Skip to main content
SpringerLink
Log in

How to Prevent to Delegate Authentication

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2015)

Abstract

We consider delegation attack in authentication systems in which a credential holder shares their credentials with a third party that we call helper, to allow them to use their account. We motivate this problem and propose a model for non-delegatable authentication and a novel authentication system, based on behavioural biometrics, that achieves non-delegatability. Our main observation is that a user’s behaviour in complex activities such as playing a computer game, provides an imprint of many of their personal traits in the form of measurable features, that can be used to identify them. Carefully selected features will be “hard” to pass on to others, hence providing non-delegatability. As a proof of concept we designed and implemented a computer game (a complex activity), and used the feature points in the game play to construct a user model for authentication. We describe our implementation and experiments to evaluate correctness, security and non-delegatability. Compared to using traditional biometrics, the system enhances user privacy because the user model is with respect to an activity and do not have direct relation to the user’s identifying information. We discuss our results and deployment of the system in practice, and propose directions for future research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alayed, H., Frangoudes, F., Neuman, C.: Behavioral-based cheating detection in online first person shooters using machine learning techniques. In: 2013 IEEE Conference on Computational Intelligence in Games (CIG), pp. 1–8, August 2013

    Google Scholar 

  2. Barker, E., Kelsey, J.: Recommendation for the entropy sources used for random bit generation, August 2012. http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90b.pdf

  3. Balfe, S., Mohammed, A.: Final fantasy – securing on-line gaming with trusted computing. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 123–134. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Bojinov, H., Sanchez, D., Reber, P., Boneh, D., Lincoln, P.: Neuroscience meets cryptography: designing crypto primitives secure against rubber hose attacks. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, pp. 33–33. USENIX Association, Berkeley (2012)

    Google Scholar 

  5. Carroll, J.B.: Human Cognitive Abilities. Cambridge University Press (1993)

    Google Scholar 

  6. Cattell, R.: Personality and motivation structure and measurement (1957). http://psychology.about.com/od/trait-theories-personality/a/16-personality-factors.htm

  7. Chen, K.-T., Hong, L.-W.: User identification based on game-play activity patterns. In: Proceedings of the 6th ACM SIGCOMM Workshop on Network and System Support for Games, NetGames 2007, pp. 7–12. ACM, New York (2007)

    Google Scholar 

  8. Chen, K.-T., Kenneth Pao, H.-K., Chang, H.-C.: Game bot identification based on manifold learning. In: Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games, NetGames 2008, pp. 21–26. ACM, New York (2008)

    Google Scholar 

  9. Denning, T., Bowers, K., van Dijk, M., Juels, A.: Exploring implicit memory for painless password recovery. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2011, pp. 2615–2618. ACM, New York (2011)

    Google Scholar 

  10. Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS 2007, pp. 7: 1–7: 16. USENIX Association, Berkeley (2007)

    Google Scholar 

  11. Fiddy, H.O.: Method and system for defeat of replay attacks against biometric authentication systems, US Patent 8,508,338 (2013)

    Google Scholar 

  12. Gianvecchio, S., Zhenyu, W., Xie, M., Wang, H.: Battle of botcraft: fighting bots in online games with human observational proofs. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 256–268. ACM, New York (2009)

    Google Scholar 

  13. Haeberlen, A., Aditya, P., Rodrigues, R., Druschel, P.: Accountable virtual machines. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 1–16. USENIX Association, Berkeley (2010)

    Google Scholar 

  14. Monrose, F., Rubin, A.D.: Keystroke dynamics as a biometric for authentication. Future Generation Computer Systems 16(4), 351–359 (2000)

    Article  Google Scholar 

  15. McDaniel, R., Yampolskiy, R.V.: Development of embedded captcha elements for bot prevention in fischer random chess. Int. J. Comput. Games Technol., p. 2:2 (2012)

    Google Scholar 

  16. Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 1–8. ACM (2004)

    Google Scholar 

  17. Revett, K., Biometrics, B.: A Remote Access Approach. John Wiley & Sons Ltd. (2008)

    Google Scholar 

  18. Schluessler, T., Goglin, S., Johnson, E.: Is a bot at the controls?: detecting input data attacks. In: Proceedings of the 6th ACM SIGCOMM Workshop on Network and System Support for Games, NetGames 2007, pp. 1–6. ACM, New York (2007)

    Google Scholar 

  19. Tian, H.Y., Brooke, P.J., Bosser, A.-G.: Behaviour-based cheat detection in multiplayer games with event-B. In: Derrick, J., Gnesi, S., Latella, D., Treharne, H. (eds.) IFM 2012. LNCS, vol. 7321, pp. 206–220. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Thanh Ha, T.: Us developer outsourced his job to china (2013). http://www.theglobeandmail.com/technology/how-a-model-employee-got-away-with-outsourcing-his-software-job-to-china/article7409256/3/

  21. Woo, J., Kim, H.K.: Survey and research direction on online game security. In: Proceedings of the Workshop at SIGGRAPH Asia, WASA 2012, pp. 19–25. ACM, New York (2012)

    Google Scholar 

  22. Wortham, J.: No tv? no subscription? no problem (2013). http://www.nytimes.com/2013/04/07/business/streaming-sites-and-the-rise-of-shared-accounts.html

  23. Watson, G.J., Safavi-Naini, R., Alimomeni, M., Locasto, M.E., Narayan, S.: Lost: location based storage. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, CCSW 2012, pp. 59–70. ACM, New York (2012)

    Google Scholar 

  24. Yampolskiy, R.V., Govindaraju, V.: Strategy based behavioural biometrics: a novel approach to automated identification. Int. J. Comput. Appl. Technol. 35(1), 29–41 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Calgary, Calgary, AB, Canada

    Mohsen Alimomeni & Reihaneh Safavi-Naini

Authors
  1. Mohsen Alimomeni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reihaneh Safavi-Naini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohsen Alimomeni .

Editor information

Editors and Affiliations

  1. The University of Texas at Dallas, Richardson, Texas, USA

    Bhavani Thuraisingham

  2. Indiana University at Bloomington, Bloomington, Indiana, USA

    XiaoFeng Wang

  3. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Alimomeni, M., Safavi-Naini, R. (2015). How to Prevent to Delegate Authentication. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28865-9_26

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28864-2

  • Online ISBN: 978-3-319-28865-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation