Security, Privacy, and Usability in Continuous Authentication: A Survey

Continuous authentication has been proposed as a possible approach for passive and seamless user authentication, using sensor data comprising biometric, behavioral, and context-oriented characteristics. Since these are personal data being transmitted and are outside the control of the user, this approach causes privacy issues. Continuous authentication has security challenges concerning poor matching rates and susceptibility of replay attacks. The security issues are mainly poor matching rates and the problems of replay attacks. In this survey, we present an overview of continuous authentication and comprehensively discusses its different modes, and issues that these modes have related to security, privacy, and usability. A comparison of privacy-preserving approaches dealing with the privacy issues is provided, and lastly recommendations for secure, privacy-preserving, and user-friendly continuous authentication.

Download Full-text

Deep Learning Approaches for Continuous Authentication Based on Activity Patterns Using Mobile Sensing

Sensors ◽

10.3390/s21227519 ◽

2021 ◽

Vol 21 (22) ◽

pp. 7519

Author(s):

Sakorn Mekruksavanich ◽

Anuchit Jitpattanakul

Keyword(s):

Deep Learning ◽

Credit Card ◽

User Authentication ◽

Binary Classification ◽

Activity Patterns ◽

Personal Data ◽

Security And Privacy ◽

Sensor Data ◽

Learning Approaches ◽

Continuous Authentication

Smartphones as ubiquitous gadgets are rapidly becoming more intelligent and context-aware as sensing, networking, and processing capabilities advance. These devices provide users with a comprehensive platform to undertake activities such as socializing, communicating, sending and receiving e-mails, and storing and accessing personal data at any time and from any location. Nowadays, smartphones are used to store a multitude of private and sensitive data including bank account information, personal identifiers, account passwords and credit card information. Many users remain permanently signed in and, as a result, their mobile devices are vulnerable to security and privacy risks through assaults by criminals. Passcodes, PINs, pattern locks, facial verification, and fingerprint scans are all susceptible to various assaults including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To solve these issues, this research introduces a new continuous authentication framework called DeepAuthen, which identifies smartphone users based on their physical activity patterns as measured by the accelerometer, gyroscope, and magnetometer sensors on their smartphone. We conducted a series of tests on user authentication using several deep learning classifiers, including our proposed deep learning network termed DeepConvLSTM on the three benchmark datasets UCI-HAR, WISDM-HARB and HMOG. Results demonstrated that combining various motion sensor data obtained the highest accuracy and energy efficiency ratio (EER) values for binary classification. We also conducted a thorough examination of the continuous authentication outcomes, and the results supported the efficacy of our framework.

Download Full-text

A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA

ACM Transactions on Privacy and Security ◽

10.1145/3464690 ◽

2021 ◽

Vol 24 (4) ◽

pp. 1-28

Author(s):

Abbas Acar ◽

Shoukat Ali ◽

Koray Karabina ◽

Cengiz Kaygusuz ◽

Hidayet Aksu ◽

...

Keyword(s):

Template Matching ◽

User Authentication ◽

Third Party ◽

Biometric Data ◽

Concrete System ◽

Current State ◽

Continuous Authentication ◽

User Data ◽

Continuous User ◽

Privacy Issues

As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, <underline>p</underline>rivacy-<underline>a</underline>ware, and secure <underline>c</underline>ontinuous <underline>a</underline>uthentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously authenticates users based on their biometrics in a privacy-aware manner. Then, we design an actual continuous user authentication system under the proposed protocol. In this concrete system, we utilize a privacy-aware template matching technique and a wearable-assisted keystroke dynamics-based continuous authentication method. This provides privacy guarantees without relying on any trusted third party while allowing the comparison of noisy user inputs (due to biometric data) and yielding an efficient and lightweight protocol. Finally, we implement our system on an Apple smartwatch and perform experiments with real user data to evaluate the accuracy and resource consumption of our concrete system.

Download Full-text

Recent Technologies, Security Countermeasure and Ongoing Challenges of Industrial Internet of Things (IIoT): A Survey

Sensors ◽

10.3390/s21196647 ◽

2021 ◽

Vol 21 (19) ◽

pp. 6647

Author(s):

Soo Fun Tan ◽

Azman Samsudin

Keyword(s):

