DeFFusion: CNN-based Continuous Authentication Using Deep Feature Fusion

Smartphones have become crucial and important in our daily life, but the security and privacy issues have been major concerns of smartphone users. In this article, we present DeFFusion, a CNN-based continuous authentication system using Deep Feature Fusion for smartphone users by leveraging the accelerometer and gyroscope ubiquitously built into smartphones. With the collected data, DeFFusion first converts the time domain data into frequency domain data using the fast Fourier transform and then inputs both of them into a designed CNN, respectively. With the CNN-extracted features, DeFFusion conducts the feature selection utilizing factor analysis and exploits balanced feature concatenation to fuse these deep features. Based on the one-class SVM classifier, DeFFusion authenticates current users as a legitimate user or an impostor. We evaluate the authentication performance of DeFFusion in terms of impact of training data size and time window size, accuracy comparison on different features over different classifiers and on different classifiers with the same CNN-extracted features, accuracy on unseen users, time efficiency, and comparison with representative authentication methods. The experimental results demonstrate that DeFFusion has the best accuracy by achieving the mean equal error rate of 1.00% in a 5-second time window size.

Users’ Privacy Attitudes towards the Use of Behavioral Biometrics Continuous Authentication (BBCA) Technologies: A Protection Motivation Theory Approach

Smartphone user authentication based on passwords, PINs, and touch patterns raises several security concerns. Behavioral Biometrics Continuous Authentication (BBCA) technologies provide a promising solution which can increase smartphone security and mitigate users’ concerns. Until now, research in BBCA technologies has mainly focused on developing novel behavioral biometrics continuous authentication systems and their technical characteristics, overlooking users’ attitudes towards BBCA. To address this gap, we conducted a study grounded on a model that integrates users’ privacy concerns, trust in technology, and innovativeness with Protection Motivation Theory. A cross-sectional survey among 778 smartphone users was conducted via Amazon Mechanical Turk (MTurk) to explore the factors which can predict users’ intention to use BBCA technologies. Our findings demonstrate that privacy concerns towards intention to use BBCA technology have a significant impact on all components of PMT. Further to this, another important construct we identified that affects the usage intention of BBCA technology is innovativeness. Our findings posit the view that reliability and trustworthiness of security technologies, such as BBCA are important for users. Together, these results highlighted the importance of addressing users’ perceptions regarding BBCA technology.

A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA

As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, <underline>p</underline>rivacy-<underline>a</underline>ware, and secure <underline>c</underline>ontinuous <underline>a</underline>uthentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously authenticates users based on their biometrics in a privacy-aware manner. Then, we design an actual continuous user authentication system under the proposed protocol. In this concrete system, we utilize a privacy-aware template matching technique and a wearable-assisted keystroke dynamics-based continuous authentication method. This provides privacy guarantees without relying on any trusted third party while allowing the comparison of noisy user inputs (due to biometric data) and yielding an efficient and lightweight protocol. Finally, we implement our system on an Apple smartwatch and perform experiments with real user data to evaluate the accuracy and resource consumption of our concrete system.

Deep Learning Approaches for Continuous Authentication Based on Activity Patterns Using Mobile Sensing

Smartphones as ubiquitous gadgets are rapidly becoming more intelligent and context-aware as sensing, networking, and processing capabilities advance. These devices provide users with a comprehensive platform to undertake activities such as socializing, communicating, sending and receiving e-mails, and storing and accessing personal data at any time and from any location. Nowadays, smartphones are used to store a multitude of private and sensitive data including bank account information, personal identifiers, account passwords and credit card information. Many users remain permanently signed in and, as a result, their mobile devices are vulnerable to security and privacy risks through assaults by criminals. Passcodes, PINs, pattern locks, facial verification, and fingerprint scans are all susceptible to various assaults including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To solve these issues, this research introduces a new continuous authentication framework called DeepAuthen, which identifies smartphone users based on their physical activity patterns as measured by the accelerometer, gyroscope, and magnetometer sensors on their smartphone. We conducted a series of tests on user authentication using several deep learning classifiers, including our proposed deep learning network termed DeepConvLSTM on the three benchmark datasets UCI-HAR, WISDM-HARB and HMOG. Results demonstrated that combining various motion sensor data obtained the highest accuracy and energy efficiency ratio (EER) values for binary classification. We also conducted a thorough examination of the continuous authentication outcomes, and the results supported the efficacy of our framework.

Design and Implementation of Continuous Authentication Mechanism Based on Multimodal Fusion Mechanism

Most of the current authentication mechanisms adopt the “one-time authentication,” which authenticate users for initial access. Once users have been authenticated, they can access network services without further verifications. In this case, after an illegal user completes authentication through identity forgery or a malicious user completes authentication by hijacking a legitimate user, his or her behaviour will become uncontrollable and may result in unknown risks to the network. These kinds of insider attacks have been increasingly threatening lots of organizations, and have boosted the emergence of zero trust architecture. In this paper, we propose a Multimodal Fusion-based Continuous Authentication (MFCA) scheme, which collects multidimensional behaviour characteristics during the online process, verifies their identities continuously, and locks out the users once abnormal behaviours are detected to protect data privacy and prevent the risk of potential attack. More specifically, MFCA integrates the behaviours of keystroke, mouse movement, and application usage and presents a multimodal fusion mechanism and trust model to effectively figure out user behaviours. To evaluate the performance of the MFCA, we designed and implemented the MFCA system and the experimental results show that the MFCA can detect illegal users in quick time with high accuracy.

Zero Trust Access Control with Context-Aware and Behavior-Based Continuous Authentication for Smart Homes

Generally, approaches to build the security of Smart Home Systems (SHS) require big amount of data to implement Access Control and Intrusion Detection Systems, with storage in cloud, for instance, being a vulnerability to inhabitants privacy. Besides, most works rely on cloud computing or resources in the cloud to perform security tasks, what can be exploited by attackers. This work presents the ZASH (Zero-Aware Smart Home System), an Access Control for SHS. ZASH uses Continuous Authentication with Zero Trust, supported by real-time context and activity information, enabled by Edge Computing and Markov Chain, to prevent and mitigate impersonation attacks that aim to invade inhabitants privacy. An experimental evaluation demonstrated the system capability to dynamically adapt to new inhabitants behaviors withal blocking impersonation attacks.