Skip to main content
SpringerLink
Log in

Smart User Authentication for an Improved Data Privacy

  • Chapter
  • First Online:
Advanced Research in Data Privacy

Part of the book series: Studies in Computational Intelligence ((SCI,volume 567))

Abstract

Market analysis predicts that in a few years, companies, universities, government agencies as well as common people in they daily life will increasingly adopt mobile computing systems thus increasingly enjoying the benefits of online, Internet-based services. However, such scenario will also expose user data privacy to severe attacks. This situation has led to the development of authentication approaches aimed at preventing unauthorized access to user data. Many different authentication approaches have been proposed over the last years, starting from basic password to more complex biometric solutions but all of them have proven to suffer from the same weaknesses. This issue drove us to design a solution based upon hardware intrinsic security features and aimed at guaranteeing a high level of data privacy while providing a user friendly authentication process. Our solution shows advanced features of data privacy policies definition making it a good candidate for the construction of future data privacy policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://geohash.org/.

References

  1. Rivera, J., van der Meulen, R.: Gartner says worldwide PC, tablet and mobile phone combined shipments to reach 2.4 billion units in 2013 @ONLINE. http://www.gartner.com/newsroom/id/2408515. Accessed April 2013

  2. CASRO: Global research business network study reveals widespread concern over personal data security @ONLINE. https://www.casro.org/news/162258/GRBN-Study-Reveals-Widespread-Concern-Over-Personal-Data-Security.htm. Accessed Feb 2014

  3. Harjula, J.: Consumers concerned about privacy, but willing to share information with trusted telecoms operators @ONLINE. http://nsn.com/news-events/press-room/press-releases/consumers-concerned-about-privacy-but-willing-to-share-informa. Accessed Feb 2011

  4. Henson, M., Taylor, S.: Memory encryption: a survey of existing techniques. ACM Comput. Surv. (CSUR) 46(4), 53:1–53:26 (2014)

    Google Scholar 

  5. Martin, L.: Key-management infrastructure for protecting stored data. Computer 41(6), 103–104 (2008)

    Google Scholar 

  6. Lei, S., Zishan, D., Jindi, G.: Research on key management infrastructure in cloud computing environment. In: 9th International Conference on Grid and Cooperative Computing (GCC), pp. 404–407, Nov 2010

    Google Scholar 

  7. Ma, Z., Qiao, Y., Lee, B., Fallon, E.: Experimental evaluation of mobile phone sensors. In: 24th IET Irish Signals and Systems Conference (ISSC), pp. 1–8, June 2013

    Google Scholar 

  8. Dass, S.C., Zhu, Y., Jain, A.K.: Validating a biometric authentication system: sample size requirements. IEEE Trans. Pattern Anal. Mach. Intell. 28(12), 1902–1319 (2006)

    Google Scholar 

  9. Maio, D., Maltoni, D., Cappelli, R., Wayman, J.L., Jain, A.K.: FVC2000: fingerprint verification competition. IEEE Trans. Pattern Anal. Mach. Intell. 24(3), 402–412 (2002)

    Google Scholar 

  10. Zhang, Y.-L., Yang, J., Wu, H.-T.: Sweep fingerprint sequence reconstruction for portable devices. Electron Lett 42(4), 204–205 (2006)

    Google Scholar 

  11. Monro, D.M., Rakshit, S., Zhang, D.: DCT-based iris recognition. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 586–595 (2007)

    Google Scholar 

  12. O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(12), 2021–2040 (2003)

    Google Scholar 

  13. Lu, H., Brush, A.J.B., Priyantha, B., Karlson, A.K., Liu, J.: SpeakerSense: energy efficient unobtrusive speaker identification on mobile phones. In: Lyons, K., Hightower, J., Huang, E.M. (eds.) Pervasive Computing, Volume 6696 of Lecture Notes in Computer Science, pp. 188–205. Springer, Berlin Heidelberg (2011)

    Google Scholar 

  14. Clarke, N., Karatzouni, S., Furnell, S.: Flexible and transparent user authentication for mobile devices. In: Gritzalis, D., Lopez, J. (eds.) Emerging Challenges for Security. Privacy and Trust, Volume 297 of IFIP Advances in Information and Communication Technology, pp. 1–12. Springer, Berlin Heidelberg (2009)

