| dc.description.abstract | Humans are smart when facing solely technical attacks; they invented technical strategies to defend against technical attacks. However, when facing a social engineering attack, a socio-technical attack, humans become the weakest link of security defense. By exploiting vulnerabilities of trust relationships, social engineers physically and psychologically manipulate victims to gain confidential information and proprietary assets. In spite of the severity and universality of social engineering, unfortunately, there is no better solution but training and educating at present.
When dealing with identity verification in face-to-face interactions, threats from social engineering are particularly serious. Verifying human identity and limits of their authority rely on experience and intuition which is far from accurate. After investigation, vulnerabilities of current identity management solutions are discovered.
By referring to the protocols used in European ePassport, as well as the growing popularity and security properties of smart devices and biometrics, we decide to use smart card, fingerprint, and Near Field Communication (NFC)-enabled smart phone as main technologies of the mechanism. Due to lack of ideal fingerprint smart card, we use fingerprint sensor enabled smart phone -- Nexus 5X and programmable Java card for implementation. The tests and evaluation present the availability and possibility to prevent face-to-face social engineering attacks. Future improvements and expectations of the mechanism are also mentioned in the thesis.
Keywords: Social Engineering, Electronic Identity (eID), Smart Card, Biometrics | |
