Chancellor’s Professor of Computer Science Gene Tsudik and two of his Ph.D. students, Tyler Kaczmarek and Ercan Ozturk, have developed a novel technique aimed at mitigating “Lunchtime Attacks.” Such attacks occur when an insider adversary takes over an authenticated state of a careless user who has left his or her computer unattended. Tsudik, Kaczmarek and Ozturk have come up with an unobtrusive and continuous biometric-based “de-authentication,” i.e., a means of quickly terminating the secure session of a previously authenticated user after detecting that user’s absence. They introduce the new biometric, called Assentication, in a paper appearing at the 2018 International Conference on Applied Cryptography and Network Security (ACNS).

The paper, “Assentication: User De-Authentication and Lunchtime Attack Mitigation with Seated Posture Biometric,” presents a hybrid biometric based on the user’s seated posture pattern. By instrumenting the seat and lower back of a standard office chair with 16 tiny pressure sensors, they found a way to capture a unique combination of physiological and behavioral traits to provide continuous user authentication (and de-authentication). Results from user experiments involving a cohort of 30 subjects show that Assentication yields very low false accept and false reject rates.

— Shani Murray