SlideShare a Scribd company logo

Understandingphone sensor and app data for enhancing security

Download as DOCX, PDF
K
Kamal Spring

This document discusses a system called "Secret-QA" that uses smartphone sensor and app data to generate personalized secret questions for account authentication. It aims to improve upon traditional secret questions that can easily be guessed. The system collects data from sensors, calendars, installed apps, and call history to generate questions related to a user's short-term activities and usage. A user study evaluated the memorability and security of these questions, finding that questions based on motion sensors, calendars, installed apps, and calls were best in terms of memorability and resilience to guessing attacks with or without online tools. The system aims to enhance secret question security without violating user privacy.

Engineering
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
Understanding Smartphone Sensor and App Data for Enhancing the Security of Secret Questions Abstract: Many web applications provide secondary authentication methods, i.e., secret questions (or password recovery questions), to reset the account password when a user’s login fails. However, the answers to many such secret questions can be easily guessed by an acquaintance or exposed to a stranger that has access to public online tools (e.g., online social networks); moreover, a user may forget her/his answers long after creating the secret questions. Today’s prevalence of smart phones has granted us new opportunities to observe and understand how the personal data collected by Smartphone sensors and apps can help create personalized secret questions without violating the users’ privacy concerns. In this paper, we present a Secret-Question based Authentication system, called “Secret- QA” that creates a set of secret questions on basic of people’s Smartphone usage. We develop a prototype on Android smart phones, and evaluate the security of the secret questions by asking the acquaintance/stranger who participate in our user study to guess the answers with and without the help of online tools; meanwhile, we observe the questions’ reliability by asking participants to answer their own questions. Our experimental results reveal that the secret questions related to motion sensors, calendar, app installment, and part of legacy app usage history (e.g., phone calls) have the best memorability for users as well as the highest robustness to attacks.
Main Architecture: SYSTEM DESIGN: Existing System: In existing system the application will be having common security level question that won’t merge with the mobile data or application data. So that the ease of entering app was more. The attacker can easily make guess attack on those questions. Disadvantage:  Less Security.  Easy Questions to answer.  Headache to user.
 Lack of accuracy. Proposed System: In proposed system, the application will be having security question based on their application data and sensor data which are stored in the local database. This makes the attacker a difficult job to crack the security level and reach the application. Advantage:  More secure.  Reduce headache on user.  More Accurate.  Can store more important data. Modules Involved: Understanding smart phones sensor data and app data for enhancing the security of particular application. This project three modules. They are 1. Personal Details. 2. Banking.
3. Monitor Phone. 1. Personal Details: Here the user needs to enter the personal details that were only known by them. Forexample their star signs, their blood group, their lucky number ECT... These details are stored in database from which the security questions are raised. Since the personal details are converted as security questions it will be difficult for attacker to guess the answer. 2. Monitor Phone. Next Module is monitoring our mobile phone data in order to increase the security. This process was separated into 3 phases. Application data, Phone status and battery status. Monitoring Battery Status
Monitoring Phone Status Monitoring Applicationsinstalled Monitoring ParticularApplication
3. Banking: Once the user get pass mark in his security level he can enter into the banking application. Result Page
Main Flow Diagram:
SYSTEM SPECIFICATION: HARDWARE REQUIREMENTS:  System : Pentium IV 2.4 GHz.  Hard Disk : 40 GB.  Floppy Drive : 1.44 Mb.  Monitor : 14’ Colour Monitor.  Mouse : Optical Mouse.  Ram : 512 Mb. SOFTWARE REQUIREMENTS:  Operating system : Windows 7 Ultimate.  Coding Language : Java.  Front-End : Eclipse.  Data Base : Sqlite Manger. CONCLUSION: In this paper, we present a Secret-Question based Authentication system, called “Secret-QA”, and conduct a user study to understand how much the personal data collected by Smartphone sensors and apps can help improve the security of secret questions without violating the users’ privacy. We create a set of questions based on the data related to sensors and apps, which reflect the users’ short-term activities and Smartphone usage. We measure the reliability of these questions by
asking participants to answer this question, as well as launching the acquaintance/stranger guessing attacks with and without help of online tools, and we are considering establishing a probabilistic model based on a large scale of user data to characterize the security of the secret questions. In our experiment, the secret questions related to motion sensors, calendar, app installment, and part of legacy apps (call) have the best performance in terms of memorability and the attack resilience, which outperform the conventional secret-question based approaches that are created based on a user’s long-term history/information.

