skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, May 16 until 2:00 AM ET on Saturday, May 17 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Exploring Phone-Based Authentication Vulnerabilities in Single Sign-On Systems
Phone-based authenticators (PBAs) are commonly incorporated into multi-factor authentication and passwordless login schemes for corporate networks and systems. These systems require users to prove that they possess a phone or phone number associated with an account. The out-of-band nature of PBAs and their security may not be well understood by users. Further, the frequency of PBA prompts may desensitize users and lead to increased susceptibility to phishing or social engineering. We explore such risks to PBAs by exploring PBA implementation options and two types of attacks. When employed with a real-world PBA system, we found the symptoms of such attacks were subtle. A subsequent user study revealed that none of our participants noticed the attack symptoms, highlighting the limitations and risks associated with PBAs.  more » « less
Award ID(s):
1651540
PAR ID:
10431062
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
International Conference on Information and Communications Security
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; ; ; ; (, Soft robotics)
    This work presents a unique approach to the design, fabrication, and characterization of paper-based origami robotic systems consisting of stackable pneumatic actuators. These paper-based actuators (PBAs) use materials with high elastic modulus-to-mass ratios, accordion-like structures, and direct coupling with pneumatic pressure for extension and bending. The study contributes to the scientific and engineering understanding of foldable components under applied pneumatic pressure by constructing stretchable and flexible structures with intrinsically nonstretchable materials. Experiments showed that a PBA possesses a power-to-mass ratio greater than 80 W/kg, which is more than four times that of human muscle. This work also illustrates the stackability and functionality of PBAs by two prototypes: a parallel manipulator and a legged locomotor. The manipulator consisting of an array of PBAs can bend in a specific direction with the corresponding actuator inflated. In addition, the stacked actuators in the manipulator can rotate in opposite directions to compensate for relative rotation at the ends of each actuator to work in parallel and manipulate the platform. The locomotor rotates the PBAs to apply and release contact between the feet and the ground. Furthermore, a numerical model developed in this work predicts the mechanical performance of these inflatable actuators as a function of dimensional specifications and folding patterns. Overall, we use stacked origami actuators to implement functionalities of manipulation, gripping, and locomotion as conventional robotic systems. Future origami robots made of paper-like materials may be suitable for single use in contaminated or unstructured environments or low-cost educational materials. 
    more » « less
  2. ; ; ; ; ; ; ; ; ; (, Advanced Energy Materials)
    Abstract Prussian blue analogues (PBAs) cathodes can host diverse monovalent and multivalent metal ions due to their tunable structure. However, their electrochemical performance suffers from poor cycle life associated with chemo‐mechanical instabilities. This study investigates the driving forces behind chemo‐mechanical instabilities in Ni‐ and Mn‐based PBAs cathodes for K‐ion batteries by combining electrochemical analysis, digital image correlation, and spectroscopy techniques. Capacity retention in Ni‐based PBA is 96% whereas it is 91.5% for Mn‐based PBA after 100 cycles at C/5 rate. During charge, the potassium nickel hexacyanoferrate (KNHCF) electrode experiences a positive strain generation whereas the potassium manganese hexacyanoferrate (KMHCF) electrode undergoes initially positive strain generation followed by a reduction in strains at a higher state of charge. Overall, both cathodes undergo similar reversible electrochemical strains in each charge–discharge cycle. There is ~0.80% irreversible strain generation in both cathodes after 5 cycles. XPS studies indicated richer organic layer compounds in the cathode‐electrolyte interface (CEI) layer formed on KMHCF cathodes compared to the KNHCF ones. Faster capacity fades in Mn‐based PBA, compared to Ni‐based ones, is attributed to the formation of richer organic compounds in CEI layers, rather than mechanical deformations. Understanding the driving forces behind instabilities provides a guideline to develop material‐based strategies for better electrochemical performance. 
    more » « less
  3. ; (, Journal of Applied Physics)
    Prussian blue analogs (PBAs) are an important material class for aqueous electrochemical separations and energy storage owing to their ability to reversibly intercalate monovalent cations. However, incorporating interstitial [Formula: see text] molecules in the ab initio study of PBAs is technically challenging, though essential to understanding the interactions between interstitial water, interstitial cations, and the framework lattice that affect intercalation potential and cation intercalation selectivity. Accordingly, we introduce and use a method that combines the efficiency of machine-learning models with the accuracy of ab initio calculations to elucidate mechanisms of (1) lattice expansion upon intercalation of cations of different sizes, (2) selectivity bias toward intercalating hydrophobic cations of large size, and (3) semiconductor–conductor transitions from anhydrous to hydrated lattices. We analyze the PBA nickel hexacyanoferrate [[Formula: see text]] due to its structural stability and electrochemical activity in aqueous electrolytes. Here, grand potential analysis is used to determine the equilibrium degree of hydration for a given intercalated cation (Na[Formula: see text], K[Formula: see text], or Cs[Formula: see text]) and [Formula: see text] oxidation state based on pressure-equilibrated structures determined with the aid of machine learning and simulated annealing. The results imply new directions for the rational design of future cation-intercalation electrode materials that optimize performance in various electrochemical applications, and they demonstrate the importance of choosing an appropriate calculation framework to predict the properties of PBA lattices accurately. 
