Orientation Based Accelerometer Analysis (OBAA) for Mobile Gestures: Memorable Authentication

Mobile authentication today primarily relies onPersonal Identification Numbers (PINs). For PINs to be securefrom the majority of malicious users, it must contain a highnumber of digits and be entropic. Human memory generallystruggles when it attempts to recall highly entropic numericcodes. Gesture-based authentication using Quick Reference (QR)codes, and internally analyzed accelerometer data from mobiledevices, allow for sustaining a more user-friendly, memorable,and low expense alternative to PINs. This paper presents atechnique for users to capture movements of their mobile deviceby analyzing the orientation of devices and the speed at whichthese orientations transition via accelerometer data. Thesemotions are described as the user’s gesture. Gestures can be usedto identify a user, while QR codes can be used to indicate aspecific machine a user can attempt to authenticate with. A userstudy was performed and showed gesture-based authenticationresults in a more user preferred, entropic and memorableauthentication system in comparison to similar applications

Gait-Based Identification Using Wearables in the Personal Fog

Wearables are becoming more computationally powerful, with increased sensing and control capabilities, creating a need for accurate user authentication. Greater control and power allow wearables to become part of a personal fog system, but introduces new attack vectors. An attacker that steals a wearable can gain access to stored personal data on the wearable. However, the new computational power can also be employed to safeguard use through more secure authentication. The wearables themselves can now perform authentication. In this paper, we use gait identification for increased authentication when potentially harmful commands are requested. We show how the relying on the processing and storage inherent in the personal fog allows distributed storage of information about the gait of the wearer and the ability to fully process this data for user authentication locally at the edge. While gait-based authentication has been examined before, we show an additional, low-power method of verification for wearables

User Authentication based on Continuous Touch Biometrics

Mobile devices such as smartphones have until now been protected by traditional authentication methods, including passwords or pattern locks. These authentication mechanisms are difficult to remember and are often disabled, leaving the device vulnerable if stolen. This paper investigates the possibility of unobtrusive, continuous authentication for smartphones based on biometric data collected using a touchscreen. The possibility of authenticating users on a smartphone was evaluated by conducting an experiment simulating real-world touch interaction. Touch data was collected from 30 participants during normal phone use. The touch features were analysed in terms of the information provided for authentication. It was found that features such as finger pressure, location of touch interaction and shape of the finger were important discriminators for authentication. The touch data was also analysed using two classification algorithms to measure the authentication accuracy. The results show that touch data is sufficiently distinct between users to be used in authentication without disrupting normal touch interaction. It is also shown that the raw touch data was more effective in authentication than the aggregated gesture data.http://sacj.cs.uct.ac.zaam2017Computer Scienc

Inferences from Interactions with Smart Devices: Security Leaks and Defenses

We unlock our smart devices such as smartphone several times every day using a pin, password, or graphical pattern if the device is secured by one. The scope and usage of smart devices\u27 are expanding day by day in our everyday life and hence the need to make them more secure. In the near future, we may need to authenticate ourselves on emerging smart devices such as electronic doors, exercise equipment, power tools, medical devices, and smart TV remote control. While recent research focuses on developing new behavior-based methods to authenticate these smart devices, pin and password still remain primary methods to authenticate a user on a device. Although the recent research exposes the observation-based vulnerabilities, the popular belief is that the direct observation attacks can be thwarted by simple methods that obscure the attacker\u27s view of the input console (or screen). In this dissertation, we study the users\u27 hand movement pattern while they type on their smart devices. The study concentrates on the following two factors; (1) finding security leaks from the observed hand movement patterns (we showcase that the user\u27s hand movement on its own reveals the user\u27s sensitive information) and (2) developing methods to build lightweight, easy to use, and more secure authentication system. The users\u27 hand movement patterns were captured through video camcorder and inbuilt motion sensors such as gyroscope and accelerometer in the user\u27s device

