Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Cong Shi,Jian Liu,Hongbo Liu,Yingying Chen

DOI: https://doi.org/10.1145/3084041.3084061

2017-01-01

Abstract:User authentication is a critical process in both corporate and home environments due to the ever-growing security and privacy concerns. With the advancement of smart cities and home environments, the concept of user authentication is evolved with a broader implication by not only preventing unauthorized users from accessing confidential information but also providing the opportunities for customized services corresponding to a specific user. Traditional approaches of user authentication either require specialized device installation or inconvenient wearable sensor attachment. This paper supports the extended concept of user authentication with a device-free approach by leveraging the prevalent WiFi signals made available by IoT devices, such as smart refrigerator, smart TV and thermostat, etc. The proposed system utilizes the WiFi signals to capture unique human physiological and behavioral characteristics inherited from their daily activities, including both walking and stationary ones. Particularly, we extract representative features from channel state information (CSI) measurements of WiFi signals, and develop a deep learning based user authentication scheme to accurately identify each individual user. Extensive experiments in two typical indoor environments, a university office and an apartment, are conducted to demonstrate the effectiveness of the proposed authentication system. In particular, our system can achieve over 94% and 91% authentication accuracy with 11 subjects through walking and stationary activities, respectively.

Rihab Fahd Al-Mutawa,Fathy Albouraey Eassa

DOI: https://doi.org/10.14569/IJACSA.2020.0110234

2020-09-11

Abstract:The Internet of Things (IoT) describes a network infrastructure of identifiable things that share data through the Internet. A smart home is one of the applications for the Internet of Things. In a smart home, household appliances could be monitored and controlled remotely. This raises a demand for reliable security solutions for IoT systems. Authorization and authentication are challenging IoT security operations that need to be considered. For instance, unauthorized access, such as cyber-attacks, to a smart home system could cause danger by controlling sensors and actuators, opening the doors for a thief. This paper applies an extra layer of security of multi-factor authentication to act as a prevention method for mitigating unauthorized access. One of those factors is face recognition, as it has recently become popular due to its non-invasive biometric techniques, which is easy to use with cameras attached to most trending computers and smartphones. In this paper, the gaps in existing IoT smart home systems have been analyzed, and we have suggested improvements for overcoming them by including necessary system modules and enhancing user registration and log-in authentication. We propose software architecture for implementing such a system. To the best of our knowledge, the existing IoT smart home management research does not support face recognition and liveness detection within the authentication operation of their suggested software architectures.

Cryptography and Security,Computers and Society

Shulin Yang,Yantong Wang,Xiaoxiao Yu,Yu Gu,Fuji Ren

DOI: https://doi.org/10.1109/ICCC49849.2020.9238889

2020-01-01

Abstract:User authentication is a major area of interest within the field of Human Computer Interaction (HCI). Meanwhile, it prevents unauthorized accesses to certain the security of data. Personal Identification Number (PIN) and biometrics are the main approaches for identifying the user on the basis of his/her identity. However, PIN can be easily leaked to others, and biometrics usually require specialized devices. In this paper, we prototype our system, a new method for user authentication by leveraging commodity WiFi. The basic methodology is to explore the typing habit of users from Channel State Information (CSI). The design and implementation of our system face two challenges, i.e. extracting keystroke features from wireless channel data and authenticating the user via typing habit from the corresponding keystroke features. For the former, we capture signal fluctuations caused by the micro movements like typing and extract the keystroke features on channel response obtained from commodity WiFi devices. For the latter, we design a computational intelligence driven mechanism to authenticate users from the corresponding keystroke feature. We prototype our system on the low-cost off-the-shelf WiFi devices and evaluate its performance in real-world experiments. We have explored four classifiers including K Nearest Neighbor(KNN), Support Vector Machine (SVM), Random Forest, and Decision Tree for recognizing users. Empirical results show that KNN provides the best performance, i.e., 85.2% authentication accuracy, 12.8% false accept rate, and 11.2% false reject rate on average over 9 participants.

