I-Corps: Securing Mobile Devices with Memorable, Usable, and Secure Authentication

I-Corps：通过易于记忆、可用且安全的身份验证来保护移动设备

• 批准号: 1832820
• 负责人: Ye Zhu
• 金额: $ 5万
• 依托单位: Cleveland State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-04-01 至 2022-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1832820&HistoricalAwards=false
• 关键词: Corps; Securing; Mobile; Devices; Memorable

The broad impact/commercial potential of this I-Corps project is to protect security and privacy of mobile device users with memorable, usable, and secure authentication schemes. According to statista.com, the number of smartphone users in the world will be more than five billion by 2019. The popularity of these mobile devices is due to a unique set of features including ubiquitous Internet access through communication technologies such as Wifi and 4G/LTE, easy to use touch-based inputs, and numerous applications and games. In the meantime, the security of mobile devices is becoming a major concern as device users are storing sensitive data such as personal contacts and utilizing sensitive applications like banking and stock trading. Strong authentication as the forefront defense mechanism can prevent unauthorized access to a mobile device that may lead to lack of accountability, data loss or stealing, and identity theft. Due to the popularity of mobile devices and their uses in government, business, and even military applications, securing mobile devices with secure, memorable, and usable authentication is of great societal importance.This I-Corps project focuses on exploring the market potential for multi-dimensional authentication schemes. The new paradigm of multi-dimensional authentication schemes can achieve better memorability, security, and usability at the same time. The new schemes fuse information from multiple dimensions to form a password, allowing the schemes to enlarge the password space and improve memorability by reducing memory interference. The information fusion can increase usability as fewer input gestures are required for passwords of the same security strength. The schemes can also be shoulder-surfing resistant. A successful authentication requires a user to respond to a random challenge so that a set of predefined rules are satisfied after adjustments made by the user. The schemes can also be used for continuously monitoring device user behavior to ensure the current device users is a user authorized to use the device. Through this project, we will be able to investigate the needs from various customer segments and polish our technologies and prototypes to meet the needs.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该I-Corps项目的广泛影响/商业潜力是通过令人难忘，可观且安全的身份验证方案保护移动设备用户的安全性和隐私。根据Statista.com的数据，到2019年，世界上智能手机用户的数量将超过50亿。这些移动设备的普及归功于通过通信技术（例如WiFi和4G/LTE）（例如易于使用的触摸基于触摸的输入，以及许多应用程序和游戏）的独特功能，包括无处不在的Internet访问。同时，随着设备用户正在存储诸如个人联系人以及使用敏感应用程序之类的敏感应用程序（例如银行和股票交易），移动设备的安全性正成为一个主要问题。强有力的身份验证作为最前沿的防御机制可以防止未经授权访问移动设备，这可能导致缺乏问责制，数据丢失或窃取以及身份盗用。由于移动设备的流行及其在政府，业务甚至军事应用中的使用，因此以安全，令人难忘和可用的身份验证确保移动设备非常重要。该I-Corps项目着重于探索多维身份验证方案的市场潜力。多维身份验证方案的新范式可以同时获得更好的记忆性，安全性和可用性。新计划将信息从多个维度融合以形成密码，从而使方案可以扩大密码空间并通过减少内存干扰来提高记忆力。信息融合可以提高可用性，因为具有相同安全强度的密码所需的输入手势更少。这些方案也可以具有抗肩部的抗性。成功的身份验证要求用户应对随机挑战，以便在调整用户后满足一组预定义的规则。这些方案也可以用于连续监视设备用户行为，以确保当前设备用户被授权使用该设备。通过这个项目，我们将能够调查各个客户群的需求，并提高我们的技术和原型以满足需求。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子和更广泛影响的评估评估标准来通过评估来获得支持的。