Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Chao Shen,Yunpeng Li,Tianwen Yu,Sheng Yuan,Xiao Yi,Xiaohong Guan

DOI: https://doi.org/10.1109/wcica.2016.7578519

2016-01-01

Abstract:Existing smartphone authentication methods (e.g., PIN) typically provide one-time identity verification, but the verified user is still subject to session hijacking or masquerading attacks. This paper presents a framework and performance analysis of a sensor-based smartphone authentication system that continuously verifies the presence of a smartphone user. When a user touches the smartphone screen, motion-sensor data are extracted and analyzed to obtain descriptive features for accurately depicting users' touch habit and rhythm. Then a one-class learning algorithm is employed in the feature space to perform the continuous authentication task. Based on touch-tapping data collected from over 50 users, we conduct a series of experiments to validate the efficacy of our proposed approach. Our experimental results show that our verification system achieves a relatively high accuracy with an equal-error rate of 11.05%. Additional experiment on usability to the observation window size is provided to further examine the effectiveness. Our authentication system can be seamlessly integrated with extant smartphone authentication mechanisms, and is non-intrusive to users and does not need extra hardware.

Zhihao Shen,Shun Li,Xi Zhao,Jianhua Zou

DOI: https://doi.org/10.1109/tifs.2022.3160361

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the wide use of smartphones, more private data are collected and saved in the smartphones. This raises higher requirements for secure and effective user authentication scheme. Continuous authentication leverages behavioral biometrics as identity information and shows promising characteristics for user verification in a continuous and passive means. However, most studies require users to operate the smartphones in a specific mobile application or perform user-defined touch operations. This paper studies the continuous authentication on smartphones in the wild, where it is hard to characterize touching behavior accurately due to the complexity of usage context and cross-use of various types of touch gestures. Towards this end, in this paper, we propose a continuous authentication framework using multiple modalities, named as MMAuth, which integrates the heterogeneous information of user identity from multiple modalities (e.g., motion movement pattern, touch dynamics, usage context). A time-extended behavioral feature set (TEB) and a deep learning based one-class classifier (DeSVDD) are developed for performing more accurate authentication. Evaluations are conducted using a novel unconstrained smartphone usage dataset collected from 100 volunteers in real world as well as a public laboratory dataset. Extensive experimental results demonstrate that the state-of-the-art authentication performance of MMAuth in both unconstrained and laboratory environment, and the effectiveness of its two proposed modules (the TEB feature set and the DeSVDD classifier). Additional experiments on system robustness, in terms of usability to different touch gestures, sensitivity to various mobile applications, and scalability to user space, are also provided to examine the applicability of MMAuth.

Zhenyang Guo,Hao Yan,Jin Cao,Jiawei Yang,Ben Niu,Ang Li,Hui Li

DOI: https://doi.org/10.1109/jiot.2024.3450692

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Presently, the prevalent authentication approaches in smartphones are susceptible to interference from light,0 noise, temperature, and the risk of replay attacks. In light of these vulnerabilities, and taking into account user behavior alongside smartphone interaction patterns, we have developed an innovative behavioral-based authentication system. This system harnesses the distinctiveness of individual keystroke dynamics for secure user authentication, offering resilience against noise and light fluctuations. In this unique approach, our smartphone’s speakers and microphones emit and capture high-frequency acoustic signals (AS). To the best of our knowledge, this is the first instance of employing the Doppler effect generated by the high-frequency AS in response to keystroke activity as a distinctive user feature. Our definition of ’keystroke behavior’ encompasses the motions involved in tapping screen buttons while holding the smartphone, effectively capturing unique user attributes without necessitating any special procedures or passwords. Our initial experiments have convincingly shown that the AS Doppler effect, triggered by keystroke actions, is uniquely identifiable per user during button presses. Subsequently, we utilized a Convolutional Autoencoder (CAE) to distill keystroke behaviors from the reflected signals, employing a One-Class Support Vector Machine (OCSVM) for user authentication and identification processes. We then implemented a prototype of this scheme on smartphones and rigorously tested its performance across four real-world scenarios. The outcomes are promising, demonstrating that our scheme not only withstands disturbances from noise and light but also achieves an impressive average accuracy rate of 95.08%. Regarding security, it effectively thwarts replay and record attacks, further underscoring its robustness and reliability.