Honglei Ren,You Song,Siyu Yang,Fangling Situ

DOI: https://doi.org/10.1109/iccse.2016.7581588

2016-01-01

Abstract:Smart home is now becoming prevalent with the development of the Internet of things (IOT) techniques. It is aimed at providing the user with a user-friendly method to control the home appliances such as doors, lights, even in a condition of long-distance. This controlling is generally achieved by a mobile phone which can access to the Internet. However, this can easily be breached if no security measures are taken. In this paper, we present a voiceprint and Internet based mobile authentication system, which can make authentication of smart home faster, more convenient and more secure. In addition, we proposed a dynamic threshold method to calculate a user-specific score threshold of voiceprint verification. Result shows it reduce the false rejection rate when given the equal false acceptance rate.

Cong Shi,Jian Liu,Hongbo Liu,Yingying Chen

DOI: https://doi.org/10.1145/3448738

2021-01-01

ACM Transactions on Internet of Things

Abstract:AbstractUser authentication is a critical process in both corporate and home environments due to the ever-growing security and privacy concerns. With the advancement of smart cities and home environments, the concept of user authentication is evolved with a broader implication by not only preventing unauthorized users from accessing confidential information but also providing the opportunities for customized services corresponding to a specific user. Traditional approaches of user authentication either require specialized device installation or inconvenient wearable sensor attachment. This article supports the extended concept of user authentication with a device-free approach by leveraging the prevalent WiFi signals made available by IoT devices, such as smart refrigerator, smart TV, and smart thermostat, and so on. The proposed system utilizes the WiFi signals to capture unique human physiological and behavioral characteristics inherited from their daily activities, including both walking and stationary ones. Particularly, we extract representative features from channel state information (CSI) measurements of WiFi signals, and develop a deep-learning-based user authentication scheme to accurately identify each individual user. To mitigate the signal distortion caused by surrounding people’s movements, our deep learning model exploits a CNN-based architecture that constructively combines features from multiple receiving antennas and derives more reliable feature abstractions. Furthermore, a transfer-learning-based mechanism is developed to reduce the training cost for new users and environments. Extensive experiments in various indoor environments are conducted to demonstrate the effectiveness of the proposed authentication system. In particular, our system can achieve over 94% authentication accuracy with 11 subjects through different activities.

Yen Xin Tok,Norliza Katuk,Ahmad Suki Che Mohamed Arif

DOI: https://doi.org/10.3991/ijim.v15i24.25393

2021-12-21

International Journal of Interactive Mobile Technologies (iJIM)

Abstract:Recently, the adoption of smart home technology has been on the rise and becoming a trend for home residents. The development of Internet-of-Things (IoT) technology drives the smart home authentication system with biometric systems such as facial recognition, fingerprint, and voice control techniques. In the context of homeowners, security is always the primary concern. However, conventional home security and the existing smart home security system have some limitations. These techniques use single-factor authentication, which provides limited protection for home security. Therefore, this project proposed a design for smart home multi-factor authentication using facial recognition and a one-time password sent to smartphones for a home security system. Rapid application development was the methodology for conducting this study. A usability evaluation suggested that the proposed smart home multi-factor authentication is acceptable, but some usability issues can be improved in the future.

Yunji Liang,Sagar Samtani,Bin Guo,Zhiwen Yu

DOI: https://doi.org/10.1109/JIOT.2020.3004077

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:In the Internet-of-Things (IoT) era, user authentication is essential to ensure the security of connected devices and the customization of passive services. However, conventional knowledge-based and physiological biometric-based authentication systems (e.g., password, face recognition, and fingerprints) are susceptible to shoulder surfing attacks, smudge attacks, and heat attacks. The powerful sensing capabilities of IoT devices, including smartphones, wearables, robots, and autonomous vehicles enable continuous authentication (CA) based on behavioral biometrics. The artificial intelligence (AI) approaches hold significant promise in sifting through large volumes of heterogeneous biometrics data to offer unprecedented user authentication and user identification capabilities. In this survey article, we outline the nature of CA in IoT applications, highlight the key behavioral signals, and summarize the extant solutions from an AI perspective. Based on our systematic and comprehensive analysis, we discuss the challenges and promising future directions to guide the next generation of AI-based CA research.

