Dissertation/Thesis Abstract

Navigating the Malweb: Authentication Schemes for Mobile Devices
by Niu, Yuan, Ph.D., University of California, Davis, 2011, 116; 3474442
Abstract (Summary)

The Internet is a pervasive presence in our lives, but a darker side exists as well. The spammers, phishers, and malware distributors make up the malweb. They continue to find new and innovative ways to keep up in the virtual arms race against computer security experts in order to continue their exploits of human and machine weaknesses.

At the same time, the increasing popularity of mobile devices as a platform, along with their increasing capabilities, have made them the newest targets for spam, scam, and malware.

We first describe the malweb, with a focus on context-based web spam. We present a double-funnel model that describes the flow of money from advertisers to spammers in one direction, and the flow of traffic from spammers to advertisers in the other direction.

The newest malweb playground is the mobile device, which now has access to crucial services like online banking and email. A user's account information and identity are tied to the mobile device, making it an extremely tempting target for phishers. Therefore, we present our findings on phishing vulnerabilities in the iPhone browser to demonstrate that a new platform can still be just as vulnerable to old tactics.

With these problems in mind, we examine methods to mitigate these threats by focusing on authentication schemes for mobile devices. Our goals are two-fold: the first, to make authentication on mobile devices less frustrating so users have an incentive to follow good security practices, and the second, to make user credentials harder to re-use if they are stolen.

We present a visual preference authentication scheme that relies on the user's long term memory. Then we describe implicit authentication, a scheme that takes advantage of the rich information made available by sensors on our phones. Finally, we describe gesture authentication, a biometric scheme that relies on users' muscle memory to let them create a physical password.

We evaluated each authentication scheme with a user study to determine usability, false and negative rates, and measure its entropy.

Indexing (document details)
Advisor: Chen, Hao
Commitee: Bishop, Matthew, Wu, Felix
School: University of California, Davis
Department: Computer Science
School Location: United States -- California
Source: DAI-B 73/01, Dissertation Abstracts International
Subjects: Computer science
Keywords: Authentication, Computer security, Malware, Mobile devices, Phishing, Spam, Usability
Publication Number: 3474442
ISBN: 9781124907932
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy