Who Are You? A Statistical Approach to Measuring User Authenticity. Freeman, D., Jain, S., Duermuth, M., Biggio, B., & Giacinto, G. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS), 2, 2016. Website abstract bibtex Passwords are used for user authentication by almost every Internet service today, despite a number of well-known weaknesses. Numerous attempts to replace passwords have failed, in part because changing users' behavior has proven to be difficult. One approach to strengthening password-based authentication without changing user experience is to classify login attempts into normal and suspicious activity based on a number of parameters such as source IP, geo-location, browser configuration, and time of day. For the suspicious attempts, the service can then require additional verification, e.g., by an additional phone-based authentication step. Systems working along these principles have been deployed by a number of Internet services but have never been studied publicly. In this work, we perform the first public evaluation of a classification system for user authentication. In particular: (i) We develop a statistical framework for identifying suspicious login attempts. (ii) We develop a fully functional prototype implementation that can be evaluated efficiently on large datasets. (iii) We validate our system on a sample of real-life login data from LinkedIn as well as simulated attacks, and demonstrate that a majority of attacks can be prevented by imposing additional verification steps on only a small fraction of users. (iv) We provide a systematic study of possible attackers against such a system, including attackers targeting the classifier itself.
@inProceedings{
title = {Who Are You? A Statistical Approach to Measuring User Authenticity},
type = {inProceedings},
year = {2016},
identifiers = {[object Object]},
keywords = {authenticity,fingerprinting,passwords},
websites = {http://dx.doi.org/10.14722/ndss.2016.23240},
month = {2},
id = {01ef825b-591f-3e8e-bc56-33c7fa3759da},
created = {2018-07-12T21:32:10.586Z},
file_attached = {false},
profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
last_modified = {2018-07-12T21:32:10.586Z},
read = {false},
starred = {false},
authored = {false},
confirmed = {true},
hidden = {false},
citation_key = {freeman:statistical16},
source_type = {inproceedings},
private_publication = {false},
abstract = {Passwords are used for user authentication by almost every Internet service today, despite a number of well-known weaknesses. Numerous attempts to replace passwords have failed, in part because changing users' behavior has proven to be difficult. One approach to strengthening password-based authentication without changing user experience is to classify login attempts into normal and suspicious activity based on a number of parameters such as source IP, geo-location, browser configuration, and time of day. For the suspicious attempts, the service can then require additional verification, e.g., by an additional phone-based authentication step. Systems working along these principles have been deployed by a number of Internet services but have never been studied publicly. In this work, we perform the first public evaluation of a classification system for user authentication. In particular: (i) We develop a statistical framework for identifying suspicious login attempts. (ii) We develop a fully functional prototype implementation that can be evaluated efficiently on large datasets. (iii) We validate our system on a sample of real-life login data from LinkedIn as well as simulated attacks, and demonstrate that a majority of attacks can be prevented by imposing additional verification steps on only a small fraction of users. (iv) We provide a systematic study of possible attackers against such a system, including attackers targeting the classifier itself.},
bibtype = {inProceedings},
author = {Freeman, David and Jain, Sakshi and Duermuth, Markus and Biggio, Battista and Giacinto, Giorgio},
booktitle = {Proceedings of the Network and Distributed Systems Security Symposium (NDSS)}
}
Downloads: 0
{"_id":"SKyYPfpZd4e7vLddE","bibbaseid":"freeman-jain-duermuth-biggio-giacinto-whoareyouastatisticalapproachtomeasuringuserauthenticity-2016","downloads":0,"creationDate":"2019-02-15T15:15:00.913Z","title":"Who Are You? A Statistical Approach to Measuring User Authenticity","author_short":["Freeman, D.","Jain, S.","Duermuth, M.","Biggio, B.","Giacinto, G."],"year":2016,"bibtype":"inProceedings","biburl":null,"bibdata":{"title":"Who Are You? A Statistical Approach to Measuring User Authenticity","type":"inProceedings","year":"2016","identifiers":"[object Object]","keywords":"authenticity,fingerprinting,passwords","websites":"http://dx.doi.org/10.14722/ndss.2016.23240","month":"2","id":"01ef825b-591f-3e8e-bc56-33c7fa3759da","created":"2018-07-12T21:32:10.586Z","file_attached":false,"profile_id":"f954d000-ce94-3da6-bd26-b983145a920f","group_id":"b0b145a3-980e-3ad7-a16f-c93918c606ed","last_modified":"2018-07-12T21:32:10.586Z","read":false,"starred":false,"authored":false,"confirmed":"true","hidden":false,"citation_key":"freeman:statistical16","source_type":"inproceedings","private_publication":false,"abstract":"Passwords are used for user authentication by almost every Internet service today, despite a number of well-known weaknesses. Numerous attempts to replace passwords have failed, in part because changing users' behavior has proven to be difficult. One approach to strengthening password-based authentication without changing user experience is to classify login attempts into normal and suspicious activity based on a number of parameters such as source IP, geo-location, browser configuration, and time of day. For the suspicious attempts, the service can then require additional verification, e.g., by an additional phone-based authentication step. Systems working along these principles have been deployed by a number of Internet services but have never been studied publicly. In this work, we perform the first public evaluation of a classification system for user authentication. In particular: (i) We develop a statistical framework for identifying suspicious login attempts. (ii) We develop a fully functional prototype implementation that can be evaluated efficiently on large datasets. (iii) We validate our system on a sample of real-life login data from LinkedIn as well as simulated attacks, and demonstrate that a majority of attacks can be prevented by imposing additional verification steps on only a small fraction of users. (iv) We provide a systematic study of possible attackers against such a system, including attackers targeting the classifier itself.","bibtype":"inProceedings","author":"Freeman, David and Jain, Sakshi and Duermuth, Markus and Biggio, Battista and Giacinto, Giorgio","booktitle":"Proceedings of the Network and Distributed Systems Security Symposium (NDSS)","bibtex":"@inProceedings{\n title = {Who Are You? A Statistical Approach to Measuring User Authenticity},\n type = {inProceedings},\n year = {2016},\n identifiers = {[object Object]},\n keywords = {authenticity,fingerprinting,passwords},\n websites = {http://dx.doi.org/10.14722/ndss.2016.23240},\n month = {2},\n id = {01ef825b-591f-3e8e-bc56-33c7fa3759da},\n created = {2018-07-12T21:32:10.586Z},\n file_attached = {false},\n profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},\n group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},\n last_modified = {2018-07-12T21:32:10.586Z},\n read = {false},\n starred = {false},\n authored = {false},\n confirmed = {true},\n hidden = {false},\n citation_key = {freeman:statistical16},\n source_type = {inproceedings},\n private_publication = {false},\n abstract = {Passwords are used for user authentication by almost every Internet service today, despite a number of well-known weaknesses. Numerous attempts to replace passwords have failed, in part because changing users' behavior has proven to be difficult. One approach to strengthening password-based authentication without changing user experience is to classify login attempts into normal and suspicious activity based on a number of parameters such as source IP, geo-location, browser configuration, and time of day. For the suspicious attempts, the service can then require additional verification, e.g., by an additional phone-based authentication step. Systems working along these principles have been deployed by a number of Internet services but have never been studied publicly. In this work, we perform the first public evaluation of a classification system for user authentication. In particular: (i) We develop a statistical framework for identifying suspicious login attempts. (ii) We develop a fully functional prototype implementation that can be evaluated efficiently on large datasets. (iii) We validate our system on a sample of real-life login data from LinkedIn as well as simulated attacks, and demonstrate that a majority of attacks can be prevented by imposing additional verification steps on only a small fraction of users. (iv) We provide a systematic study of possible attackers against such a system, including attackers targeting the classifier itself.},\n bibtype = {inProceedings},\n author = {Freeman, David and Jain, Sakshi and Duermuth, Markus and Biggio, Battista and Giacinto, Giorgio},\n booktitle = {Proceedings of the Network and Distributed Systems Security Symposium (NDSS)}\n}","author_short":["Freeman, D.","Jain, S.","Duermuth, M.","Biggio, B.","Giacinto, G."],"urls":{"Website":"http://dx.doi.org/10.14722/ndss.2016.23240"},"bibbaseid":"freeman-jain-duermuth-biggio-giacinto-whoareyouastatisticalapproachtomeasuringuserauthenticity-2016","role":"author","keyword":["authenticity","fingerprinting","passwords"],"downloads":0},"search_terms":["statistical","approach","measuring","user","authenticity","freeman","jain","duermuth","biggio","giacinto"],"keywords":["authenticity","fingerprinting","passwords"],"authorIDs":[]}