Leveraging User-related Internet of Things for Continuous Authentication

Continuous authentication has been proposed as a possible approach for passive and seamless user authentication, using sensor data comprising biometric, behavioral, and context-oriented characteristics. Since these are personal data being transmitted and are outside the control of the user, this approach causes privacy issues. Continuous authentication has security challenges concerning poor matching rates and susceptibility of replay attacks. The security issues are mainly poor matching rates and the problems of replay attacks. In this survey, we present an overview of continuous authentication and comprehensively discusses its different modes, and issues that these modes have related to security, privacy, and usability. A comparison of privacy-preserving approaches dealing with the privacy issues is provided, and lastly recommendations for secure, privacy-preserving, and user-friendly continuous authentication.

Section: Modes Of Continuous Authenticationmentioning

confidence: 99%

Section: Related Surveysmentioning

confidence: 99%

Security, Privacy, and Usability in Continuous Authentication: A Survey

Baig

Eskeland

2021

“…A very recent (2019) survey [12] reviews the techniques for continuous authentication using Internet of Things devices. Another review provides an overview of the state of art on continuous authentication using mobile devices [1].…”

Section: Related Workmentioning

confidence: 99%

Continuous Authentication of Automotive Vehicles Using Inertial Measurement Units

Baldini

Geib

Giuliani

2019

The concept of Continuous Authentication is to authenticate an entity on the basis of a digital output generated in a continuous way by the entity itself. This concept has recently been applied in the literature for the continuous authentication of persons on the basis of intrinsic features extracted from the analysis of the digital output generated by wearable sensors worn by the subjects during their daily routine. This paper investigates the application of this concept to the continuous authentication of automotive vehicles, which is a novel concept in the literature and which could be used where conventional solutions based on cryptographic means could not be used. In this case, the Continuous Authentication concept is implemented using the digital output from Inertial Measurement Units (IMUs) mounted on the vehicle, while it is driving on a specific road path. Different analytical approaches based on the extraction of statistical features from the time domain representation or the use of frequency domain coefficients are compared and the results are presented for various conditions and road segments. The results show that it is possible to authenticate vehicles from the Inertial Measurement Unit (IMU) recordings with great accuracy for different road segments.

“…To reduce both intrusiveness and the number of authentication requests of traditional authentication systems, smartphones can use continuous authentication systems. Continuous authentication aims at providing identity confirmation by constantly assessing the confidence in the current user’s identity, therefore improving smartphone usability [ 2 ]. Continuous authentication validates users continuously, as they interact with the device, with no explicit user intervention.…”

Section: Introductionmentioning

confidence: 99%

S3: An AI-Enabled User Continuous Authentication for Smartphones Based on Sensors, Statistics and Speaker Information

López

Celdrán

Marín-Blázquez

et al. 2021

Continuous authentication systems have been proposed as a promising solution to authenticate users in smartphones in a non-intrusive way. However, current systems have important weaknesses related to the amount of data or time needed to build precise user profiles, together with high rates of false alerts. Voice is a powerful dimension for identifying subjects but its suitability and importance have not been deeply analyzed regarding its inclusion in continuous authentication systems. This work presents the S3 platform, an artificial intelligence-enabled continuous authentication system that combines data from sensors, applications statistics and voice to authenticate users in smartphones. Experiments have tested the relevance of each kind of data, explored different strategies to combine them, and determined how many days of training are needed to obtain good enough profiles. Results showed that voice is much more relevant than sensors and applications statistics when building a precise authenticating system, and the combination of individual models was the best strategy. Finally, the S3 platform reached a good performance with only five days of use available for training the users’ profiles. As an additional contribution, a dataset with 21 volunteers interacting freely with their smartphones for more than sixty days has been created and made available to the community.