Securing Cyberspace by Ensuring Authenticity

through Adaptive Multi Factor Authentication

ASEAN IVO Forum 2017

Presented by: Didi Rosiyadi

Prepared by: Rifki Sadikin1, Didi Rosiyadi1, Esa Prakasa1,
Hermawan Nugroho2

1
Research Center for Informatics,
Indonesian Institute of Sciences, Indonesia
2
Faculty of Engineering, Computing and Science
Swinburne Techonolgy University, Sarawak, Malaysia

24 Oktober 2017
 Outline
● Background
● Objectives
● Members, Methodology and Roadmap
● Budget
● Facility and Equipment

2
 Outline
● Background
● Objectives
● Members, Methodology and Roadmap
● Budget
● Facility and Equipment

3
 Cyberspace and Security
● Cybersecurity: measure for protecting cyberspace from
cyber crime such as disruption or unauthorized access, use,
disclose, modification or destruction.

Cyber
Cyberspace
Security

4
 Banking Industry
● Cyber technology foster banking industry services.
● Security services: integrity, confidentiality, and availability

Security Services
● Internet
Banking Integrity
● ATM’s
● Tele banking Confidentiality
● E-Money
● E-Cheque Availability

5
 Security Threats
● 63 % of reported breached involve the use of compromised
credentials (Verizon DBIR 2016)
● Threats:
● Malicious software, vulnerability in new vectors: mobile
phones, phishing by exploiting poor implementation or
social engineering
● Recent issue in Malaysia - leak of 46 million mobile
users' data (Reuters.com November 2017)
● Authentication provides assurance on entity identification to
protect cyberspace from threats. However
username+password is not enough.
● Common practice: two-factor authentication
6
 2 Authentication Factors

Knowledge Based Question-Answer

One Time Password delivered from

SMS

Hard token

Push to accept

7
 Limitedness of 2F Authentication: Case
OTP with SMS
● Hackers can intercept SMS messages and do
man-in-the middle attack

8
Adaptive Multifactor Authentication
Adaptive Multifactor
● Device ● SMS OTP
recognition ● Email OTP
● Geo Location ● Talk OTP
● Phone number ● Biometric
protection ● Push to
● Behavioral Accept
biometrics
● Identity
Governence

Goal:
- Raise confidence in authenticating identities
- Provide good user experience
9
 Outline
● Background
● Objectives
● Members, Methodology and Roadmap
● Budget
● Facility and Equipment

10
 Research Objectives
● To develop a new multi factor authentication method to
provide authentication service in cyberspace.
● To develop an algorithm based on image processing
techniques for creating an unique biometric key using facial
expression.
● To implement the authentication scheme efficiently in smart
devices environment
● To evaluate user experiment in conducting multi factor
authenticationscheme.

11
 Develop New Multifactor Authentication based on Strong
Cryptographic Primitives
● Challanges in biometric-based authentication: probabilistic in nature.
● Storing biometric information raise security risk (how if server is compromised).
● Exploiting/Developing privacy preserving protocol from current crypto
primitives such as lattice-based/pairing-based cryptography could lead more
secure multifactor authentication.
● Research questions:
● How to improve “Multi-Factor Zero Knowledge Authentication Protocol”
with biometrics (which is naturally probabilistic)?
● Previous study:

12
Biometric-Key Using Facial Expression

13
Biometric-Key Using Facial Expression

Deep Learning

14
 Outline
● Background
● Objectives
● Members, Methodology and Roadmap
● Budget
● Facility and Equipment

15
Research Members
Research Center for Swinburne University -
Informatics Sarawak
Indonesian Institute of Universiti Teknologi
Sciences Petronas

Dr. Riki Sadikin - Cryptography Dr. Hermawan Nugroho - imaging

Dr. Didi Rosiyadi - Computer Security based analysis
Dr. Esa Prakasa - Computer Assoc Prof Dr. Ibrahim Faye - Machine
Vision/Image Processing learning

INDONESIA MALAYSIA

NICT/NTT

- Prospective partner -
collaboration in developing
scheme and testing the
implementation

JAPAN
16
 Methodology

For adaptive multi-authentication scheme we use provable

cryptology, here are the steps:

1. Scheme
Development
(Pariring/Lattice-based
Cryptography) 2. Formal Proof 3. Performance
(against active attacker)
Measurement
(computation-memory
consumption)

5. Development 4. Prototyping
(in the same enviroment)
and Testing
(user testing is important)
17
 Methodology

For biometric based authentication the research are divided into

two main stages, training and testing stages. In training stage,
face videos are collected from various face databases. Several
database that provided freely provided are listed as follows:
● MMI Facial Expression Database (http://mmifacedb.eu/)
● Facial Expression Dataset
(http://www.affectiva.com/facial-expression-dataset/)
● Biwi 3D Audiovisual Corpus of Affective Communication -
B3D(AC)^2
(http://www.vision.ee.ethz.ch/datasets/b3dac2.en.html)

18
Road Map
Year 2018 2019 2020

Activities Designing and Unit-module User acceptance

Developing testing. testing
adaptive multi auth
scheme Integrating between System improvement
adaptive multi auth based on user testing
Designing and scheme and face result
Developing expression
biometric key by
face expression Integration testing

Output - scientific papers - scientific papers - 1 patent

4 proceedings: 2 journal - 1 copyright
- requirement dan - prototype - system
design report impelemtation implementatioin
system

19
 Outline
● Background
● Objectives
● Members, Methodology and Roadmap
● Budget
● Facility and Equipment

20
Budget Year 1

Vol Cost Total cost

Equipment
Equipment for testing encryption scheme 1 550 550

Data for Recruiting face expression video 350 25 8,750

Equipment for develop mobile application for 1,500 1,500

collecting face video 1

Travel
Attend a major international conf in Europe (i.e
2,300 4,600
ECCV) 2

Attend a major international conf in regional 1,800 3,600

countries (Japan/China/Korea) 2

Joint
workshop
Workshop in Indonesia 1 7,000 7,000

Workshop in Malaysia 2 7,000 14,000

TOTAL 40,000

21
 Outline
● Background
● Objectives
● Members, Methodology and Roadmap
● Budget
● Facility and Equipment

22
 Facilities, Equipment and Other
Resources

Research Center of Informatics, Indonesian Institute of

Sciences has a cloud infrastructure to develop and test the
proposed system.

UTP and Swinburne Sarawak have small deep learning

machines to develop the proposed system.
23
Thankyou - terima kasih

24