Chao Shen,Yong Zhang,Zhongmin Cai,Tianwen Yu,Xiaohong Guan

DOI: https://doi.org/10.1109/icb.2015.7139046

2015-01-01

Abstract:The increasing use of smartphones to access sensitive and privacy data has given rise to the need of secure authentication technique. Existing authentication mechanisms on smartphones can only provide one-time verification, but the verified users are still vulnerable to the session hijacking. In this article, we propose a transparent and continuous authentication system based on users' touch interaction data. We consider four common types of touch operations, and extract behavioral features to characterize users' touch behavior. Distance-measurement technique is applied to mitigate the behavioral variability. Then a multiple decision procedure is developed to perform continuous authentication, in which one-class classification algorithms are applied for classification. The efficacy of our approach is validated through a series of experiments in four real-world application scenarios. Our experimental results show that the proposed approach could verify a user in an accurate and timely manner, and suffice to be an enhancement for traditional authentication mechanisms in smartphones.

Long Chen,Yi Zhong,Weidong Ai,Difang Zhang

DOI: https://doi.org/10.1109/isdfs.2019.8757539

2019-01-01

Abstract:Continuous authentication (CA) is the process which continuously verifying a user based on their on-going interaction with a computer system. In this paper, we propose an adaptive continuous authentication method based on the changes of context, in which providing protection for the user's on-going interaction with computer in different contexts. In order to prevent a situation where an attacker tries to avoid detection by limiting to one input device, we considered both keystroke and mouse usage behavior patterns. In this research, collecting 30 users' data in an uncontrolled environment, extracting the user behavior feature from data by a new feature extraction method, using fusion technology to identify users, and then, according to the recognition result we can judge whether the current user is a real user or not. The experiment result shows that our scheme has a false acceptance rate (FAR) of 0%, a false rejection rate (FRR) of 2.04%, and the authentication time that between 10 seconds and 60 seconds for authentication.

Xiaozi Liu,Chao Shen,Yufei Chen

DOI: https://doi.org/10.1007/978-3-319-97909-0_71

2018-01-01

Abstract:Analyzing smartphone users' behavioral characteristics for recognizing the identities has received growing interest from security and biometric researchers. Extant smartphone authentication methods usually provide one-time identity verification in some specific applications, but the authenticated user is still subject to masquerader attacks or session hijacking. This paper presents a novel smartphone authentication approach by analyzing multi-source user-machine usage behavior (i.e., power consumption, physical sensors, and touchscreen interactions), which can continuously verify the presence of a smartphone user. Extensive experiments are conducted to show that our authentication approach can be up to a relatively high accuracy with an equal-error rate of 5.5%. This approach can also be seamlessly integrated with existing authentication methods, which does not need additional hardware and is transparent to users.

Yufei Chen,Chao Shen,Zhao Wang,Tianwen Yu

DOI: https://doi.org/10.1109/ISBA.2017.7947694

2017-01-01

Abstract:While the public enjoy the convenience aroused by the proliferation of the smartphones, they also face the risk of exposing their sensitive and secure information to attackers. Extant smartphone authentication methods (e.g., PIN and fingerprint) typically provide one-time identity verification, but the verified user is still subject to session hijacking or masquerading attacks. In this paper, we propose a framework and performance analysis of using onboard-sensor behavior for continuous user authentication on smartphones, which can implicitly and continuously verifies the presence of a smartphone user. When a user carries the smartphone to do daily activities, time-, frequency- and wavelet-domain features are extracted from smartphone sensor data for accurately depicting users' motion patterns. A decision procedure based on one-class learning algorithms is developed and employed in the feature space to perform the continuous authentication task. Analyses are conducted based on sensor-interaction data on five typical daily activities with 27,681 samples across five phonecarrying positions. Extensive experiments in two specific scenarios are included to examine the efficacy of the proposed approach, which achieves a relatively high accuracy with the equal-error rate achieves 2.40% and 5.50% respectively. Our authentication system can be seamlessly integrated with extant smartphone authentication mechanisms, and is nonintrusive to users and does not need extra hardware.

Sakorn Mekruksavanich,Anuchit Jitpattanakul

DOI: https://doi.org/10.3390/s21227519

2021-11-12

Abstract:Smartphones as ubiquitous gadgets are rapidly becoming more intelligent and context-aware as sensing, networking, and processing capabilities advance. These devices provide users with a comprehensive platform to undertake activities such as socializing, communicating, sending and receiving e-mails, and storing and accessing personal data at any time and from any location. Nowadays, smartphones are used to store a multitude of private and sensitive data including bank account information, personal identifiers, account passwords and credit card information. Many users remain permanently signed in and, as a result, their mobile devices are vulnerable to security and privacy risks through assaults by criminals. Passcodes, PINs, pattern locks, facial verification, and fingerprint scans are all susceptible to various assaults including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To solve these issues, this research introduces a new continuous authentication framework called DeepAuthen, which identifies smartphone users based on their physical activity patterns as measured by the accelerometer, gyroscope, and magnetometer sensors on their smartphone. We conducted a series of tests on user authentication using several deep learning classifiers, including our proposed deep learning network termed DeepConvLSTM on the three benchmark datasets UCI-HAR, WISDM-HARB and HMOG. Results demonstrated that combining various motion sensor data obtained the highest accuracy and energy efficiency ratio (EER) values for binary classification. We also conducted a thorough examination of the continuous authentication outcomes, and the results supported the efficacy of our framework.

