Continuous implicit authentication for mobile devices based on adaptive neuro-fuzzy inference system

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.As mobile devices have become indispensable in modern life, mobile security is becoming much more important. Traditional password or PIN-like point-of-entry security measures score low on usability and are vulnerable to brute force and other types of attacks. In order to improve mobile security, an adaptive neuro-fuzzy inference system(ANFIS)-based implicit authentication system is proposed in this paper to provide authentication in a continuous and transparent manner. To illustrate the applicability and capability of ANFIS in our implicit authentication system, experiments were conducted on behavioural data collected for up to 12 weeks from different Android users. The ability of the ANFIS-based system to detect an adversary is also tested with scenarios involving an attacker with varying levels of knowledge. The results demonstrate that ANFIS is a feasible and efficient approach for implicit authentication with an average of 95% user recognition rate. Moreover, the use of ANFIS-based system for implicit authentication significantly reduces manual tuning and configuration tasks due to its self-learning capability

Risks to Zero Trust in a Federated Mission Partner Environment

Recent cybersecurity events have prompted the federal government to begin investigating strategies to transition to Zero Trust Architectures (ZTA) for federal information systems. Within federated mission networks, ZTA provides measures to minimize the potential for unauthorized release and disclosure of information outside bilateral and multilateral agreements. When federating with mission partners, there are potential risks that may undermine the benefits of Zero Trust. This paper explores risks associated with integrating multiple identity models and proposes two potential avenues to investigate in order to mitigate these risks

A novel scheme to address the fusion uncertainty in multi-modal continuous authentication schemes on mobile devices

Interest in continuous mobile authentication schemes has increased in recent years. These schemes use sensors on mobile devices to collect the biometric data about a user. The use of multiple sensors in a multi-modal scheme has been shown to improve the accuracy. However, sensor scores are often combined using simplistic techniques such as averaging. To date, the effect of uncertainty in score fusion has not been explored. In this paper, we present a novel Dempster-Shafer based score fusion approach for continuous authentication schemes. Our approach combines the sensor scores factoring in the uncertainty of the sensor. We propose and evaluate five techniques for computing uncertainty. Our proof-of-concept system is tested on three state-of-the-art datasets and compared with common fusion techniques. We find that our proposed approach yields the highest accuracies compared to the other fusion techniques and achieves equal error rates as low as 8.05%

MobiQ: A modular Android application for collecting social interaction, repeated survey, GPS and photographic data

The MobiQ app for Android smartphones is a feature-rich application enabling a novel approach to data collection for longitudinal surveys. It combines continuous automatic background data collection with user supplied data. It can prompt users to complete questionnaires at regular intervals, and allows users to upload photographs for social research projects. The app has the capability to collect GPS location data, and calls and text frequency (excluding content) unobtrusively. The app transmits data to a secure cloud rather than storing research data on the phone, but can also store data temporarily if a data connection is unavailable; hence, MobiQ offers data security advantages over text- or web-based surveys using phones. MobiQ has been pilot tested in the field in a social science research project and is able to collect longitudinal social research data. Due to its modular and flexible design, MobiQ can easily be adapted to suit different research questions. Furthermore, its core design approach which allows for long-term power efficient data collection can be re-used outside the social sciences domain for other kinds of smartphone-based data-driven projects. Projects that have a requirement for communications-based, sensors-based, user-based data collection or any combination of these may find our code and design approach beneficial. For example, MobiQ code and architecture has been successfully adapted to build an app for a project investigating smartphone-based implicit authentication for mobile access control

EEG-based Brain-Computer Interfaces (BCIs): A Survey of Recent Studies on Signal Sensing Technologies and Computational Intelligence Approaches and Their Applications.

Brain-Computer interfaces (BCIs) enhance the capability of human brain activities to interact with the environment. Recent advancements in technology and machine learning algorithms have increased interest in electroencephalographic (EEG)-based BCI applications. EEG-based intelligent BCI systems can facilitate continuous monitoring of fluctuations in human cognitive states under monotonous tasks, which is both beneficial for people in need of healthcare support and general researchers in different domain areas. In this review, we survey the recent literature on EEG signal sensing technologies and computational intelligence approaches in BCI applications, compensating for the gaps in the systematic summary of the past five years. Specifically, we first review the current status of BCI and signal sensing technologies for collecting reliable EEG signals. Then, we demonstrate state-of-the-art computational intelligence techniques, including fuzzy models and transfer learning in machine learning and deep learning algorithms, to detect, monitor, and maintain human cognitive states and task performance in prevalent applications. Finally, we present a couple of innovative BCI-inspired healthcare applications and discuss future research directions in EEG-based BCI research