Zhimin Zhang,Huansheng Ning,Fadi Farha,Jianguo Ding,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.dcan.2022.10.006

IF: 6.348

2022-10-01

Digital Communications and Networks

Abstract:Effective user authentication is key to ensuring equipment security, data privacy, and personalized services in Internet of Things (IoT) systems. However, conventional mode-based authentication methods (e.g., passwords and smart cards) may be vulnerable to a broad range of attacks (e.g., eavesdropping and side-channel attacks). Hence, there have been attempts to design biometric-based authentication solutions, which rely on physiological and behavioral characteristics. Behavioral characteristics need continuous monitoring and specific environmental settings, which can be challenging to implement in practice. However, we can also leverage Artificial Intelligence (AI) in the extraction and classification of physiological characteristics from IoT devices processing, to facilitate authentication. Thus, we review the literature on the use of AI in physiological characteristics recognition, published after 2015. We use the three-layer architecture of the IoT (i.e., sensing layer, feature layer, and algorithm layer) to guide the discussion of existing approaches and their limitations. We also identify a number of future research opportunities, which will hopefully guide the design of next generation solutions.

telecommunications

Azade Fotouhi,Marwa Oudi,Billel Gueni,Mouna Ben Mabrouk

DOI: https://doi.org/10.13052/nbjict1902-097x.2020.011

2021-02-06

Abstract:While the number of connected objects in the world of Internet of Thing (IoT) is increasing, an efficient and intelligent solution to exploit the huge amount of generated data does not exist. Smart homes powered by IoT devises are able to automate and monitor the every day activities of home owners, and improve the life quality especially for elderly and disabled people. In this paper, we propose a machine learning based model in order to analyze the IoT data and to provide data-driven services. Hence, this will make it possible to extract meaningful information from data and make intelligent decisions in smart environments. Then, the proposed model is evaluated using collected data from IoT devices based on different communication protocols.

Bruhadeshwar Bezawada,Maalvika Bachani,Jordan Peterson,Hossein Shirazi,Indrakshi Ray,Indrajit Ray

DOI: https://doi.org/10.48550/arXiv.1804.03852

2018-04-11

Abstract:The Internet-of-Things (IoT) has brought in new challenges in, device identification --what the device is, and, authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or scalability problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform device behavioral fingerprinting that can be employed to undertake device type identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device types. We validate our approach using five-fold cross validation; we report a identification rate of 86-99% and a mean accuracy of 99%, across all our experiments. Our approach is successful even when a device uses encrypted communication. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different device types having similar functionality.

Cryptography and Security

Qingshui Xue,Xingzhong Ju,Haozhi Zhu,Haojin Zhu,Fengying Li,Xiangwei Zheng

DOI: https://doi.org/10.1007/978-3-030-22971-9_12

2019-01-01

Abstract:IoT is an important part of the new generation of information technologies and the next big thing in the IT industry after the computer and the internet. The IoT has great development potential and a wide range of possible applications, especially commercial applications. And information security of the IoT is the key to the long-term development of the whole industry. Currently, the two most significant factors in the development of the IoT are user identity authentication and privacy protection. This paper contains an analysis on the current picture of inter-device user identity authentication in the IoT and proposes an inter-device biometric authentication solution for the IoT that’s designed to work with larger devices, addressing the shortcomings of the traditional user identity authentication technologies including security and efficiency problems. A strategy for further solution optimization is also included. This paper elaborates on the specific process of user identity authentication carried out by users on devices and between devices making use of fingerprints. We’ll demonstrate the security of this solution against existing attack methods and in the last part, we enumerate various possible applications of this solution in smart homes.

Aleksandr Ometov,Vitaly Petrov,Sergey Bezzateev,Sergey Andreev,Yevgeni Koucheryavy,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1901.06977

2019-01-21

Abstract:The unprecedented proliferation of smart devices together with novel communication, computing, and control technologies have paved the way for the Advanced Internet of Things~(A-IoT). This development involves new categories of capable devices, such as high-end wearables, smart vehicles, and consumer drones aiming to enable efficient and collaborative utilization within the Smart City paradigm. While massive deployments of these objects may enrich people's lives, unauthorized access to the said equipment is potentially dangerous. Hence, highly-secure human authentication mechanisms have to be designed. At the same time, human beings desire comfortable interaction with their owned devices on a daily basis, thus demanding the authentication procedures to be seamless and user-friendly, mindful of the contemporary urban dynamics. In response to these unique challenges, this work advocates for the adoption of multi-factor authentication for A-IoT, such that multiple heterogeneous methods - both well-established and emerging - are combined intelligently to grant or deny access reliably. We thus discuss the pros and cons of various solutions as well as introduce tools to combine the authentication factors, with an emphasis on challenging Smart City environments. We finally outline the open questions to shape future research efforts in this emerging field.

