Tzipora Halevi
Polytechnic Institute of NYU, Computer Science and Engineering, Department Member
Research Interests:
Research Interests:
Research Interests:
Research Interests:
At present, interfaces between users and smart devices such as smart phones rely primarily on passwords. This has allowed for the intrusion and perturbation of the interface between the user and the device and has compromised security.... more
At present, interfaces between users and smart devices such as smart phones rely primarily on passwords. This has allowed for the intrusion and perturbation of the interface between the user and the device and has compromised security. Recently, Frank et al. have suggested that security could be improved by having an interface with biometric features of finger swiping. This approach has been termed touchalytics, in maintaining cybersecurity. The number of features of finger swiping have been large (32) and have been made available as a public database, which we utilize in our study. However, it has not been shown which of these features uniquely identify a particular user. In this paper, we study whether a subset of features that embody human cognitive motor features can be used to identify a particular user. We consider how the security might be made more efficient embodying Principal Component Analysis (PCA) into the interface, which has the potential of reducing the features util...
Research Interests:
This paper studies continuous authentication for touch interface based mobile devices. A Hidden Markov Model (HMM) based behavioral template training approach is presented, which does not require training data from other subjects other... more
This paper studies continuous authentication for touch interface based mobile devices. A Hidden Markov Model (HMM) based behavioral template training approach is presented, which does not require training data from other subjects other than the owner of the mobile. The stroke patterns of a user are modeled using a continuous left-right HMM. The approach models the horizontal and vertical scrolling patterns of a user since these are the basic and mostly used interactions on a mobile device. The effectiveness of the proposed method is evaluated through extensive experiments using the Toucha-lytics database which comprises of touch data over time. The results show that the performance of the proposed approach is better than the state-of-the-art method.
Research Interests:
With the increased popularity of smart phones, there is a greater need to have a robust authentication mechanism that handles various security threats and privacy leakages effectively. This paper studies continuous authentication for... more
With the increased popularity of smart phones, there is a greater need to have a robust authentication mechanism that handles various security threats and privacy leakages effectively. This paper studies continuous authentication for touch interface based mobile devices. A Hidden Markov Model (HMM) based behavioral template training approach is presented, which does not require training data from other subjects other than the owner of the mobile device and can get updated with new data over time. The gesture patterns of the user are modeled from multiple sensors - touch, accelerometer and gyroscope data using a continuous left-right HMM. The approach models the tap and stroke patterns of a user since these are the basic and most frequently used interactions on a mobile device. To evaluate the effectiveness of the proposed method a new data set has been created from 42 users who interacted with off-the-shelf applications on their smart phones. Results show that the performance of the...
Research Interests:
Research Interests:
Accelerometers are versatile sensors that are nearly ubiquitous. They are available on a wide variety of devices and are particularly com-mon on those that are mobile or have wireless capabilities. Ac-celerometers are applicable in a... more
Accelerometers are versatile sensors that are nearly ubiquitous. They are available on a wide variety of devices and are particularly com-mon on those that are mobile or have wireless capabilities. Ac-celerometers are applicable in a number of settings and circum-stances, including important security and privacy domains. In this paper, we investigate the use of accelerometers for the purpose of true random number generation. As our first contribution, we dis-cover that an accelerometer possesses two unique and appealing properties when used as an entropy source. First, contrary to in-tuition, an accelerometer can derive sufficient entropy even when it is stationary (i.e., not subject to perceivable acceleration). Next, and more importantly, the entropy of a stationary accelerometer can not be reduced in the presence of a variety of environmental vari-ations or even under adversarial manipulations. This means that, unlike other sensors, accelerometers are resistant to changing envi-r...
Research Interests:
Research Interests: Education, Higher Education, Learning and Teaching, Video Games and Learning, Video Games, and 15 moreVideo Game Design, Video Game Development and Production, Curriculum Development, Curriculum and Instruction, The business of video games, Curriculum, Gaming, Digital Economy, University, Psicologia Do Esporte, College, Technology Mediated Teaching and Learning, Esportes, Esports, and Digital Media Learning
In this paper, we propose an HB-like protocol for privacy-preserving authentication of RFID tags, whereby a tag can remain anonymous and untraceable to an adversary during the authentication process. Previous proposals of such protocols... more
In this paper, we propose an HB-like protocol for privacy-preserving authentication of RFID tags, whereby a tag can remain anonymous and untraceable to an adversary during the authentication process. Previous proposals of such protocols were based on PRF computations. Our protocol can instead be used on low-cost tags that may be incapable of computing standard PRFs. Moreover, since the underlying computations in HB protocols are very efficient, our protocol also reduces reader load compared to PRF-based protocols. We suggest a tree-based approach that replaces the PRF-based authentication from prior work with a procedure such as HB+ or HB#. We optimize the tree- traversal stage through usage of a "light version" of the underlying protocol and shared random challenges across all levels of the tree. This provides significant reduction of the communication resources, resulting in a privacy-preserving protocol almost as efficient as the underlying HB+ or HB#
Research Interests:
In this thesis, we explore the use of audio (sound) for computer and wireless security. Audio is a physical medium that exhibits unique characteristics that, on one hand, can serve as an enabler in many fundamental security applications,... more
In this thesis, we explore the use of audio (sound) for computer and wireless security. Audio is a physical medium that exhibits unique characteristics that, on one hand, can serve as an enabler in many fundamental security applications, and, on the other hand, can introduce new threats. In this thesis, we consider both constructive and destructive uses of audio. The former usage advances the state-of-the-art in security directly by providing defenses. The latter usage advances the understanding towards building defenses. First, we focus on audio-based secure association of wireless devices, especially those with limited resources. Due to its "human perceptibility," audio communication provides an intuitive means for the users to detect the man-in-the-middle attacks. However, due to its "broadcast" nature, audio becomes vulnerable to eavesdropping. Indeed, we demonstrate eavesdropping attacks on three notable audio-based secure association mechanisms designed for...
Research Interests:
Research Interests:
Research Interests:
Research Interests: Computer Science and IEEE
Our research examines the relationship between security parameters and personality traits. Specifically, we examine users’ security behavior and their confidence of handling online security events. It looks into the personality variables... more
Our research examines the relationship between security parameters and personality traits. Specifically, we examine users’ security behavior and their confidence of handling online security events. It looks into the personality variables that contribute to those variables. We ran a multi-cultural study in three different countries and examined these parameters. Our work also includes a phishing study that was conducted in India. We look at how the different security variables affect the response to the phishing attack. Our study also examines how these variables change depending on the culture. In addition, we look at what kind of data people tend to share online, their online behavior and how culture affects these. We see that in different countries certain data is considered more private while in other countries it is shared more. Our research supports the idea of developing personalitybased UI design to increase user security online. We show that certain personality traits affect...
In recent years, the growing use of Software as a Service (SaaS) presents both new opportunities and challenges for organizations. Specifically, building trust in SaaS as an alternative to traditional methods of conducting business... more
In recent years, the growing use of Software as a Service (SaaS) presents both new opportunities and challenges for organizations. Specifically, building trust in SaaS as an alternative to traditional methods of conducting business presents unique challenges for the CPA industry, who deals with sensitive financial client information and strict regulations.
Research Interests:
Research Interests:
ABSTRACT In certain applications, it is important for a remote server to securely determine whether or not two mobile devices are in close physical proximity. In particular, in the context of an NFC transaction, the bank server can... more
ABSTRACT In certain applications, it is important for a remote server to securely determine whether or not two mobile devices are in close physical proximity. In particular, in the context of an NFC transaction, the bank server can validate the transaction if both the NFC phone and reader are precisely at the same location thereby preventing a form of a devastating relay attack against such systems. In this paper, we develop secure proximity detection techniques based on the information collected by ambient sensors available on NFC mobile phones, such as audio and light data. These techniques can work under the current payment infrastructure, and offer many advantages. First, they do not require the users to perform explicit actions, or make security decisions, during the transaction – just bringing the devices close to each other is sufficient. Second, being based on environmental attributes, they make it very hard, if not impossible, for the adversary to undermine the security of the system. Third, they provide a natural protection to users’ location privacy as the explicit location information is never transmitted to the server. Our experiments with the proposed techniques developed on off-the-shelf mobile phones indicate them to be quite effective in significantly raising the bar against known attacks, without affecting the NFC usage model. Although the focus of this work is on NFC phones, our approach will also be broadly applicable to RFID tags or related payment cards equipped with on-board audio or light sensors.
Phishing attacks have become an increasing threat to online users. Recent research has begun to focus on the factors that cause people to respond to them. Our study examines the correlation between the Big Five personality traits and... more
Phishing attacks have become an increasing threat to online users. Recent research has begun to focus on the factors that cause people to respond to them. Our study examines the correlation between the Big Five personality traits and email phishing response. We also examine how these factors affect users behavior on Facebook, including posting personal information and choosing Facebook privacy settings. Our research shows that when using a prize phishing email, we find a strong correlation between gender and the response to the phishing email. In addition, we find that the neuroticism is the factor most correlated to responding to this email. Our study also found that people who score high on the openness factor tend to both post more information on Facebook as well as have less strict privacy settings, which may cause them to be susceptible to privacy attacks. In addition, our work detected no correlation between the participants estimate of being vulnerable to phishing attacks and...
ABSTRACT Recent research has begun to focus on the factors that cause people to respond to phishing attacks as well as affect user behavior on social networks. This study examines the correlation between the Big Five personality traits... more
ABSTRACT Recent research has begun to focus on the factors that cause people to respond to phishing attacks as well as affect user behavior on social networks. This study examines the correlation between the Big Five personality traits and email phishing response. Another aspect examined is how these factors relate to users' tendency to share information and protect their privacy on Facebook (which is one of the most popular social networking sites). This research shows that when using a prize phishing email, neuroticism is the factor most correlated to responding to this email, in addition to a gender-based difference in the response. This study also found that people who score high on the openness factor tend to both post more information on Facebook as well as have less strict privacy settings, which may cause them to be susceptible to privacy attacks. In addition, this work detected no correlation between the participants estimate of being vulnerable to phishing attacks and actually being phished, which suggests susceptibility to phishing is not due to lack of awareness of the phishing risks and that real-time response to phishing is hard to predict in advance by online users. The goal of this study is to better understand the traits that contribute to online vulnerability, for the purpose of developing customized user interfaces and secure awareness education, designed to increase users' privacy and security in the future.
Research Interests:
Research Interests:
ABSTRACT This paper studies continuous authentication for touch interface based mobile devices. A Hidden Markov Model (HMM) based behavioral template training approach is presented, which does not require training data from other subjects... more
ABSTRACT This paper studies continuous authentication for touch interface based mobile devices. A Hidden Markov Model (HMM) based behavioral template training approach is presented, which does not require training data from other subjects other than the owner of the mobile. The stroke patterns of a user are modeled using a continuous left-right HMM. The approach models the horizontal and vertical scrolling patterns of a user since these are the basic and mostly used interactions on a mobile device. The effectiveness of the proposed method is evaluated through extensive experiments using the Toucha-lytics database which comprises of touch data over time. The results show that the performance of the proposed approach is better than the state-of-the-art method.
Research Interests:
Research Interests:
ABSTRACT
Research Interests:
ABSTRACT
Research Interests:
Research Interests:
... 20. DE Holcomb, WP Burleson, and K. Fu. Power-up SRAM State as an Identifying Fingerprint and Source of True Random Numbers. IEEE Transactions on Computers, 2009. to appear. 21. J. Holleman, D. Yeager, R. Prasad, J. Smith, and B.... more
... 20. DE Holcomb, WP Burleson, and K. Fu. Power-up SRAM State as an Identifying Fingerprint and Source of True Random Numbers. IEEE Transactions on Computers, 2009. to appear. 21. J. Holleman, D. Yeager, R. Prasad, J. Smith, and B. Otis. ...
Research Interests:
Secure "pairing" of wireless devices based on auxiliary or out-of-band (OOB) - audio, visual or tactile - communication is a well-established research direction. Lack of good... more
Secure "pairing" of wireless devices based on auxiliary or out-of-band (OOB) - audio, visual or tactile - communication is a well-established research direction. Lack of good quality interfaces on or physical access to certain constrained devices (e.g., headsets, access points, medical implants) makes pairing a challenging problem in practice. Prior work shows that pairing of constrained devices based on authenticated
Research Interests:
ABSTRACT