Mobiles and wearables: owner biometrics and authentication

We discuss the design and development of HCI models for authentication based on gait and gesture that can be supported by mobile and wearable equipment. The paper proposes to use such biometric behavioral traits for partially transparent and continuous authentication by means of behavioral patterns. © 2016 Copyright held by the owner/author(s)

Identifying Users with Wearable Sensors based on Activity Patterns

We live in a world where ubiquitous systems surround us in the form of automated homes, smart appliances and wearable devices. These ubiquitous systems not only enhance productivity but can also provide assistance given a variety of different scenarios. However, these systems are vulnerable to the risk of unauthorized access, hence the ability to authenticate the end-user seamlessly and securely is important. This paper presents an approach for user identification given the physical activity patterns captured using on-body wearable sensors, such as accelerometer, gyroscope, and magnetometer. Three machine learning classifiers have been used to discover the activity patterns of users given the data captured from wearable sensors. The recognition results prove that the proposed scheme can effectively recognize a user’s identity based on his/her daily living physical activity patterns

An Approach to Software Development for Continuous Authentication of Smart Wearable Device Users

abstract: With the recent expansion in the use of wearable technology, a large number of users access personal data with these smart devices. The consumer market of wearables includes smartwatches, health and fitness bands, and gesture control armbands. These smart devices enable users to communicate with each other, control other devices, relax and work out more effectively. As part of their functionality, these devices store, transmit, and/or process sensitive user personal data, perhaps biological and location data, making them an abundant source of confidential user information. Thus, prevention of unauthorized access to wearables is necessary. In fact, it is important to effectively authenticate users to prevent intentional misuse or alteration of individual data. Current authentication methods for the legitimate users of smart wearable devices utilize passcodes, and graphical pattern based locks. These methods have the following problems: (1) passcodes can be stolen or copied, (2) they depend on conscious user inputs, which can be undesirable to a user, (3) they authenticate the user only at the beginning of the usage session, and (4) they do not consider user behavior or they do not adapt to evolving user behavior. In this thesis, an approach is presented for developing software for continuous authentication of the legitimate user of a smart wearable device. With this approach, the legitimate user of a smart wearable device can be authenticated based on the user's behavioral biometrics in the form of motion gestures extracted from the embedded sensors of the smart wearable device. The continuous authentication of this approach is accomplished by adapting the authentication to user's gesture pattern changes. This approach is demonstrated by using two comprehensive datasets generated by two research groups, and it is shown that this approach achieves better performance than existing methods.Dissertation/ThesisMasters Thesis Software Engineering 201

On the Feasibility of Low-Cost Wearable Sensors for Multi-Modal Biometric Verification

Biometric systems designed on wearable technology have substantial differences from traditional biometric systems. Due to their wearable nature, they generally capture noisier signals and can only be trained with signals belonging to the device user (biometric verification). In this article, we assess the feasibility of using low-cost wearable sensors—photoplethysmogram (PPG), electrocardiogram (ECG), accelerometer (ACC), and galvanic skin response (GSR)—for biometric verification. We present a prototype, built with low-cost wearable sensors, that was used to capture data from 25 subjects while seated (at resting state), walking, and seated (after a gentle stroll). We used this data to evaluate how the different combinations of signals affected the biometric verification process. Our results showed that the low-cost sensors currently being embedded in many fitness bands and smart-watches can be combined to enable biometric verification. We report and compare the results obtained by all tested configurations. Our best configuration, which uses ECG, PPG and GSR, obtained 0.99 area under the curve and 0.02 equal error rate with only 60 s of training data. We have made our dataset public so that our work can be compared with proposals developed by other researchers.This work was supported by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks) and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV—Security mechanisms for fog computing: advanced security for devices)

Securing PIN-based Authentication in Smartwatches With just Two Gestures

Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful devices, it also makes them very attractive targets for attackers. Indeed, PINs and Pattern Lock have been widely used in smartwatches for user authentication. However, such authentication methods are not robust against various forms of cybersecurity attacks, such as side channel, phishing, smudge, shoulder surfing, and video recording attacks. Moreover, the recent adoption of hardware-based solutions, like the Trusted Execution Environment (TEE), can mitigate only partially such problems. Thus, the user’s security and privacy are at risk without a strong authentication scheme in place. In this work, we propose 2GesturePIN, a new authentication framework that allows users to authenticate securely to their smartwatches and related sensitive services through solely two gestures. 2GesturePIN leverages the rotating bezel or crown, which are the most intuitive ways to interact with a smartwatch, as a dedicated hardware. 2GesturePIN improves the resilience of the regular PIN authentication method against state-of-the-art cybersecurity attacks while maintaining a high level of usability

Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing

Smartphones are inescapable devices, which are becoming more and more intelligent and context-aware with emerging sensing, networking, and computing capabilities. They offer a captivating platform to the users for performing a wide variety of tasks including socializing, communication, sending or receiving emails, storing and accessing personal data etc. at anytime and anywhere. Nowadays, loads of people tend to store different types of private and sensitive data in their smartphones including bank account details, personal identifiers, accounts credentials, and credit card details. A lot of people keep their personal e-accounts logged in all the time in their mobile devices. Hence, these mobile devices are prone to different security and privacy threats and attacks from the attackers. Commonly used approaches for securing mobile devices such as passcode, PINs, pattern lock, face recognition, and fingerprint scan are vulnerable and exposed to several attacks including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To address these challenges, a novel continuous authentication scheme is presented in this study, which recognizes smartphone users on the basis of their physical activity patterns using accelerometer, gyroscope, and magnetometer sensors of smartphone. A series of experiments are performed for user recognition using different machine learning classifiers, where six different activities are analyzed for multiple locations of smartphone on the user's body. SVM classifier achieved the best results for user recognition with an overall average accuracy of 97.95%. A comprehensive analysis of the user recognition results validates the efficiency of the proposed scheme

Identifying Smartphone Users based on their Activity Patterns via Mobile Sensing

Smartphones are ubiquitous devices that enable users to perform many of their routine tasks anytime and anywhere. With the advancement in information technology, smartphones are now equipped with sensing and networking capabilities that provide context-awareness for a wide range of applications. Due to ease of use and access, many users are using smartphones to store their private data, such as personal identifiers and bank account details. This type of sensitive data can be vulnerable if the device gets lost or stolen. The existing methods for securing mobile devices, including passwords, PINs and pattern locks are susceptible to many bouts such as smudge attacks. This paper proposes a novel framework to protect sensitive data on smartphones by identifying smartphone users based on their behavioral traits using smartphone embedded sensors. A series of experiments have been conducted for validating the proposed framework, which demonstrate its effectiveness