The Internet is a pervasive presence in our lives, but a darker side exists as well. The spammers, phishers, and malware distributors make up the malweb. They continue to find new and innovative ways to keep up in the virtual arms race against computer security experts in order to continue their exploits of human and machine weaknesses.
At the same time, the increasing popularity of mobile devices as a platform, along with their increasing capabilities, have made them the newest targets for spam, scam, and malware.
We first describe the malweb, with a focus on context-based web spam. We present a double-funnel model that describes the flow of money from advertisers to spammers in one direction, and the flow of traffic from spammers to advertisers in the other direction.
The newest malweb playground is the mobile device, which now has access to crucial services like online banking and email. A user's account information and identity are tied to the mobile device, making it an extremely tempting target for phishers. Therefore, we present our findings on phishing vulnerabilities in the iPhone browser to demonstrate that a new platform can still be just as vulnerable to old tactics.
With these problems in mind, we examine methods to mitigate these threats by focusing on authentication schemes for mobile devices. Our goals are two-fold: the first, to make authentication on mobile devices less frustrating so users have an incentive to follow good security practices, and the second, to make user credentials harder to re-use if they are stolen.
We present a visual preference authentication scheme that relies on the user's long term memory. Then we describe implicit authentication, a scheme that takes advantage of the rich information made available by sensors on our phones. Finally, we describe gesture authentication, a biometric scheme that relies on users' muscle memory to let them create a physical password.
We evaluated each authentication scheme with a user study to determine usability, false and negative rates, and measure its entropy.
|Commitee:||Bishop, Matthew, Wu, Felix|
|School:||University of California, Davis|
|School Location:||United States -- California|
|Source:||DAI-B 73/01, Dissertation Abstracts International|
|Keywords:||Authentication, Computer security, Malware, Mobile devices, Phishing, Spam, Usability|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
supplemental files is subject to the ProQuest Terms and Conditions of use.