Abstract
Market analysis predicts that in a few years, companies, universities, government agencies as well as common people in they daily life will increasingly adopt mobile computing systems thus increasingly enjoying the benefits of online, Internet-based services. However, such scenario will also expose user data privacy to severe attacks. This situation has led to the development of authentication approaches aimed at preventing unauthorized access to user data. Many different authentication approaches have been proposed over the last years, starting from basic password to more complex biometric solutions but all of them have proven to suffer from the same weaknesses. This issue drove us to design a solution based upon hardware intrinsic security features and aimed at guaranteeing a high level of data privacy while providing a user friendly authentication process. Our solution shows advanced features of data privacy policies definition making it a good candidate for the construction of future data privacy policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Rivera, J., van der Meulen, R.: Gartner says worldwide PC, tablet and mobile phone combined shipments to reach 2.4 billion units in 2013 @ONLINE. http://www.gartner.com/newsroom/id/2408515. Accessed April 2013
CASRO: Global research business network study reveals widespread concern over personal data security @ONLINE. https://www.casro.org/news/162258/GRBN-Study-Reveals-Widespread-Concern-Over-Personal-Data-Security.htm. Accessed Feb 2014
Harjula, J.: Consumers concerned about privacy, but willing to share information with trusted telecoms operators @ONLINE. http://nsn.com/news-events/press-room/press-releases/consumers-concerned-about-privacy-but-willing-to-share-informa. Accessed Feb 2011
Henson, M., Taylor, S.: Memory encryption: a survey of existing techniques. ACM Comput. Surv. (CSUR) 46(4), 53:1–53:26 (2014)
Martin, L.: Key-management infrastructure for protecting stored data. Computer 41(6), 103–104 (2008)
Lei, S., Zishan, D., Jindi, G.: Research on key management infrastructure in cloud computing environment. In: 9th International Conference on Grid and Cooperative Computing (GCC), pp. 404–407, Nov 2010
Ma, Z., Qiao, Y., Lee, B., Fallon, E.: Experimental evaluation of mobile phone sensors. In: 24th IET Irish Signals and Systems Conference (ISSC), pp. 1–8, June 2013
Dass, S.C., Zhu, Y., Jain, A.K.: Validating a biometric authentication system: sample size requirements. IEEE Trans. Pattern Anal. Mach. Intell. 28(12), 1902–1319 (2006)
Maio, D., Maltoni, D., Cappelli, R., Wayman, J.L., Jain, A.K.: FVC2000: fingerprint verification competition. IEEE Trans. Pattern Anal. Mach. Intell. 24(3), 402–412 (2002)
Zhang, Y.-L., Yang, J., Wu, H.-T.: Sweep fingerprint sequence reconstruction for portable devices. Electron Lett 42(4), 204–205 (2006)
Monro, D.M., Rakshit, S., Zhang, D.: DCT-based iris recognition. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 586–595 (2007)
O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(12), 2021–2040 (2003)
Lu, H., Brush, A.J.B., Priyantha, B., Karlson, A.K., Liu, J.: SpeakerSense: energy efficient unobtrusive speaker identification on mobile phones. In: Lyons, K., Hightower, J., Huang, E.M. (eds.) Pervasive Computing, Volume 6696 of Lecture Notes in Computer Science, pp. 188–205. Springer, Berlin Heidelberg (2011)
Clarke, N., Karatzouni, S., Furnell, S.: Flexible and transparent user authentication for mobile devices. In: Gritzalis, D., Lopez, J. (eds.) Emerging Challenges for Security. Privacy and Trust, Volume 297 of IFIP Advances in Information and Communication Technology, pp. 1–12. Springer, Berlin Heidelberg (2009)
Lin, C.-C., Liang, D., Chang, C.-C., Yang, C.-H.: A new non-intrusive authentication method based on the orientation sensor for smartphone users. In: IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 245–252, June 2012
Lin, C.-C., Chang, C.-C., Liang, D.: A new non-intrusive authentication approach for data protection based on mouse dynamics. In: International Symposium on Biometrics and Security Technologies (ISBAST), pp. 9–14, March 2012
Derawi, M.O., Bours, P., Holien, K.: Improved cycle detection for accelerometer based gait authentication. In: Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), pp. 312–317, Oct 2010
Gafurov, D., Helkala, K., Søndrol, T.: Biometric gait authentication using accelerometer sensor. J. Comput. 1(7), 9 (2006)
Mazhelis, O., Markkula, J., Veijalainen, J.: An integrated identity verification system for mobile terminals. Inf. Manage. Comput. Secur. 13(5), 367–378 (2005)
Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11, pp. 249–259. ACM, New York, NY, USA (2011)
Shi, W., Yang, J., Jiang, Y., Yang, F., Xiong, Y.: SenGuard: passive user identification on smartphones using multiple sensors. In: IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 141–148, Oct 2011
Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of 21st USENIX Security Symposium, 2012
Zargarzadeh, M., Maghooli, K.: A behavioral biometric authentication system based on memory game. Biosci. Biotechnol. Res. Asia 10(2), 781–787 (2013)
Misra, S.: A very simple user access control technique through smart device authentication using bluetooth communication. In: International Conference on Electronics, Communication and Instrumentation (ICECI), pp. 1–4. IEEE (2014)
Kang, J., Nyang, D., Lee, K.: Two-factor face authentication using matrix permutation transformation and a user password. Inf. Sci. 269, 1–20 (2014)
Luo, S., Hu, J., Chen, Z.: An identity-based one-time password scheme with anonymous authentication. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, (NSWCTC), vol. 2, pp. 864–867, April 2009
R.G.M.M., Jayamaha, Senadheera, M.R.R., Gamage, T.N.C., Weerasekara, K.D.P.B., Dissanayaka, G.A., Nuwan Kodagoda, G.: VoizLock—human voice authentication system using hidden markov model. In: 4th International Conference on Information and Automation for Sustainability (ICIAFS), pp. 330–335, Dec 2008
Moore, C., King, B.M., Vieta, W.M., Tu, X., Piemonte, P.: Calibrating sensor measurements on mobile devices, Jan 2014. US Patent 8,626,465 (2014)
Charoen, D.: Password security. Int. J. Secur. (IJS) 8(1), 1 (2014)
Clair, L.S., Johansen, L., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., Jaeger, T.: Password exhaustion: predicting the end of password usefulness. In: Proceedings of the Second International Conference on Information Systems Security, ICISS’06, pp. 37–55. Springer, Berlin, Heidelberg (2006)
Eli “the Computer Guy”: Online hash cracking in the cloud with Cloud Cracker @ONLINE. http://www.elithecomputerguy.com/2013/03/25/online-hash-cracking-in-the-cloud-with-cloud-cracker/. Accessed Mar 2013
Vishwakarma, D., Veni Madhavan, C.E.: Efficient dictionary for salted password analysis. In: IEEE International Conference on Electronics, Computing and Communication Technologies (IEEE CONECCT), pp. 1–6. IEEE (2014)
Sharma, N., Rathi, R., Jain, V., Waseem Saifi, M.: A novel technique for secure information transmission in videos using salt cryptography. In: Nirma University International Conference on Engineering (NUiCONE), pp. 1–6, Dec 2012
Fujioka, A., Okamoto, Y., Saito, T.: Security of sequential multiple encryption. In: Proceedings of the First International Conference on Progress in Cryptology: Cryptology and Information Security in Latin America, LATINCRYPT’10, pp. 20–39. Springer, Berlin, Heidelberg (2010)
Kemshall, A.: Feature: why mobile two-factor authentication makes sense. Netw. Secur. 2011(4), 9–12 (2011)
Lu, H.K., Ali, A.: Communication security between a computer and a hardware token. In: Third International Conference on Systems (ICONS), pp. 220–225, April 2008
Li, N., Sharif Mansouri, S., Dubrova, E.: Secure key storage using state machines. In: IEEE 43rd International Symposium on Multiple-Valued Logic (ISMVL), pp. 290–295, May 2013
Kalman, G., Noll, J.: SIM as secure key storage in communication networks. In: Third International Conference on Wireless and Mobile Communications (ICWMC), pp. 55–55, March 2007
Gallo, R., Kawakami, H., Dahab, R.: Case study: on the security of key storage on PCs. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1645–1651, July 2013
Seok, M., Hanson, S., Seo, J.-S., Sylvester, D., Blaauw, D.: Robust ultra-low voltage ROM design. In: IEEE Custom Integrated Circuits Conference (CICC), pp. 423–426 (2008)
Ebrard, E., Allard, B., Candelier, P., Waltz, P.: Review of fuse and antifuse solutions for advanced standard CMOS technologies. Microelectron. J. 40(12), 1755–1765 (2009)
Yoon, J.-H.: Memory properties of AI-based nanoparticle floating gate for nonvolatile memory applications. J. Korean Phys. Soc. 61(5), 799–802 (2012)
Wu, M., Willy, Z.: eNVy: a non-volatile, main memory storage system. SIGPLAN Not. 29(11), 86–97 (1994)
Prochnow, D.: Experiments with EPROMS. McGraw-Hill Professional, New York (1988)
Kratochvil, B.E., Dong, L., Nelson, B.J.: Real-time rigid-body visual tracking in a scanning electron microscope. In: 7th IEEE Conference on Nanotechnology (IEEE-NANO), vol. 28(4), pp. 498–511, April 2009
Korosec, M., Duhovnik, J., Vukasinovic, N.: Identification and optimization of key process parameters in noncontact laser scanning for reverse engineering. Comput. Aided Des. 42(8), 744–748 (2010)
