A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA

As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, <underline>p</underline>rivacy-<underline>a</underline>ware, and secure <underline>c</underline>ontinuous <underline>a</underline>uthentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously authenticates users based on their biometrics in a privacy-aware manner. Then, we design an actual continuous user authentication system under the proposed protocol. In this concrete system, we utilize a privacy-aware template matching technique and a wearable-assisted keystroke dynamics-based continuous authentication method. This provides privacy guarantees without relying on any trusted third party while allowing the comparison of noisy user inputs (due to biometric data) and yielding an efficient and lightweight protocol. Finally, we implement our system on an Apple smartwatch and perform experiments with real user data to evaluate the accuracy and resource consumption of our concrete system.

Download Full-text

Continuous User Authentication Based on Keystroke Dynamics through Neural Network Committee Machines

Continuous Authentication Using Biometrics ◽

10.4018/978-1-61350-129-0.ch011 ◽

2011 ◽

pp. 232-252

Author(s):

Sérgio Roberto de Lima e Silva Filho ◽

Mauro Roisenberg

Keyword(s):

Neural Network ◽

Neural Networks ◽

User Authentication ◽

Keystroke Dynamics ◽

Continuous Authentication ◽

Biometric Characteristic ◽

Continuous User ◽

Computer Keyboard

This chapter proposes an authentication methodology that is both inexpensive and non-intrusive and authenticates users continuously while using a computer keyboard. This proposed methodology uses neural network committee machines. The committee consists of several independent neural networks trained to recognize a behavioral biometric characteristic: user’s typing pattern. Continuous authentication prevents potential attacks when users leave their desks without logging out or locking their computer session. Some experiments were conducted to evaluate and to calibrate the authentication committee. Best results show that a 0% FAR and a 0.15% FRR can be achieved when different thresholds are used in the system for each user. In this proposed methodology, capture system does not need to concern about typing errors in the text. Another feature of this methodology is that new users can be easily added to the system, with no need to re-train all neural networks involved.

Download Full-text

Examining User Verification Schemes, Safety and Secrecy Issues Affecting M-Banking: Systematic Literature Review

10.31124/advance.15164289.v1 ◽

2021 ◽

Author(s):

Nadire Cavus ◽

Yakubu Bala Mohammed ◽

Mohammed Bulama ◽

Muhammad Lamir Isah

Keyword(s):

Web Of Science ◽

User Authentication ◽

Third Party ◽

Security And Privacy ◽

Online Fraud ◽

Study Results ◽

User Authentication Scheme ◽

Authentication Schemes ◽

Account Information ◽

Privacy Issues

Nowadays, movable banking apps are thriving in international pecuniary market due to its flexibility and convenience, especially during COVID-19 pandemic lock-down. Despites these benefits, its development continues to face a lot of challenges due to security, privacy, and authentication issues, especially in developing nations where elegant technologies and explicit cyberspace laws remain an issue. This study used PRISMA approach to systematically reviewed present m-banking studies with aims of identifying other security and privacy issues, and user authentication schemes challenges. Six scholarly databases of; IEEE Xplore, EBSCOhost, Science Direct, Scopus, Taylor and Francis, and Web of Science were searched. 38 articles were carefully read and analyzed meticulously. The study results exposed customers fear of third-party intrusion through other apps, device lost or theft with account information, financial loses, and absence of clear cyberspace laws to be the main safety and privacy issues. Also, the results found that the present authentication schemes used by banks are becoming weak and open to various attacks due to increase in online fraud. Thus, proposed two frameworks for investigating other dimensions of risk and trust factors, and for design of new user authentication scheme. Lastly, missing gaps in current studies, and direction for upcoming studies are mentioned.

Download Full-text

User Authentication based on Continuous Touch Biometrics

South African Computer Journal ◽

10.18489/sacj.v28i2.374 ◽

2016 ◽

Vol 28 (2) ◽

Cited By ~ 1

Author(s):

Christina J Kroeze ◽

Katherine Mary Malan

Keyword(s):

Mobile Devices ◽

Real World ◽

User Authentication ◽

Classification Algorithms ◽

Biometric Data ◽

Continuous Authentication ◽

Touch Interaction ◽

Finger Pressure

Mobile devices such as smartphones have until now been protected by traditional authentication methods, including passwords or pattern locks. These authentication mechanisms are difficult to remember and are often disabled, leaving the device vulnerable if stolen. This paper investigates the possibility of unobtrusive, continuous authentication for smartphones based on biometric data collected using a touchscreen. The possibility of authenticating users on a smartphone was evaluated by conducting an experiment simulating real-world touch interaction. Touch data was collected from 30 participants during normal phone use. The touch features were analysed in terms of the information provided for authentication. It was found that features such as finger pressure, location of touch interaction and shape of the finger were important discriminators for authentication. The touch data was also analysed using two classification algorithms to measure the authentication accuracy. The results show that touch data is sufficiently distinct between users to be used in authentication without disrupting normal touch interaction. It is also shown that the raw touch data was more effective in authentication than the aggregated gesture data.