More Related Content

PDF
Agile Facial Verification Software - IEUK 2020 Tech
Canda Atalay
 
PDF
The Immune System of Internet
Mohit Kanwar
 
PPT
Secure crime identification system
Sameer Telikicherla
 
PDF
Irjet v7 i4693
aissmsblogs
 
PPTX
Account sharing detection
Maneesh Janyavula
 
PPT
Presentation
SaeedUllah Jan
 
PPTX
SQL injection
Raj Parmar
 
DOCX
Ankit Batra (Updated Resume)
Ankit Batra
 
Agile Facial Verification Software - IEUK 2020 Tech
Canda Atalay
 
The Immune System of Internet
Mohit Kanwar
 
Secure crime identification system
Sameer Telikicherla
 
Irjet v7 i4693
aissmsblogs
 
Account sharing detection
Maneesh Janyavula
 
Presentation
SaeedUllah Jan
 
SQL injection
Raj Parmar
 
Ankit Batra (Updated Resume)
Ankit Batra
 

What's hot (19)

PPTX
Making Strong Security Easier
Fen Labalme
 
PPTX
Parameter tampering
Dilan Warnakulasooriya
 
PPTX
website phishing by NR
NARESH GUMMAGUTTA
 
DOCX
Query Pattern Access and Fuzzy Clustering Based Intrusion Detection System
Simran Seth
 
PPTX
What is security testing and why it is so important?
ONE BCG
 
PPT
Final review ppt
Rana sing
 
PPT
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Rana sing
 
PDF
VSEC Sourcecode Review Service Profile
Vietnamese Network Security J.S.C
 
PDF
The International Journal of Engineering and Science (The IJES)
theijes
 
DOCX
Generating summary risk scores for mobile applications
JPINFOTECH JAYAPRAKASH
 
PDF
Ijeee 51-57-preventing sql injection attacks in web application
Kumar Goud
 
PDF
Generic Authentication System
IRJET Journal
 
PDF
1738 1742
Editor IJARCET
 
PDF
Ld3420072014
IJERA Editor
 
PPTX
Sql injection
Dilan Warnakulasooriya
 
DOCX
Report police - 6 month training project
Janella
 
PDF
Smartphone Remote Detection and Wipe System using SMS
Editor IJCATR
 
PPTX
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
rver21
 
PDF
Security Analysis of Mobile Authentication Using QR-Codes
csandit
 
Making Strong Security Easier
Fen Labalme
 
Parameter tampering
Dilan Warnakulasooriya
 
website phishing by NR
NARESH GUMMAGUTTA
 
Query Pattern Access and Fuzzy Clustering Based Intrusion Detection System
Simran Seth
 
What is security testing and why it is so important?
ONE BCG
 
Final review ppt
Rana sing
 
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Rana sing
 
VSEC Sourcecode Review Service Profile
Vietnamese Network Security J.S.C
 
The International Journal of Engineering and Science (The IJES)
theijes
 
Generating summary risk scores for mobile applications
JPINFOTECH JAYAPRAKASH
 
Ijeee 51-57-preventing sql injection attacks in web application
Kumar Goud
 
Generic Authentication System
IRJET Journal
 
1738 1742
Editor IJARCET
 
Ld3420072014
IJERA Editor
 
Sql injection
Dilan Warnakulasooriya
 
Report police - 6 month training project
Janella
 
Smartphone Remote Detection and Wipe System using SMS
Editor IJCATR
 
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
rver21
 
Security Analysis of Mobile Authentication Using QR-Codes
csandit
 
Ad

Viewers also liked (12)