Chao Shen,Yuanxun Li,Yufei Chen,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tifs.2017.2737969

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The increasing use of smartphones as personal computing platforms to access personal information has stressed the demand for secure and usable authentication techniques, and for constantly protecting privacy. Smartphone sensors can measure users' unique behavioral characteristics when they interact with smartphones, based on different habits, gestures, and angle preferences of touch actions. This paper investigates the reliability and applicability of using motion-sensor behavior for active and continuous smartphone authentication across various operational scenarios, and presents a systematic evaluation of the distinctiveness and permanence properties of the behavior. For each sample of sensor behavior, kinematic information sequences are extracted and analyzed, which are characterized by statistic-, frequency-, and wavelet-domain features, to provide accurate and fine-grained characterization of users' touch actions. A Markov-based decision procedure, using one-class learning techniques, is developed and applied to the feature space for performing authentication. Analyses are conducted using the sensor data of 520 200 touch actions from 102 subjects across various operational scenarios. Extensive experiments show that motion-sensor behavior exhibits sufficient discriminability and stability for active and continuous authentication, and can achieve a false-rejection rate of 5.03% and a false-acceptance rate of 3.98%. Additional experiments on usability to operation length, sensitivity to application scenario, scalability to user size, contribution to different sensors, and response to behavior change are provided to further explore the effectiveness and applicability. We also implement an authentication system into the Android system that can react to the presence of the legitimate user.

Zhihao Shen,Shun Li,Xi Zhao,Jianhua Zou

DOI: https://doi.org/10.1109/tkde.2023.3277879

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Continuous authentication, which provides identity verification using behavioral biometrics in an implicit and transparent manner, has shown potentials for protecting privacy. As the most common way of human-computer interaction, touch behavior pattern of each user has been proven distinctive and widely adopted for continuous authentication. However, most touch based solutions rely on the touchscreen signals obtained from high-level application programming interfaces, which are hard to characterize fine-grained appearance and contour profile of contact fingertips as well as dynamic sliding information in a touch gesture. In this paper, we propose a continuous authentication framework called CT-Auth, which leverages raw capacitive value collected from capacitive touchscreen on smartphone as a descriptor of touch behavior for authentication. Specifically, we first develop a three-dimensional convolution neural network model for capturing intra-gesture spatial-temporal feature and a structure extraction model for capturing structural information between moving fingertips of a touch gesture and touchscreen. A recurrent neural network based model is also applied for capturing temporal patterns among a sequence of touch gestures. To evaluate the effectiveness of our framework, we recruit 100 volunteers over 2 months and collect a large-scale dataset in the unconstrained conditions. Extensive experiments reveal that CT-Auth provides the state-of-the-art authentication accuracy.

Wei-Han Lee,Ruby Lee

DOI: https://doi.org/10.48550/arXiv.1703.03378

2017-03-10

Abstract:The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim's smartphone, the attacker can launch impersonation attacks, which threaten the security of the victim and other users in the network. Our threat model includes the attacker taking over the phone after the user has logged on with his password or pin. Our goal is to design a mechanism for smartphones to better authenticate the current user, continuously and implicitly, and raise alerts when necessary. In this paper, we propose a multi-sensors-based system to achieve continuous and implicit authentication for smartphone users. The system continuously learns the owner's behavior patterns and environment characteristics, and then authenticates the current user without interrupting user-smartphone interactions. Our method can adaptively update a user's model considering the temporal change of user's patterns. Experimental results show that our method is efficient, requiring less than 10 seconds to train the model and 20 seconds to detect the abnormal user, while achieving high accuracy (more than 90%). Also the combination of more sensors provide better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.