Activity-Based User Authentication Using Smartwatches

Smartwatches, which contain an accelerometer and gyroscope, have recently been used to implement gait and gesture- based biometrics; however, the prior studies have long-established drawbacks. For example, data for both training and evaluation was captured from single sessions (which is not realistic and can lead to overly optimistic performance results), and in cases when the multi-day scenario was considered, the evaluation was often either done improperly or the results are very poor (i.e., greater than 20% of EER). Moreover, limited activities were considered (i.e., gait or gestures), and data captured within a controlled environment which tends to be far less realistic for real world applications. Therefore, this study remedies these past problems by training and evaluating the smartwatch-based biometric system on data from different days, using large dataset that involved the participation of 60 users, and considering different activities (i.e., normal walking (NW), fast walking (FW), typing on a PC keyboard (TypePC), playing mobile game (GameM), and texting on mobile (TypeM)). Unlike the prior art that focussed on simply laboratory controlled data, a more realistic dataset, which was captured within un-constrained environment, is used to evaluate the performance of the proposed system. Two principal experiments were carried out focusing upon constrained and un-constrained environments. The first experiment included a comprehensive analysis of the aforementioned activities and tested under two different scenarios (i.e., same and cross day). By using all the extracted features (i.e., 88 features) and the same day evaluation, EERs of the acceleration readings were 0.15%, 0.31%, 1.43%, 1.52%, and 1.33% for the NW, FW, TypeM, TypePC, and GameM respectively. The EERs were increased to 0.93%, 3.90%, 5.69%, 6.02%, and 5.61% when the cross-day data was utilized. For comparison, a more selective set of features was used and significantly maximize the system performance under the cross day scenario, at best EERs of 0.29%, 1.31%, 2.66%, 3.83%, and 2.3% for the aforementioned activities respectively. A realistic methodology was used in the second experiment by using data collected within unconstrained environment. A light activity detection approach was developed to divide the raw signals into gait (i.e., NW and FW) and stationary activities. Competitive results were reported with EERs of 0.60%, 0% and 3.37% for the NW, FW, and stationary activities respectively. The findings suggest that the nature of the signals captured are sufficiently discriminative to be useful in performing transparent and continuous user authentication.University of Kuf

Transparent Authentication Utilising Gait Recognition

Securing smartphones has increasingly become inevitable due to their massive popularity and significant storage and access to sensitive information. The gatekeeper of securing the device is authenticating the user. Amongst the many solutions proposed, gait recognition has been suggested to provide a reliable yet non-intrusive authentication approach – enabling both security and usability. While several studies exploring mobile-based gait recognition have taken place, studies have been mainly preliminary, with various methodological restrictions that have limited the number of participants, samples, and type of features; in addition, prior studies have depended on limited datasets, actual controlled experimental environments, and many activities. They suffered from the absence of real-world datasets, which lead to verify individuals incorrectly. This thesis has sought to overcome these weaknesses and provide, a comprehensive evaluation, including an analysis of smartphone-based motion sensors (accelerometer and gyroscope), understanding the variability of feature vectors during differing activities across a multi-day collection involving 60 participants. This framed into two experiments involving five types of activities: standard, fast, with a bag, downstairs, and upstairs walking. The first experiment explores the classification performance in order to understand whether a single classifier or multi-algorithmic approach would provide a better level of performance. The second experiment investigated the feature vector (comprising of a possible 304 unique features) to understand how its composition affects performance and for a comparison a more particular set of the minimal features are involved. The controlled dataset achieved performance exceeded the prior work using same and cross day methodologies (e.g., for the regular walk activity, the best results EER of 0.70% and EER of 6.30% for the same and cross day scenarios respectively). Moreover, multi-algorithmic approach achieved significant improvement over the single classifier approach and thus a more practical approach to managing the problem of feature vector variability. An Activity recognition model was applied to the real-life gait dataset containing a more significant number of gait samples employed from 44 users (7-10 days for each user). A human physical motion activity identification modelling was built to classify a given individual's activity signal into a predefined class belongs to. As such, the thesis implemented a novel real-world gait recognition system that recognises the subject utilising smartphone-based real-world dataset. It also investigates whether these authentication technologies can recognise the genuine user and rejecting an imposter. Real dataset experiment results are offered a promising level of security particularly when the majority voting techniques were applied. As well as, the proposed multi-algorithmic approach seems to be more reliable and tends to perform relatively well in practice on real live user data, an improved model employing multi-activity regarding the security and transparency of the system within a smartphone. Overall, results from the experimentation have shown an EER of 7.45% for a single classifier (All activities dataset). The multi-algorithmic approach achieved EERs of 5.31%, 6.43% and 5.87% for normal, fast and normal and fast walk respectively using both accelerometer and gyroscope-based features – showing a significant improvement over the single classifier approach. Ultimately, the evaluation of the smartphone-based, gait authentication system over a long period of time under realistic scenarios has revealed that it could provide a secured and appropriate activities identification and user authentication system