Objective of the Study: Human Behavior Based Authentication for Smart Wireless Systems
Principal Investigator: Mohammad Maifi Hasan Khan, Department of CSE
Brief Description:
This project aims to investigate ways of authentication for smart wireless networked systems by exploiting user’s behavioral data. In real life, the hacker may be someone who has intimate knowledge regarding the daily habits of the person being compromised (e.g., hostile colleague). Hence, if the person is a close friend who is trying to guess the answers of the security questions generated based on smartphone usage data, he/she may have a higher chance of guessing the answers correctly. The purpose of this study is to evaluate the risks posed by an attacker who may have intimate knowledge regarding the daily habits and smartphone usage data of the person being compromised. For this reason, participants can only participate in pairs and must bring a close friend to participate in the study. User’s smart phone usage data will be collected over an extended period of time and analyzed to identify a person’s preferences and routines. Such behavioral pattern will be leveraged to generate security questions to authenticate the person in a challenge-response manner.
An application will be installed on both of the participants' Android smartphones (if the user has none, an Android smartphone may be provided to the user for the duration of the experiment if available). The application will passively collect both of the participants’ data throughout the day and will upload that data to a secure remote server with user permission. User identity will not be stored along with the data. The user will be assigned a UserID which will be used to identify user’s information.
Over the course of the experiment, the user will be presented with three sets of authentication questions. Answering questions would take approximately 10 minutes a day. The first set of questions will be generated based on user’s own data. The second set of questions will be generated based on user’s friend’s data. The third sets of questions will be generated based on a randomly selected user’s data whose identify will not be revealed. In all cases, accuracy in answering the questions will be logged.
The user will not be given any feedback regarding his/her performance at the end of the study. Participant will receive $25 Amazon gift card for two weeks of participation. The user may participate up to six months. However, the investigator or the user may terminate the study at any point in time. The user will be paid only for the duration of the study being completed. As a part of the study, information about the user such as age, race, education and sex will be collected. However, the user’s identity will be anonymized using userID to make sure the identity of the user is not revealed. This protocol was approved by the UConn IRB, protocol # H13-201.
Qualification Requirement: The user must be 18 years of age or older. To learn more about this research, please email: yusuf.albayram@uconn.edu
P.S.: Currently, due to limited number of available Android phones, we are unable to provide Android phones to the user for the study. Hence, the user will need to use his/her Android phone to participate. We will install our application on participant's phone, and will uninstall the application once the study is completed.
For more information, contact: Yusuf Albayram at yusuf.albayram@uconn.edu