Download Full-text

TKCA: a timely keystroke-based continuous user authentication with short keystroke sequence in uncontrolled settings

Cybersecurity ◽

10.1186/s42400-021-00075-9 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Lulu Yang ◽

Chen Li ◽

Ruibang You ◽

Bibo Tu ◽

Linghui Li

Keyword(s):

Short Term Memory ◽

State Of The Art ◽

User Authentication ◽

Natural Setting ◽

Short Text ◽

Current State ◽

Continuous User ◽

Series Of Experiments ◽

Lstm Network ◽

The Relationship

AbstractKeystroke-based behavioral biometrics have been proven effective for continuous user authentication. Current state-of-the-art algorithms have achieved outstanding results in long text or short text collected by doing some tasks. It remains a considerable challenge to authenticate users continuously and accurately with short keystroke inputs collected in uncontrolled settings. In this work, we propose a Timely Keystroke-based method for Continuous user Authentication, named TKCA. It integrates the key name and two kinds of timing features through an embedding mechanism. And it captures the relationship between context keystrokes by the Bidirectional Long Short-Term Memory (Bi-LSTM) network. We conduct a series of experiments to validate it on a public dataset - the Clarkson II dataset collected in a completely uncontrolled and natural setting. Experiment results show that the proposed TKCA achieves state-of-the-art performance with 8.28% of EER when using only 30 keystrokes and 2.78% of EER when using 190 keystrokes.

Download Full-text

Continuous User Authentication Based on Keystroke Dynamics through Neural Network Committee Machines

IT Policy and Ethics ◽

10.4018/978-1-4666-2919-6.ch019 ◽

2013 ◽

pp. 410-429

Author(s):

Sérgio Roberto de Lima e Silva Filho ◽

Mauro Roisenberg

Keyword(s):

Neural Network ◽

Neural Networks ◽

User Authentication ◽

Keystroke Dynamics ◽

Continuous Authentication ◽

Biometric Characteristic ◽

Continuous User ◽

Computer Keyboard

Download Full-text

On keystrokes as Continuous User Biometric Authentication

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f9301.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 4149-4153

Keyword(s):

User Authentication ◽

Support Vector ◽

Free Text ◽

Biometric Authentication ◽

Text Input ◽

Continuous Authentication ◽

Online Examination ◽

Continuous User ◽

Authentication System ◽

Identification Phase

Authentication of a user through an ID and password is generally done at the start of a session. But the continuous authentication system observe the genuineness of the user throughout the entire session, and not at login only. In this paper, we propose the usage of keystroke dynamics as biometric trait for continuous user authentication in desktop platform. Biometric Authentication involves mainly three phases named as enrollment phase, verification phase and identification phase. The identification phase marks the accessed user as an authenticated only if the input pattern matches with the profile pattern otherwise the system is logout. The proposed Continuous User Biometric Authentication (CUBA) System is based on free text input from keyboard. There is no restriction on input data during Enrolment, Verification, and Identification phase. Unsupervised One-class Support Vector Machine is used to classify the authenticated user’s input from all the other inputs. This continuous authentication system can be used in many areas like in Un-proctored online examination systems, Intrusion & Fraud Detection Systems, Areas where user alertness is required for entire period e.g. Controlling Air Traffic etc.

Download Full-text

Security, Privacy, and Usability in Continuous Authentication: A Survey

Sensors ◽

10.3390/s21175967 ◽

2021 ◽

Vol 21 (17) ◽

pp. 5967

Author(s):

Ahmed Fraz Baig ◽

Sigurd Eskeland

Keyword(s):

User Authentication ◽

Personal Data ◽

Privacy Preserving ◽

Sensor Data ◽

Security Issues ◽

Replay Attacks ◽

Continuous Authentication ◽

Security Challenges ◽

User Friendly ◽

Privacy Issues

Continuous authentication has been proposed as a possible approach for passive and seamless user authentication, using sensor data comprising biometric, behavioral, and context-oriented characteristics. Since these are personal data being transmitted and are outside the control of the user, this approach causes privacy issues. Continuous authentication has security challenges concerning poor matching rates and susceptibility of replay attacks. The security issues are mainly poor matching rates and the problems of replay attacks. In this survey, we present an overview of continuous authentication and comprehensively discusses its different modes, and issues that these modes have related to security, privacy, and usability. A comparison of privacy-preserving approaches dealing with the privacy issues is provided, and lastly recommendations for secure, privacy-preserving, and user-friendly continuous authentication.

