TY - GEN
T1 - Secure session on mobile
T2 - 2014 6th International Conference on Mobile Computing, Applications and Services, MobiCASE 2014
AU - Feng, Tao
AU - Desalvo, Nicholas
AU - Xu, Lei
AU - Zhao, Xi
AU - Wang, Xi
AU - Shi, Weidong
N1 - Publisher Copyright:
© 2014 The Institute for Computer Sciences, Social Informatics, and Telecommunications Engineering (ICST).
PY - 2015/1/28
Y1 - 2015/1/28
N2 - With the rise of Internet connected mobile devices, applications have migrated from PCs to mobile computing platforms. An important aspect, payment processing, faces new security challenges from these developments. Inasmuch, these advancements demand efforts from researchers and industry to meet increasing security needs. Threats can ensue from data loss, theft from lost, stolen, or decommissioned devices, information-stealing malware, and password peeping. We propose a secure framework for sensitive session driven applications which combines biometric-based continuous and implicit tracking of user identities, and TrustZone. This framework is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hands, all while in TrustZone, a platform for secure computation and storage on mobile devices. This solution leverages multiple onboard sensors as well as the ARM architecture to accomplish these feats. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our identity-tracking solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of this framework as a secure session-based payment system.
AB - With the rise of Internet connected mobile devices, applications have migrated from PCs to mobile computing platforms. An important aspect, payment processing, faces new security challenges from these developments. Inasmuch, these advancements demand efforts from researchers and industry to meet increasing security needs. Threats can ensue from data loss, theft from lost, stolen, or decommissioned devices, information-stealing malware, and password peeping. We propose a secure framework for sensitive session driven applications which combines biometric-based continuous and implicit tracking of user identities, and TrustZone. This framework is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hands, all while in TrustZone, a platform for secure computation and storage on mobile devices. This solution leverages multiple onboard sensors as well as the ARM architecture to accomplish these feats. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our identity-tracking solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of this framework as a secure session-based payment system.
KW - Biometric
KW - Secure Session
KW - Sensor Fusion
KW - TrustZone
KW - User Behavior
UR - https://www.scopus.com/pages/publications/84924359402
U2 - 10.4108/icst.mobicase.2014.257767
DO - 10.4108/icst.mobicase.2014.257767
M3 - 会议稿件
AN - SCOPUS:84924359402
T3 - Proceedings of the 2014 6th International Conference on Mobile Computing, Applications and Services, MobiCASE 2014
SP - 206
EP - 215
BT - Proceedings of the 2014 6th International Conference on Mobile Computing, Applications and Services, MobiCASE 2014
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 6 November 2014 through 7 November 2014
ER -