Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data

Govindarajan, Sathya; Gasti, Paolo; Balagani, Kiran S.

doi:10.1109/btas.2013.6712742

Cited by 27 publications

(37 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SVM performed well in experiments on touch-based authentication of smartphone users by Serwadda et al [53]. SE is a popular verifier in biometrics (see for example [7], [28]).…”

Section: Evaluation Of Hmog Featuresmentioning

confidence: 91%

HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users

Sitová

Šeděnka

Yang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

Self Cite

320

178

View full text Add to dashboard Cite

We introduce Hand Movement, Orientation, and Grasp (HMOG), a set of behavioral features to continuously authenticate smartphone users. HMOG features unobtrusively capture subtle micro-movement and orientation dynamics resulting from how a user grasps, holds, and taps on the smartphone. We evaluated authentication and biometric key generation (BKG) performance of HMOG features on data collected from 100 subjects typing on a virtual keyboard. Data was collected under two conditions: sitting and walking. We achieved authentication EERs as low as 7.16% (walking) and 10.05% (sitting) when we combined HMOG, tap, and keystroke features. We performed experiments to investigate why HMOG features perform well during walking. Our results suggest that this is due to the ability of HMOG features to capture distinctive body movements caused by walking, in addition to the hand-movement dynamics from taps. With BKG, we achieved EERs of 15.1% using HMOG combined with taps. In comparison, BKG using tap, key hold, and swipe features had EERs between 25.7% and 34.2%. We also analyzed the energy consumption of HMOG feature extraction and computation. Our analysis shows that HMOG features extracted at 16Hz sensor sampling rate incurred a minor overhead of 7.9% without sacrificing authentication accuracy. Two points distinguish our work from current literature: 1) we present the results of a comprehensive evaluation of three types of features (HMOG, keystroke, and tap) and their combinations under the same experimental conditions; and 2) we analyze the features from three perspectives (authentication, BKG, and energy consumption on smartphones).

show abstract

“…SVM performed well in experiments on touch-based authentication of smartphone users by Serwadda et al [53]. SE is a popular verifier in biometrics (see for example [7], [28]).…”

Section: Evaluation Of Hmog Featuresmentioning

confidence: 91%

HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users

Sitová

Šeděnka

Yang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

Self Cite

320

178

View full text Add to dashboard Cite

show abstract

“…Software based authentication basically relies on the unique characteristics of the software programs or protocols running on the devices [25,9], whereas hardware based authentication leverages the unique hardware traits such as channel-invariant radiometric [3,23] and clock skews [18,13] to identify users. Biometric and physicaltrait based authentication relies on the behavioral modalities including on-screen touch and finger movement patterns [8,20]. And channel-signature based authentication schemes are proposed to use either Received Signal Strength (RSS) [29,6,30,32,15] or Channel Impulse Response (CIR) [26,21] to identify users.…”

Section: Related Workmentioning

confidence: 99%

Practical user authentication leveraging channel state information (CSI)

Liu

Wang

Liu

et al. 2014

Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

User authentication is the critical first step to detect identitybased attacks and prevent subsequent malicious attacks. However, the increasingly dynamic mobile environments make it harder to always apply the cryptographic-based methods for user authentication due to their infrastructural and key management overhead. Exploiting non-cryptographic based techniques grounded on physical layer properties to perform user authentication appears promising. In this work, we explore to use channel state information (CSI), which is available from off-the-shelf WiFi devices, to conduct fine-grained user authentication. We propose an user-authentication framework that has the capability to build the user profile resilient to the presence of the spoofer. Our machine learning based user-authentication techniques can distinguish two users even when they possess similar signal fingerprints and detect the existence of the spoofer. Our experiments in both office building and apartment environments show that our framework can filter out the signal outliers and achieve higher authentication accuracy compared with existing approaches using received signal strength (RSS).

show abstract

“…To compute the FAR, one must first set a classification threshold based on which a given sample is accepted or rejected by the system. We use the EER threshold, as it is widely used in behavioral biometrics in general and in touch-based authentication in particular (e.g., see Frank et al [2013], Killourhy and Maxion [2009], and Govindarajan et al [2013]). The EER is the error rate of an authentication system when the FAR equals the FRR; the EER threshold is the verification score at which the EER is obtained.…”

Section: Performance Evaluation Approachmentioning

confidence: 99%

“…The zero-effort attack-a form of impostor attack in which a given user's samples are used to test another user's biometric template (without any forgery whatsoever)-is the defacto performance evaluation method for touch-based authentication systems on smart phones and other touch input devices (e.g., see Govindarajan et al [2013], Alexander et al [2012], Feng et al [2012], and Frank et al [2013]). In this article, we argue that this kind of attack majorly underestimates the magnitude of the threat that a touch-based authentication system could face in practice.…”

Section: Introductionmentioning

confidence: 99%

Toward Robotic Robbery on the Touch Screen

Serwadda

Phoha

Wang

et al. 2016

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics-driven attack and a user-tailored attack. The population statistics-driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system's mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touchbased authentication systems.

show abstract

Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data

Cited by 27 publications

References 16 publications

HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users

HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users

Practical user authentication leveraging channel state information (CSI)

Toward Robotic Robbery on the Touch Screen

Contact Info

Product

Resources

About