Novelty Detection for Risk-based User Authentication on Mobile Devices

Παπαϊωάννου, Μαρία; Zachos, Georgios; Μαντάς, Γεώργιος; Rodrı́guez, Jonathan

doi:10.1109/globecom48099.2022.10000843

Cited by 3 publications

(3 citation statements)

References 32 publications

(41 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To the best of authors’ knowledge, this was the first time that novelty detection algorithms have been considered for risk-based user authentication. The findings in [ 48 , 52 ] highlighted the advantages of one-class novelty detection algorithms, presented in detail in Section 3.2.3 , over popular machine learning classifiers for risk-based user authentication.…”

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

“…In particular, risk-based user authentication, relying on behavioral biometrics, normally involves single-user smartphone devices where it is necessary to differentiate between a known legitimate user and an unknown malicious user [ 52 ]. In this context, novelty detection algorithms, also known as one-class classifiers [ 54 , 55 , 56 ], have gained interest among researchers due to their potential advantages in user authentication based on behavioral biometrics.…”

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Παπαϊωάννου

Pelekoudas-Oikonomou

Μαντάς

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

Mobile user authentication acts as the first line of defense, establishing confidence in the claimed identity of a mobile user, which it typically does as a precondition to allowing access to resources in a mobile device. NIST states that password schemes and/or biometrics comprise the most conventional user authentication mechanisms for mobile devices. Nevertheless, recent studies point out that nowadays password-based user authentication is imposing several limitations in terms of security and usability; thus, it is no longer considered secure and convenient for the mobile users. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Alternatively, biometric-based user authentication has gained attention as a promising solution for enhancing mobile security without sacrificing usability. This category encompasses methods that utilize human physical traits (physiological biometrics) or unconscious behaviors (behavioral biometrics). In particular, risk-based continuous user authentication, relying on behavioral biometrics, appears to have the potential to increase the reliability of authentication without sacrificing usability. In this context, we firstly present fundamentals on risk-based continuous user authentication, relying on behavioral biometrics on mobile devices. Additionally, we present an extensive overview of existing quantitative risk estimation approaches (QREA) found in the literature. We do so not only for risk-based user authentication on mobile devices, but also for other security applications such as user authentication in web/cloud services, intrusion detection systems, etc., that could be possibly adopted in risk-based continuous user authentication solutions for smartphones. The target of this study is to provide a foundation for organizing research efforts toward the design and development of proper quantitative risk estimation approaches for the development of risk-based continuous user authentication solutions for smartphones. The reviewed quantitative risk estimation approaches have been divided into the following five main categories: (i) probabilistic approaches, (ii) machine learning-based approaches, (iii) fuzzy logic models, (iv) non-graph-based models, and (v) Monte Carlo simulation models. Our main findings are summarized in the table in the end of the manuscript.

show abstract

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Παπαϊωάννου

Pelekoudas-Oikonomou

Μαντάς

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…Nevertheless, traditional password-based user authentication methods are no longer considered secure or practical for mobile users [5]- [8]. These methods authenticate anyone who possesses the correct credentials, regardless of whether they are the legitimate users or not [9]- [11]. Additionally, mobile users often struggle to remember complex passwords, resulting in weak passwords that are easily guessed or stolen through various attacks such as shoulder-surfing, dictionary or guessing attacks [12].…”

Section: Introductionmentioning

confidence: 99%

Outlier Detection for Risk-Based User Authentication on Mobile Devices

Papaioannou,

Zachos,

Mantas

et al. 2023

GLOBECOM 2023 - 2023 IEEE Global Communications Conference

Self Cite

View full text Add to dashboard Cite

Mobile user authentication is the primary means of verifying the claimed identity of a user before granting access to resources on a mobile device. Common user authentication methods include passwords and biometrics. Despite the fact that passwords have been the most popular user authentication method for several decades, recent research suggests that they are no longer secure or convenient for mobile users due to several limitations that compromise both device security and usability. Biometric-based user authentication, on the other hand, is gaining popularity because it appears to strike a balance between security and usability. Such methods rely on human physical traits (physiological biometrics) or user involuntary actions (behavioral biometrics) for authentication. Risk-based user authentication using behavioral biometrics is particularly promising for mobile user authentication enhancing mobile authentication security while maintaining usability. In this context, we present an overview of mobile user authentication and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, we test and evaluate a set of outlier detection algorithms for risk estimation in order to identify the most suitable ones for risk-based user authentication on mobile devices in terms of their accuracy and efficiency.

show abstract