Networking and Internet Architecture

Jianmin Dong,Zhongmin Cai

DOI: https://doi.org/10.1007/978-3-319-46654-5_83

2016-01-01

Abstract:With the increasing popularity of wearable devices, it is common to use several smart devices simultaneously including smartphones. With embedded accelerometers and gyroscopes, the smart devices naturally constitute a multiple sensor system to measure the activities of the user more comprehensively and accurately. This paper proposed a new approach to perform authentication by using motion data collected from both wearables and smartphones. We propose a set of simple timedomain features to characterize the motion data collected from daily activities such as walking and train a one-class classifier to differentiate legitimate and illegitimate users. The experiments on data collected from 20 subjects demonstrate the proposed multiple sensor approach does lead to obvious performance improvements compared with traditional single sensor approaches.

Yong Huang,Wei Wang,Hao Wang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.1109/twc.2020.2991111

IF: 10.4

2020-08-01

IEEE Transactions on Wireless Communications

Abstract:By adding users as a new dimension to connectivity, on-body Internet-of-Things (IoT) devices have gained considerable momentum in recent years, while raising serious privacy and safety issues. Existing approaches to authenticate these devices limit themselves to dedicated sensors or specified user motions, undermining their widespread acceptance. This paper overcomes these limitations with a general authentication solution by integrating wireless physical layer (PHY) signatures with upper-layer protocols. The key enabling techniques are constructing representative radio propagation profiles from received signals, and developing an adversarial multi-player neural network to accurately recognize underlying radio propagation patterns and facilitate on-body device authentication. Once hearing a suspicious transmission, our system triggers a PHY-based challenge-response protocol to defend in depth against active attacks. We prove that at equilibrium, our adversarial model can extract all information about propagation patterns and eliminate any irrelevant information caused by motion variances and environment changes. We build a prototype of our system using Universal Software Radio Peripheral (USRP) devices and conduct extensive experiments with various static and dynamic body motions in typical indoor and outdoor environments. The experimental results show that our system achieves an average authentication accuracy of 91.6%, with a high area under the receiver operating characteristic curve (AUROC) of 0.96 and a better generalization performance compared with the conventional non-adversarial approach.

telecommunications,engineering, electrical & electronic

Chao Lin,Debiao He,Neeraj Kumar,Xinyi Huang,Pandi Vijaykumar,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2019.2944400

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Increasingly, governments around the world, particularly in technologically advanced countries, are exploring or implementing smart homes, or the related smart facilities for the benefits of the society. The capability to remotely access and control Internet of Things (IoT) devices (e.g., capturing of images, audios, and other information) is convenient but risky, as vulnerable devices can be exploited to conduct surveillance or perform other nefarious activities on the users and organizations. This highlights the necessity of designing a secure and efficient remote user authentication solution. Most of the existing solutions for this problem are generally based on a single-server architecture, which has limitations in terms of privacy and anonymity (leading to users' daily activities being predicted), and integrity and confidentiality (resulting in an unreliable behavior auditing). While blockchain-based solutions may mitigate these issues, they still face some critical challenges (e.g., providing regulation of behaviors and privacy protection of access policy). Motivated by these facts, in this article, we construct a novel secure mutual authentication system, which can be applied in smart homes and other applications. Specifically, the proposed approach integrates blockchain, group signature, and message authentication code to provide reliable auditing of users' access history, anonymously authenticate group members, and efficiently authenticate home gateway, respectively. We also prove the security and privacy requirements, including anonymity, traceability, and confidentiality, that the proposed system satisfies, with an implementation and evaluation to demonstrate its practicality.

Hilmi Gunes Kayacik,Mike Just,Lynne Baillie,David Aspinall,Nicholas Micallef

DOI: https://doi.org/10.48550/arXiv.1410.7743

2014-10-29

Abstract:We propose a lightweight, and temporally and spatially aware user behaviour modelling technique for sensor-based authentication. Operating in the background, our data driven technique compares current behaviour with a user profile. If the behaviour deviates sufficiently from the established norm, actions such as explicit authentication can be triggered. To support a quick and lightweight deployment, our solution automatically switches from training mode to deployment mode when the user's behaviour is sufficiently learned. Furthermore, it allows the device to automatically determine a suitable detection threshold. We use our model to investigate practical aspects of sensor-based authentication by applying it to three publicly available data sets, computing expected times for training duration and behaviour drift. We also test our model with scenarios involving an attacker with varying knowledge and capabilities.

Cryptography and Security

Qingsong Zou,Qing Li,Ruoyu Li,Yucheng Huang,Gareth Tyson,Jingyu Xiao,Yong Jiang

DOI: https://doi.org/10.1145/3580890

2023-01-01

Abstract:With the deployment of a growing number of smart home IoT devices, privacy leakage has become a growing concern. Prior work on privacy-invasive device localization, classification, and activity identification have proven the existence of various privacy leakage risks in smart home environments. However, they only demonstrate limited threats in real world due to many impractical assumptions, such as having privileged access to the user's home network. In this paper, we identify a new end-to-end attack surface using IoTBeholder, a system that performs device localization, classification, and user activity identification. IoTBeholder can be easily run and replicated on commercial off-the-shelf (COTS) devices such as mobile phones or personal computers, enabling attackers to infer user's habitual behaviors from smart home Wi-Fi traffic alone. We set up a testbed with 23 IoT devices for evaluation in the real world. The result shows that IoTBeholder has good device classification and device activity identification performance. In addition, IoTBeholder can infer the users' habitual behaviors and automation rules with high accuracy and interpretability. It can even accurately predict the users' future actions, highlighting a significant threat to user privacy that IoT vendors and users should highly concern.

Zhen Qin,Lingzhou Hu,Ning Zhang,Dajiang Chen,Kuan Zhang,Zhiguang Qin,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2019.2900862

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Smart homes expects to improve the convenience, comfort, and energy efficiency of the residents by connecting and controlling various appliances. As the personal information and computing hub for smart homes, smartphones allow people to monitor and control their homes anytime and anywhere. Therefore, the security and privacy of smartphones and the stored data are crucial in smart homes. To protect smartphones from potential attacks, various built-in sensors can be utilized for user authentication/identification and access control to achieve enhanced security. In this paper, we propose a framework, smartphone sensor user identification (SSUI), in order to facilitate user identification based on the relationships between different types of sensor data and smartphone users. Specifically in SSUI, the time and frequency features are extracted and learned separately using convolution neural network (CNN). The CNN outputs are then processed using recurrent neural network, according to several time bins. Using both of our own dataset (collected from 17 participants) and a publicly available dataset (i.e., Heterogeneity Dataset for Human Activity Recognition), we demonstrate the effectiveness of the proposed SSUI framework, where we achieve an accuracy rate of over 91.45% in various scenarios.

Luca Mainetti,Paolo Panarese,Roberto Vergallo

DOI: https://doi.org/10.3390/s22186980

2022-09-15

Abstract:The literature is rich in techniques and methods to perform Continuous Authentication (CA) using biometric data, both physiological and behavioral. As a recent trend, less invasive methods such as the ones based on context-aware recognition allows the continuous identification of the user by retrieving device and app usage patterns. However, a still uncovered research topic is to extend the concepts of behavioral and context-aware biometric to take into account all the sensing data provided by the Internet of Things (IoT) and the smart city, in the shape of user habits. In this paper, we propose a meta-model-driven approach to mine user habits, by means of a combination of IoT data incoming from several sources such as smart mobility, smart metering, smart home, wearables and so on. Then, we use those habits to seamlessly authenticate users in real time all along the smart city when the same behavior occurs in different context and with different sensing technologies. Our model, which we called WoX+, allows the automatic extraction of user habits using a novel Artificial Intelligence (AI) technique focused on high-level concepts. The aim is to continuously authenticate the users using their habits as behavioral biometric, independently from the involved sensing hardware. To prove the effectiveness of WoX+ we organized a quantitative and qualitative evaluation in which 10 participants told us a spending habit they have involving the use of IoT. We chose the financial domain because it is ubiquitous, it is inherently multi-device, it is rich in time patterns, and most of all it requires a secure authentication. With the aim of extracting the requirement of such a system, we also asked the cohort how they expect WoX+ will use such habits to securely automatize payments and identify them in the smart city. We discovered that WoX+ satisfies most of the expected requirements, particularly in terms of unobtrusiveness of the solution, in contrast with the limitations observed in the existing studies. Finally, we used the responses given by the cohorts to generate synthetic data and train our novel AI block. Results show that the error in reconstructing the habits is acceptable: Mean Squared Error Percentage (MSEP) 0.04%.