1.
Abbas Acar, Shoukat Ali, Koray Karabina, Cengiz Kaygusuz, Hidayet Aksu, Kemal Akkaya, Selcuk Uluagac
A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA Journal Article
ACM Transactions on Privacy and Security (TOPS) Journal, 2021.
Abstract | Links | BibTeX | Tags: Authentication, Privacy Preserving
@article{AcarPACA,
title = {A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA},
author = {Abbas Acar and Shoukat Ali and Koray Karabina and Cengiz Kaygusuz and Hidayet Aksu and Kemal Akkaya and Selcuk Uluagac},
url = {https://doi.org/10.1145/3464690},
year = {2021},
date = {2021-09-01},
urldate = {2021-09-01},
journal = {ACM Transactions on Privacy and Security (TOPS) Journal},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
abstract = {As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously},
keywords = {Authentication, Privacy Preserving},
pubstate = {published},
tppubtype = {article}
}
As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously
2.
Abbas Acar, Wenyi Liu, Raheem Beyah, Kemal Akkaya, Arif Selcuk Uluagac
A privacy-preserving multifactor authentication system Journal Article
Security and Privacy, 2019.
Abstract | BibTeX | Tags: Authentication, Privacy Preserving
@article{acar2019privacy,
title = {A privacy-preserving multifactor authentication system},
author = {Abbas Acar and Wenyi Liu and Raheem Beyah and Kemal Akkaya and Arif Selcuk Uluagac},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
journal = {Security and Privacy},
publisher = {Wiley Online Library},
abstract = {In recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anythingthey simply communicate how you type to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacypreserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes hostbased and network flowbased features.},
keywords = {Authentication, Privacy Preserving},
pubstate = {published},
tppubtype = {article}
}
In recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anythingthey simply communicate how you type to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacypreserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes hostbased and network flowbased features.
3.
Nico Saputro, Ali Ihsan Yurekli, Kemal Akkaya, Selcuk Uluagac
Privacy preservation for IoT used in smart buildings Journal Article
Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations, 2016.
Abstract | Links | BibTeX | Tags: IoT Security, Privacy Preserving, Smart Home Security
@article{SaputroPrivacyIOT,
title = {Privacy preservation for IoT used in smart buildings},
author = {Nico Saputro and Ali Ihsan Yurekli and Kemal Akkaya and Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S0167739X23001322},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations},
abstract = {Smart Buildings (SBs) employ the latest IoT technologies to automate building operations and services with the objective of increasing operational efficiency, maximising occupant comfort, and minimising environmental impact. However, these smart devices – mostly cloud-based – can capture and share a variety of sensitive and private data about the occupants, exposing them to various privacy threats. Given the non-intrusive nature of these devices, individuals typically have little or no awareness of the data being collected about them. Even if they do and claim to care about their privacy, they fail to take the necessary steps to safeguard it due to the convenience offered by the IoT devices. This discrepancy between user attitude and actual behaviour is known as the ‘privacy paradox’. To address this tension between data privacy, consent and convenience, this paper proposes a novel solution for informed consent management in shared smart spaces. Our proposed Informed Consent Management Engine (ICME) (a) increases user awareness about the data being collected by the IoT devices in the SB environment, (b) provides fine-grained visibility into privacy conformance and compliance by these devices, and (c) enables informed and confident privacy decision-making, through digital nudging. This study provides a reference architecture for ICME that can be used to implement diverse end-user consent management solutions for smart buildings. A proof-of-concept prototype is also implemented to demonstrate how ICME works in a shared smart workplace. Our proposed solution is validated by conducting expert interviews with 15 highly experienced industry professionals and academic researchers to understand the strengths, limitations, and potential improvements of the proposed system.},
keywords = {IoT Security, Privacy Preserving, Smart Home Security},
pubstate = {published},
tppubtype = {article}
}
Smart Buildings (SBs) employ the latest IoT technologies to automate building operations and services with the objective of increasing operational efficiency, maximising occupant comfort, and minimising environmental impact. However, these smart devices – mostly cloud-based – can capture and share a variety of sensitive and private data about the occupants, exposing them to various privacy threats. Given the non-intrusive nature of these devices, individuals typically have little or no awareness of the data being collected about them. Even if they do and claim to care about their privacy, they fail to take the necessary steps to safeguard it due to the convenience offered by the IoT devices. This discrepancy between user attitude and actual behaviour is known as the ‘privacy paradox’. To address this tension between data privacy, consent and convenience, this paper proposes a novel solution for informed consent management in shared smart spaces. Our proposed Informed Consent Management Engine (ICME) (a) increases user awareness about the data being collected by the IoT devices in the SB environment, (b) provides fine-grained visibility into privacy conformance and compliance by these devices, and (c) enables informed and confident privacy decision-making, through digital nudging. This study provides a reference architecture for ICME that can be used to implement diverse end-user consent management solutions for smart buildings. A proof-of-concept prototype is also implemented to demonstrate how ICME works in a shared smart workplace. Our proposed solution is validated by conducting expert interviews with 15 highly experienced industry professionals and academic researchers to understand the strengths, limitations, and potential improvements of the proposed system.
Citations: 8413
h-index: 44
i10-index: 107
