Non-invasive authentication for hands-free financial transactions in trusted connected locations.

Detalhes bibliográficos
Autor(a) principal: Hayashi, Victor Takashi
Data de Publicação: 2022
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Biblioteca Digital de Teses e Dissertações da USP
Texto Completo: https://www.teses.usp.br/teses/disponiveis/3/3141/tde-21062022-140511/
Resumo: Virtual assistants deployed on smartphone and smart speaker devices enable hands- free financial transactions by voice commands. Even though these voice transactions are frictionless for end-users in trusted connected locations, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions prejudice usability. State-of-the-art schemes for trusted devices with Physical Unclonable Functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted IoT autonomous device for hands-free scenarios (i.e., with no additional user interaction) integrated with a trusted connected location behavior for continuous authentication. The challenge-response protocol was validated with formal security tests with Burrows-Abadi-Needham logic and Scyther tool. A proof of concept with websockets presented an average response time of 383ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user based on a smart home testbed data from two months, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, it is possible to reduce the total number of smart home events time series from 7 to 5. When compared to existing invasive solutions, our non-invasive mechanism contributes to enhance financial institutions virtual assistants usability while maintaining security and privacy.
id USP_7d6baebaae3bc62cd2fcb401cd29eb09
oai_identifier_str oai:teses.usp.br:tde-21062022-140511
network_acronym_str USP
network_name_str Biblioteca Digital de Teses e Dissertações da USP
repository_id_str 2721
spelling Non-invasive authentication for hands-free financial transactions in trusted connected locations.Autenticação não-invasiva para transações financeiras hands-free em locais conectados confiáveis..Aprendizado de MáquinaAutenticaçãoAuthenticationInternet das coisasInternet of thingsMachine learningPrivacidadePrivacySecuritySegurança de computadoresSmart homeVirtual assistants deployed on smartphone and smart speaker devices enable hands- free financial transactions by voice commands. Even though these voice transactions are frictionless for end-users in trusted connected locations, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions prejudice usability. State-of-the-art schemes for trusted devices with Physical Unclonable Functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted IoT autonomous device for hands-free scenarios (i.e., with no additional user interaction) integrated with a trusted connected location behavior for continuous authentication. The challenge-response protocol was validated with formal security tests with Burrows-Abadi-Needham logic and Scyther tool. A proof of concept with websockets presented an average response time of 383ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user based on a smart home testbed data from two months, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, it is possible to reduce the total number of smart home events time series from 7 to 5. When compared to existing invasive solutions, our non-invasive mechanism contributes to enhance financial institutions virtual assistants usability while maintaining security and privacy.Assistentes pessoais em dispositivos móveis e smart speakers permitem transações financeiras sem o uso das m aos por comandos de voz. Mesmo que essas transações de voz sejam úteis para os usuários finais em ambientes conectados confiáveis, elas são suscetíveis a ataques típicos a protocolos de autentica c ao (e.g., ataque de replay). O uso da autentica c ao tradicional baseada em conhecimento ou posse de dispositivo confiável com interações invasivas adicionais prejudica a usabilidade. Soluções propostas na literatura com dispositivos confiáveis usam Funções Físicas N ao-Clonáveis (PUF) com processos de cadastramento complexo. E proposto um mecanismo de autentica c ao n ao-invasivo com protocolo desafio-resposta com um dispositivo autônomo IoT confiável integrado com o comportamento de um local conectado confiável para autentica c ao continuada. O protocolo desafio-resposta foi validado por meio de provas formais de segurança com lógica Burrows-Abadi-Needham e ferramenta Scyther. Uma prova de conceito com websockets apresentou um tempo médio de resposta de 383ms para autenticação mútua usando um protocolo de 6 mensagens com um processo de cadastro simples. Realizamos o reconhecimento de atividades sem o uso das m aos de um usuário específico com base em dados de uma casa inteligente de dois meses, obtendo uma precisão de 97% e uma revoca c ao de 81%. Dado o princípio de privacidade de minimiza c ao de dados, e possível reduzir o número total de séries temporais de eventos de casa inteligente de 7 para 5. Quando comparado às soluções invasivas existentes, o mecanismo n ao invasivo proposto contribui para aprimorar a usabilidade dos assistentes virtuais das instituições financeiras, ao mesmo tempo que mantém a segurança e a privacidade do usuário.Biblioteca Digitais de Teses e Dissertações da USPRuggiero, Wilson VicenteHayashi, Victor Takashi2022-05-12info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttps://www.teses.usp.br/teses/disponiveis/3/3141/tde-21062022-140511/reponame:Biblioteca Digital de Teses e Dissertações da USPinstname:Universidade de São Paulo (USP)instacron:USPLiberar o conteúdo para acesso público.info:eu-repo/semantics/openAccesseng2024-10-09T12:45:08Zoai:teses.usp.br:tde-21062022-140511Biblioteca Digital de Teses e Dissertaçõeshttp://www.teses.usp.br/PUBhttp://www.teses.usp.br/cgi-bin/mtd2br.plvirginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.bropendoar:27212024-10-09T12:45:08Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)false
dc.title.none.fl_str_mv Non-invasive authentication for hands-free financial transactions in trusted connected locations.