Internet Of Things ◽

Security Requirements ◽

Security And Privacy ◽

Security Architecture ◽

Industrial Internet Of Things ◽

Security Issues ◽

Industrial Internet ◽

Security Challenges ◽

Comprehensive Survey ◽

Privacy Issues

The inherent complexities of Industrial Internet of Things (IIoT) architecture make its security and privacy issues becoming critically challenging. Numerous surveys have been published to review IoT security issues and challenges. The studies gave a general overview of IIoT security threats or a detailed analysis that explicitly focuses on specific technologies. However, recent studies fail to analyze the gap between security requirements of these technologies and their deployed countermeasure in the industry recently. Whether recent industry countermeasure is still adequate to address the security challenges of IIoT environment are questionable. This article presents a comprehensive survey of IIoT security and provides insight into today’s industry countermeasure, current research proposals and ongoing challenges. We classify IIoT technologies into the four-layer security architecture, examine the deployed countermeasure based on CIA+ security requirements, report the deficiencies of today’s countermeasure, and highlight the remaining open issues and challenges. As no single solution can fix the entire IIoT ecosystem, IIoT security architecture with a higher abstraction level using the bottom-up approach is needed. Moving towards a data-centric approach that assures data protection whenever and wherever it goes could potentially solve the challenges of industry deployment.

Download Full-text

Challenges and Issues in Cloud Security for WBAN applications - A Systematic Survey

10.46532/978-81-950008-1-4_008 ◽

2020 ◽

pp. 34-47

Author(s):

Gomathy B ◽

Ramesh SM ◽

Shanmugavadivel G

Keyword(s):

Cloud Security ◽

Privacy Preserving ◽

Security And Privacy ◽

Security Model ◽

Cloud Environment ◽

Body Area ◽

Evaluation Strategies ◽

Security Challenges ◽

Privacy Issues ◽

Comprehensive Study

A systematic and comprehensive review of privacy preserving and security challenges in cloud environment is presented in this literature. Since, cloud supports various applications, it requires immediate attention for serious security and privacy issues. Research must focus on efficient security mechanism for cloud-based networks, also it is essential to explore the techniques to maintain the integrity and confidentiality of the data. This paper highlights research challenges and directions concerning the security as a comprehensive study through intensive analysis of various literatures in the last decade, and it is summarized in terms of architecture types, evaluation strategies and security model. We surveyed, investigated and reviewed the articles in every aspect related to security and privacy preserving concepts and identified the following tasks: 1) architecture of wireless body area networks in cloud, 2) security and privacy in cloud based WBAN, 3), Cloud security and privacy issues in cloud 4) diverse authentication and cryptographic approaches, 4) optimization strategies to improve the security performance.

Download Full-text

Anonymity of library users in The Netherlands and Croatia

New Library World ◽

10.1108/03074800810910441 ◽

2008 ◽

Vol 109 (9/10) ◽

pp. 407-418 ◽

Cited By ~ 2

Author(s):

Tessie Schepman ◽

Marian Koren ◽

Aleksandra Horvat ◽

Dejana Kurtovic ◽

Ivana Hebrang Grgic

Keyword(s):

The Netherlands ◽

New Technology ◽

Public Library ◽

Personal Data ◽

Joint Research ◽

Content Type ◽

Security Issues ◽

Joint Research Project ◽

Library Users ◽

Privacy Issues

PurposeThe purpose of this paper is to document a joint research project aimed at investigating the existing library practices regarding protection of personal data, in view of computerization of libraries and its consequences, and awareness of the privacy (anonymity) of the library users that was carried out simultaneously in The Netherlands and Croatia in the autumn of 2007.Design/methodology/approachThe research was a continuation of an ongoing cooperation between The Netherlands Public Library Association and the Department of Information Sciences, University of Zagreb. A questionnaire was developed based on previously conducted interviews with librarians and survey of recent literature on anonymity. It was carried out online via a special link on the web site of The Netherlands Public Library Association and sent by e‐mail to selected libraries in Croatia.FindingsReplies obtained from 65 Dutch and 33 Croatian libraries of all types have been compared and commented in the paper. The research shows that despite existing differences in library facilities librarians in both countries have not yet become fully aware of all aspects of privacy issues that new services provided by the new technology have brought about, nor received adequate training or taken appropriate measures.Research limitations/implicationsFurther research on library practices regarding data protection and measures and steps to be taken by libraries in order to improve the present inadequacies can be envisaged in future.Originality/valueThe paper provides information on data security issues in Dutch and Croatian libraries.

Download Full-text

Privacy-Preserving Sensor-Based Continuous Authentication and User Profiling: A Review

Sensors ◽

10.3390/s21010092 ◽

2020 ◽

Vol 21 (1) ◽

pp. 92

Author(s):

Luis Hernández-Álvarez ◽

José María de Fuentes ◽

Lorena González-Manzano ◽

Luis Hernández Encinas

Keyword(s):

State Of The Art ◽

User Authentication ◽

Privacy Preserving ◽

User Profiling ◽

Fundamental Aspect ◽

Continuous Authentication ◽

Private Data ◽

Professional Information ◽

Information Authentication ◽

Biometric Features

Ensuring the confidentiality of private data stored in our technological devices is a fundamental aspect for protecting our personal and professional information. Authentication procedures are among the main methods used to achieve this protection and, typically, are implemented only when accessing the device. Nevertheless, in many occasions it is necessary to carry out user authentication in a continuous manner to guarantee an allowed use of the device while protecting authentication data. In this work, we first review the state of the art of Continuous Authentication (CA), User Profiling (UP), and related biometric databases. Secondly, we summarize the privacy-preserving methods employed to protect the security of sensor-based data used to conduct user authentication, and some practical examples of their utilization. The analysis of the literature of these topics reveals the importance of sensor-based data to protect personal and professional information, as well as the need for exploring a combination of more biometric features with privacy-preserving approaches.