DOCX
Pravin Arote Updated CV
Pravin Arote
 
PPTX
Infografía
Milton Arenas
 
PPTX
Leadership Philosophy
Hal Schlenger
 
PDF
ACTIVIDADES N° 1
Jazmindlt
 
PDF
news graphic
cassandra young
 
PDF
examen
GerardoFlores99
 
PPTX
Jacky Leung 3rd assign 20121111 v1
jackycontrol
 
DOCX
Caracteristicas de sql server
Anthony Varela
 
PDF
Torno CNC TND-200 - Justificativas para a seleção dos materiais
shibatahideki
 
PDF
Справка о компании 2test
Dmitriy Sukhinin
 
PDF
Mapa conceptual - Institutos Reguladores Calidad de Software
Karloz Dz
 
PPTX
EMC 005348489
savomir
 
Pravin Arote Updated CV
Pravin Arote
 
Infografía
Milton Arenas
 
Leadership Philosophy
Hal Schlenger
 
ACTIVIDADES N° 1
Jazmindlt
 
news graphic
cassandra young
 
examen
GerardoFlores99
 
Jacky Leung 3rd assign 20121111 v1
jackycontrol
 
Caracteristicas de sql server
Anthony Varela
 
Torno CNC TND-200 - Justificativas para a seleção dos materiais
shibatahideki
 
Справка о компании 2test
Dmitriy Sukhinin
 
Mapa conceptual - Institutos Reguladores Calidad de Software
Karloz Dz
 
EMC 005348489
savomir
 
Ad

Similar to Understandingphone sensor and app data for enhancing security (20)

PDF
Smart color locking system for android smartphones users
eSAT Journals
 
PDF
Provide security about risk score in mobile application’s
eSAT Journals
 
PDF
Secret Lock – Anti Theft: Integration of App Locker & Detection of Theft Usin...
IRJET Journal
 
PDF
IRJET- Smartphone Sensor based Security Questions and Location
IRJET Journal
 
PDF
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
PPTX
Standards and methodology for application security assessment
Mykhailo Antonishyn
 
PDF
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
IJCSIS Research Publications
 
PDF
Generic threats to mobile application
Vikrant Kansal
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
ADEIJ Journal
 
PDF
Irjet v7 i3811
aissmsblogs
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
PDF
Malware Bytes – Advanced Fault Analysis
IRJET Journal
 
ODP
Mobile Apps Security Testing -1
Krisshhna Daasaarii
 
PDF
IRJET- Autobiographical Fallback Authentication using Smartphones
IRJET Journal
 
PPTX
Privacy on Mobile Apps
Mays Mrayyan
 
PDF
A SECURED AUDITING PROTOCOL FOR TRANSFERRING DATA AND PROTECTED DISTRIBUTED S...
IRJET Journal
 
PDF
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
PPTX
Cyber Security PPT.pptx
BhanuRoyal4
 
PDF
OS-Project-Report-Team-8
shriram suryanarayanan
 
Smart color locking system for android smartphones users
eSAT Journals
 
Provide security about risk score in mobile application’s
eSAT Journals
 
Secret Lock – Anti Theft: Integration of App Locker & Detection of Theft Usin...
IRJET Journal
 
IRJET- Smartphone Sensor based Security Questions and Location
IRJET Journal
 
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
Standards and methodology for application security assessment
Mykhailo Antonishyn
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
IJCSIS Research Publications
 
Generic threats to mobile application
Vikrant Kansal
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...
ADEIJ Journal
 
Irjet v7 i3811
aissmsblogs
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Malware Bytes – Advanced Fault Analysis
IRJET Journal
 
Mobile Apps Security Testing -1
Krisshhna Daasaarii
 
IRJET- Autobiographical Fallback Authentication using Smartphones
IRJET Journal
 
Privacy on Mobile Apps
Mays Mrayyan
 
A SECURED AUDITING PROTOCOL FOR TRANSFERRING DATA AND PROTECTED DISTRIBUTED S...
IRJET Journal
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
Cyber Security PPT.pptx
BhanuRoyal4
 
OS-Project-Report-Team-8
shriram suryanarayanan
 

Recently uploaded (20)

PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Sustainable Sites - Green Building Construction
mhdumerali
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Well-logging-methods_new................
ZafriFarid
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Project quality management in manufacturing
BarMusaTetik
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 

Understandingphone sensor and app data for enhancing security

  • 1. Understanding Smartphone Sensor and App Data for Enhancing the Security of Secret Questions Abstract: Many web applications provide secondary authentication methods, i.e., secret questions (or password recovery questions), to reset the account password when a user’s login fails. However, the answers to many such secret questions can be easily guessed by an acquaintance or exposed to a stranger that has access to public online tools (e.g., online social networks); moreover, a user may forget her/his answers long after creating the secret questions. Today’s prevalence of smart phones has granted us new opportunities to observe and understand how the personal data collected by Smartphone sensors and apps can help create personalized secret questions without violating the users’ privacy concerns. In this paper, we present a Secret-Question based Authentication system, called “Secret- QA” that creates a set of secret questions on basic of people’s Smartphone usage. We develop a prototype on Android smart phones, and evaluate the security of the secret questions by asking the acquaintance/stranger who participate in our user study to guess the answers with and without the help of online tools; meanwhile, we observe the questions’ reliability by asking participants to answer their own questions. Our experimental results reveal that the secret questions related to motion sensors, calendar, app installment, and part of legacy app usage history (e.g., phone calls) have the best memorability for users as well as the highest robustness to attacks.
  • 2. Main Architecture: SYSTEM DESIGN: Existing System: In existing system the application will be having common security level question that won’t merge with the mobile data or application data. So that the ease of entering app was more. The attacker can easily make guess attack on those questions. Disadvantage:  Less Security.  Easy Questions to answer.  Headache to user.
  • 3.  Lack of accuracy. Proposed System: In proposed system, the application will be having security question based on their application data and sensor data which are stored in the local database. This makes the attacker a difficult job to crack the security level and reach the application. Advantage:  More secure.  Reduce headache on user.  More Accurate.  Can store more important data. Modules Involved: Understanding smart phones sensor data and app data for enhancing the security of particular application. This project three modules. They are 1. Personal Details. 2. Banking.
  • 4. 3. Monitor Phone. 1. Personal Details: Here the user needs to enter the personal details that were only known by them. Forexample their star signs, their blood group, their lucky number ECT... These details are stored in database from which the security questions are raised. Since the personal details are converted as security questions it will be difficult for attacker to guess the answer. 2. Monitor Phone. Next Module is monitoring our mobile phone data in order to increase the security. This process was separated into 3 phases. Application data, Phone status and battery status. Monitoring Battery Status
  • 5. Monitoring Phone Status Monitoring Applicationsinstalled Monitoring ParticularApplication
  • 6. 3. Banking: Once the user get pass mark in his security level he can enter into the banking application. Result Page
  • 8. SYSTEM SPECIFICATION: HARDWARE REQUIREMENTS:  System : Pentium IV 2.4 GHz.  Hard Disk : 40 GB.  Floppy Drive : 1.44 Mb.  Monitor : 14’ Colour Monitor.  Mouse : Optical Mouse.  Ram : 512 Mb. SOFTWARE REQUIREMENTS:  Operating system : Windows 7 Ultimate.  Coding Language : Java.  Front-End : Eclipse.  Data Base : Sqlite Manger. CONCLUSION: In this paper, we present a Secret-Question based Authentication system, called “Secret-QA”, and conduct a user study to understand how much the personal data collected by Smartphone sensors and apps can help improve the security of secret questions without violating the users’ privacy. We create a set of questions based on the data related to sensors and apps, which reflect the users’ short-term activities and Smartphone usage. We measure the reliability of these questions by
  • 9. asking participants to answer this question, as well as launching the acquaintance/stranger guessing attacks with and without help of online tools, and we are considering establishing a probabilistic model based on a large scale of user data to characterize the security of the secret questions. In our experiment, the secret questions related to motion sensors, calendar, app installment, and part of legacy apps (call) have the best performance in terms of memorability and the attack resilience, which outperform the conventional secret-question based approaches that are created based on a user’s long-term history/information.