Research Student Profile

Home People Profile...

Dr Chris Hocking MBCS, PhD

Research Student

Brief biographical information

christopher.hocking@plymouth.ac.uk

Access thesis on-line

Authentication Aura: A cooperative and distributed approach to user authentication on mobile devices

As information technology pervades our lives we have increasingly come to rely on these evermore sophisticated and ubiquitous items of equipment. Portability and the desire to be connected around the clock has driven the rapid growth in adoption of mobile devices that enable us to talk, message, tweet and inform at will, whilst providing a means to shop and administer bank accounts. These high value, high risk, desirable devices are increasingly the target of theft and improvement in their protection is actively sought by Governments and security agencies. Although forms of security are in place they are compromised by human reluctance and inability to administer them effectively. With typical users operating across multiple devices, including traditional desktop PCs, laptops, tablets and smartphones, they can regularly find themselves having a variety of devices open concurrently. Even if the most basic security is in place, there is a resultant need to repeatedly authenticate, representing a potential source of hindrance and frustration.
This thesis explores the need for a novel approach to user authentication, which will reduce the authentication burden whilst providing a secure yet adaptive security mechanism; a so called Authentication Aura. It proposes that the latent security potential contained in surrounding devices and possessions in everyday life can be leveraged to augment security, and provides a framework for a distributed and cooperative approach. An experiment was performed to ascertain the technological infrastructure, devices and inert objects that surround individuals throughout the day. Using twenty volunteers, over a fourteen-day period a dataset of 1.57 million recorded observations was gathered, which confirmed that between 6am and 12pm a significant device or possession is in near proximity 97.84% of the time.
Using the data provided by the experiment as the basis for a simulation of the framework, it suggests a reduction of up to 80.36% in the daily number of required authentications for a user operating a device once every 30 minutes, with a 10 minute screen lock in place. Examining the influence of location alone indicated a reduction of 50.74% in user interventions lowering the average from 32 to 15.76, the addition of the surroundings reducing this further to 13.00.
The analysis also investigated how a user’s own authentication status could be used to negate the need to repeatedly manually authenticate and it was found that it delayed the process for up to 90 minutes for an individual user. Ultimately, it confirms that during device activation it is possible to remove the need to authenticate with the Authentication Aura providing sufficient assurance.

Dr Chris Hocking

Director of studies: Prof Steven M Furnell
Other supervisors: Prof. Nathan L Clarke

Journal papers

Co-operative user identity verification using an Authentication Aura
Hocking C, Furnell SM, Clarke NL, Reynolds PL
Computers & Security, Volume 39, Part B, November, pp486–502, 2013
More details | External link available

Authentication Aura - A distributed approach to user authentication
Hocking C, Furnell SM, Clarke NL, Reynolds PL
Journal of Information Assurance and Security, vol. 6 (2011), issue 2, pp149-156, ISSN 1554-1010, 2011
More details | External link available

2 Journal papers

Conference papers

A preliminary investigation of distributed and cooperative user authentication
Hocking C, Furnell SM, Clarke NL, Reynolds PL
Proceedings of the 9th Australian Information Security Management Conference (secAU 2011), Perth, Australia, 5-7 December, 2011
More details

A distributed and cooperative user authentication framework
Hocking C, Furnell SM, Clarke NL, Reynolds PL
Proceedings of the 6th International Confernece on Information Assurance and Security (IAS 2010), Atlanta, USA, 23-25 August, pp304-310, 2010
More details

2 Conference papers

Internal publications

Investigating, Implementing and Evaluating Client-Side Keystroke Analysis User Authentication for Web Sites
Hocking C, Dowland PS
Advances in Communications, Computing, Networks and Security 5, ISBN: 978-1-84102-257-4, pp126-134, 2008
Can be ordered on-line.
More details | Download PDF

1 Internal publications

5 publication(s) - all categories.