Download Full-text

IOT Security Challenges and Measures to Mitigate: Novel Perspectives

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.7.11081 ◽

2018 ◽

Vol 7 (2.7) ◽

pp. 854

Author(s):

Manas Kumar Yogi ◽

Y Himatej ◽

M Mahesh reddy

Keyword(s):

Smart Home ◽

Personal Data ◽

The Internet ◽

Iot Security ◽

Privacy Concerns ◽

Security Challenges ◽

Passive Data ◽

Iot Devices ◽

Privacy Issues ◽

The Internet Of Things

The Internet Of Things describes the ever-growing number of intelligent objects that are being connected to the internet and each other, smartphones, tablets, wearable technology and smart home devices are adopted into our everyday lives. The security of IOT is becoming more complex and may have a serious consequence. So, now we have many security challenges like privacy concerns, routine cryptography, passive data collection etc. Many people hide personal data in social media to eliminate these sort of privacy issues but common man nowadays is becoming a passive participant due to lack of security in these IOT devices that are surrounding us.

Download Full-text

Personal Security in the Application of Online Software in the Technology Period 4.0

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i4.1425 ◽

2021 ◽

Vol 12 (4) ◽

pp. 1686-1689

Author(s):

Nguyen Tan Danh

Keyword(s):

Cloud Computing ◽

New Technology ◽

Cloud Security ◽

Great Success ◽

Security Measures ◽

Preventive Action ◽

Security Issues ◽

New Concepts ◽

Security Challenges ◽

User Friendly

Over the three industrial revolutions, man has achieved great achievements. But besides that great success will always go hand in hand with many problems that arise. Because the rate at which technology develops is directly proportional to the threats it poses. The emergence of new technology requires researchers and students to pay attention to discover new threats to make it reliable and user-friendly. In the meantime 4.0 cloud computing is a new technology model. Security issues in cloud computing are considered one of the biggest obstacles besides the broad benefits of cloud computing. New concepts introduced by the cloud create new challenges for the security community. Addressing these challenges requires, in addition to the ability to cultivate and adjust security measures developed for other systems, to propose new security policies, models and protocols to address optimal and effective cloud security challenges. In this article, we provide comprehensive research on cloud security including classification of known security threats and advanced practices in attempting to address these threats. The paper also provides classification dependency and provides solutions in the form of preventive action rather than proactive action.

Download Full-text

Implementasi Keamanan pada Transaksi Data Menggunakan Sertifikat Digital X.509

Jurnal ULTIMATICS ◽

10.31937/ti.v8i1.496 ◽

2017 ◽

Vol 8 (1) ◽

pp. 1-10

Author(s):

Is Mardianto ◽

Kuswandi Kuswandi

Keyword(s):

Mobile Phone ◽

Web Service ◽

Data Exchange ◽

User Authentication ◽

Digital Certificate ◽

Security Issues ◽

Diffie Hellman ◽

Digital Certificates ◽

Mobile Phone Applications ◽

Secure Hash Algorithm

Security issues have become a major issue on the Internet. One of the security methods that are widely used today is to implement a digital certificate. Digital certificates have evolved over time, one of which is the X.509 digital certificate. Digital certificates have been widely used as authentication applications, web network authentication and other authentication systems that require digital certificates. This research is carried out by implementing an X.509 digital certificate technology as a mobile web service with its client. Secure Hash Algorithm (SHA), Diffie-Hellman, and Advanced Encryption Standard (AES) are used to secure the data exchange transaction between the web service and mobile phone. SHA algorithm will be used for user authentication, Diffie-Hellman algorithm will be used for public key exchange and AES algorithms will be used for symmetric cryptography data. The results of the application of digital certificates, the SHA algorithm, Diffie-Hellman, and AES in mobile phone applications, provide security application running on web service. Index Terms—Digital Certificate, X.509, SHA, Diffie Hellman, AES

Download Full-text

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

10.2196/preprints.17896 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira

Keyword(s):

Information Systems ◽

Identity Management ◽

Personal Data ◽

Public Hospitals ◽

Hospital Environment ◽

Security Measures ◽

Eu Member States ◽

Security Issues ◽

Management Processes ◽

Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Download Full-text