Hybrid authentication systems: towards robust user authentication on wireless and mobile devices using biometric technologies

Adequate user authentication is a persistent problem, particularly with mobile devices, which tend to be highly personal and at the fringes of an organisation's influence. Yet these devices are being used increasingly in various business settings, where they pose a risk to security and privacy, not only from sensitive information they may contain, but also from the means they typically offer to access such information over wireless networks. User authentication is the first line of defence for a mobile device that falls into the hands of an unauthorised user. However, motivating users to enable simple password mechanisms and periodically update their authentication information is difficult at best. This paper examines some of the issues relating to the use of biometrics as a viable method of authentication on mobile wireless devices. It is also a critical analysis of some of the techniques currently employed and where appropriate, suggests novel hybrid ways in which they could be improved or modified. Both biometric technology and wireless setting based constraints that determine the feasibility and the performance of the authentication feature are specified. Some well known biometric technologies are briefly reviewed and their feasibility for wireless and mobile use is reviewed. Furthermore, a number of quantitative and qualitative parameters for evaluation are also presented. Biometric technologies are continuously advancing toward commercial implementation in wireless devices. When carefully designed and implemented, the advantage of biometric authentication arises mainly from increased convenience and coexistent improved security.

Secure & Trusted Communication in Emergency Situations

In this paper we propose SETS, a protocol with main aim to provide secure and private communication during emergency situations. SETS achieves security of the exchanged information, attack resilience and user's privacy. In addition, SETS can be easily adapted for mobile devices, since field experimental results show the effectiveness of the protocol on actual smart-phone platforms.

Secure and Scalable Statistical Computation of Questionnaire Data in R

Collecting data via a questionnaire and analyzing them while preserving respondents’ privacy may increase the number of respondents and the truthfulness of their responses. It may also reduce the systematic differences between respondents and non-respondents. In this paper, we propose a privacy-preserving method for collecting and analyzing survey responses using secure multi-party computation (SMC). The method is secure under the semi-honest adversarial model. The proposed method computes a wide variety of statistics. Total and stratified statistical counts are computed using the secure protocols developed in this paper. Then, additional statistics, such as a contingency table, a chi-square test, an odds ratio, and logistic regression, are computed within the R statistical environment using the statistical counts as building blocks. The method was evaluated on a questionnaire dataset of 3,158 respondents sampled for a medical study and simulated questionnaire datasets of up to 50,000 respondents. The computation time for the statistical analyses linearly scales as the number of respondents increases. The results show that the method is efficient and scalable for practical use. It can also be used for other applications in which categorical data are collected.

Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud

Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.