    more » « less
  4. ; ; ; (, Cryptologia)
    We present and analyze UDM, a new protocol for user discovery in anonymous communication systems that minimizes the information disclosed to the system and users. Unlike existing systems, including those based on private set intersection, UDM learns nothing about the contact lists and social graphs of the users, is not vulnerable to off-line dictionary attacks that expose contact lists, does not reveal platform identifiers to users without the owner’s explicit permission, and enjoys low computation and communication complexity. UDM solves the following user-discovery problem. User Alice wishes to communicate with Bob over an anonymous communication system, such as cMix or Tor. Initially, each party knows each other’s public contact identifier (e.g., email address or phone number), but neither knows the other’s private platform identifier in the communication system. If both parties wish to communicate with each other, UDM enables them to establish a shared key and learn each other’s private platform identifier. UDM uses an untrusted user-discovery system, which processes and stores only public information, hashed values, or values encrypted with keys it does not know. Therefore, UDM cannot learn any information about the social graphs of its users. Using the anonymous communication system, each pair of users who wish to communicate with each other uploads to the user-discovery system their private platform identifier, encrypted with their shared key. Indexing their request by a truncated cryptographic hash of their shared key, each user can then download each other’s encrypted private platform identifier. 
    more » « less
  5. ; ; ; (, 7th International Conference on Information Systems Security and Privacy)
    Mobile devices typically rely on entry-point and other one-time authentication mechanisms such as a password, PIN, fingerprint, iris, or face. But these authentication types are prone to a wide attack vector and worse 1 INTRODUCTION Currently smartphones are predominantly protected a patterned password is prone to smudge attacks, and fingerprint scanning is prone to spoof attacks. Other forms of attacks include video capture and shoulder surfing. Given the increasingly important roles smartphones play in e-commerce and other operations where security is crucial, there lies a strong need of continuous authentication mechanisms to complement and enhance one-time authentication such that even if the authentication at the point of login gets compromised, the device is still unobtrusively protected by additional security measures in a continuous fashion. The research community has investigated several continuous authentication mechanisms based on unique human behavioral traits, including typing, swiping, and gait. To this end, we focus on investigating physiological traits. While interacting with hand-held devices, individuals strive to achieve stability and precision. This is because a certain degree of stability is required in order to manipulate and interact successfully with smartphones, while precision is needed for tasks such as touching or tapping a small target on the touch screen (Sitov´a et al., 2015). As a result, to achieve stability and precision, individuals tend to develop their own postural preferences, such as holding a phone with one or both hands, supporting hands on the sides of upper torso and interacting, keeping the phone on the table and typing with the preferred finger, setting the phone on knees while sitting crosslegged and typing, supporting both elbows on chair handles and typing. On the other hand, physiological traits, such as hand-size, grip strength, muscles, age, 424 Ray, A., Hou, D., Schuckers, S. and Barbir, A. Continuous Authentication based on Hand Micro-movement during Smartphone Form Filling by Seated Human Subjects. DOI: 10.5220/0010225804240431 In Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), pages 424-431 ISBN: 978-989-758-491-6 Copyrightc 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved still, once compromised, fail to protect the user’s account and data. In contrast, continuous authentication, based on traits of human behavior, can offer additional security measures in the device to authenticate against unauthorized users, even after the entry-point and one-time authentication has been compromised. To this end, we have collected a new data-set of multiple behavioral biometric modalities (49 users) when a user fills out an account recovery form in sitting using an Android app. These include motion events (acceleration and angular velocity), touch and swipe events, keystrokes, and pattern tracing. In this paper, we focus on authentication based on motion events by evaluating a set of score level fusion techniques to authenticate users based on the acceleration and angular velocity data. The best EERs of 2.4% and 6.9% for intra- and inter-session respectively, are achieved by fusing acceleration and angular velocity using Nandakumar et al.’s likelihood ratio (LR) based score fusion. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email