    Google Scholar 

  15. Lin, C.-C., Liang, D., Chang, C.-C., Yang, C.-H.: A new non-intrusive authentication method based on the orientation sensor for smartphone users. In: IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 245–252, June 2012

    Google Scholar 

  16. Lin, C.-C., Chang, C.-C., Liang, D.: A new non-intrusive authentication approach for data protection based on mouse dynamics. In: International Symposium on Biometrics and Security Technologies (ISBAST), pp. 9–14, March 2012

    Google Scholar 

  17. Derawi, M.O., Bours, P., Holien, K.: Improved cycle detection for accelerometer based gait authentication. In: Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), pp. 312–317, Oct 2010

    Google Scholar 

  18. Gafurov, D., Helkala, K., Søndrol, T.: Biometric gait authentication using accelerometer sensor. J. Comput. 1(7), 9 (2006)

    Google Scholar 

  19. Mazhelis, O., Markkula, J., Veijalainen, J.: An integrated identity verification system for mobile terminals. Inf. Manage. Comput. Secur. 13(5), 367–378 (2005)

    Article  Google Scholar 

  20. Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11, pp. 249–259. ACM, New York, NY, USA (2011)

    Google Scholar 

  21. Shi, W., Yang, J., Jiang, Y., Yang, F., Xiong, Y.: SenGuard: passive user identification on smartphones using multiple sensors. In: IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 141–148, Oct 2011

    Google Scholar 

  22. Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of 21st USENIX Security Symposium, 2012

    Google Scholar 

  23. Zargarzadeh, M., Maghooli, K.: A behavioral biometric authentication system based on memory game. Biosci. Biotechnol. Res. Asia 10(2), 781–787 (2013)

    Google Scholar 

  24. Misra, S.: A very simple user access control technique through smart device authentication using bluetooth communication. In: International Conference on Electronics, Communication and Instrumentation (ICECI), pp. 1–4. IEEE (2014)

    Google Scholar 

  25. Kang, J., Nyang, D., Lee, K.: Two-factor face authentication using matrix permutation transformation and a user password. Inf. Sci. 269, 1–20 (2014)

    Google Scholar 

  26. Luo, S., Hu, J., Chen, Z.: An identity-based one-time password scheme with anonymous authentication. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, (NSWCTC), vol. 2, pp. 864–867, April 2009

    Google Scholar 

  27. R.G.M.M., Jayamaha, Senadheera, M.R.R., Gamage, T.N.C., Weerasekara, K.D.P.B., Dissanayaka, G.A., Nuwan Kodagoda, G.: VoizLock—human voice authentication system using hidden markov model. In: 4th International Conference on Information and Automation for Sustainability (ICIAFS), pp. 330–335, Dec 2008

    Google Scholar 

  28. Moore, C., King, B.M., Vieta, W.M., Tu, X., Piemonte, P.: Calibrating sensor measurements on mobile devices, Jan 2014. US Patent 8,626,465 (2014)

    Google Scholar 

  29. Charoen, D.: Password security. Int. J. Secur. (IJS) 8(1), 1 (2014)

    Google Scholar 

  30. Clair, L.S., Johansen, L., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., Jaeger, T.: Password exhaustion: predicting the end of password usefulness. In: Proceedings of the Second International Conference on Information Systems Security, ICISS’06, pp. 37–55. Springer, Berlin, Heidelberg (2006)

    Google Scholar 

  31. Eli “the Computer Guy”: Online hash cracking in the cloud with Cloud Cracker @ONLINE. http://www.elithecomputerguy.com/2013/03/25/online-hash-cracking-in-the-cloud-with-cloud-cracker/. Accessed Mar 2013

  32. Vishwakarma, D., Veni Madhavan, C.E.: Efficient dictionary for salted password analysis. In: IEEE International Conference on Electronics, Computing and Communication Technologies (IEEE CONECCT), pp. 1–6. IEEE (2014)

    Google Scholar 

  33. Sharma, N., Rathi, R., Jain, V., Waseem Saifi, M.: A novel technique for secure information transmission in videos using salt cryptography. In: Nirma University International Conference on Engineering (NUiCONE), pp. 1–6, Dec 2012

    Google Scholar 

  34. Fujioka, A., Okamoto, Y., Saito, T.: Security of sequential multiple encryption. In: Proceedings of the First International Conference on Progress in Cryptology: Cryptology and Information Security in Latin America, LATINCRYPT’10, pp. 20–39. Springer, Berlin, Heidelberg (2010)

