Leveraging Battery Usage from Mobile Devices for Active Authentication

Spooren, Jan; Preuveneers, Davy; Joosen, Wouter

doi:10.1155/2017/1367064

Cited by 16 publications

(11 citation statements)

References 29 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various research approaches have been introduced in the existing literature to explore feasibility in continuous authentication throughout the user login session and the non-intrusive authentication process to analyze frequent user interaction with the system. Recent trends in the existing literature have shown that user identities can be validated through multiple Behaviometrics, such as keystroke dynamics, CPU and RAM usage [39], mouse movements [40], accelerometers [41] fingerprints [42], and browsing behavior [43]. A detailed description of such an authentication process based on Behaviometrics can be found in the existing literature [44][45][46].…”

Section: ) Behaviometrics Authenticationmentioning

confidence: 99%

A Frictionless and Secure User Authentication in Web-Based Premium Applications

Olanrewaju

Khan²,

Morshidi

et al. 2021

IEEE Access

View full text Add to dashboard Cite

By and large authentication systems employed for web-based applications primarily utilize a conventional username and password-based schemes, which can be compromised easily. Currently, there is an evolution of various complex user authentication schemes based on the sophisticated methodology of encryption. However, many of these schemes suffer from either low impact full consequences or offer security at higher resource dependence. Furthermore, the majority of these schemes don't consider dynamic threat and attack strategies when the clients are exposed to unidentified attack environments. Hence, this paper proposes a secure user authentication mechanism for web applications with a frictionless experience. An automated authentication scheme is designed based on user behaviour login events. The uniqueness of user identity is validated in the proposed system at the login interface, followed by implying an appropriate user authentication process. The authentication process is executed under four different login mechanisms, which depend on the profiler and the authenticator function. The profiler uses user behavioural data, including login session time, device location, browser, and details of accessed web services. The system processes these data and generates a user profile via a profiler using the authenticator function. The authenticator provides a login mechanism to the user to perform the authentication process. After successful login attempts, the proposed system updates database for future evaluation in the authentication process. The study outcome shows that the proposed system excels to other authentication schemes for an existing web-based application. The proposed method, when comparatively examined, is found to offer approximately a 10% reduction in delay, 7% faster response time, and 11% minimized memory usage compared with existing authentication schemes for premium web-based applications.

show abstract

Section: ) Behaviometrics Authenticationmentioning

confidence: 99%

A Frictionless and Secure User Authentication in Web-Based Premium Applications

Olanrewaju

Khan²,

Morshidi

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Different authentication modalities have been proposed, e.g. keystroke dynamics, gait authentication [27], bioimpedence [28], battery level [29], etc. These differ in applicability, availability and security.…”

Section: Multi-modal Behaviometricsmentioning

confidence: 99%

Managing distributed trust relationships for multi-modal authentication

hamme

Preuveneers

Joosen

2018

Journal of Information Security and Applications

Self Cite

View full text Add to dashboard Cite

Multi-modal active authentication schemes fuse decisions of multiple behavioral biometrics (behaviometrics) to reduce identity verification errors. The challenge that we address in this work is the security risk caused by these decision fusion schemes making invalid assumptions, such as a fixed probability of (in)correct recognition and a temporal congruence of behaviometrics. To mitigate this risk, this paper presents a formal trust model that drives the behaviometric selection and composition. Our trust model adopts a hybrid approach combining policy and reputation based knowledge representation techniques. Our model and framework (1) externalizes trust knowledge from the authentication logic to achieve loosely coupled trust management, and (2) formalizes this knowledge in description logic to reason upon and broker complex distributed trust relationships to make risk-adaptive decisions for multi-modal authentication. The evaluation of our proof-of-concept illustrates an acceptable performance overhead while lifting the burden of manual trust and behaviometric management for multi-modal authentication.

show abstract

“…Initially used to track users on the web, browser fingerprinting has recently been identified as a promising authentication factor [3,4,43,53,54,58]. It consists into collecting the values of attributes from a web browser (e.g., the UserAgent HTTP header [47], the screen resolution, the way it draws a picture [38]) to build a fingerprint.…”

Section: Introductionmentioning

confidence: 99%

FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

Andriamilanto

Allard

Guelvouit³

2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Browser fingerprinting consists into collecting attributes from a web browser. Hundreds of attributes have been discovered through the years. Each one of them provides a way to distinguish browsers, but also comes with a usability cost (e.g., additional collection time). In this work, we propose FPSelect, an attribute selection framework allowing verifiers to tune their browser fingerprinting probes for web authentication. We formalize the problem as searching for the attribute set that satisfies a security requirement and minimizes the usability cost. The security is measured as the proportion of impersonated users given a fingerprinting probe, a user population, and an attacker that knows the exact fingerprint distribution among the user population. The usability is quantified by the collection time of browser fingerprints, their size, and their instability. We compare our framework with common baselines, based on a real-life fingerprint dataset, and find out that in our experimental settings, our framework selects attribute sets of lower usability cost. Compared to the baselines, the attribute sets found by FPSelect generate fingerprints that are up to 97 times smaller, are collected up to 3, 361 times faster, and with up to 7.2 times less changing attributes between two observations, on average.

show abstract

Leveraging Battery Usage from Mobile Devices for Active Authentication

Cited by 16 publications

References 29 publications

A Frictionless and Secure User Authentication in Web-Based Premium Applications

A Frictionless and Secure User Authentication in Web-Based Premium Applications

Managing distributed trust relationships for multi-modal authentication

FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

Contact Info

Product

Resources

About