Learning Device Usage in Context: A Continuous and Hierarchical Smartphone Authentication Scheme

Popular smartphone authentication schemes, such as PIN-based or biometrics- based authentication methods, require only an initial login at the start of a usage session to authorize the user to use all the apps on the phone during the entire session. Those schemes fail to provide continuous protection of the smartphone after the initial login. They also fail to meet the hierarchy of security requirements for different apps under different contexts. In this study, we propose a continuous and hierarchical authentication scheme. We believe that a user\u27s app-usage patterns depend on his location context. As such, our scheme relies on app-usage patterns in different location context to continuously establish the log probability density (LPD) of the authenticity of the current user. Based on different LPD thresholds corresponding to different security requirements, the current user either has a LPD higher than the threshold, which grants him continuous access to the phone or the app, or he has a LPD lower than the threshold, which locks him out of the phone or the app immediately. We test our scheme on 4,600 subjects from the Device Analyzer Dataset. We found that our scheme could correctly identify the authenticity of the majority of the subjects. However, app-usage patterns with or without location context yielded similar performances, indicating that user contexts did not contribute further information to establish user behavioral patterns. Based on our scheme, we propose a hypothetical Android app which would provide continuous and hierarchical authentication for the smartphone users

PATH: Person Authentication using Trace Histories

In this paper, a solution to the problem of Active Authentication using trace histories is addressed. Specifically, the task is to perform user verification on mobile devices using historical location traces of the user as a function of time. Considering the movement of a human as a Markovian motion, a modified Hidden Markov Model (HMM)-based solution is proposed. The proposed method, namely the Marginally Smoothed HMM (MSHMM), utilizes the marginal probabilities of location and timing information of the observations to smooth-out the emission probabilities while training. Hence, it can efficiently handle unforeseen observations during the test phase. The verification performance of this method is compared to a sequence matching (SM) method , a Markov Chain-based method (MC) and an HMM with basic Laplace Smoothing (HMM-lap). Experimental results using the location information of the UMD Active Authentication Dataset-02 (UMDAA02) and the GeoLife dataset are presented. The proposed MSHMM method outperforms the compared methods in terms of equal error rate (EER). Additionally, the effects of different parameters on the proposed method are discussed.Comment: 8 pages, 9 figures. Best Paper award at IEEE UEMCON 201

A robustness verification system for mobile phone authentication based on gestures using Linear Discriminant Analysis

This article evaluates an authentication technique for mobiles based on gestures. Users create a remindful identifying gesture to be considered as their in-air signature. This work analyzes a database of 120 gestures of different vulnerability, obtaining an Equal Error Rate (EER) of 9.19% when robustness of gestures is not verified. Most of the errors in this EER come from very simple and easily forgeable gestures that should be discarded at enrollment phase. Therefore, an in-air signature robustness verification system using Linear Discriminant Analysis is proposed to infer automatically whether the gesture is secure or not. Different configurations have been tested obtaining a lowest EER of 4.01% when 45.02% of gestures were discarded, and an optimal compromise of EER of 4.82% when 19.19% of gestures were automatically rejected

Deep Feature-based Face Detection on Mobile Devices

We propose a deep feature-based face detector for mobile devices to detect user's face acquired by the front facing camera. The proposed method is able to detect faces in images containing extreme pose and illumination variations as well as partial faces. The main challenge in developing deep feature-based algorithms for mobile devices is the constrained nature of the mobile platform and the non-availability of CUDA enabled GPUs on such devices. Our implementation takes into account the special nature of the images captured by the front-facing camera of mobile devices and exploits the GPUs present in mobile devices without CUDA-based frameorks, to meet these challenges.Comment: ISBA 201

A Prototype for authentication of secondary school certificates: case of the Kenya Certificate of Secondary Examination certificates

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore UniversityMore often Universities and training institution in Kenya enroll students who want to further their education. Due to increased demand for educated labor force, the number of individuals reported to have used illegitimate KCSE certificates to join these Universities has increased. Perpetrators of this crime have succeeded despite the fact that there are measures to verify and authenticate KCSE certificates. The study examined common forms of document fraud as well as current features used to secure paper documents. Therefore, the aim of this research was to develop a prototype based on digital signature and QR-code technique which would assist institutions in verification of certificates. Agile software development methodology was adopted in developing the prototype. This involved requirements gathering, architecture and design, development and testing. This research was conducted in Nairobi County, targeting a population of thirty seven accredited Universities. In the study both public and private universities were considered in order to eliminate any form of biasness. Data collection tools such as questionnaires were used to gather both qualitative and quantitative data. This data was analyzed qualitatively and quantitatively and presented in pie charts and bar graphs and frequency tables with the aid of statistical tool SPSS. More than 87% of respondents said that the current features were not sufficient in preventing document fraud. In addition, 98% confirmed that a computer based system would greatly contribute towards detecting fake certificates. Consequently, after the prototype was developed and tested 78% of the respondents agreed that a digital system was leveraging on the current security measures and authentication processes

Applications of Artificial Intelligence to Cryptography

This paper considers some recent advances in the field of Cryptography using Artificial Intelligence (AI). It specifically considers the applications of Machine Learning (ML) and Evolutionary Computing (EC) to analyze and encrypt data. A short overview is given on Artificial Neural Networks (ANNs) and the principles of Deep Learning using Deep ANNs. In this context, the paper considers: (i) the implementation of EC and ANNs for generating unique and unclonable ciphers; (ii) ML strategies for detecting the genuine randomness (or otherwise) of finite binary strings for applications in Cryptanalysis. The aim of the paper is to provide an overview on how AI can be applied for encrypting data and undertaking cryptanalysis of such data and other data types in order to assess the cryptographic strength of an encryption algorithm, e.g. to detect patterns of intercepted data streams that are signatures of encrypted data. This includes some of the authors’ prior contributions to the field which is referenced throughout. Applications are presented which include the authentication of high-value documents such as bank notes with a smartphone. This involves using the antenna of a smartphone to read (in the near field) a flexible radio frequency tag that couples to an integrated circuit with a non-programmable coprocessor. The coprocessor retains ultra-strong encrypted information generated using EC that can be decrypted on-line, thereby validating the authenticity of the document through the Internet of Things with a smartphone. The application of optical authentication methods using a smartphone and optical ciphers is also briefly explored

Review Paper on Various Methods of Implicit Authentication

The quest (search) for a reliable and convenient security system to authenticate a computer user has existed since the inadequacy of conventional password mechanism was realized, first by the security community, and then gradually by the public. Verifying the identity of a user before granting access to objects or services is an vital step in nearly all applications or environments. Some applications (e.g. pervasive environment) may impose additional requirements for user authentication mechanism, such as to be continuous and unobtrusive. New system is hoped being transparent and with very minimum user involvement denoted as implicit authentication system. This paper tackles the issue of ambient systems adaptation to users' needs while the environment and users' preferences evolve continuously. DOI: 10.17762/ijritcc2321-8169.150512