Using trusted computing for privacy preserving keystroke-based authentication in smartphones

Nauman, Mohammad; Ali, Tamleek; Rauf, Abdul

doi:10.1007/s11235-011-9538-9

Cited by 29 publications

(21 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…What is more, this method could even provide three-factor authentication assuming that the mobile device has in place a Trusted Execution Environment (TEE) -or Mobile Trusted Module (MTM) -as described in [31] and considered in [12], [11] and [25]. Such TEE would basically guarantee that the reported state of a mobile device can be trusted by shielding dedicated pieces of its engine, thus providing one more level of security.…”

Section: Implications and Discussionmentioning

confidence: 99%

“…Therefore, using lock patterns as a remote authentication method could result in linkability attacks and user profiling even when using different pseudonyms and patterns as passwords at different services' sites. Nevertheless, architectures have been proposed for authenticating smart phone users to remote web services in a privacy-friendly manner with the use of the previously mentioned Trusted Executing Environment (TEE) [24] [25]. This approach is also being considered within the U-PrIM project, where the existence of such TEE running on the mobile device is assumed, keeping the biometrics data secured under the users' control.…”

Section: Implications and Discussionmentioning

confidence: 99%

“…Figure 3 shows the fitted Receiver Operating Characteristic (ROC) curve for all participants using the above mentioned configuration. This curve "allows the evaluation of different machine learning algorithms by measuring the rate of false positives and true positives against a varying threshold level" [25]. The ROC curve in this case provides us with the formula y = x (0.051±0.002) , from where we can infer that having a FAR of 5% would give us a probability of correctly admitting a legitimate user (a True Acceptance Rate or TAR) between 85.32% and 86.35% (y = 0.05 (0.051±0.002) ).…”

Section: Data Collection and Analysismentioning

confidence: 99%

See 2 more Smart Citations

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Angulo

Wästlund

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. The use of mobile smart devices for storing sensitive information and accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classifier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users' biometric information is handled outside their control.

show abstract

Section: Implications and Discussionmentioning

confidence: 99%

Section: Implications and Discussionmentioning

confidence: 99%

Section: Data Collection and Analysismentioning

confidence: 99%

See 1 more Smart Citation

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Angulo

Wästlund

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…The TrustCube framework proposed in [13] supports implicit authentication. The implicit authentication system based on keystroke dynamics in [41] also provides a level of privacy for the user. However, both of these systems require trusted remote platforms to carry out part or all of the computation.…”

Section: Related Workmentioning

confidence: 99%

Reconciling user privacy and implicit authentication for mobile devices

Shahandashti¹,

Safa²

2015

Computers & Security

View full text Add to dashboard Cite

In an implicit authentication system, a user profile is used as an additional factor to strengthen the authentication of mobile users. The profile consists of features that are constructed using the history of user actions on her mobile device over time. The profile is stored on the server and is used to authenticate an access request originated from the device at a later time. An access request will include a vector of recent measurements of the features on the device, that will be subsequently matched against the features stored at the server, to accept or reject the request. The features however include private information such as user location or web sites that have been visited. We propose a privacypreserving implicit authentication system that achieves implicit authentication without revealing information about the usage profiles of the users to the server. We propose an architecture, give a formal security model and a construction with provable security in two settings where: (i) the device follows the protocol, and (ii) the device is captured and behaves maliciously.

show abstract

“…This authentication mechanism can continuously monitor the typing behavior of a user and verify that the request is from the legal user. Nauman et al [31] proposed a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. Moreover, they presented a prototype implementation of their protocol using Android operating system.…”

Section: Fig1: Classification Of Biometric Authenticationmentioning

confidence: 99%

Keystroke Dynamic Authentication in Mobile Cloud Computing

Babaeizadeh¹,

Bakhtiari²,

Maarof³

2014

IJCA

View full text Add to dashboard Cite

One of the important challenges in Mobile Cloud Computing (MCC) is related to the authentication of users. There is increasing demand for suitable authentication method for accessing to the shared information via the Internet through Cloud Service Provider (CSP). Personal identification number is the most common mechanism for authentication in mobile devices; however it is not secure way for authenticating users. This work presents a method of authentication which able to identify users based on Keystroke Dynamic Authentication (KDA). Furthermore, keystrokes duration is considered as an attribute for measuring keystrokes of mobile's users. This paper proposed strong method of authentication in the password authentication scheme by combining it with keystroke authentication, which is a type of behavioral biometric mechanism. Experimental results show, the proposed method can work 97.014% correctly, due to the keystroke duration of each user depends on their behavioral characteristic and it can be measured up to milliseconds. On the other hand, if unauthorized person knows the username and password of legal user can not gain access rights because of difference between their keystroke duration. Therefore, it is hard for an attacker to pretend as an owner, and this method enhances the security of authentication in MCC

show abstract

Using trusted computing for privacy preserving keystroke-based authentication in smartphones

Cited by 29 publications

References 8 publications

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Reconciling user privacy and implicit authentication for mobile devices

Keystroke Dynamic Authentication in Mobile Cloud Computing

Contact Info

Product

Resources

About