Adversary Models for Mobile Device Authentication

Mayrhofer, René; Sigg, Stephan

doi:10.1145/3477601

Cited by 12 publications

(10 citation statements)

References 249 publications

(316 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [30], a dynamic feature selection for hand-writing is developed to enhance the authentication performance. However, these solutions are still not perfect: signals used in these works are generated from biochemical effect [2], [26], [28], which are weak and are not directly measured thus needs a high signal-to-noise ratio environment; or are sent from other devices [27], which face common problems in machine-to-machine authentication, as in [31], [32]. The approaches in [29], [30] heavily rely on online servers and can hardly be performed in an offline manner.…”

Section: B Biometrics-driven Explicit Authenticationmentioning

confidence: 99%

PresSafe: Barometer-Based On-Screen Pressure-Assisted Implicit Authentication for Smartphones

Yao

Tao

Gao

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

Graphic-pattern-based implicit authentication has been successfully exploited to elevate the security of smartphones. On-screen pressure is one of the key features in such approach since it can reveal users' touch pattern. However, state-of-the-art approaches rely on a system API to obtain on-screen pressure, which is not adequately accurate and cannot meet the demands of robust implicit authentication. To bridge this gap, we propose PresSafe, a novel implicit authentication system that utilizes the smartphone's built-in barometer sensor to measure pressure during the unlocking process, and to utilize the pressure data in authentication. A key technical challenge in utilizing barometer sensing, however, is to understand the user activity through measured pressure. To overcome this challenge, PresSafe leverages barometer data along with data from other conventional but heterogeneous ambient sensors to produce accurate and robust user activity descriptions. PresSafe utilizes a transfer learning based hybrid workflow to integrate user activity representation learning with a lightweight classical authentication algorithm to obtain a unified model. This approach offloads computational cost from the terminal and addresses privacy concerns. To ensure applicability of our approach despite data heterogeneity and insufficient training data, we utilize a channel-adaptive data processing mechanism. Extensive experiments utilizing more than 70,000 records from 23 volunteers in 6 different locations show that PresSafe achieves an FAR of 0.45 %, an FRR of 0.49 %, and an EER of 0.47 %, which clearly demonstrate its superiority over several existing solutions.

show abstract

Section: B Biometrics-driven Explicit Authenticationmentioning

confidence: 99%

PresSafe: Barometer-Based On-Screen Pressure-Assisted Implicit Authentication for Smartphones

Yao

Tao

Gao

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…R1: ability to inject data into the authentication pipeline [22], R2: access to the target's biometric samples [24], and R3: reproduction of samples by training imitators (human, machine, or human+machine) in real-time [23]. Based on the amount of effort needed to meet these requirements, ongoing discussion on the Strength of Function for Authenticators by the National Institute of Standards and Technology (NIST) [21], and a recent survey [25], we group the adversarial scenarios into the following three groups.…”

Section: Adversarial Scenarios For Tcasmentioning

confidence: 99%

GANTouch: An Attack-Resilient Framework for Touch-Based Continuous Authentication System

Agrawal

Mehrotra

Kumar

et al. 2022

IEEE Trans. Biom. Behav. Identity Sci.

View full text Add to dashboard Cite

Previous studies have shown that commonly studied (vanilla) implementations of touch-based continuous authentication systems (V-TCAS) are susceptible to active adversarial attempts. This study presents a novel Generative Adversarial Network assisted TCAS (G-TCAS) framework and compares it to the V-TCAS under three active adversarial environments viz. Zero-effort, Population, and Random-vector. The Zero-effort environment was implemented in two variations viz. Zero-effort (same-dataset) and Zero-effort (cross-dataset). The first involved a Zero-effort attack from the same dataset, while the second used three different datasets. G-TCAS showed more resilience than V-TCAS under the Population and Random-vector, the more damaging adversarial scenarios than the Zero-effort. On average, the increase in the false accept rates (FARs) for V-TCAS was much higher (27.5% and 21.5%) than for G-TCAS (14% and 12.5%) for Population and Random-vector attacks, respectively. Moreover, we performed a fairness analysis of TCAS for different genders and found TCAS to be fair across genders. The findings suggest that we should evaluate TCAS under active adversarial environments and affirm the usefulness of GANs in the TCAS pipeline.

show abstract

“…Most of them were college graduates (60.1%), followed by high school graduates (28.3%), post graduates (10.4%) and only 2% participants with less than a high school education. Age-wise, 45.7% were in the [35][36][37][38][39][40][41][42][43][44] bracket, 24.3% in [25][26][27][28][29][30][31][32][33][34], 13.9% in [45][46][47][48][49][50][51][52][53][54], 9.8% in [55][56][57][58][59][60][61][62][63][64], and 6.4% in [18][19][20][21][22][23][24]. Asked about their QR code usage, 32.4% reported using QR codes "regularly," 56.1% "only when QR codes were preffered" type of information exchange, and 11.6% said "only when QR codes were required.…”

Section: Main Quishing Studymentioning

confidence: 99%

“…Most of them were college graduates (58.1%), followed by high school graduates (32.3%), post graduates (8.9%) and only 0.1% participants with less than a high school education. Age-wise, 44.4% were in the [35][36][37][38][39][40][41][42][43][44] bracket, 24.2% in [25][26][27][28][29][30][31][32][33][34], 12.9% in [45][46][47][48][49][50][51][52][53][54], 15.3% in [55][56][57][58][59][60][61][62][63][64], and 3.2% in [18][19][20][21][22][23][24].…”

Section: Quishing Security Indicators (Rq4)mentioning

confidence: 99%

See 1 more Smart Citation

Gone Quishing: A Field Study of Phishing with Malicious QR Codes

Sharevski¹,

Devine²,

Pieroni³

et al. 2022

Preprint

View full text Add to dashboard Cite

The COVID-19 pandemic enabled quishing, or phishing with malicious QR codes, as they became a convenient go-between for sharing URLs, including malicious ones. To explore the quishing phenomenon, we conducted a 173-participant study where we used a COVID-19 digital passport sign-up trial with a malicious QR code as a pretext. We found that 67 % of the participants were happy to sign-up with their Google or Facebook credentials, 18.5% to create a new account, and only 14.5% to skip on the sign-up. Convenience was the single most cited factor for the willingness to yield participants' credentials. Reluctance of linking personal accounts with new services was the reason for creating a new account or skipping the registration. We also developed a Quishing Awareness Scale (QAS) and found a significant relationship between participants' QR code behavior and their sign-up choices: the ones choosing to sign-up with Facebook scored the lowest while the one choosing to skip the highest on average. We used our results to propose quishing awareness training guidelines and develop and test usable security indicators for warning users about the threat of quishing. CCS CONCEPTS• Security and privacy → Social aspects of security and privacy; Usability in security and privacy.

show abstract

Adversary Models for Mobile Device Authentication

Cited by 12 publications

References 249 publications

PresSafe: Barometer-Based On-Screen Pressure-Assisted Implicit Authentication for Smartphones

PresSafe: Barometer-Based On-Screen Pressure-Assisted Implicit Authentication for Smartphones

GANTouch: An Attack-Resilient Framework for Touch-Based Continuous Authentication System

Gone Quishing: A Field Study of Phishing with Malicious QR Codes

Contact Info

Product

Resources

About