Murthy, M.S.N., Jones, M.G., Kulka, J., Davies, J.D., Halliwell, M., Jackson, P.C., Bull, D.R., Wells, P.N.T.: Infrared confocal microscope. In: IEEE Colloquium on New Microscopies in Medicine and Biology, pp. 1–2 (1994)
Melngailis, J.: Focused ion beam technology and applications. J. Vac. Sci. Technol. B Microelectron. Nanometer Struct. 5(2), 469–495 (1987)
Sadeghi, A.-R., Naccache, D.: Towards Hardware-Intrinsic Security: Foundations and Practice, 1st edn. Springer-Verlag New York Inc, New York (2010)
Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)
Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM conference on Computer and communications security, CCS’02, pp. 148–160. ACM, New York, NY, USA (2002)
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE, Design Automation Conference 2007 DAC’07, pp. 9–14, June 2007
van der Leest, V., Tuyls, P.: Anti-counterfeiting with hardware intrinsic security. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1137–1142 (2013)
Handschuh, H.: Hardware intrinsic security based on SRAM PUFs: tales from the industry. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 127–127 (2011)
Rose, G.S., Rajendran, J., McDonald, N., Karri, R., Potkonjak, M., Wysocki, B.: Hardware security strategies exploiting nanoelectronic circuits. In: 18th Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 368–372 (2013)
Majzoobi, M., Koushanfar, F., Potkonjak, M.: Testing techniques for hardware security. In: IEEE International Test Conference (ITC), pp. 1–10 (2008)
Lee, J.W., Lim, D., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: Symposium on VLSI Circuits, Digest of Technical Papers, pp. 176–179, June 2004
Ozturk, E., Hammouri, G., Sunar, B.: Towards robust low cost authentication for pervasive devices. In: Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 170–178, March 2008
Lin, L., Holcomb, D., Krishnappa, D.K., Shabadi, P., Burleson, W.: Low-power sub-threshold design of secure physical unclonable functions. In: ACM/IEEE International Symposium on Low-Power Electronics and Design (ISLPED), pp. 43–48, Aug 2010
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES’07, pp. 63–80. Springer-Verlag, Berlin, Heidelberg (2007)
Holcomb, D.E., Burleson, W.P., Kevin, F.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)
van der Leest, V., Schrijen, G.-J., Handschuh, H., Tuyls, P.: Hardware intrinsic security from D flip-flops. In: Proceedings of the Fifth ACM Workshop on Scalable Trusted Computing, STC’10, pp. 53–62. ACM, New York, NY, USA (2010)
Su, Y., Holleman, J., Otis, B.P.: A 1.6pJ/bit 96 variations. In: IEEE International Solid-State Circuits Conference (ISSCC), pp. 406–611, Feb 2007
Kumar, S.S., Guajardo, J., Maes, R., Schrijen, G.-J., Tuyls, P.: Extended abstract: the butterfly PUF protecting IP on every FPGA. In: IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 67–70, June 2008
Katzenbeisser, S., Koçabas, Ü., van der Leest, V., Sadeghi, A.-R., Schrijen, G.-J., Schröder, H., Wachsmann, C.: Recyclable PUFs: logically reconfigurable PUFs. In: Proceedings of the 13th International Conference on Cryptographic Hardware and Embedded Systems, CHES’11, pp. 374–389. Springer-Verlag, Berlin, Heidelberg (2011)
Kursawe, K., Sadeghi, A.-R., Schellekens, D., Skoric, B., Tuyls, P.: Reconfigurable physical unclonable functions—enabling technology for tamper-resistant storage. In: Proceedings of the 2009 IEEE International Workshop on Hardware-Oriented Security and Trust, HST’09, pp. 22–29. IEEE Computer Society, Washington, DC, USA (2009)
Lim, D., Lee, J.W., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 13(10), 1200–1205 (2005)
Daza, V., Di Pietro, R., Lombardi, F., Signorini, M.: Fully off-line secure credits for mobile micro payments. Internal report
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems, CHES’09, pp. 332–347. Springer-Verlag, Berlin, Heidelberg (2009)
Yu, M.-D.M, M’Raihi, D., Sowell, R., Devadas, S.: Lightweight and secure PUF key storage using limits of machine learning. In: Proceedings of the 13th International Conference on Cryptographic Hardware and Embedded Systems, CHES’11, pp. 358–373. Springer-Verlag, Berlin, Heidelberg (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Daza, V., Signorini, M. (2015). Smart User Authentication for an Improved Data Privacy. In: Navarro-Arribas, G., Torra, V. (eds) Advanced Research in Data Privacy. Studies in Computational Intelligence, vol 567. Springer, Cham. https://doi.org/10.1007/978-3-319-09885-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-09885-2_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09884-5
Online ISBN: 978-3-319-09885-2
eBook Packages: EngineeringEngineering (R0)