Assentication: User De-authentication and Lunchtime Attack Mitigation with Seated Posture Biometric

Kaczmarek, Tyler; Ozturk, Ercan; Tsudik, Gene

doi:10.1007/978-3-319-93387-0_32

Cited by 12 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given the significance of user de-authentication to prevent lunchtime attacks, different mechanisms have been proposed that aim at continuously establishing the user's presence/absence near the system. Kaczmarek et al [2] propose Assentication to profile user's sitting posture. In particular, Assentication installs 16 pressure sensors in an office chair to capture a hybrid biometric trait by combining user's behavioral and physiological characteristics.…”

Section: Related Workmentioning

confidence: 99%

“…If the user wants to leave her computer for whatever reason during this period, her currently active session must be locked/logged out; especially in shared workspace settings. Failure to do so can lead to lunchtime attacks [1], [2], where an adversary (typically an insider) gains access to the user's running session and engages in potentially undesirable activities.…”

Section: Introductionmentioning

confidence: 99%

“…The state-of-the-art solutions (cf. Section II) require external equipments [1], [2], [6]- [11], are relatively expensive [1], [2], [9], [11], need physical customization or specific installation [1], [2], [7], [8], [12], are complex to deploy [2], [6], [7], involve regular maintenance [2], [8]- [10], or sometimes cause inconvenience to the user [6], [9]- [11]. Such limitations hinder a broader adoption of the existing solutions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

De-Authentication Using Ambient Light Sensor

Gangwal,

Paliwal,

Conti

2024

IEEE Access

View full text Add to dashboard Cite

While user authentication happens before initiating or resuming a login session, deauthentication detects the absence of a previously-authenticated user to revoke her currently active login session. The absence of proper de-authentication can lead to well-known lunchtime attacks, where a nearby adversary takes over a carelessly departed user's running login session. The existing solutions for automatic de-authentication have distinct practical limitations, e.g., extraordinary deployment requirements or high initial cost of external equipment. In this paper, we propose ''DE-authentication using Ambient Light sensor'' (DEAL), a novel, inexpensive, fast, and user-friendly de-authentication approach. DEAL utilizes the built-in ambient light sensor of a modern computer to determine if the user is leaving her work-desk. DEAL, by design, is resilient to natural shifts in lighting conditions and can be configured to handle abrupt changes in ambient illumination (e.g., due to toggling of room lights). We collected data samples from 4800 sessions with 120 volunteers in 4 typical workplace settings and conducted a series of experiments to evaluate the quality of our proposed approach thoroughly. Our results show that DEAL can de-authenticate a departing user within 4 seconds with a hit rate of 89.15% and a fall-out of 7.35%. Finally, bypassing DEAL to launch a lunchtime attack is practically infeasible as it requires the attacker to either take the user's position within a few seconds or manipulate the sensor readings sophisticatedly in real-time.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

De-Authentication Using Ambient Light Sensor

Gangwal,

Paliwal,

Conti

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…FADEWICH [8] instruments an office with position sensors to detect whether the users are sitting at their desks. Assentication [22] detects user presence through pressure sensors in the chair cushion. Whereas, [10] instruments a chair with BLE beacons to detect whether the user is currently sitting.…”

Section: A De-authenticationmentioning

confidence: 99%

Privacy-Friendly De-authentication with BLUFADE: Blurred Face Detection

Cardaioli¹,

Conti²,

Tricomi³

et al. 2022

2022 IEEE International Conference on Pervasive Computing and Communications (PerCom)

Self Cite

View full text Add to dashboard Cite

Ideally, secure user sessions should start and end with authentication and de-authentication phases, respectively. While the user must pass the former to start a secure session, the latter's importance is often ignored or underestimated. Dangling or unattended sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, the research community focused on automated de-authentication systems. Unfortunately, no single approach offers security, privacy, and usability. For instance, although facial recognition-based methods might be a good fit for security and usability, they violate user privacy by constantly recording the user and the surrounding environment.In this work, we propose BLUFADE, a fast, secure, and transparent de-authentication system that takes advantage of blurred faces to preserve user privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection continuously. To assess BLUFADE's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The former was used to train and evaluate the deauthentication system performances, the latter to assess the privacy and to increase variance in training data. We show that our approach outperforms state-of-the-art methods in detecting blurred faces, achieving up to 95% accuracy. Furthermore, we demonstrate that BLUFADE effectively de-authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements.

show abstract

“…Besides using human-smartphone interactions, multimodal authentication also uses other factors. T. Kaczmarek et al [27] investigated a new hybrid biometric based on a human users seated posture pattern in an average office chair over the course of a typical workday. Their experimental results on a population of 30 users showed that the posture pattern biometric can capture a unique combination of physiological and behavioral traits and can authenticate the users with 91% of accuracy.…”

Section: Other Multimodal Authenticationmentioning

confidence: 99%

Location-based Behavioral Authentication Using GPS Distance Coherence

Thao

2020

Preprint

View full text Add to dashboard Cite

Most of the current user authentication systems are based on PIN code, password, or biometrics traits which can have some limitations in usage and security. Lifestyle authentication has become a new research approach. A promising idea for it is to use the location history since it is relatively unique. Even when people are living in the same area or have occasional travel, it does not vary from day to day. For Global Positioning System (GPS) data, the previous work used the longitude, the latitude, and the timestamp as the features for the classification. In this paper, we investigate a new approach utilizing the distance coherence which can be extracted from the GPS itself without the need to require other information. We applied three ensemble classification Ran-domForest, ExtraTrees, and Bagging algorithms; and the experimental result showed that the approach can achieve 99.42%, 99.12%, and 99.25% of accuracy, respectively.

show abstract

Assentication: User De-authentication and Lunchtime Attack Mitigation with Seated Posture Biometric

Cited by 12 publications

References 18 publications

De-Authentication Using Ambient Light Sensor

De-Authentication Using Ambient Light Sensor

Privacy-Friendly De-authentication with BLUFADE: Blurred Face Detection

Location-based Behavioral Authentication Using GPS Distance Coherence

Contact Info

Product

Resources

About