Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

4
Reset filters

Settings
Now showing 1 - 4 of 4
  • Publication
    User identity verification based on touchscreen interaction analysis in web contexts
    ( 2015)
    Velten, Michael
    ;
    Schneider, Peter
    ;
    Wessel, Sascha
    ;
    Eckert, Claudia
    The ever-increasing popularity of smartphones amplifies the risk of loss or theft, thus increasing the threat of attackers hijacking critical user accounts. In this paper, we present a framework to secure accounts by continuously verifying user identities based on user interaction behavior with smartphone touchscreens. This enables us to protect user accounts by disabling critical functionality and enforcing a reauthentication in case of suspicious behavior. We take advantage of standard mobile web browser capabilities to remotely capture and analyze touchscreen interactions. This approach is completely transparent for the user and works on everyday smartphones without requiring any special software or privileges on the user's device. We show how to successfully classify users even on the basis of limited and imprecise touch interaction data as is prevalent in web contexts. We evaluate the performance of our framework and show that the user identification accuracy is higher than 99% after collecting about a dozen touch interactions.
  • Publication
    Improving mobile device security with operating system-level virtualization
    ( 2015)
    Wessel, Sascha
    ;
    Huber, Manuel
    ;
    Stumpf, Frederic
    ;
    Eckert, Claudia
    In this paper, we propose a lightweight mechanism to isolate one or more Android userland instances from a trustworthy and secure entity. This entity controls and manages the Android instances and provides an interface for remote administration and management of the device and its software. We provide an administrative solution for dynamically modifying, removing or adding multiple Android instances remotely and locally. Furthermore, we present a secure device provisioning and enrollment solution for our system. Our approach includes several security extensions for secure network access, integrity protection of data on storage devices, and secure access to the touchscreen of mobile devices. Our implementation requires only minimal modification to the software stack of a typical Android-based smartphone, which allows easy porting to other devices when compared to other virtualization techniques. Practical tests show the feasibility of our approach regarding runtime overhead and battery lifetime impact.
  • Publication
    Support Vector Machines under Adversarial Label Contamination
    ( 2015)
    Xiao, Huang
    ;
    Biggio, Battista
    ;
    Nelson, Blaine
    ;
    Xiao, Han
    ;
    Eckert, Claudia
    ;
    Roli, Fabio
    Machine learning algorithms are increasingly being applied in security-related tasks such as spam and malware detection, although their security properties against deliberate attacks have not yet been widely understood. Intelligent and adaptive attackers may indeed exploit specific vulnerabilities exposed by machine learning techniques to violate system security. Being robust to adversarial data manipulation is thus an important, additional requirement for machine learning algorithms to successfully operate in adversarial settings. In this work, we evaluate the security of Support Vector Machines (SVMs) to well-crafted, adversarial label noise attacks. In particular, we consider an attacker that aims to maximize the SVM\textquoterights classification error by flipping a number of labels in the training data. We formalize a corresponding optimal attack strategy, and solve it by means of heuristic approaches to keep the computational complexity tractable. We report an extensive experimental analysis on the effectiveness of the considered attacks against linear and non-linear SVMs, both on synthetic and real-world datasets. We finally argue that our approach can also provide useful insights for developing more secure SVM learning algorithms, and also novel techniques in a number of related research areas, such as semi-supervised and active learning.