268 research outputs found
Mobile Device Background Sensors: Authentication vs Privacy
The increasing number of mobile devices in recent years has caused the collection of a large amount of personal information that needs to be protected. To this aim, behavioural biometrics has become very popular. But, what is the discriminative power of mobile behavioural biometrics in real scenarios? With the success of Deep Learning (DL), architectures based on Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs), such as Long Short-Term Memory (LSTM), have shown improvements compared to traditional machine learning methods. However, these DL architectures still have limitations that need to be addressed. In response, new DL architectures like Transformers have emerged. The question is, can these new Transformers outperform previous biometric approaches? To answers to these questions, this thesis focuses on behavioural biometric authentication with data acquired from mobile background sensors (i.e., accelerometers and gyroscopes). In addition, to the best of our knowledge, this is the first thesis that explores and proposes novel behavioural biometric systems based on Transformers, achieving state-of-the-art results in gait, swipe, and keystroke biometrics. The adoption of biometrics requires a balance between security and privacy. Biometric modalities provide a unique and inherently personal approach for authentication. Nevertheless, biometrics also give rise to concerns regarding the invasion of personal privacy. According to the General Data Protection Regulation (GDPR) introduced by the European Union, personal data such as biometric data are sensitive and must be used and protected properly. This thesis analyses the impact of sensitive data in the performance of biometric systems and proposes a novel unsupervised privacy-preserving approach. The research conducted in this thesis makes significant contributions, including: i) a comprehensive review of the privacy vulnerabilities of mobile device sensors, covering metrics for quantifying privacy in relation to sensitive data, along with protection methods for safeguarding sensitive information; ii) an analysis of authentication systems for behavioural biometrics on mobile devices (i.e., gait, swipe, and keystroke), being the first thesis that explores the potential of Transformers for behavioural biometrics, introducing novel architectures that outperform the state of the art; and iii) a novel privacy-preserving approach for mobile biometric gait verification using unsupervised learning techniques, ensuring the protection of sensitive data during the verification process
BehaveFormer: A Framework with Spatio-Temporal Dual Attention Transformers for IMU enhanced Keystroke Dynamics
Continuous Authentication (CA) using behavioural biometrics is a type of
biometric identification that recognizes individuals based on their unique
behavioural characteristics, like their typing style. However, the existing
systems that use keystroke or touch stroke data have limited accuracy and
reliability. To improve this, smartphones' Inertial Measurement Unit (IMU)
sensors, which include accelerometers, gyroscopes, and magnetometers, can be
used to gather data on users' behavioural patterns, such as how they hold their
phones. Combining this IMU data with keystroke data can enhance the accuracy of
behavioural biometrics-based CA. This paper proposes BehaveFormer, a new
framework that employs keystroke and IMU data to create a reliable and accurate
behavioural biometric CA system. It includes two Spatio-Temporal Dual Attention
Transformer (STDAT), a novel transformer we introduce to extract more
discriminative features from keystroke dynamics. Experimental results on three
publicly available datasets (Aalto DB, HMOG DB, and HuMIdb) demonstrate that
BehaveFormer outperforms the state-of-the-art behavioural biometric-based CA
systems. For instance, on the HuMIdb dataset, BehaveFormer achieved an EER of
2.95\%. Additionally, the proposed STDAT has been shown to improve the
BehaveFormer system even when only keystroke data is used. For example, on the
Aalto DB dataset, BehaveFormer achieved an EER of 1.80\%. These results
demonstrate the effectiveness of the proposed STDAT and the incorporation of
IMU data for behavioural biometric authentication
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
M-GaitFormer: Mobile biometric gait verification using Transformers
Mobile devices such as smartphones and smartwatches are part of our everyday life, acquiring large amount of personal information that needs to be properly secured. Among the different authentication techniques, behavioural biometrics has become a very popular method as it allows authentication in a non-intrusive and continuous way. This study proposes M-GaitFormer, a novel mobile biometric gait verification system based on Transformer architectures. This biometric system only considers the accelerometer and gyroscope data acquired by the mobile device. A complete analysis of the proposed M-GaitFormer is carried out using the popular available databases whuGAIT and OU-ISIR. M-GaitFormer achieves Equal Error Rate (EER) values of 3.42% and 2.90% on whuGAIT and OU-ISIR, respectively, outperforming other state-of-the-art approaches based on popular Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs)
Continuous touchscreen biometrics: authentication and privacy concerns
In the age of instant communication, smartphones have become an integral part of our daily lives, with a significant portion of the population using them for a variety of tasks such as messaging, banking, and even recording sensitive health information. However, the increasing reliance on smartphones has also made them a prime target for cybercriminals, who can use various tactics to gain access to our sensitive data. In light of this, it is crucial that individuals and organisations prioritise the security of their smartphones to protect against the abundance of threats around us. While there are dozens of methods to verify the identity of users before granting them access to a device, many of them lack effectiveness in terms of usability and potential vulnerabilities.
