Αυθεντικοποίηση χρηστών και εντοπισμός κακόβουλων ενεργειών
User authentication and detection of malicious actions
KeywordsΑυθεντικοποίηση χρηστών ; Βιομετρικά χαρακτηριστικά ; Ασφάλεια χρηστών ; Κωδικοί πρόσβασης ; Authentication ; Biometric modalities ; Passwords ; User security
Modern devices can carry out potentially dangerous actions, such as storing corporate and personal data, performing electronic transactions, accessing health data, and many more. All these actions introduce the ability to securely access increasingly personal information, which, in fact, raises the problem of user authentication. The usage of passwords introduces critical security issues due to their predictability, while tokens are not resistant to malware attacks, such as key loggers and memory scrapers. These issues can only be addressed by holistically investigating the problem of user authentication. The security of online accounts is drastically affected by the password predictability, as well as the parameters for password storage. Therefore, we propose a mathematical model, based on the parameters that influence password security. The main goal is to discover the cost of password guessing. Moreover, an extended survey of the default password storage parameters indicates that a significant percentage of websites use insecure password hashing. We have proved that the cost of password guessing can be a measure of defense to password guessing attacks. Apart from password storage, the security of user accounts relies on the protocols used for authentication, as well as the feasibility of obtaining the user credentials via malware. As a result, we explore the security of FIDO authentication framework, which replaces passwords with biometric modalities. The result of the analysis is a list of vulnerabilities that may be exploited by an attacker to compromise the authenticity, privacy, availability, and integrity of the FIDO. Moreover, as recent research has shown, authentication credentials and cryptographic keys remain in the volatile memory and can be easily extracted by malware. Therefore, we present safeguards that can be applied to the software level, either from the operating system or the applications, to erase data in the volatile memory from running and terminated applications. Lastly, with continuous authentication, users are continually authenticated via a “score”, which measures the certainty that the account owner is using a service or application. Therefore, we propose gaithashing, which is a secure two-factor authentication scheme based on the gait modality. The proposed scheme eliminates the noise and distortions caused by different silhouette types and achieves to authenticate a user independently of his/her silhouette. Lastly, this thesis proposes a novel technique to detect malicious actions using machine learning. This has been applied in the context of Ad hoc networks, where a new critical attack parameter has been identified. This parameter can be used to quantify the relation between AODV’s sequence number parameter and the performance of blackhole attacks.