Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Continuous-authentication Method based on the Risk Profile associated with Context-awareness to Lock Smart Devices

스마트 기기 잠금을 위한 상황인지 위험도기반의 지속인증기법

  • 김지환 (서울과학기술대학교 SW분석설계학과) ;
  • 이윤호 (서울과학기술대학교 글로벌융합산업공학과)
  • Received : 2016.07.18
  • Accepted : 2016.09.01
  • Published : 2016.11.15
⟨ Previous Next ⟩

Abstract

In order to block the access of the information in the smartphone of a user by other users, it is checked if the current user is the owner or not in the smartphone authentication process, whenever a user begins to use a smartphone. This makes smartphone users in front of frequent smartphone authentications, which leads significant inconvenience to them. Because of such inconvenience, users tend not to use the smartphone authentication anymore. Finally, their smartphones become very vulnerable against malicious access. This paper proposes a progressive authentication method on the android-platform in order to solve the problem described above. With the proposed method, smartphones can identify relevant risks based on users' past experiences and determine whether an authentication is needed. Because authentication occurs only when the identified risk level is high, it can achieve both a high-level of security in the high-level risk situation and user convenience in the low-level risk situation.

스마트폰에 저장되어 있는 정보가 타인에게 접근되는 것을 막기 위해 스마트폰 인증은 매 스마트폰 사용 시 마다 다양한 방법으로 스마트폰 소유자의 여부를 확인한다. 그러나 이러한 매 사용 마다의 인증은 사용자들의 불편함을 야기하며, 때로는 인증방법을 사용하지 않게 하는, 궁극적으로 스마트폰 보안의 치명적인 문제로 작용한다. 본 연구에서는 안드로이드 환경에서 위의 문제를 해결하기 위한 지속 인증 방법을 제안한다. 제안 방법에서 스마트폰들은 사용자들의 과거 경험을 이용하여 그들의 위험을 인식하고 사용자 인증이 필요한지의 여부를 결정한다. 인증은 높은 위험이 있는 상황에서만 진행되기 때문에 제안 방법은 높은 위험도 상황일 경우에는 높은 안전성을, 그리고 낮은 위험도 상황에서는 사용자 편리성을 제공한다.

Keywords

Acknowledgement

Supported by : 서울과학기술대학교

References

  1. J. Kim, C. Jo, S. Jang, E. Yoon, "2015 Research of Internet actuality of utilization survey," Korea Internet & Security Agency, pp. 45, 2015.
  2. G. Lee, "A Study on Enhanced Security Model of Smartphone based on Information Security Management System," Master degree's thesis, SeoulTech, pp. 1-5, 2012.
  3. Korea Internet & Security Agency, "2015 Information Security survey(private section) Final Report," ISIS, pp. 17, 36, 2015.
  4. S. Jo, "A Study on Classification and Necessity of 2 Factor Authentication," Master degree's thesis, SejongCyberUniv, pp. 33-35, 2014.
  5. McAfee, "36% of smartphone users, not getting off duty setting," Digital Times, Available From: http://www.dt.co.kr/contents.html?article_no=2013022802019960786001, 2013.
  6. Sunhwa Lee, Youngsoo Shin, Chaerin im, Hannah Beak, Sungh Lee, Jinwoo Kim, "The Effect of an Emotional Factor on User Experience with Smartphone Unlocking Process," Korean Society for emotion and sensibility, Vol. 17, No. 4, pp. 79-88, 2014.
  7. Knowledge Economy Glossary, "Context Awareness," Ministry of Trade, Industry and Energy, Korea Goverment, 2010.
  8. Broadcasting content policy and communications technology market, "Situational awareness technology practices and future prospects," KCA, 2010.
  9. N. Seong, "Design of a middleware for compound context-awareness on sensor-based mobile environments," Master Degree's thesis, Hankuk university of foreign studies, pp. 11-12, 2015.
  10. Tao Gu, Xiao Hang Wang, Hung Keng Pung and Da Qing Zhang, "An Ontology-based Context Model in Intelligent Environments Communication Networks and Distributed Systems Modeling and Simulation Conference," San Diego, Clifonia, USA, 2004.
  11. H. Chen, "An Intelligent Broker Architecture for Pervasive Context-Aware Systems," Doctorial Thesis of UMBC, 2004.
  12. Gaia project, Available From: http://gaia.cs.uiucedu/
  13. Tao Gu, Hung Keng Pung, Da Qing Zhang, "A Service-oriented middleware for building context-aware services," Journal of Network and computer applications, Vol. 28, Issue 1, pp. 1-18, 2005. https://doi.org/10.1016/j.jnca.2004.06.002
  14. H. Kim, Y. Cho and S. Oh, "CAMUS: A middleware supporting context-aware services for network-based robots," IEEE Workshop on Advanced Robotics and Its Social Impacts, Nagoya, Japan, 2005.
  15. N. B. Behlouli, C. Taconet, G. Bernard, "An Architecture for supporting Development and Execution of Context-Aware Component applications," 2006 ACS/IEEE International Conference on Pervasive Services, 2006.
  16. O. Riva, C. Qin, K. Strauss, and D. Lymberopoulos, "Progressive authentication: deciding when to authenticate on mobile phones," Proc. of USENIX Security, 12, 2012.
  17. Y. Lee, P. Kim, D. Seo, J. Kim, Jh. Kim, "Contextual Risk Analysis and Progressive Authentication Method based on Contextual Risk Degree on Android Devices," consignment research report, ETRI, 2015.
  18. Koichiro Niinuma, Anil K. Jain, "Continuous User Authentication Using Temporal Information," Biometric Technology for Human Identification VII. Orlando, Florida, 2010.
  19. S. Egelman, S. Jain, R. S. Portnoff, K. Liao, S. Consolvo, and D. Wagner, "Are You Ready to Lock?: Understanding User Motivations for Smartphone Locking Behaviors," Proc. of ACM CCS'14, pp. 750-761, 2014.
  20. Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtnew, Alexander De Luca, "It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception," Symposium On Usable Privacy and Security, Menlo Park CA. July. 2014.
  21. Murphy, A. H. and Brown, B. G., "Forecast terminology: Composition and interpretation of public weather forecasts," Bulletin of The American Meteorological Society, 64, 13-22, 1983. https://doi.org/10.1175/1520-0477-64.1.13
  22. S. Shin, "Conversion of the Qualitative Probabilistic Expressions into the Numerical Probabilities in Korean," Master degree's thesis, KAIST, 2007.