A Framework for Continuous Authentication Based on Touch Dynamics Biometrics for Mobile Banking Applications

As smart devices have become commonly used to access internet banking applications, these devices constitute appealing targets for fraudsters. Impersonation attacks are an essential concern for internet banking providers. Therefore, user authentication countermeasures based on biometrics, whether physiological or behavioral, have been developed, including those based on touch dynamics biometrics. These measures take into account the unique behavior of a person when interacting with touchscreen devices, thus hindering identitification fraud because it is hard to impersonate natural user behaviors. Behavioral biometric measures also balance security and usability because they are important for human interfaces, thus requiring a measurement process that may be transparent to the user. This paper proposes an improvement to Biotouch, a supervised Machine Learning-based framework for continuous user authentication. The contributions of the proposal comprise the utilization of multiple scopes to create more resilient reasoning models and their respective datasets for the improved Biotouch framework. Another contribution highlighted is the testing of these models to evaluate the imposter False Acceptance Error (FAR). This proposal also improves the flow of data and computation within the improved framework. An evaluation of the multiple scope model proposed provides results between 90.68% and 97.05% for the harmonic mean between recall and precision (F1 Score). The percentages of unduly authenticated imposters and errors of legitimate user rejection (Equal Error Rate (EER)) are between 9.85% and 1.88% for static verification, login, user dynamics, and post-login. These results indicate the feasibility of the continuous multiple-scope authentication framework proposed as an effective layer of security for banking applications, eventually operating jointly with conventional measures such as password-based authentication.

A Review of Verification and Validation for Space Autonomous Systems

Purpose of Review The deployment of hardware (e.g., robots, satellites, etc.) to space is a costly and complex endeavor. It is of extreme importance that on-board systems are verified and validated through a variety of verification and validation techniques, especially in the case of autonomous systems. In this paper, we discuss a number of approaches from the literature that are relevant or directly applied to the verification and validation of systems in space, with an emphasis on autonomy. Recent Findings Despite advances in individual verification and validation techniques, there is still a lack of approaches that aim to combine different forms of verification in order to obtain system-wide verification of modular autonomous systems. Summary This systematic review of the literature includes the current advances in the latest approaches using formal methods for static verification (model checking and theorem proving) and runtime verification, the progress achieved so far in the verification of machine learning, an overview of the landscape in software testing, and the importance of performing compositional verification in modular systems. In particular, we focus on reporting the use of these techniques for the verification and validation of systems in space with an emphasis on autonomy, as well as more general techniques (such as in the aeronautical domain) that have been shown to have potential value in the verification and validation of autonomous systems in space.

Gray-box monitoring of hyperproperties with an application to privacy

Runtime verification is a complementary approach to testing, model checking and other static verification techniques to verify software properties. Monitorability characterizes what can be verified (monitored) at run time. Different definitions of monitorability have been given both for trace properties and for hyperproperties (properties defined over sets of traces), but these definitions usually cover only some aspects of what is important when characterizing the notion of monitorability. The first contribution of this paper is a refinement of classic notions of monitorability both for trace properties and hyperproperties, taking into account, among other things, the computability of the monitor. A second contribution of our work is to show that black-box monitoring of HyperLTL (a logic for hyperproperties) is in general unfeasible, and to suggest a gray-box approach in which we combine static and runtime verification. The main idea is to call a static verifier as an oracle at run time allowing, in some cases, to give a final verdict for properties that are considered to be non-monitorable under a black-box approach. Our third contribution is the instantiation of this solution to a privacy property called distributed data minimization which cannot be verified using black-box runtime verification. We use an SMT-based static verifier as an oracle at run time. We have implemented our gray-box approach for monitoring data minimization into the proof-of-concept tool Minion. We describe the tool and apply it to a few case studies to show its feasibility.

Gobra: Modular Specification and Verification of Go Programs

Go is an increasingly-popular systems programming language targeting, especially, concurrent and distributed systems. Go differentiates itself from other imperative languages by offering structural subtyping and lightweight concurrency through goroutines with message-passing communication. This combination of features poses interesting challenges for static verification, most prominently the combination of a mutable heap and advanced concurrency primitives.We present Gobra, a modular, deductive program verifier for Go that proves memory safety, crash safety, data-race freedom, and user-provided specifications. Gobra is based on separation logic and supports a large subset of Go. Its implementation translates an annotated Go program into the Viper intermediate verification language and uses an existing SMT-based verification backend to compute and discharge proof obligations.

Helmholtz: A Verifier for Tezos Smart Contracts Based on Refinement Types

A smart contract is a program executed on a blockchain, based on which many cryptocurrencies are implemented, and is being used for automating transactions. Due to the large amount of money that smart contracts deal with, there is a surging demand for a method that can statically and formally verify them.This tool paper describes our type-based static verification tool Helmholtz for Michelson, which is a statically typed stack-based language for writing smart contracts that are executed on the blockchain platform Tezos. Helmholtz is designed on top of our extension of Michelson’s type system with refinement types. Helmholtz takes a Michelson program annotated with a user-defined specification written in the form of a refinement type as input; it then typechecks the program against the specification based on the refinement type system, discharging the generated verification conditions with the SMT solver Z3. We briefly introduce our refinement type system for the core calculus Mini-Michelson of Michelson, which incorporates the characteristic features such as compound datatypes (e.g., lists and pairs), higher-order functions, and invocation of another contract. Helmholtz successfully verifies several practical Michelson programs, including one that transfers money to an account and that checks a digital signature.

A Comparative Study on Transformation of UML/OCL to Other Specifications

Background: Static verification is a sound programming methodology that permits automated reasoning about the correctness of an implementation with respect to its formal specification before its execution. Unified Modelling Language is most commonly used modelling language which describes the client’s requirement. Object Constraint Language is a formal language which allows users to express textual constraints regarding the UML model. Therefore, UML/OCL express formal specification and helps the developers to implement the code according to the client’s requirement through software design. Objective: This paper aims to compare the existing approaches generating Java, C++, C# code or JML, Spec# specifications from UML/OCL. Methods: Nowadays, software system is developed via automatic code generation from software design to implementation when using formal specification and static analysis. In this paper, the study considers transformation from design to implementation and vice versa using model transformation, code generation or other techniques. Results: The related tools, which generate codes, do not support verification at the implementation phase. On the other hand, the specification generation tools do not generate all the required properties which are needed for verification at the implementation phase. Conclusion: If the generated system supports the verification with all required properties, code developer needs less efforts to produce correct software system. Therefore, this study recommends introducing a new framework which can act as an interface between design and implementation to generate verified software systems.

A Hybrid Set of Handwriting Features for Handwritten Recognition

Handwriting of each person is unique since each person has their own unique and different style of handwriting. Handwriting verification can be performed in two ways, dynamic and static. The dynamic verification process is the writer dependent whereas the static verification process is the writer independent procedure. The features can be spatial, structural, statistical, geometrical, graphological, and from other feature extraction techniques. In this work, we are considering the combination of multilevel feature set for writer recognition and identification purpose. A dataset of different handwriting samples collected from 100 different writers is used for this experiment. A decision tree classifier with random forest implementation is used for recognition and identification of writer with 98.2% accuracy.

Bagged ensemble of fuzzy classifiers and feature selection for handwritten signature verification

Handwritten signature verification is an important research area in the field of person authentication and biometric identification. There are two known methods for handwriting signature verification: if it is possible to digitize the speed of pen movement, then verification is said to be on-line or dynamic; otherwise, when only an image of handwriting is available, verification is said to be off-line or static. It is proved that when using dynamic verification, a greater accuracy is achieved than when using static verification. In the present work, the amplitudes, frequencies, and phases of the harmonics extracted from the signature signals of the X and Y coordinates of the pen movement using a discrete Fourier transform are used as characteristics of the signature. All signals are pre-processed in advance, including the elimination of gaps, the elimination of the angle of inclination, the normalization of position and scaling. A fuzzy classifier is proposed as a signature verification tool based on the features obtained. The work examines the effectiveness of this tool in the ensemble, as well as using a procedure for feature selection. To build an ensemble of classifiers, a well-known bagging method is used, and the feature selection is based on the determination of mutual information between a feature and a class of an object. Experiments on signature verification on the SVC2004 data set with the construction of a fuzzy classifier and ensembles of three, five, seven and nine fuzzy classifiers were conducted. Experiments were carried out both with the use of the feature selection procedure and without selection. The efficiency of the classifiers constructed is compared with each other and with known analogues: decision trees, support vector machines, discriminant analysis and k-nearest neighbors.