Non-invasive authentication for hands-free financial transactions in trusted connected locations.

Detalhes bibliográficos
Ano de defesa: 2022
Autor(a) principal: Hayashi, Victor Takashi
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: eng
Instituição de defesa: Biblioteca Digitais de Teses e Dissertações da USP
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Aprendizado de Máquina
Autenticação
Authentication
Internet das coisas
Internet of things
Machine learning
Privacidade
Privacy
Security
Segurança de computadores
Smart home
Link de acesso: https://www.teses.usp.br/teses/disponiveis/3/3141/tde-21062022-140511/
Resumo: Virtual assistants deployed on smartphone and smart speaker devices enable hands- free financial transactions by voice commands. Even though these voice transactions are frictionless for end-users in trusted connected locations, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions prejudice usability. State-of-the-art schemes for trusted devices with Physical Unclonable Functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted IoT autonomous device for hands-free scenarios (i.e., with no additional user interaction) integrated with a trusted connected location behavior for continuous authentication. The challenge-response protocol was validated with formal security tests with Burrows-Abadi-Needham logic and Scyther tool. A proof of concept with websockets presented an average response time of 383ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user based on a smart home testbed data from two months, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, it is possible to reduce the total number of smart home events time series from 7 to 5. When compared to existing invasive solutions, our non-invasive mechanism contributes to enhance financial institutions virtual assistants usability while maintaining security and privacy.

Registros relacionados