ph.D

Type:Dissertation

University:University of California, Davis

Candidate:Niu, Yuan

Full Text:PDF

GTID:1458390011956951

Subject:Computer Science

Abstract/Summary:

The Internet is a pervasive presence in our lives, but a darker side exists as well. The spammers, phishers, and malware distributors make up the malweb. They continue to find new and innovative ways to keep up in the virtual arms race against computer security experts in order to continue their exploits of human and machine weaknesses.;At the same time, the increasing popularity of mobile devices as a platform, along with their increasing capabilities, have made them the newest targets for spam, scam, and malware.;We first describe the malweb, with a focus on context-based web spam. We present a double-funnel model that describes the flow of money from advertisers to spammers in one direction, and the flow of traffic from spammers to advertisers in the other direction.;The newest malweb playground is the mobile device, which now has access to crucial services like online banking and email. A user's account information and identity are tied to the mobile device, making it an extremely tempting target for phishers. Therefore, we present our findings on phishing vulnerabilities in the iPhone browser to demonstrate that a new platform can still be just as vulnerable to old tactics.;With these problems in mind, we examine methods to mitigate these threats by focusing on authentication schemes for mobile devices. Our goals are two-fold: the first, to make authentication on mobile devices less frustrating so users have an incentive to follow good security practices, and the second, to make user credentials harder to re-use if they are stolen.;We present a visual preference authentication scheme that relies on the user's long term memory. Then we describe implicit authentication, a scheme that takes advantage of the rich information made available by sensors on our phones. Finally, we describe gesture authentication, a biometric scheme that relies on users' muscle memory to let them create a physical password.;We evaluated each authentication scheme with a user study to determine usability, false and negative rates, and measure its entropy.

Keywords/Search Tags:

Authentication, Scheme, Mobile devices, Malweb

Related items

1	An Authentication Scheme Based On Gesture Recognition
2	Research On The Security Authentication Scheme For IoT Devices In The Cloud Service Environment
3	Using Eyes Movements For Smart Mobile Devices Authentication
4	Research On Authentication Framework And Authentication Schemes In Wearable-Devices Environment
5	An On-line Handwritten Signature Authentication Technology For Mobile Devices
6	Research And Implementation Of Secure Communication Technology Of Mobile Devices
7	Technology And Research Of Implicit Identity Authentication In Mobile Devices Based On Gait
8	Research On Security Technology And Authentication Scheme Of NFC Mobile Payment
9	Research And Implementation Of The Authentication Technology On The Mobile Internet
10	Research On Anonymous Authentication Scheme For Internet Of Things Devices