“Deteção e Resposta a Intrusões em Dispositivos Móveis”
Master’s thesis, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Oct. 2016
Abstract: Smartphones are increasingly ubiquitous in our personal, social and professional lives. They contain a large amount of sensitive information that we want to protect against physical intrusions, preserving their security and our privacy. The main security mechanisms of these devices are the authentication methods based on a secret or biometrics. Although effective in a situation of loss/theft, they are vulnerable to attacks by people socially close. When users share their smartphones, they fear, on the one hand, that the person might invade their privacy and, on the other hand, that attitudes of explicit surveillance could compromise their social relations. An intrusion detection and response system to physical intrusions for smartphones should address any limitations inherent to authentication methods, and provide (or not) access to certain content and functionality in situations of unauthorized access and sharing. In this work, we designed and developed an intrusion detection and response system (called SmartIDR) for smartphones using a secondary wearable device – smartwatch –, which allows the inconspicuous interaction with the primary device. The mechanisms of detection and response are based on distance (Bluetooth communication) between devices. The system is characterized by monitoring events happening on the smartphone and responding remotely, and in real-time, to intrusion situations, by using a smartwatch; providing a set of multiple response settings; be accessible to ordinary users; and not compromising the usability of devices. To analyze the impact of this new approach, we conducted cross-sectional studies with potential users. The results indicated that SmartIDR meets the needs and expectations of security and privacy of smartphone users, with effectiveness, efficiency and high user satisfaction.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)