389 research outputs found
Secure Pick Up: Implicit Authentication When You Start Using the Smartphone
We propose Secure Pick Up (SPU), a convenient, lightweight, in-device,
non-intrusive and automatic-learning system for smartphone user authentication.
Operating in the background, our system implicitly observes users' phone
pick-up movements, the way they bend their arms when they pick up a smartphone
to interact with the device, to authenticate the users.
Our SPU outperforms the state-of-the-art implicit authentication mechanisms
in three main aspects: 1) SPU automatically learns the user's behavioral
pattern without requiring a large amount of training data (especially those of
other users) as previous methods did, making it more deployable. Towards this
end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW)
algorithm to effectively quantify similarities between users' pick-up
movements; 2) SPU does not rely on a remote server for providing further
computational power, making SPU efficient and usable even without network
access; and 3) our system can adaptively update a user's authentication model
to accommodate user's behavioral drift over time with negligible overhead.
Through extensive experiments on real world datasets, we demonstrate that SPU
can achieve authentication accuracy up to 96.3% with a very low latency of 2.4
milliseconds. It reduces the number of times a user has to do explicit
authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies
(SACMAT) 201
Conceivable security risks and authentication techniques for smart devices
With the rapidly escalating use of smart devices and fraudulent transaction of usersâ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques
DragID: A Gesture Based Authentication System
Department of Electrical EngineeringWith the use of mobile computing devices with touch screens is becoming widespread. Sensitive personal information is often stored in the mobile devices. Smart device users use applications with sensitive personal data such as in online banking. To protect personal information, code based screen unlock methods are used so far. However, these methods are vulnerable to shoulder surfing or smudge attacks. To build a secure unlocking methods we propose DragID, a flexible gesture and biometric based user authentication. Based on the human modeling, DragID authenticates users by using 6 input sources of touch screens. From the input sources, we build 25 fine grained features such as origin of hand, finger radius, velocity, gravity, perpendicular and so on. As modeling the human hand, inour method, features such as radius or origin is difficult to imitate. These features are useful for authentication. In order to authenticate, we use a popular machine learning method, support vector machine. This method prevents attackers reproducing the exact same drag patterns. In the experiments, we implemented DragID on Samsung Galaxy Note2, collected 147379 drag samples from 17 volunteers, and conducted real-world experiments. Our method outperforms Luca???s method and achieves 89.49% and 0.36% of true positive and false positive. In addition, we achieve 92.33% of TPR in case we implement sequence technique.ope
PABAU: Privacy Analysis of Biometric API Usage
Biometric data privacy is becoming a major concern for many organizations in
the age of big data, particularly in the ICT sector, because it may be easily
exploited in apps. Most apps utilize biometrics by accessing common application
programming interfaces (APIs); hence, we aim to categorize their usage. The
categorization based on behavior may be closely correlated with the sensitive
processing of a user's biometric data, hence highlighting crucial biometric
data privacy assessment concerns. We propose PABAU, Privacy Analysis of
Biometric API Usage. PABAU learns semantic features of methods in biometric
APIs and uses them to detect and categorize the usage of biometric API
implementation in the software according to their privacy-related behaviors.
This technique bridges the communication and background knowledge gap between
technical and non-technical individuals in organizations by providing an
automated method for both parties to acquire a rapid understanding of the
essential behaviors of biometric API in apps, as well as future support to data
protection officers (DPO) with legal documentation, such as conducting a Data
Protection Impact Assessment (DPIA).Comment: Accepted by The 8th IEEE International Conference on Privacy
Computing (PriComp 2022
Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning
Authentication of smartphone users is important because a lot of sensitive
data is stored in the smartphone and the smartphone is also used to access
various cloud data and services. However, smartphones are easily stolen or
co-opted by an attacker. Beyond the initial login, it is highly desirable to
re-authenticate end-users who are continuing to access security-critical
services and data. Hence, this paper proposes a novel authentication system for
implicit, continuous authentication of the smartphone user based on behavioral
characteristics, by leveraging the sensors already ubiquitously built into
smartphones. We propose novel context-based authentication models to
differentiate the legitimate smartphone owner versus other users. We
systematically show how to achieve high authentication accuracy with different
design alternatives in sensor and feature selection, machine learning
techniques, context detection and multiple devices. Our system can achieve
excellent authentication performance with 98.1% accuracy with negligible system
overhead and less than 2.4% battery consumption.Comment: Published on the IEEE/IFIP International Conference on Dependable
Systems and Networks (DSN) 2017. arXiv admin note: substantial text overlap
with arXiv:1703.0352
Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
We investigate whether a classifier can continuously authenticate users based
on the way they interact with the touchscreen of a smart phone. We propose a
set of 30 behavioral touch features that can be extracted from raw touchscreen
logs and demonstrate that different users populate distinct subspaces of this
feature space. In a systematic experiment designed to test how this behavioral
pattern exhibits consistency over time, we collected touch data from users
interacting with a smart phone using basic navigation maneuvers, i.e., up-down
and left-right scrolling. We propose a classification framework that learns the
touch behavior of a user during an enrollment phase and is able to accept or
reject the current user by monitoring interaction with the touch screen. The
classifier achieves a median equal error rate of 0% for intra-session
authentication, 2%-3% for inter-session authentication and below 4% when the
authentication test was carried out one week after the enrollment phase. While
our experimental findings disqualify this method as a standalone authentication
mechanism for long-term authentication, it could be implemented as a means to
extend screen-lock time or as a part of a multi-modal biometric authentication
system.Comment: to appear at IEEE Transactions on Information Forensics & Security;
Download data from http://www.mariofrank.net/touchalytics
Recognition of Biometric Unlock Pattern by GMM-UBM
International audienceUnlock patterns are used for authentication in mobile smart devices, yet they are vulnerable to attacks, since only the pattern draw is required. Extra biometric data of the user while drawing the unlock pattern passwords may strengthen the authentication, such as the speed of drawing, the pressure of the finger on the touch screen. Such biometric modality is referred to as behavioral biometrics. Besides, voice is also a behavioral biometric modality, as well as a physiological one. Hence, statistical models such as Gaussian mixture models (GMM) with universal background modeling (UBM) are widely used in speaker verification systems. In this work, we propose to apply and adapt a framework usually dedicated to speaker verification to recognize the unlock patterns based on users' behavior. We evaluate the performance using equal error rate for different combinations of features and varying number of mixtures. As a result of the combination of features, an equal error rate as low as 9.25% on average is obtained, which is promising for a preliminary study on GMM-UBM applied to unlock pattern based biometric recognition
Multimodal Behavioral Biometric Authentication in Smartphones for Covid-19 Pandemic
The usage of mobile phones has increased multi-fold in recent decades, mostly because of their utility in most aspects of daily life, such as communications, entertainment, and financial transactions. In use cases where usersâ information is at risk from imposter attacks, biometrics-based authentication systems such as fingerprint or facial recognition are considered the most trustworthy in comparison to PIN, password, or pattern-based authentication systems in smartphones. Biometrics need to be presented at the time of power-on, they cannot be guessed or attacked through brute force and eliminate the possibility of shoulder surfing. However, fingerprints or facial recognition-based systems in smartphones may not be applicable in a pandemic situation like Covid-19, where hand gloves or face masks are mandatory to protect against unwanted exposure of the body parts. This paper investigates the situations in which fingerprints cannot be utilized due to hand gloves and hence presents an alternative biometric system using the multimodal Touchscreen swipe and Keystroke dynamics pattern. We propose a HandGlove mode of authentication where the system will automatically be triggered to authenticate a user based on Touchscreen swipe and Keystroke dynamics patterns. Our experimental results suggest that the proposed multimodal biometric system can operate with high accuracy. We experiment with different classifiers like Isolation Forest Classifier, SVM, k-NN Classifier, and fuzzy logic classifier with SVM to obtain the best authentication accuracy of 99.55% with 197 users on the Samsung Galaxy S20. We further study the problem of untrained external factors which can impact the user experience of authentication system and propose a model based on fuzzy logic to extend the functionality of the system to improve under novel external effects. In this experiment, we considered the untrained external factor of âsanitized handsâ with which the user tries to authenticate and achieved 93.5% accuracy in this scenario. The proposed multimodal system could be one of the most sought approaches for biometrics-based authentication in smartphones in a COVID-19 pandemic situation
- âŠ