Autenticação não-invasiva para transações financeiras hands-free em locais conectados confiáveis..
title Non-invasive authentication for hands-free financial transactions in trusted connected locations.
spellingShingle Non-invasive authentication for hands-free financial transactions in trusted connected locations.
Hayashi, Victor Takashi
Aprendizado de Máquina
Autenticação
Authentication
Internet das coisas
Internet of things
Machine learning
Privacidade
Privacy
Security
Segurança de computadores
Smart home
title_short Non-invasive authentication for hands-free financial transactions in trusted connected locations.
title_full Non-invasive authentication for hands-free financial transactions in trusted connected locations.
title_fullStr Non-invasive authentication for hands-free financial transactions in trusted connected locations.
title_full_unstemmed Non-invasive authentication for hands-free financial transactions in trusted connected locations.
title_sort Non-invasive authentication for hands-free financial transactions in trusted connected locations.
author Hayashi, Victor Takashi
author_facet Hayashi, Victor Takashi
author_role author
dc.contributor.none.fl_str_mv Ruggiero, Wilson Vicente
dc.contributor.author.fl_str_mv Hayashi, Victor Takashi
dc.subject.por.fl_str_mv Aprendizado de Máquina
Autenticação
Authentication
Internet das coisas
Internet of things
Machine learning
Privacidade
Privacy
Security
Segurança de computadores
Smart home
topic Aprendizado de Máquina
Autenticação
Authentication
Internet das coisas
Internet of things
Machine learning
Privacidade
Privacy
Security
Segurança de computadores
Smart home
description Virtual assistants deployed on smartphone and smart speaker devices enable hands- free financial transactions by voice commands. Even though these voice transactions are frictionless for end-users in trusted connected locations, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions prejudice usability. State-of-the-art schemes for trusted devices with Physical Unclonable Functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted IoT autonomous device for hands-free scenarios (i.e., with no additional user interaction) integrated with a trusted connected location behavior for continuous authentication. The challenge-response protocol was validated with formal security tests with Burrows-Abadi-Needham logic and Scyther tool. A proof of concept with websockets presented an average response time of 383ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user based on a smart home testbed data from two months, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, it is possible to reduce the total number of smart home events time series from 7 to 5. When compared to existing invasive solutions, our non-invasive mechanism contributes to enhance financial institutions virtual assistants usability while maintaining security and privacy.
publishDate 2022
dc.date.none.fl_str_mv 2022-05-12
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://www.teses.usp.br/teses/disponiveis/3/3141/tde-21062022-140511/
url https://www.teses.usp.br/teses/disponiveis/3/3141/tde-21062022-140511/
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv
dc.rights.driver.fl_str_mv Liberar o conteúdo para acesso público.
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Liberar o conteúdo para acesso público.
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.coverage.none.fl_str_mv
dc.publisher.none.fl_str_mv Biblioteca Digitais de Teses e Dissertações da USP
publisher.none.fl_str_mv Biblioteca Digitais de Teses e Dissertações da USP
dc.source.none.fl_str_mv
reponame:Biblioteca Digital de Teses e Dissertações da USP
instname:Universidade de São Paulo (USP)
instacron:USP
instname_str Universidade de São Paulo (USP)
instacron_str USP
institution USP
reponame_str Biblioteca Digital de Teses e Dissertações da USP
collection Biblioteca Digital de Teses e Dissertações da USP
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)
repository.mail.fl_str_mv virginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.br
_version_ 1815256527688171520

Registros relacionados