2,845 research outputs found
Assentication: User Deauthentication and Lunchtime Attack Mitigation with Seated Posture Biometric
Biometric techniques are often used as an extra security factor in
authenticating human users. Numerous biometrics have been proposed and
evaluated, each with its own set of benefits and pitfalls. Static biometrics
(such as fingerprints) are geared for discrete operation, to identify users,
which typically involves some user burden. Meanwhile, behavioral biometrics
(such as keystroke dynamics) are well suited for continuous, and sometimes more
unobtrusive, operation. One important application domain for biometrics is
deauthentication, a means of quickly detecting absence of a previously
authenticated user and immediately terminating that user's active secure
sessions. Deauthentication is crucial for mitigating so called Lunchtime
Attacks, whereby an insider adversary takes over (before any inactivity timeout
kicks in) authenticated state of a careless user who walks away from her
computer. Motivated primarily by the need for an unobtrusive and continuous
biometric to support effective deauthentication, we introduce PoPa, a new
hybrid biometric based on a human user's seated posture pattern. PoPa captures
a unique combination of physiological and behavioral traits. We describe a low
cost fully functioning prototype that involves an office chair instrumented
with 16 tiny pressure sensors. We also explore (via user experiments) how PoPa
can be used in a typical workplace to provide continuous authentication (and
deauthentication) of users. We experimentally assess viability of PoPa in terms
of uniqueness by collecting and evaluating posture patterns of a cohort of
users. Results show that PoPa exhibits very low false positive, and even lower
false negative, rates. In particular, users can be identified with, on average,
91.0% accuracy. Finally, we compare pros and cons of PoPa with those of several
prominent biometric based deauthentication techniques
Sequential Keystroke Behavioral Biometrics for Mobile User Identification via Multi-view Deep Learning
With the rapid growth in smartphone usage, more organizations begin to focus
on providing better services for mobile users. User identification can help
these organizations to identify their customers and then cater services that
have been customized for them. Currently, the use of cookies is the most common
form to identify users. However, cookies are not easily transportable (e.g.,
when a user uses a different login account, cookies do not follow the user).
This limitation motivates the need to use behavior biometric for user
identification. In this paper, we propose DEEPSERVICE, a new technique that can
identify mobile users based on user's keystroke information captured by a
special keyboard or web browser. Our evaluation results indicate that
DEEPSERVICE is highly accurate in identifying mobile users (over 93% accuracy).
The technique is also efficient and only takes less than 1 ms to perform
identification.Comment: 2017 Joint European Conference on Machine Learning and Knowledge
Discovery in Database
Android Based Behavioral Biometric Authentication via Multi-Modal Fusion
Because mobile devices are easily lost or stolen, continuous authentication is extremely desirable for them. Behavioral biometrics provides non-intrusive continuous authentication that has much less impact on usability than active authentication. However single-modality behavioral biometrics has proven less accurate than standard active authentication. This thesis presents a behavioral biometric system that uses multi-modal fusion with user data from touch, keyboard, and orientation sensors. Testing of ve users shows that fusion of modalities provides more accurate authentication than each individual modalities by itself. Using the BayesNet classification algorithm, fusion achieves False Acceptance Rate (FAR) and False Rejection Rate (FRR) values of 9.65% and 2% respectively, each of which is 8% lower than the closest individual modality
- …