Identifying Users with Wearable Sensors based on Activity Patterns

We live in a world where ubiquitous systems surround us in the form of automated homes, smart appliances and wearable devices. These ubiquitous systems not only enhance productivity but can also provide assistance given a variety of different scenarios. However, these systems are vulnerable to the risk of unauthorized access, hence the ability to authenticate the end-user seamlessly and securely is important. This paper presents an approach for user identification given the physical activity patterns captured using on-body wearable sensors, such as accelerometer, gyroscope, and magnetometer. Three machine learning classifiers have been used to discover the activity patterns of users given the data captured from wearable sensors. The recognition results prove that the proposed scheme can effectively recognize a user’s identity based on his/her daily living physical activity patterns

Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intra-session authentication, 2%-3% for inter-session authentication and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multi-modal biometric authentication system.Comment: to appear at IEEE Transactions on Information Forensics & Security; Download data from http://www.mariofrank.net/touchalytics

AI-Oriented Two-Phase Multi-Factor Authentication in SAGINs: Prospects and Challenges

Space-air-ground integrated networks (SAGINs), which have emerged as an expansion of terrestrial networks, provide flexible access, ubiquitous coverage, high-capacity backhaul, and emergency/disaster recovery for mobile users (MUs). While the massive benefits brought by SAGIN may improve the quality of service, unauthorized access to SAGIN entities is potentially dangerous. At present, conventional crypto-based authentication is facing challenges, such as the inability to provide continuous and transparent protection for MUs. In this article, we propose an AI-oriented two-phase multi-factor authentication scheme (ATMAS) by introducing intelligence to authentication. The satellite and network control center collaborate on continuous authentication, while unique spatial-temporal features, including service features and geographic features, are utilized to enhance the system security. Our further security analysis and performance evaluations show that ATMAS has proper security characteristics which can meet various security requirements. Moreover, we shed light on lightweight and efficient authentication mechanism design through a proper combination of spatial-temporal factors.Comment: Accepted by IEEE Consumer Electronics Magazin

A Survey of Elliptic Curve Cryptography Implementation Approaches for Efficient Smart Card Processing

Smart cards have been used for many different purposes over the last two decades, from simple prepaid credit counter cards used in parking meters, to high security identity cards intended for national ID programs. This has increased data privacy and security requirements. Data protection and authentication is now demanded for performing Electronic payment and allow secure multi-level access to private information. ECC uses smaller key sizes compared to traditionally used RSA based cryptosystems. Elliptic Curve Cryptography is especially suited to smart card based message authentication because of its smaller memory and computational power requirements than public key cryptosystems. It is observed that the performance of ECC based approach is significantly better than RSA and DSA/DH based approaches because of the low memory and computational requirements, smaller key size, low power and timing consumptions