In this thesis, we aim to advance the field of touchscreen biometrics which promises to alleviate some of the recurring issues. This area of research deals with the use of touch interactions, such as gestures and finger movements, as a means of identifying or authenticating individuals. First, we provide a detailed explanation of the common procedure for evaluating touch-based authentication systems and examine the potential pitfalls and concerns that can arise during this process. The impact of the pitfalls is evaluated and quantified on a newly collected large-scale dataset. We also discuss the prevalence of these issues in the related literature and provide recommendations for best practices when developing continuous touch-based authentication systems. Then we provide a comprehensive overview of the techniques that are commonly used for modelling touch-based authentication, including the various features, classifiers, and aggregation methods that are employed in this field. We compare the approaches under controlled, fair conditions in order to determine the top-performing techniques. Based on our findings, we introduce methods that outperform the current state-of-the-art.
Finally, as a conclusion to our advancements in the development of touchscreen authentication technology, we explore any negative effects our work may cause to an ordinary user of mobile websites and applications. In particular, we look into any threats that can affect the privacy of the user, such as tracking them and revealing their personal information based on their behaviour on smartphones
How Unique do we Move? : Understanding the Human Body and Context Factors for User Identification
Past work showed great promise in biometric user identification and authentication through exploiting specific features of specific body parts. We investigate human motion across the whole body, to explore what parts of the body exhibit more unique movement patterns, and are more suitable to identify users in general. We collect and analyze full-body motion data across various activities (e.g., sitting, standing), handheld objects (uni- or bimanual), and tasks (e.g., watching TV or walking). Our analysis shows, e.g., that gait as a strong feature amplifies when carrying items, game activity elicits more unique behaviors than texting on a smartphone, and motion features are robust across body parts whereas posture features are more robust across tasks. Our work provides a holistic reference on how context affects human motion to identify us across a variety of factors, useful to inform researchers and practitioners of behavioral biometric systems on a large scale
Defensa en profundidad en sistemas de control de accesos mediante autenticación continua
La seguridad de los sistemas de información depende, en gran medida, de que el proceso de control de accesos funcione correctamente. Pero, en los modelos clásicos, la identidad del operador sólo se autentica en momentos puntuales. Tras décadas de implantación de dispositivos móviles en la sociedad [2], se encuentran presentes en prácticamente todos los procesos de negocio, pero estos activos sufren de debilidades en la gestión de su seguridad: no se ubican en perímetros de red bien definidos y bastionables, son más susceptibles de ser robados, etc.; y en un modelo clásico de control de accesos, una vez iniciada la sesión, careceríamos de medidas para combatir estas amenazas. Activar el proceso de autenticación periódicamente sería molesto y contraproducente, pero mediante biometría conductual (i.e., caracterizando la identidad de un usuario por cómo se comporta con el sistema), sí podría implementarse un sistema que validase la identidad del operador sin interferir en su sesión de trabajo: un sistema de autenticación continua. En esta tesis se aborda cómo la autenticación continua puede ayudar a mitigar los riesgos comentados, convirtiéndose en una tecnología diferenciadora al implantar medidas de defensa en profundidad en los sistemas de control de accesos. Al no existir un criterio claro para definir la autenticación continua, en primer lugar se ha desarrollado un estudio sistemático de la literatura, que permite caracterizar este área de investigación. En el segundo artículo se plantea un caso de uso, donde se refuerza la seguridad de un sistema distribuido aplicando principios de la autenticación continua; evidenciando al mismo tiempo las carencias de los sistemas dinámicos, y acotando la definición de autenticación continua. Finalmente, se estudia, experimentalmente, el rendimiento de 7 algoritmos supervisados de clasificación en el ámbito de la autenticación continua. Este estudio, junto con los resultados previos, sirve de soporte a la toma de decisiones en la implantación de la autenticación continua. Fija una base homogénea de conocimiento, que permite comparar las particularidades de estos algoritmos en el procesado de datos de biometría conductual, y discute su utilidad en función de los requisitos del sistema de control de accesos. Esta tesis evidencia que el uso de autenticación continua contribuye a la defensa en profundidad de los sistemas de control de accesos, especialmente, aunque exclusivamente, a la de aquellos con un operador cuya sesión de trabajo debe ser autenticada
SwipeFormer: Transformers for mobile touchscreen biometrics
The growing number of mobile devices over the past few years brings a large amount of personal information, which needs to be properly protected. As a result, several mobile authentication methods have been developed. In particular, behavioural biometrics has become one of the most relevant methods due to its ability to extract the uniqueness of each subject in a secure, non-intrusive, and continuous way. This article presents SwipeFormer, a novel Transformer-based system for mobile subject authentication by means of swipe gestures in an unconstrained scenario (i.e., subjects could use their personal devices freely, without restrictions on the direction of swipe gestures or the position of the device). Our proposed system contains two modules: (i) a Transformer-based feature extractor, and (ii) a similarity computation module. Mobile data from the touchscreen and different background sensors (accelerometer and gyroscope) have been studied, including in the analysis both Android and iOS operating systems. A complete analysis of SwipeFormer is carried out using an in-house large-scale database acquired in unconstrained scenarios. In these operational conditions, SwipeFormer achieves Equal Error Rate (EER) values of 6.6% and 3.6% on Android and iOS respectively, outperforming the state of the art. In addition, we evaluate SwipeFormer on the popular publicly available databases Frank DB and HuMIdb, achieving EER values of 11.0% and 5.0% respectively, outperforming previous approaches under the same experimental setup
Internet and Biometric Web Based Business Management Decision Support
Internet and Biometric Web Based Business Management Decision Support
MICROBE
MOOC material prepared under
IO1/A5 Development of the MICROBE personalized MOOCs content and teaching materials
Prepared by:
A. Kaklauskas, A. Banaitis, I. Ubarte
Vilnius Gediminas Technical University, Lithuania
Project No: 2020-1-LT01-KA203-07810
Recommended from our members
Novelty detection for risk-based user authentication on mobile devices
User authentication acts as the first line of defense verifying the identity of a mobile user, often as a prerequisite to allow access to resources in a mobile device. For several decades, user authentication was based on the “something the user knows”, known also as knowledge-based user authentication. Recent studies state that although knowledge-based user authentication has been the most popular for authenticating an individual, nowadays it is no more considered secure and convenient for the mobile user as it is imposing several limitations. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Toward this direction, user authentication based on the “something the user is” has caught the attention. This category includes authentication methods which make use of human physical characteristics (also referred to as physiological biometrics), or involuntary actions (also referred to as behavioral biometrics). In particular, risk-based user authentication based on behavioral biometrics appears to have the potential to increase mobile authentication security without sacrificing usability. In this context, we, firstly, present an overview of user authentication on mobile devices and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, a set of novelty detection algorithms for risk estimation is tested and evaluated to identify the most appropriate ones for risk-based user authentication on mobile devices
- …