Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
ElevenPaths #CyberSecurityPulse: Dude, Where Are My Bitcoins? Numerous types of attacks are affecting cryptocurrency users: families of malware that steal wallets, phishing attacks that try to forge platforms where users manage their bitcoins, applications that use...
ElevenPaths #CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack? A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution,...
Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
Sergio De Los Santos The attack against OpenPGP infrastructure: consequences of a SOB’s actions What is happening with the attack against OpenPGP infrastructure constitutes a disaster, according to the affected people who maintain the protocol. Robert J. Hansen, who communicated the incident, has...
Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
ElevenPaths Rock appround the clock, our research in DEFCON In the world of Threat Intelligence, determining the attacker’s geographical location of is one of the most valuable data for attribution techniques, even if not perceived like that, this...
Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
ElevenPaths #CyberSecurityPulse: Changing stereotypes in the security sector Ripples of outrage spread across the cybersecurity industry last week after women in red evening gowns were seen promoting a product at the Infosecurity Europe 2018 conference. The event’s...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (I) Imagine that you come back home from San Francisco, just arrived from the RSA Conference. You are unpacking your suitcase, open the drawer where you store your underwear and…...
AuthCode: Our award-winning continuous-authentication system, jointly developed with the University of MurciaElevenPaths 11 December, 2018 Continuous-authentication systems aim to identify users’ behavior through interactions with their device. The main advantage of this type of authentication is that it improves users’ experience when using services or apps of their mobile device, free from intrusions. Fruit of a joint research with the University of Murcia, we were able to develop AuthCode. This project reached such a stage of maturity that we could present it over the Security Innovation Day 2018. Furthermore, it has won several awards and prizes. Let’s explain what AuthCode is in further detail. In most cases, continuous authentication avoids using passwords, access patterns, biometric recognition, etc. when the user wish to have access to an app or service requiring authentication. In this sense, permanent authentication increases users’ security regarding the operations executed on the device. Moreover, we can take advantage of this continuous trust status to make user app interactions much simpler and more fluent by doing so, users’ experience gets better. Despite the advantages of these continuous-authentication systems, current solutions raise a number of challenges, for instance: selecting the dimensions and features that allow to shape the owner’s behavior and be able to clearly and precisely discern its behavior from other users’ one; enabling system adaptability to slight changes in user’s behavior; reducing authentication time; using new functionalities or optimizing device resources’ use and consumption. These aspects are critical to provide the user with a satisfactory experience and not excessively impact the battery. Challenge background Aware of the usefulness and potential of this kind of systems, over the last 2017 National Colloquium on Cybersecurity Research (in Spanish, Jornadas Nacionales de Investigación en Ciberseguridad or JNIC ), ElevenPaths presented, within the Transference Track, a challenge on the development of a proof of concept for a continuous and adaptive authentication. This challenge was undertaken by the Cybersecurity and Cyberdefence Research Lab from the Faculty of Computer Science of the University of Murcia, that started working on it adapting their long-year knowledge on cybersecurity to meet the new and demanding requirements of the challenge raised. The team was composed of the students José María Jorquera Valero and Pedro Miguel Sánchez Sánchez, under the supervision of their mentors Alberto Huertas Celdrán and Gregorio Martínez Pérez, that were in charge of organizing the tasks to be performed by the the Department of Information and Communication Engineering and the Department of Computer Technology and Architecture from the University of Murcia. Proposed solution As of the mentioned challenge, a joint company-university arises with the aim of developing an accurate solution that can be useful for society, and all this beyond the transference track framework, i.e. with the will to push this project beyond a mere research proposal, so becoming an out-of-lab proof of concept to be successfully tested by the users in several and different real scenarios. The good understanding between university and company clearly showed the advantages of joining two different sectors and visions for a common purpose. The work performed consists of designing and implementing an adaptive continuous-authentication system for mobile devices, that allows an accurate identification of the device owner. This system has been named AuthCode. The proposed solution is based on the creation of user profiles by shaping the user behavior when using apps as well as on the evaluation of certain metrics collected through several device sensors. AuthCode can get adapted to new changes in user behaviors. Additionally, Machine Learning techniques are used as well (using the algorithm Isolation Forest), based on the detection of the appropriate anomalies for low-system-resource devices. As a proof of concept, the mentioned system has been implemented in Android (compatible with version 6.0 or later) and successfully tested with several groups of users. The system functioning is divided into four phases: Phase 0. Over this phase the most relevant dimensions and features intended to shape user’s behavior are