Implicit Sensor-based Authentication of Smartphone Users with Smartwatch

Smartphones are now frequently used by end-users as the portals to cloud-based services, and smartphones are easily stolen or co-opted by an attacker. Beyond the initial log-in mechanism, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data, whether in the cloud or in the smartphone. But attackers who have gained access to a logged-in smartphone have no incentive to re-authenticate, so this must be done in an automatic, non-bypassable way. Hence, this paper proposes a novel authentication system, iAuth, for implicit, continuous authentication of the end-user based on his or her behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We design a system that gives accurate authentication using machine learning and sensor data from multiple mobile devices. Our system can achieve 92.1% authentication accuracy with negligible system overhead and less than 2% battery consumption.Comment: Published in Hardware and Architectural Support for Security and Privacy (HASP), 201

Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the smartphone user based on behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We propose novel context-based authentication models to differentiate the legitimate smartphone owner versus other users. We systematically show how to achieve high authentication accuracy with different design alternatives in sensor and feature selection, machine learning techniques, context detection and multiple devices. Our system can achieve excellent authentication performance with 98.1% accuracy with negligible system overhead and less than 2.4% battery consumption.Comment: Published on the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017. arXiv admin note: substantial text overlap with arXiv:1703.0352

Activity-Based User Authentication Using Smartwatches

Smartwatches, which contain an accelerometer and gyroscope, have recently been used to implement gait and gesture- based biometrics; however, the prior studies have long-established drawbacks. For example, data for both training and evaluation was captured from single sessions (which is not realistic and can lead to overly optimistic performance results), and in cases when the multi-day scenario was considered, the evaluation was often either done improperly or the results are very poor (i.e., greater than 20% of EER). Moreover, limited activities were considered (i.e., gait or gestures), and data captured within a controlled environment which tends to be far less realistic for real world applications. Therefore, this study remedies these past problems by training and evaluating the smartwatch-based biometric system on data from different days, using large dataset that involved the participation of 60 users, and considering different activities (i.e., normal walking (NW), fast walking (FW), typing on a PC keyboard (TypePC), playing mobile game (GameM), and texting on mobile (TypeM)). Unlike the prior art that focussed on simply laboratory controlled data, a more realistic dataset, which was captured within un-constrained environment, is used to evaluate the performance of the proposed system. Two principal experiments were carried out focusing upon constrained and un-constrained environments. The first experiment included a comprehensive analysis of the aforementioned activities and tested under two different scenarios (i.e., same and cross day). By using all the extracted features (i.e., 88 features) and the same day evaluation, EERs of the acceleration readings were 0.15%, 0.31%, 1.43%, 1.52%, and 1.33% for the NW, FW, TypeM, TypePC, and GameM respectively. The EERs were increased to 0.93%, 3.90%, 5.69%, 6.02%, and 5.61% when the cross-day data was utilized. For comparison, a more selective set of features was used and significantly maximize the system performance under the cross day scenario, at best EERs of 0.29%, 1.31%, 2.66%, 3.83%, and 2.3% for the aforementioned activities respectively. A realistic methodology was used in the second experiment by using data collected within unconstrained environment. A light activity detection approach was developed to divide the raw signals into gait (i.e., NW and FW) and stationary activities. Competitive results were reported with EERs of 0.60%, 0% and 3.37% for the NW, FW, and stationary activities respectively. The findings suggest that the nature of the signals captured are sufficiently discriminative to be useful in performing transparent and continuous user authentication.University of Kuf

Continuous authentication based on data from smart devices

As technology moves forward to offer the user custom information, based on their activity, their habits, their hobbies… User authentication advances and provides them with ways to verify their identity with data that no one else possess, such as fingerprints, and it is becoming more popular. More devices are entering in the market, wearables, which provide an enhanced user experience by expanding the functionalities offered by a computer or a smartphone, and they are being incorporated to the user identification process. This thesis presents an approach to user authentication based on their movement, collecting data from an accelerometer placed on a smartwatch, to find out if it is a valid metric to distinguish among users when they are performing day to day activities. The recognition task is relied on artificial intelligence techniques, employing machine learning algorithms to generate a model that recognises a user and the activity that is being carried out, and a graphical user interface is provided so that users can try the system and incorporate new information. Using Waikato University developed software for machine learning algorithms, the system is developed using Python and Texas Instruments eZ430-Chronos smartwatch, and has been tested on a real environment, where several users were asked to perform different activities while wearing the watch.Según se mueve la tecnología hacia la personalización de la información basada en la actividad de los usuarios, sus hábitos y hobbies… La identificación de los usuarios avanza para proporcionar formas de verificación particulares para cada uno y que no posee nadie más, como es el caso del reconocimiento mediante la huella dactilar, y cada día gana más aceptación entre los usuarios. Los constantes lanzamientos de nuevos dispositivos weareables, que proporcionan una experiencia de usuario mejorada, ofrecen nuevas funcionalidades que extienden las que ya proporcionan los ordenadores o dispositivos móviles, y su uso se está incorporando a la verificación de usuarios. A lo largo de este trabajo se presenta un nuevo enfoque a la identificación de usuario basado en su movimiento, recolectando datos de un acelerómetro situado en un smartwatch, para averiguar si es una forma válida de diferenciar entre usuarios cuando están realizando actividades comunes del día a día. La tarea de identificación se confía a la inteligencia artificial, utilizando algoritmos de aprendizaje automático para generar modelos que sean capaces de reconocer a un usuario y la actividad que están realizando. Además, se proporciona una interfaz de usuario para que los usuarios puedan probar el sistema y ampliarlo con nuevos datos. Empleando el software de aprendizaje automático desarrollado por la Universidad de Waikato, el sistema está realizado en Python, usando el smartwatch Texas Instruments eZ460-Chronos, y ha sido probado en un entorno real donde se pidió a distintos usuarios que realizasen varias actividades mientras llevaban puesto el reloj.Ingeniería Informátic

Secure Pick Up: Implicit Authentication When You Start Using the Smartphone

We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate the users. Our SPU outperforms the state-of-the-art implicit authentication mechanisms in three main aspects: 1) SPU automatically learns the user's behavioral pattern without requiring a large amount of training data (especially those of other users) as previous methods did, making it more deployable. Towards this end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW) algorithm to effectively quantify similarities between users' pick-up movements; 2) SPU does not rely on a remote server for providing further computational power, making SPU efficient and usable even without network access; and 3) our system can adaptively update a user's authentication model to accommodate user's behavioral drift over time with negligible overhead. Through extensive experiments on real world datasets, we demonstrate that SPU can achieve authentication accuracy up to 96.3% with a very low latency of 2.4 milliseconds. It reduces the number of times a user has to do explicit authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies (SACMAT) 201