Cryptography and Security

Feng Yao,Suleiman Y. Yerima,BooJoong Kang,Sakir Sezer

DOI: https://doi.org/10.48550/arXiv.1705.06715

2017-05-19

Abstract:As mobile devices have become indispensable in modern life, mobile security is becoming much more important. Traditional password or PIN-like point-of-entry security measures score low on usability and are vulnerable to brute force and other types of attacks. In order to improve mobile security, an adaptive neuro-fuzzy inference system(ANFIS)-based implicit authentication system is proposed in this paper to provide authentication in a continuous and transparent <a class="link-external link-http" href="http://manner.To" rel="external noopener nofollow">this http URL</a> illustrate the applicability and capability of ANFIS in our implicit authentication system, experiments were conducted on behavioural data collected for up to 12 weeks from different Android users. The ability of the ANFIS-based system to detect an adversary is also tested with scenarios involving an attacker with varying levels of knowledge. The results demonstrate that ANFIS is a feasible and efficient approach for implicit authentication with an average of 95% user recognition rate. Moreover, the use of ANFIS-based system for implicit authentication significantly reduces manual tuning and configuration tasks due to its selflearning capability.

Cryptography and Security,Artificial Intelligence

Shihong Zou,Huizhong Sun,Guosheng Xu,Chenyu Wang,Xuanwen Zhang,Ruijie Quan

DOI: https://doi.org/10.1155/2023/3673113

IF: 1.968

2023-04-27

Security and Communication Networks

Abstract:Since the continuous authentication (CA) system based on smartphone sensors has been facing the challenge of the low-data regime under some practical scenarios, which leads to low accuracy of CA, it needs to be solved urgently. To this end, currently, the generative adversarial networks (GAN) provide a powerful method to train the result generative model that could generate very convincing verisimilar data. The framework of the GAN and its variants shed much light on improving the performance of CA. Therefore, in this article, we propose a continuous authentication system on smartphones based on a Wasserstein generative adversarial network (WGAN) for sensor data augmentation, which utilizes accelerometers, gyroscopes, and magnetometers of smartphone sensors to sense phone movements caused by user operation behavior. Specifically, based on sensor data under different user activities, the WGAN is used to create additional data in training data for data augmentation. With the augmented data, we design a convolutional neural network to learn and extract deep features from sensor data, and then use four classifiers of RF, OCSVM, DT, and KNN to train these features. Finally, we train and test on the HMOG dataset, and the results show that the EER of the authentication system is between 3.68% and 6.39% on the sensor data with a time window of 2 s.

computer science, information systems,telecommunications

Haowen Tan,Yuanzhao Song,Shichang Xuan,Sungbum Pan,Ilyong Chung

DOI: https://doi.org/10.3390/sym11080969

2019-01-01

Symmetry

Abstract:Nowadays, with rapid advancement of both the upcoming 5G architecture construction and emerging Internet of Things (IoT) scenarios, Device-to-Device (D2D) communication provides a novel paradigm for mobile networking. By facilitating continuous and high data rate services between physically proximate devices without interconnection with access points (AP) or service network (SN), spectral efficiency of the 5G network can be drastically increased. However, due to its inherent open wireless communicating features, security issues and privacy risks in D2D communication remain unsolved in spite of its benefits and prosperous future. Hence, proper D2D authentication mechanisms among the D2D entities are of great significance. Moreover, the increasing proliferation of smartphones enables seamlessly biometric sensor data collecting and processing, which highly correspond to the user's unique behavioral characteristics. For the above consideration, we present a secure certificateless D2D authenticating mechanism intended for extreme scenarios in this paper. In the assumption, the key updating mechanism only requires a small modification in the SN side, while the decryption information of user equipment (UEs) remains constant as soon as the UEs are validated. Note that a symmetric key mechanism is adopted for the further data transmission. Additionally, the user activities data from smartphone sensors are analyzed for continuous authentication, which is periodically conducted after the initial validation. Note that in the assumed scenario, most of the UEs are out of the effective range of cellular networks. In this case, the UEs are capable of conducting data exchange without cellular connection. Security analysis demonstrates that the proposed scheme can provide adequate security properties as well as resistance to various attacks. Furthermore, performance analysis proves that the proposed scheme is efficient compared with state-of-the-art D2D authentication schemes.

Yafang Yang,Bin Guo,Zhu Wang,Mingyang Li,Zhiwen Yu,Xingshe Zhou

DOI: https://doi.org/10.1016/j.adhoc.2018.09.015

IF: 4.816

2019-01-01

Ad Hoc Networks

Abstract:With the emergence of smartphones as an essential part of our daily lives, continuous authentication becomes an urgent need which could efficiently protect user security and privacy. However, only a small percentage of apps contain sensitive data. To save energy and protect user security, we propose BehaveSense, an accurate and efficient continuous authentication method for security-sensitive mobile apps using touch-based behavioral biometrics. By exploring four different types of touch operations, we train the owner model using One-Class SVM (OCSVM) and isolation forest (iForest), and calculate the accuracy of each type with the model. Afterwards, we calculate the confidence level of each type using the Bayesian theorem. Finally, we obtain the accuracy of a touch operation sequence with an improved expectedprob algorithm. To validate the effectiveness of the proposed method, we conduct a series of experiments. We collect the WeChat app data of 45 volunteers during two weeks. Experimental results show that our method can recognize user identity efficiently. Specifically, our method achieves average accuracy of approaching 95.85% for touch operation sequence, when considering 9 touch operations. Our method is very promising to authenticate user.

YANG Li,MA Zhuoru,ZHANG Chenghui,PEI Qingqi

DOI: https://doi.org/10.11959/j.issn.1000-436x.2019146

2019-01-01

Abstract:The popularity of smart phones renders people extremely high requirements for safety.But the traditional one-time authentication method can’t continuously guarantee the security of equipment.To solve the problem,a continuous authentication scheme based on gait characteristics was proposed to realize the identification of current visitors.Moving average filtering,threshold-based useful information interception method and other operations were adopted to reduce noise interference.Template interception was used to maximize the utilization of information,and an optimal combination of time domain features and frequency domain features were proposed to reduce the storage space requirement of users’ information.Finally,the support vector machine realized the identity authentication function.Experiments show that the proposed scheme can effectively authenticate the identities of visitors.

Huanran Wang,Hui He,Chen Song,Hao Tang,Yanwei Sun,Yanchen Qiao,Weizhe Zhang

DOI: https://doi.org/10.1155/2022/6339407

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Recently, mobile technology has become closely linked with our daily activities. Smartphones are used for multiple personal tasks involving private information, such as communication, healthcare, and banking. Therefore, there is a high demand for user-friendly authentication methods that prevent unauthorized access to sensitive information. This paper proposes a novel feature representation tactic for continuous authentication named Multiple Channels Biological Graph (MCBG). Unlike conventional techniques, MCBG divides the smartphone usage scenarios into more fine-grained cases, including the operation interval features. To this end, we extract the screen touch and handheld features from multiple built-in sensors without extra user interaction. We conduct experiments on 180 participants (130 adults and 50 minors) and investigate the sufficiency of different sensor combinations required to authenticate identity accurately. Results show that our MCBG-based model achieves 99.38% authentication accuracy within 1.9 seconds. Furthermore, MCBG also represents the intrinsic differences between grown-ups and minors, achieving 96% identification accuracy.

Rui Mao,Heming Ji,Di Cheng,Xiaoyu Wang,Yan Wang,Degang Sun

DOI: https://doi.org/10.1109/iscc55528.2022.9913017

2022-01-01

Abstract:Most existing identity authentication technologies rely on some ways for the first login authentication, such as personal identification number (PIN), track, or biological characteristics. However, these ways exist plenty of security risks, which make people face password guessing attacks, trace attacks, and shoulder surfing attacks for a long time. Once the illegal users forge identity to complete authentication or bypass first login authentication, their subsequent behavior will become out of control. To solve the above problems, we propose an implicit continuous authentication model based on the touch behavior of the mobile terminal. The model uses the data collected by the accelerometer, gyroscope, and magnetometer to generate feature vectors and extracts the feature vectors containing macroscopic features, microscopic features, and joint features. And we design a convolutional bidirectional recurrent neural network model to distinguish the sensor feature vectors. On this basis, we perform various experiments on a large dataset Hand Movement, Orientation, and Grasp (HMOG) with different sensor characteristics. Compared with the most advanced models proposed recently, the results show that our model achieves an equal error rate (EER) of 0.53%, which significantly improves authentication accuracy.

Jianzong Zhang,Dan Tao

DOI: https://doi.org/10.1109/icce-tw46550.2019.8992015

2019-01-01

Abstract:Information security has now become an important area of concern. Considering the shortcomings in traditional unlocking ways of smartphones, this paper proposes an implicit identity authentication mechanism by extracting users' touch dynamic characteristics. 86-dimensional features from two types of sensor data (e.g., acceleration and gyroscope) generated when a user unlocks a smartphone are extracted to characterize the user's behavior. Particularly, we adopt three popular classifiers: support vector machine (SVM), K-nearest neighbor (KNN) and random forest (RF) to perform training. Finally, we verify the accuracy of the classifier. Experimental results show that the RF classifier achieves an ideal accuracy rate for passwords with different levels of repetition, and the average accuracy rate is over 98%.