selected. It should be highlighted that this selection process is a one-time process performed prior to system development over the design phase. Phase 1. Acquisition of the mobile device data to extract the predetermined features and create a dataset where such features will be stored. Data collection is periodically performed in one-minute cycles for two weeks. Phase 2. Firstly, Machine Learning algorithm is trained by means of the generated dataset in order to shape a profile for user’s behavior. Once this training has finished, the evaluation phase is triggered, over which the system compares the current user’s behavior with the one stored over the training phase. By doing so, the system returns an authentication level ranging from 0.0 and 0.1. This is a one-minute process as well. Phase 3. System adaptability to new changes in user’s behavior by insertion and removal of vectors within the dataset, keeping it updated and preventing system from overtraining. These phases, together with some steps in detail, are shown in the following figure. The mentioned authentication level is key to show the real goal of the technology developed: getting a determined value from the authentication level provided by the device, on the basis of user’s behavior. This value sets up trust levels that can be configured regarding user experience, thus allowing adaptability. That way a value near 1.0 would rid the user of entering passwords, using additional authentication factors and having limitations regarding the use of the device until its authentication has been completely verified. By doing so, AuthCode would only ease security needs in those cases where trust in user identity has been defined as accurate due to its behavior. In the worst-case scenario a range of palliative actions to be performed would be launched if the system detected that the user is not authorized to use the device. This would enable to perform a number of actions such as remote blockage, action log, taking pictures of the current user and sending, when appropriate, notifications or alerts. AuthCode allows system adaptability as long as user evaluation is positive. Otherwise, if the user generates a determined number of consecutive and negative evaluations (that can be configured according to the scenario), the device will be blocked and it will be necessary to enter the appropriate credentials to unblock it. In the following video you will find further details on the design and functioning of this system: Once the proof of concept has been implemented, a use case is developed in order to show how useful is this continuous-authentication system in a real environment. Such use case is an online banking application and its functionality has been integrated with the continuous authentication system. For this purpose, an app for mobile devices has been designed and implemented pretending to be an online banking application (our fictitious Nevele Bank) connected to this continuous authentication system. Awards and prizes The resulting solution for the Transference Track challenge was presented over the 2018 National Colloquium on Cybersecurity Research. It won the prize for the best solution proposed in relation to the challenges set out over the event. Once the challenge was concluded, the team kept working on the improvement of the proof of concept previously achieved. This additional research has resulted in an article published in the journal Sensors (classified as a Q2 according to the JCR). Furthermore, this challenge helped two students in Computer Engineering to develop their bachelor’s degree theses. These theses were presented over the Certamen Arquímedes driven by the Spanish Ministry of Science, Innovation and Universities, and they reached the final phase held from 21 to 23 November at the URJC (Universidad Rey Juan Carlos). Finally, a special prize was awarded by Fundación ONCE for the best research project targeted to improve the quality of life of disabled people, together with a secondary prize. Currently, AuthCode is being evaluated to be provided with funding by Fundación Séneca – Agencia de Ciencia y Tecnología, from the Region of Murcia. This way, it could become a completely-functional proof of concept tested by a great number of users in real scenarios. At the same time, ElevenPaths, the Telefónica’s Cybersecurity Unit, continues directly working and providing ideas and support with the research team of the University of Murcia to be able to further develop the proof of concept. All this with a strong commitment by ElevenPaths to enhance university and company innovation and knowledge transference. Innovations and Labs www.elevenpaths.com The Confirmation Bias: we seek the information that confirms our decisions, refusing their opposed evidencesNew report: Twitter botnets detection in sports event
Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
Sergio De Los Santos The attack against OpenPGP infrastructure: consequences of a SOB’s actions What is happening with the attack against OpenPGP infrastructure constitutes a disaster, according to the affected people who maintain the protocol. Robert J. Hansen, who communicated the incident, has...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
ElevenPaths Why you are late delivering all your projects and what you can do to address it Anyone who causes harm by forecasting should be treated as either a fool or a liar. Some forecasters cause more damage to society than criminals. —Nassim Taleb, The Black Swan, 2007 In 1957,...
ElevenPaths How the “antimalware” XProtect for MacOS works and why it detects poorly and badly Recently, MacOS included a signature in its integrated antivirus, intended to detect a binary for Windows; but, does this detection make sense? We could think it does, as a...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (II) In the first part of this article we explained how Bayesian inference works. According to Norman Fenton, author of Risk Assessment and Decision Analysis with Bayesian Networks: Bayes’ theorem is...
