Design and Verification of Privacy and User Re-authentication Systems
|dc.description.abstract||In the internet age, privacy and security have become major concerns since an increasing number of transactions are made over an unsecured network. Thus there is a greater chance for private data to be misused. Further, insider attacks can result in loss of valuable data. Hence there arises a strong need for continual, non-intrusive, quick user re-authentication. Previously, a number of studies have been conducted on authentication using behavioral attributes. Currently, few successful re-authentication mechanisms are available since they use either the mouse or the keyboard for re-authentication and target particular applications. However, successful re-authentication is still dependent on a large number of factors such as user excitation level, fatigue and using just the keyboard or the mouse does not mitigate these factors successfully.
Both keyboard and mouse contain valuable, hard-to-duplicate information about the userâ s behavior. This can be used for analysis and identification of the current user. We propose an application independent system that uses this information for user re-authentication. This system will authenticate the user continually based on his/her behavioral attributes obtained from both the keyboard and mouse operations. This re-authentication system is simple, continual, non-intrusive and easily deployable. To utilize the mouse and keyboard information for re-authentication, we propose a novel heuristic that uses the percentage of mouse-to-keyboard interaction ratio. This heuristic allows us to extract suitable user-behavioral attributes. The extracted data is compared with an already trained database for user re-authentication.
The accuracy of the system is calculated by the number of correct identifications to total number of identifications. At present, the accuracy of the system is around 96% for application based user re-authentication and around 82% for application independent user re-authentication. We perform black box, white box testing and Spec# verification procedures that prove the robustness of the proposed system. On testing POCKET, a privacy protection software for children, it was found that the security of POCKET was inadequate at the user level. Our system enhances POCKET security at the user level and ensures that the childâ s privacy is protected.
|dc.rights||I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to Virginia Tech or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report.||en_US|
|dc.title||Design and Verification of Privacy and User Re-authentication Systems||en_US|
|dc.contributor.department||Electrical and Computer Engineering||en_US|
|dc.description.degree||Master of Science||en_US|
|thesis.degree.name||Master of Science||en_US|
|thesis.degree.grantor||Virginia Polytechnic Institute and State University||en_US|
|thesis.degree.discipline||Electrical and Computer Engineering||en_US|
|dc.contributor.committeechair||Hsiao, Michael S.||en_US|
|dc.contributor.committeemember||Plassmann, Paul E.||en_US|
Files in this item
This item appears in the following Collection(s)
Masters Theses