Download Full-text

Multimodal Continuous User Authentication on Mobile Devices via Interaction Patterns

Wireless Communications and Mobile Computing ◽

10.1155/2021/5677978 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Xiaomei Zhang ◽

Pengming Zhang ◽

Haomin Hu

Keyword(s):

Mobile Devices ◽

User Authentication ◽

User Interaction ◽

Behavior Modeling ◽

Interaction Patterns ◽

Hand Motion ◽

Static Interaction ◽

Continuous Authentication ◽

Multimodal Systems ◽

Continuous User

Behavior-based continuous authentication is an increasingly popular methodology that utilizes behavior modeling and sensing for authentication and account access authorization. As an appearing behavioral biometric, user interaction patterns with mobile devices focus on verifying their identity in terms of their features or operating styles while interacting with devices. However, unimodal continuous authentication schemes, which are on the basis of a single source of interaction information, can only deal with a particular action or scenario. Hence, multimodal systems should be taken to suit for various environmental conditions especially in circumstances of attacks. In this paper, we propose a multimodal continuous authentication method both based on static interaction patterns and dynamic interaction patterns with mobile devices. Behavioral biometric features, HMHP, which is combined hand motion (HM) and hold posture (HP), are essentially established upon the touch screen and accelerator and capture the variation model of microhand motions and hold patterns generated in both dynamic and static scenes. By combining the features of HM and HP, the fusion feature HMHP achieves 97% accuracy with a 3.49% equal error rate.

Download Full-text

Continuous User Authentication on Touchscreen Using Behavioral Biometrics Utilizing Machine Learning Approaches

Handbook of Research on Multimedia Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2701-6.ch013 ◽

2020 ◽

pp. 243-281 ◽

Cited By ~ 1

Author(s):

Amany Sarhan ◽

Ahmed Ramadan

Keyword(s):

Machine Learning ◽

User Authentication ◽

Features Selection ◽

Learning Approaches ◽

Touch Input ◽

Continuous Authentication ◽

Classification Framework ◽

Continuous User ◽

Level Model ◽

High Level

Nowadays, touchscreen mobile devices make up a larger share in the market, necessitating effective and robust methods to continuously authenticate touch-based device users. A classification framework is proposed that learns the touch behavior of a user and is able afterwards to authenticate users by monitoring their behavior in performing input touch actions. Two models of features are built; the low-level features (stoke-level) model or the high-level abstracted features (session-level) model. In building these models, two different methods for features selection and data classification were weighted features and PCA. Two classification algorithms were used; ANN and SVM. The experimental results indicate the possibility of continuous authentication for touch-input users with higher promises for session-level features than stroke-level features. Authors found out that using weighted features method and artificial neural networks in building the session-level model yields the most efficient and accurate behavioral biometric continuous user authentication.

Download Full-text

A flexible authentication scheme for smart home networks using app interactions and machine learning

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-189075 ◽

2020 ◽

Vol 39 (5) ◽

pp. 6009-6020

Author(s):

Yosef Ashibani ◽

Qusay H. Mahmoud

Keyword(s):

Machine Learning ◽

Smart Home ◽

User Authentication ◽

Authentication Scheme ◽

Home Networks ◽

Flexible Machine ◽

Continuous Authentication ◽

Continuous User ◽

Access Patterns ◽

Application Access

Smartphones have now become ubiquitous for accessing and controlling home appliances in smart homes, a popular application of the Internet of Things. User authentication on smartphones is mostly achieved at initial access. However, without applying a continuous authentication process, the network will be susceptible to unauthorized users. This issue emphasizes the importance of offering a continuous authentication scheme to identify the current user of the device. This can be achieved by extracting information during smartphone usage, including application access patterns. In this paper, we present a flexible machine learning user authentication scheme for smart home networks based on smartphone usage. Considering that users may run their smartphone applications differently during different day time intervals as well as different days of the week, new features are extracted by considering this information. The scheme is evaluated on a real-world dataset for continuous user authentication. The results show that the presented scheme authenticates users with high accuracy.

Download Full-text