GANTouch: An Attack-Resilient Framework for Touch-based Continuous Authentication System

Previous studies have shown that commonly studied (vanilla) implementations of touch-based continuous authentication systems (V-TCAS) are susceptible to active adversarial attempts. This study presents a novel Generative Adversarial Network assisted TCAS (G-TCAS) framework and compares it to the V-TCAS under three active adversarial environments viz. Zero-effort, Population, and Random-vector. The Zero-effort environment was implemented in two variations viz. Zero-effort (same-dataset) and Zero-effort (cross-dataset). The first involved a Zero-effort attack from the same dataset, while the second used three different datasets. G-TCAS showed more resilience than V-TCAS under the Population and Random-vector, the more damaging adversarial scenarios than the Zero-effort. On average, the increase in the false accept rates (FARs) for V-TCAS was much higher (27.5% and 21.5%) than for G-TCAS (14% and 12.5%) for Population and Random-vector attacks, respectively. Moreover, we performed a fairness analysis of TCAS for different genders and found TCAS to be fair across genders. The findings suggest that we should evaluate TCAS under active adversarial environments and affirm the usefulness of GANs in the TCAS pipeline.Comment: 11 pages, 7 figures, 2 tables, 3 algorithms, in IEEE TBIOM 202

LiReK: A lightweight and real-time key establishment scheme for wearable embedded devices by gestures or motions

With the recent trend in wearable technology adoption, the security of these wearable devices has been the subject of scrutiny. Traditional cryptographic schemes such as key establishment schemes are not practical for deployment on the (resource-constrained) wearable devices, due to the limitations in their computational capabilities (e.g. limited battery life). Thus, in this study, we propose a lightweight and real-time key establishment scheme for wearable devices by leveraging the integrated accelerometer. Specifically, we introduce a novel way for users to initialize a shared key using random shakes/movements on their wearable devices. Construction of the real-time key is based on the users’ motion (e.g. walking), which does not require the data source for key construction in different devices worn by the same user to be matching. To address the known limitations on the regularity and predictability of gait, we propose a new quantization method to select data that involve noise and uncertain factors when generating secure random number. This enhances the security of the derived key. Our evaluations demonstrate that the matching rate of the shake-to-generate secret key is up to 91.00% and the corresponding generation rate is 2.027 bit/s, and devices worn on human participant’s chest, waist, wrist and carried in the participant’s pocket can generate 4.405, 4.089, 6.089 and 3.204 bits random number per second for key generation, respectively