Implicit authentication method for smartphone users based on rank aggregation and random forest

Currently, the smartphone devices have become an essential part of our daily activities. Smartphone’ users run various essential applications (such as banking and e-health Apps), which contains very confidential information (e.g., credit card number and its PIN). Typically, the smartphone’s user authentication is achieved using mechanisms (password or security pattern) to verify the user identity. Although these mechanisms are cheap, simple, and quick enough for frequent logins, they are vulnerable to attacks such as shoulder surfing or smudge attack. This problem could be addressed by authenticating the users using their behaviour (i.e., touch behaviour) while using their smartphones. Such behaviours include finger’s pressure, size, and pressure time while tapping keys. Selecting features (from these behaviours) could play an important role in the authentication process’s performance. This paper aims to propose an efficient authentication method providing an implicit authentication for smartphone users while not imposing an additional cost of special hardware and addressing the limited smartphone capabilities. We first investigated feature selection techniques from the filter and wrapper approaches and then used the best one to propose our implicit authentication method. The random forest classifier is used to evaluate these techniques. It is also used to achieve the classification task in our authentication method. Using a public dataset, the experimental results showed that the filter-based technique (i.e., rank aggregation) is the best feature selection to build an implicit authentication method for the smartphone environment. It showed accuracy results around 97.80% using only 25 features out of 53 features (i.e., require less mobile resources (memory and processing power) to authenticate users. At the same time, the results showed that our method has less error rate: 2.03 FAR, 0.04 FRR, and 1.04 ERR, comparing to the related work. These promising results would be used to develop a mobile application that allows implicit authentication of legitimate owners while avoiding the traditional authentication problems and using fewer smartphone resources

Data Behind Mobile Behavioural Biometrics – a Survey

Behavioural biometrics are becoming more and more popular. It is hard to find a sensor that is embedded in a mobile/wearable device, which can’t be exploited to extract behavioural biometric data. In this paper, we investigate data in behavioural biometrics and how this data is used in experiments, especially examining papers that introduce new datasets. We will not examine performance accomplished by the algorithms used since a system’s performance is enormously affected by the data used, its amount and quality. Altogether, 32 papers are examined, assessing how often they are cited, have databases published, what modality data are collected, and how the data is used. We offer a roadmap that should be taken into account when designing behavioural data collection and using collected data. We further look at the General Data Protection Regulation, and its significance to the scientific research in the field of biometrics. It is possible to conclude that there is a need for publicly available datasets with comprehensive experimental protocols, similarly established in facial recognition

Investigation of a hierarchical context-aware architecture for rule-based customisation of mobile computing service

The continuous technical progress in mobile device built-in modules and embedded sensing techniques creates opportunities for context-aware mobile applications. The context-aware computing paradigm exploits the relevant context as implicit input to characterise the user and physical environment and provide a computing service customised to the contextual situation. However, heterogeneity in techniques, complexity of contextual situation, and gap between raw sensor data and usable context keep the techniques from truly integration for extensive use. Studies in this area mainly focus on feasibility demonstration of the emerging techniques, and they lack general architecture support and appropriate service customisation strategy. This investigation aims to provide general system architecture and technical approaches to deal with the heterogeneity problem and efficiently utilise the dynamic context towards proactive computing service that is customised to the contextual situation. The main efforts of this investigation are the approaches to gathering, handling, and utilising the dynamic context information in an efficient way and the decision making and optimisation methods for computing service customisation. In brief, the highlights of this thesis cover the following aspects: (1) a hierarchical context-aware computing architecture supporting interoperable distribution and further use of context; (2) an in-depth analysis and classification of context and the corresponding context acquisition methods; (3) context modelling and context data representation for efficient and interoperable use of context; (4) a rule-based service customisation strategy with a rule generation mechanism to supervise the service customisation. In addition, feasibility demonstration of the proposed system and contribution justification of this investigation are conducted through case studies and prototype implementations. One case study uses mobile built-in sensing techniques to improve the usability and efficiency of mobile applications constrained by resource limitation, and the other employs the mobile terminal and embedded sensing techniques to predict users’ expectations for home facility automatic control. Results demonstrate the feasibility of the proposed context handling architecture and service customisation methods. It shows great potential for employing the context of the computing environment for context-aware adaptation in pervasive and mobile applications but also indicates some underlying problems for further study