Improving the Security of Smartwatch Payment with Deep Learning

Making contactless payments using a smartwatch is increasingly popular, but this payment medium lacks traditional biometric security measures such as facial or fingerprint recognition. In 2022, Sturgess et al. proposed WatchAuth, a system for authenticating smartwatch payments using the physical gesture of reaching towards a payment terminal. While effective, the system requires the user to undergo a burdensome enrolment period to achieve acceptable error levels. In this dissertation, we explore whether applications of deep learning can reduce the number of gestures a user must provide to enrol into an authentication system for smartwatch payment. We firstly construct a deep-learned authentication system that outperforms the current state-of-the-art, including in a scenario where the target user has provided a limited number of gestures. We then develop a regularised autoencoder model for generating synthetic user-specific gestures. We show that using these gestures in training improves classification ability for an authentication system. Through this technique we can reduce the number of gestures required to enrol a user into a WatchAuth-like system without negatively impacting its error rates.Comment: Master's thesis, 74 pages. 32 figure

Research on hybrid transformer-based autoencoders for user biometric verification

Our current study extends previous work on motion-based biometric verification using sensory data by exploring new architectures and more complex input from various sensors. Biometric verification offers advantages like uniqueness and protection against fraud. The state-of-the-art transformer architecture in AI is known for its attention block and applications in various fields, including NLP and CV. We investigated its potential value for applications involving sensory data. The research proposes a hybrid architecture, integrating transformer attention blocks with different autoencoders, to evaluate its efficacy for biometric verification and user authentication. Various configurations were compared, including LSTM autoencoder, transformer autoencoder, LSTM VAE, and transformer VAE. Results showed that combining transformer blocks with an undercomplete deterministic autoencoder yields the best performance, but model performance is significantly influenced by data preprocessing and configuration parameters. The application of transformers for biometric verification and sensory data appears promising, performing on par with or surpassing LSTM-based models but with lower inference and training time

Active Authentication using an Autoencoder regularized CNN-based One-Class Classifier

Active authentication refers to the process in which users are unobtrusively monitored and authenticated continuously throughout their interactions with mobile devices. Generally, an active authentication problem is modelled as a one class classification problem due to the unavailability of data from the impostor users. Normally, the enrolled user is considered as the target class (genuine) and the unauthorized users are considered as unknown classes (impostor). We propose a convolutional neural network (CNN) based approach for one class classification in which a zero centered Gaussian noise and an autoencoder are used to model the pseudo-negative class and to regularize the network to learn meaningful feature representations for one class data, respectively. The overall network is trained using a combination of the cross-entropy and the reconstruction error losses. A key feature of the proposed approach is that any pre-trained CNN can be used as the base network for one class classification. Effectiveness of the proposed framework is demonstrated using three publically available face-based active authentication datasets and it is shown that the proposed method achieves superior performance compared to the traditional one class classification methods. The source code is available at: github.com/otkupjnoz/oc-acnn.Comment: Accepted and to appear at AFGR 201

Harnessing the Power of Generative Models for Mobile Continuous and Implicit Authentication

Authenticating a user's identity lies at the heart of securing any information system. A trade off exists currently between user experience and the level of security the system abides by. Using Continuous and Implicit Authentication a user's identity can be verified without any active participation, hence increasing the level of security, given the continuous verification aspect, as well as the user experience, given its implicit nature. This thesis studies using mobile devices inertial sensors data to identify unique movements and patterns that identify the owner of the device at all times. We implement, and evaluate approaches proposed in related works as well as novel approaches based on a variety of machine learning models, specifically a new kind of Auto Encoder (AE) named Variational Auto Encoder (VAE), relating to the generative models family. We evaluate numerous machine learning models for the anomaly detection or outlier detection case of spotting a malicious user, or an unauthorised entity currently using the smartphone system. We evaluate the results under conditions similar to other works as well as under conditions typically observed in real-world applications. We find that the shallow VAE is the best performer semi-supervised anomaly detector in our evaluations and hence the most suitable for the design proposed. The thesis concludes with recommendations for the enhancement of the system and the research body dedicated to the domain of Continuous and Implicit Authentication for mobile security

Applying Machine Learning to enhance payments systems security

Ph. D. Thesis.During the last two decades, the economic losses because fraudulent card payment transactions have tripled. The significant percentage of losses is because of fraud on e-commerce transactions. Nowadays, there is a clear trend to use more and more mobile devices to make electronic purchases, and it is estimated that this trend will continue in the coming years. In the card payment scheme, big financial institutions process millions of transactions every day; thus, they can model the processed transactions to predict fraud. On the other hand, merchants process a much lower number of transactions, but they have access to valuable information that they can collect from the devices that users utilise during the transaction. In this thesis, we propose a series of measures to enhance the security of these two scenarios based on past transactional data and information collected from the users’ device. Most of the approaches proposed so far to model processed transactions were based on supervised Machine Learning techniques. We propose a fraud detection system for card payments based on an unsupervised machine learning technique; thus, the system may be able to recognise new patterns of fraud. On the other hand, we are looking far ahead, and because of the increment of use of mobile devices to conduct payments, we propose a series of measures to enhance the security of the mobile payment system. We have proposed a user identification and verification systems for smartphones. We base the identification and verification systems on motion data, so the systems will not require any explicit action from users

A Supervised ML Biometric Continuous Authentication System for Industry 4.0

Continuous authentication (CA) is a promising approach to authenticate workers and avoid security breaches in the industry, especially in Industry 4.0, where most interaction between workers and devices takes place. However, introducing CA in industries raises the following unsolved questions regarding machine learning (ML) models: its precision and performance; its robustness; and the issue about if or when to retrain the models. To answer these questions, this article explores these issues with a proposed supervised versus nonsupervised ML-based CA system that uses sensors, applications statistics, or speaker data collected by the operator’s devices. Experiments show supervised models with equal error rates of 7.28% using sensors data, 9.29% with statistics, and 0.31% with voice, a significant improvement of 71.97, 62.14, and 97.08%, respectively, over unsupervised models. Voice is the most robust dimension when adding new workers, with less than 2% of false acceptance rate even if workforce size is doubled

Consumer-facing technology fraud : economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks