Attribute-based continuous user authentication on mobile devices

Behavior-based continuous authentication is an increasingly popular methodology that utilizes behavior modeling and sensing for authentication and account access authorization. As an appearing behavioral biometric, user interaction patterns with mobile devices focus on verifying their identity in terms of their features or operating styles while interacting with devices. However, unimodal continuous authentication schemes, which are on the basis of a single source of interaction information, can only deal with a particular action or scenario. Hence, multimodal systems should be taken to suit for various environmental conditions especially in circumstances of attacks. In this paper, we propose a multimodal continuous authentication method both based on static interaction patterns and dynamic interaction patterns with mobile devices. Behavioral biometric features, HMHP, which is combined hand motion (HM) and hold posture (HP), are essentially established upon the touch screen and accelerator and capture the variation model of microhand motions and hold patterns generated in both dynamic and static scenes. By combining the features of HM and HP, the fusion feature HMHP achieves 97% accuracy with a 3.49% equal error rate.

Download Full-text

Continuous Mobile User Authentication Using Combined Biometric Traits

Applied Sciences ◽

10.3390/app112411756 ◽

2021 ◽

Vol 11 (24) ◽

pp. 11756

Author(s):

Dominik Reichinger ◽

Erik Sonnleitner ◽

Marc Kurz

Keyword(s):

Mobile Devices ◽

State Of The Art ◽

User Authentication ◽

Single Point ◽

Mobile User ◽

Accelerometer Data ◽

Point Of Entry ◽

Current State ◽

Continuous User ◽

Data Points

Current state of the art authentication systems for mobile devices primarily rely on single point of entry authentication which imposes several flaws. For example, an attacker obtaining an unlocked device can potentially use and exploit it until the screen gets locked again. With continuous mobile user authentication, a system is embedded into the mobile devices, which continuously monitors biometric features of the person using the device, to validate if those monitored inputs match and therefore were made by the previously authenticated user. We start by giving an introduction towards the state of the art of currently used authentication systems and address related problems. For our main contribution we then propose, implement and discuss a continuous user authentication system for the Android ecosystem, which continuously monitors and records touch, accelerometer and timestamp data, and run experiments to gather data from multiple subjects. After feature extraction and normalization, a Hidden Markov Model is employed using an unsupervised learning approach as classifier and integrated into the Android application for further system evaluation and experimentation. The final model achieves an Area Under Curve of up to 100% while maintaining an Equal Error Rate of 1.34%. This is done by combining position and accelerometer data using gestures with at least 50 data points and averaging the prediction result of 25 consecutive gestures.

Download Full-text

A continuous user authentication scheme for mobile devices

2016 14th Annual Conference on Privacy, Security and Trust (PST) ◽

10.1109/pst.2016.7906944 ◽

2016 ◽

Cited By ~ 6

Author(s):

Max Smith-Creasey ◽

Muttukrishnan Rajarajan

Keyword(s):

Mobile Devices ◽

User Authentication ◽

Authentication Scheme ◽

Continuous User ◽

User Authentication Scheme

Download Full-text

A Framework for Continuous Authentication Based on Touch Dynamics Biometrics for Mobile Banking Applications

Sensors ◽

10.3390/s21124212 ◽

2021 ◽

Vol 21 (12) ◽

pp. 4212

Author(s):

Priscila Morais Argôlo Bonfim Estrela ◽

Robson de Oliveira Albuquerque ◽

Dino Macedo Amaral ◽

William Ferreira Giozza ◽

Rafael Timóteo de Sousa Júnior

Keyword(s):

User Authentication ◽

Internet Banking ◽

Supervised Machine Learning ◽

Smart Devices ◽

Static Verification ◽

User Behaviors ◽

Legitimate User ◽

Continuous User ◽

Mobile Banking Applications ◽

Effective Layer

As smart devices have become commonly used to access internet banking applications, these devices constitute appealing targets for fraudsters. Impersonation attacks are an essential concern for internet banking providers. Therefore, user authentication countermeasures based on biometrics, whether physiological or behavioral, have been developed, including those based on touch dynamics biometrics. These measures take into account the unique behavior of a person when interacting with touchscreen devices, thus hindering identitification fraud because it is hard to impersonate natural user behaviors. Behavioral biometric measures also balance security and usability because they are important for human interfaces, thus requiring a measurement process that may be transparent to the user. This paper proposes an improvement to Biotouch, a supervised Machine Learning-based framework for continuous user authentication. The contributions of the proposal comprise the utilization of multiple scopes to create more resilient reasoning models and their respective datasets for the improved Biotouch framework. Another contribution highlighted is the testing of these models to evaluate the imposter False Acceptance Error (FAR). This proposal also improves the flow of data and computation within the improved framework. An evaluation of the multiple scope model proposed provides results between 90.68% and 97.05% for the harmonic mean between recall and precision (F1 Score). The percentages of unduly authenticated imposters and errors of legitimate user rejection (Equal Error Rate (EER)) are between 9.85% and 1.88% for static verification, login, user dynamics, and post-login. These results indicate the feasibility of the continuous multiple-scope authentication framework proposed as an effective layer of security for banking applications, eventually operating jointly with conventional measures such as password-based authentication.

Download Full-text