    Google Scholar 

  35. Kemshall, A.: Feature: why mobile two-factor authentication makes sense. Netw. Secur. 2011(4), 9–12 (2011)

    Google Scholar 

  36. Lu, H.K., Ali, A.: Communication security between a computer and a hardware token. In: Third International Conference on Systems (ICONS), pp. 220–225, April 2008

    Google Scholar 

  37. Li, N., Sharif Mansouri, S., Dubrova, E.: Secure key storage using state machines. In: IEEE 43rd International Symposium on Multiple-Valued Logic (ISMVL), pp. 290–295, May 2013

    Google Scholar 

  38. Kalman, G., Noll, J.: SIM as secure key storage in communication networks. In: Third International Conference on Wireless and Mobile Communications (ICWMC), pp. 55–55, March 2007

    Google Scholar 

  39. Gallo, R., Kawakami, H., Dahab, R.: Case study: on the security of key storage on PCs. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1645–1651, July 2013

    Google Scholar 

  40. Seok, M., Hanson, S., Seo, J.-S., Sylvester, D., Blaauw, D.: Robust ultra-low voltage ROM design. In: IEEE Custom Integrated Circuits Conference (CICC), pp. 423–426 (2008)

    Google Scholar 

  41. Ebrard, E., Allard, B., Candelier, P., Waltz, P.: Review of fuse and antifuse solutions for advanced standard CMOS technologies. Microelectron. J. 40(12), 1755–1765 (2009)

    Google Scholar 

  42. Yoon, J.-H.: Memory properties of AI-based nanoparticle floating gate for nonvolatile memory applications. J. Korean Phys. Soc. 61(5), 799–802 (2012)

    Article  Google Scholar 

  43. Wu, M., Willy, Z.: eNVy: a non-volatile, main memory storage system. SIGPLAN Not. 29(11), 86–97 (1994)

    Google Scholar 

  44. Prochnow, D.: Experiments with EPROMS. McGraw-Hill Professional, New York (1988)

    Google Scholar 

  45. Kratochvil, B.E., Dong, L., Nelson, B.J.: Real-time rigid-body visual tracking in a scanning electron microscope. In: 7th IEEE Conference on Nanotechnology (IEEE-NANO), vol. 28(4), pp. 498–511, April 2009

    Google Scholar 

  46. Korosec, M., Duhovnik, J., Vukasinovic, N.: Identification and optimization of key process parameters in noncontact laser scanning for reverse engineering. Comput. Aided Des. 42(8), 744–748 (2010)

    Google Scholar 

  47. Murthy, M.S.N., Jones, M.G., Kulka, J., Davies, J.D., Halliwell, M., Jackson, P.C., Bull, D.R., Wells, P.N.T.: Infrared confocal microscope. In: IEEE Colloquium on New Microscopies in Medicine and Biology, pp. 1–2 (1994)

    Google Scholar 

  48. Melngailis, J.: Focused ion beam technology and applications. J. Vac. Sci. Technol. B Microelectron. Nanometer Struct. 5(2), 469–495 (1987)

    Article  Google Scholar 

  49. Sadeghi, A.-R., Naccache, D.: Towards Hardware-Intrinsic Security: Foundations and Practice, 1st edn. Springer-Verlag New York Inc, New York (2010)

    Google Scholar 

  50. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)

    Article  Google Scholar 

  51. Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM conference on Computer and communications security, CCS’02, pp. 148–160. ACM, New York, NY, USA (2002)

    Google Scholar 

  52. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE, Design Automation Conference 2007 DAC’07, pp. 9–14, June 2007

    Google Scholar 

  53. van der Leest, V., Tuyls, P.: Anti-counterfeiting with hardware intrinsic security. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1137–1142 (2013)

    Google Scholar 

  54. Handschuh, H.: Hardware intrinsic security based on SRAM PUFs: tales from the industry. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 127–127 (2011)

    Google Scholar 

  55. Rose, G.S., Rajendran, J., McDonald, N., Karri, R., Potkonjak, M., Wysocki, B.: Hardware security strategies exploiting nanoelectronic circuits. In: 18th Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 368–372 (2013)

    Google Scholar 

  56. Majzoobi, M., Koushanfar, F., Potkonjak, M.: Testing techniques for hardware security. In: IEEE International Test Conference (ITC), pp. 1–10 (2008)

    Google Scholar 

  57. Lee, J.W., Lim, D., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: Symposium on VLSI Circuits, Digest of Technical Papers, pp. 176–179, June 2004

    Google Scholar 

  58. Ozturk, E., Hammouri, G., Sunar, B.: Towards robust low cost authentication for pervasive devices. In: Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 170–178, March 2008

    Google Scholar 

  59. Lin, L., Holcomb, D., Krishnappa, D.K., Shabadi, P., Burleson, W.: Low-power sub-threshold design of secure physical unclonable functions. In: ACM/IEEE International Symposium on Low-Power Electronics and Design (ISLPED), pp. 43–48, Aug 2010

    Google Scholar 

  60. Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES’07, pp. 63–80. Springer-Verlag, Berlin, Heidelberg (2007)

    Google Scholar 

  61. Holcomb, D.E., Burleson, W.P., Kevin, F.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)

    Google Scholar 

  62. van der Leest, V., Schrijen, G.-J., Handschuh, H., Tuyls, P.: Hardware intrinsic security from D flip-flops. In: Proceedings of the Fifth ACM Workshop on Scalable Trusted Computing, STC’10, pp. 53–62. ACM, New York, NY, USA (2010)

    Google Scholar 

  63. Su, Y., Holleman, J., Otis, B.P.: A 1.6pJ/bit 96 variations. In: IEEE International Solid-State Circuits Conference (ISSCC), pp. 406–611, Feb 2007

    Google Scholar 

  64. Kumar, S.S., Guajardo, J., Maes, R., Schrijen, G.-J., Tuyls, P.: Extended abstract: the butterfly PUF protecting IP on every FPGA. In: IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 67–70, June 2008

    Google Scholar 

  65. Katzenbeisser, S., Koçabas, Ü., van der Leest, V., Sadeghi, A.-R., Schrijen, G.-J., Schröder, H., Wachsmann, C.: Recyclable PUFs: logically reconfigurable PUFs. In: Proceedings of the 13th International Conference on Cryptographic Hardware and Embedded Systems, CHES’11, pp. 374–389. Springer-Verlag, Berlin, Heidelberg (2011)

    Google Scholar 

  66. Kursawe, K., Sadeghi, A.-R., Schellekens, D., Skoric, B., Tuyls, P.: Reconfigurable physical unclonable functions—enabling technology for tamper-resistant storage. In: Proceedings of the 2009 IEEE International Workshop on Hardware-Oriented Security and Trust, HST’09, pp. 22–29. IEEE Computer Society, Washington, DC, USA (2009)

    Google Scholar 

  67. Lim, D., Lee, J.W., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 13(10), 1200–1205 (2005)

    Google Scholar 

  68. Daza, V., Di Pietro, R., Lombardi, F., Signorini, M.: Fully off-line secure credits for mobile micro payments. Internal report

    Google Scholar 

  69. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Google Scholar 

  70. Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems, CHES’09, pp. 332–347. Springer-Verlag, Berlin, Heidelberg (2009)

    Google Scholar 

  71. Yu, M.-D.M, M’Raihi, D., Sowell, R., Devadas, S.: Lightweight and secure PUF key storage using limits of machine learning. In: Proceedings of the 13th International Conference on Cryptographic Hardware and Embedded Systems, CHES’11, pp. 358–373. Springer-Verlag, Berlin, Heidelberg (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Technologies, Universitat Pompeu Fabra, Barcelona, Spain

    Vanesa Daza & Matteo Signorini

Authors
  1. Vanesa Daza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matteo Signorini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vanesa Daza .

Editor information

Editors and Affiliations

  1. Department of Information and Communications Engineering, Universitat Autonoma de Barcelona, Catalonia, Spain

    Guillermo Navarro-Arribas

  2. Consejo Superior de Investigaciones Científicas Campus de la UAB, Institut d'Investigació en Intel·ligència Artificial, Catalonia, Spain

    Vicenç Torra

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Daza, V., Signorini, M. (2015). Smart User Authentication for an Improved Data Privacy. In: Navarro-Arribas, G., Torra, V. (eds) Advanced Research in Data Privacy. Studies in Computational Intelligence, vol 567. Springer, Cham. https://doi.org/10.1007/978-3-319-09885-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09885-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09884-5

  • Online ISBN: 978-3-319-09885-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation