Yantao Li,Peng Tao,Shaojiang Deng,Gang Zhou

DOI: https://doi.org/10.1145/3485060

2021-01-01

ACM Transactions on Sensor Networks

Abstract:Smartphones have become crucial and important in our daily life, but the security and privacy issues have been major concerns of smartphone users. In this article, we present DeFFusion, a CNN-based continuous authentication system using Deep Feature Fusion for smartphone users by leveraging the accelerometer and gyroscope ubiquitously built into smartphones. With the collected data, DeFFusion first converts the time domain data into frequency domain data using the fast Fourier transform and then inputs both of them into a designed CNN, respectively. With the CNN-extracted features, DeFFusion conducts the feature selection utilizing factor analysis and exploits balanced feature concatenation to fuse these deep features. Based on the one-class SVM classifier, DeFFusion authenticates current users as a legitimate user or an impostor. We evaluate the authentication performance of DeFFusion in terms of impact of training data size and time window size, accuracy comparison on different features over different classifiers and on different classifiers with the same CNN-extracted features, accuracy on unseen users, time efficiency, and comparison with representative authentication methods. The experimental results demonstrate that DeFFusion has the best accuracy by achieving the mean equal error rate of 1.00% in a 5-second time window size.

Yantao Li,Li Liu,Huafeng Qin,Shaojiang Deng,Mounim A. El-Yacoubi,Gang Zhou

DOI: https://doi.org/10.1109/tmc.2022.3186614

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile devices are becoming increasingly popular and are playing significant roles in our daily lives. Insufficient security and weak protection mechanisms, however, cause serious privacy leakage of the unattended devices. To fully protect mobile device privacy, we propose ADFFDA, a novel mobile continuous authentication system using an Adaptive Deep Feature Fusion scheme for effective feature representation, and a transformer-based GAN for Data Augmentation, by leveraging smartphone built-in sensors of the accelerometer, gyroscope and magnetometer. Given the normalized sensor data, ADFFDA utilizes the transformer-based GAN consisting of a transformer-based generator and a CNN-based discriminator to augment the training data for CNN training. With the augmented data and the especially-designed CNN based on the ghost module and ghost bottleneck, ADFFDA extracts deep features from the three sensors by the trained CNN, and exploits an adaptive-weighted concatenation method to adaptively fuse the CNN-extracted features. Based on the fused features, ADFFDA authenticates users by using the one-class SVM (OC-SVM) classifier. We evaluate the authentication performance of ADFFDA in terms of the efficiency of the transformer-based GAN, GAN-based data augmentation, CNN architecture, adaptive-weighted feature fusion, OC-SVM classifier, and security analysis. The experimental results show that ADFFDA obtains the best authentication performance w.r.t representative approaches, by achieving a mean equal error rate of 0.01%.

Yantao Li,Yue Huang,Hongyu Huang

DOI: https://doi.org/10.1109/jiot.2024.3394437

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the continual advancement of communication technologies, mobile devices have become indispensable tools in our daily lives. While existing sensor-based continuous authentication systems provide some level of user privacy protection, they often neglect the temporal characteristics of multisensor data and the unique information of each sensor. To further protect the privacy of mobile devices, we present FuMeAuth, a sensor-based continuous Authentication system using a Fused Memory-Augmented transformer Autoencoder. FuMeAuth leverages the built-in accelerometer, gyroscope, and magnetometer of smartphones to implicitly gather user behavior patterns. The Fused global-local Memory network (FuMe) effectively captures and adaptively combines the shared-private features of sensor data in FuMeAuth. During the registration phase, FuMeAuth collects and preprocesses the sensor data and sends the processed data to FuMe, which then records fused shared and private representations across different sensors for legitimate users. In the authentication phase, the trained FuMe reconstructs the current user's data, computes the reconstruction error between user input data and the corresponding reconstructed data, and compares it against a predefined authentication threshold for authentication. We evaluate the performance of FuMeAuth on our data set in terms of the effectiveness of FuMeAuth, effect of sensor numbers, efficiency of fused memory module, and comparison with state-of-the-art approaches. The experimental results demonstrate that FuMeAuth exhibits superior performance than other approaches by achieving an accuracy of 99.84% and an equal error rate of 0.14% with 69 unseen users.

Chao Shen,Yunpeng Li,Tianwen Yu,Sheng Yuan,Xiao Yi,Xiaohong Guan

DOI: https://doi.org/10.1109/wcica.2016.7578519

2016-01-01

Abstract:Existing smartphone authentication methods (e.g., PIN) typically provide one-time identity verification, but the verified user is still subject to session hijacking or masquerading attacks. This paper presents a framework and performance analysis of a sensor-based smartphone authentication system that continuously verifies the presence of a smartphone user. When a user touches the smartphone screen, motion-sensor data are extracted and analyzed to obtain descriptive features for accurately depicting users' touch habit and rhythm. Then a one-class learning algorithm is employed in the feature space to perform the continuous authentication task. Based on touch-tapping data collected from over 50 users, we conduct a series of experiments to validate the efficacy of our proposed approach. Our experimental results show that our verification system achieves a relatively high accuracy with an equal-error rate of 11.05%. Additional experiment on usability to the observation window size is provided to further examine the effectiveness. Our authentication system can be seamlessly integrated with extant smartphone authentication mechanisms, and is non-intrusive to users and does not need extra hardware.

Jiajia Li,Qian Yi,Ming K. Lim,Shuping Yi,Pengxing Zhu,Xingjun Huang

DOI: https://doi.org/10.1109/tifs.2024.3480363

IF: 7.231

2024-11-02

IEEE Transactions on Information Forensics and Security

Abstract:Continuous authentication based on behavioral biometrics is effective and crucial as user behaviors are not easily copied. However, relying solely on one behavioral biometric limits the accuracy of continuous authentication. Therefore, a continuous authentication system based on multimodal behavioral biometrics fusion is proposed in this study, which fuses three modalities: contextual behavior, mouse behavior, and information interaction behavior. The multimodal dataset of user behavior is collected through a self-built website, and the behavioral feature sets for each modality are then created. An improved generative adversarial network method is used to align the datasets of the three modalities. The autoencoder with long short-term memory is employed for unsupervised anomaly detection of time-series behaviors and enables continuous authentication for each modality. The multimodal fusion is achieved using the meta-model of the stacked generalization method, and the final decision for continuous authentication is then determined. The experimental results demonstrate that the proposed multimodal fusion method significantly outperforms the unimodal and provides an effective way to improve the accuracy and user-friendliness of continuous authentication. This study offers insights into user behavior analysis, behavioral anomaly detection, and multimodal behavior fusion.

computer science, theory & methods,engineering, electrical & electronic

Yufei Chen,Chao Shen,Zhao Wang,Tianwen Yu

DOI: https://doi.org/10.1109/ISBA.2017.7947694

2017-01-01

Abstract:While the public enjoy the convenience aroused by the proliferation of the smartphones, they also face the risk of exposing their sensitive and secure information to attackers. Extant smartphone authentication methods (e.g., PIN and fingerprint) typically provide one-time identity verification, but the verified user is still subject to session hijacking or masquerading attacks. In this paper, we propose a framework and performance analysis of using onboard-sensor behavior for continuous user authentication on smartphones, which can implicitly and continuously verifies the presence of a smartphone user. When a user carries the smartphone to do daily activities, time-, frequency- and wavelet-domain features are extracted from smartphone sensor data for accurately depicting users' motion patterns. A decision procedure based on one-class learning algorithms is developed and employed in the feature space to perform the continuous authentication task. Analyses are conducted based on sensor-interaction data on five typical daily activities with 27,681 samples across five phonecarrying positions. Extensive experiments in two specific scenarios are included to examine the efficacy of the proposed approach, which achieves a relatively high accuracy with the equal-error rate achieves 2.40% and 5.50% respectively. Our authentication system can be seamlessly integrated with extant smartphone authentication mechanisms, and is nonintrusive to users and does not need extra hardware.

Yantao Li,Hailong Hu,Gang Zhou,Shaojiang Deng

DOI: https://doi.org/10.1109/access.2018.2841347

IF: 3.9

2018-01-01

IEEE Access

Abstract:People prefer to store important, private, and sensitive information on smartphones for convenient storage and fast access, such as photos and emails. To prevent information leakage and smartphone illegal access, we propose a novel sensor-based continuous authentication system, SensorCA, for continuously monitoring users' behavior patterns, by leveraging the accelerometer, gyroscope, and magnetometer ubiquitously built-in smartphones. We are among the first to exploit the data augmentation approach of the rotation, which creates additional data by applying it on the collected raw data and improves the robustness of the proposed system. With the augmented data, SensorCA extracts sensor-based features in both time and frequency domains within a time window, then utilizes the kernel ridge regression with truncated Gaussian radial basis function kernel (KRR-TRBF) to train the classifier, and finally authenticates the current user as a legitimate user or an impostor. We evaluate the authentication performance of SensorCA in terms of different classifiers including KRR-TRBF, KRR-POLY, and SVM-RBF, and the data augmentation approach rotation on KRR-TRBF6 and SVM-RBF. The experimental results show that under the KRR-TRBF6 classifier, SensorCA reaches the lowest median equal error rate of 3.0% with dataset size 8000 and consumes the shortest training time of 0.054 seconds with dataset size 1000.

Huanran Wang,Hui He,Chen Song,Hao Tang,Yanwei Sun,Yanchen Qiao,Weizhe Zhang

DOI: https://doi.org/10.1155/2022/6339407

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Recently, mobile technology has become closely linked with our daily activities. Smartphones are used for multiple personal tasks involving private information, such as communication, healthcare, and banking. Therefore, there is a high demand for user-friendly authentication methods that prevent unauthorized access to sensitive information. This paper proposes a novel feature representation tactic for continuous authentication named Multiple Channels Biological Graph (MCBG). Unlike conventional techniques, MCBG divides the smartphone usage scenarios into more fine-grained cases, including the operation interval features. To this end, we extract the screen touch and handheld features from multiple built-in sensors without extra user interaction. We conduct experiments on 180 participants (130 adults and 50 minors) and investigate the sufficiency of different sensor combinations required to authenticate identity accurately. Results show that our MCBG-based model achieves 99.38% authentication accuracy within 1.9 seconds. Furthermore, MCBG also represents the intrinsic differences between grown-ups and minors, achieving 96% identification accuracy.

Tao Feng,Ziyi Liu,Kyeong-An Kwon,Weidong Shi,Bogdan Carbunar,Yifei Jiang,Nhung Nguyen

DOI: https://doi.org/10.1109/ths.2012.6459891

2012-01-01

Abstract:Securing the sensitive data stored and accessed from mobile devices makes user authentication a problem of paramount importance. The tension between security and usability renders however the task of user authentication on mobile devices a challenging task. This paper introduces FAST (Fingergestures Authentication System using Touchscreen), a novel touchscreen based authentication approach on mobile devices. Besides extracting touch data from touchscreen equipped smartphones, FAST complements and validates this data using a digital sensor glove that we have built using off-the-shelf components. FAST leverages state-of-the-art classification algorithms to provide transparent and continuous mobile system protection. A notable feature is FAST 's continuous, user transparent post-login authentication. We use touch data collected from 40 users to show that FAST achieves a False Accept Rate (FAR) of 4.66% and False Reject Rate of 0.13% for the continuous post-login user authentication. The low FAR and FRR values indicate that FAST provides excellent post-login access security, without disturbing the honest mobile users.

Sakorn Mekruksavanich,Anuchit Jitpattanakul

DOI: https://doi.org/10.3390/s21227519

2021-11-12

Abstract:Smartphones as ubiquitous gadgets are rapidly becoming more intelligent and context-aware as sensing, networking, and processing capabilities advance. These devices provide users with a comprehensive platform to undertake activities such as socializing, communicating, sending and receiving e-mails, and storing and accessing personal data at any time and from any location. Nowadays, smartphones are used to store a multitude of private and sensitive data including bank account information, personal identifiers, account passwords and credit card information. Many users remain permanently signed in and, as a result, their mobile devices are vulnerable to security and privacy risks through assaults by criminals. Passcodes, PINs, pattern locks, facial verification, and fingerprint scans are all susceptible to various assaults including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To solve these issues, this research introduces a new continuous authentication framework called DeepAuthen, which identifies smartphone users based on their physical activity patterns as measured by the accelerometer, gyroscope, and magnetometer sensors on their smartphone. We conducted a series of tests on user authentication using several deep learning classifiers, including our proposed deep learning network termed DeepConvLSTM on the three benchmark datasets UCI-HAR, WISDM-HARB and HMOG. Results demonstrated that combining various motion sensor data obtained the highest accuracy and energy efficiency ratio (EER) values for binary classification. We also conducted a thorough examination of the continuous authentication outcomes, and the results supported the efficacy of our framework.

Zhihao Shen,Shun Li,Xi Zhao,Jianhua Zou

DOI: https://doi.org/10.1109/tifs.2022.3160361

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the wide use of smartphones, more private data are collected and saved in the smartphones. This raises higher requirements for secure and effective user authentication scheme. Continuous authentication leverages behavioral biometrics as identity information and shows promising characteristics for user verification in a continuous and passive means. However, most studies require users to operate the smartphones in a specific mobile application or perform user-defined touch operations. This paper studies the continuous authentication on smartphones in the wild, where it is hard to characterize touching behavior accurately due to the complexity of usage context and cross-use of various types of touch gestures. Towards this end, in this paper, we propose a continuous authentication framework using multiple modalities, named as MMAuth, which integrates the heterogeneous information of user identity from multiple modalities (e.g., motion movement pattern, touch dynamics, usage context). A time-extended behavioral feature set (TEB) and a deep learning based one-class classifier (DeSVDD) are developed for performing more accurate authentication. Evaluations are conducted using a novel unconstrained smartphone usage dataset collected from 100 volunteers in real world as well as a public laboratory dataset. Extensive experimental results demonstrate that the state-of-the-art authentication performance of MMAuth in both unconstrained and laboratory environment, and the effectiveness of its two proposed modules (the TEB feature set and the DeSVDD classifier). Additional experiments on system robustness, in terms of usability to different touch gestures, sensitivity to various mobile applications, and scalability to user space, are also provided to examine the applicability of MMAuth.

Imane Lamiche,Guo Bin,Yao Jing,Zhiwen Yu,Abdenour Hadid

DOI: https://doi.org/10.1007/s12652-018-1123-6

IF: 3.662

2018-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Behavioral biometrics, such as gait patterns and keystroke dynamics, have been becoming increasingly used in human identity recognition research for enhancing the smartphone security. A new multimodal authentication method able to strengthen the smartphone authentication system is proposed in this paper. The proposed mechanism acquires gait patterns from the accelerometer, as well as keystroke dynamics, continuously without user intervention through simultaneous walk and text input. More specifically, features are extracted from both modalities. Afterward, a feature level fusion method is applied to build a multimodal biometrics profile for the user. Fused feature vectors are subjected to the sequential floating forward selection algorithm to reduce their dimensions as well as the computational complexity. The effectiveness of the proposed method is examined through a real multimodal dataset collected from 20 subjects under various scenarios, using different machine learning classifiers. The experimental results achieved a promising accuracy of 99.11% when using multilayer perceptron classifier with the average false acceptance rate, false rejection rate and equal error rate values of 0.684%, 7%, and 1%, respectively. Furthermore, the security strength of the proposed method was evaluated against two types of attacks, the zero-effort attack and minimal-effort mimicking attack. Results demonstrate that our approach represents a robust and secure authentication solution.

Chengmei Zhao,Feng Gao,Zhihao Shen

DOI: https://doi.org/10.1016/j.cose.2023.103698

IF: 5.105

2024-01-07

Computers & Security

Abstract:With continuous authentication, smartphones can constantly calculate authentication scores to verify a user's identity while interacting with the smartphones after logging in. Among various behavioral biometrics based continuous authentication methods, motion dynamics biometrics based methods draw a lot of attention, which relies on potential differences in signals from smartphone built-in motion sensors to provide an implicit and secure authentication. However, existing motion dynamics based methods not only fail to model correlations between motion sensors with multiple channels but also ignore temporal patterns contained in each channel. In this paper, we develop a two-tower neural networks based continuous authentication system TNNAuth based on the built-in multi-motion sensors on smartphones. Specifically, TNNAuth divides the raw multi-motion sensor data into channel and temporal stream data, and proposes a gated two-tower transformer fusion network to capture both time-over-channel and channel-over-time motion patterns. To evaluate TNNAuth, we collect a large-scale multi-motion sensor dataset in the unconstrained real life. Extensive experiments demonstrate that TNNAuth can provide the lowest authentication error rate, with a false-acceptance rate of 8.3% and a false-rejection rate of 9.4%.

computer science, information systems

Asma Ahmad Farhan,Amna Basharat,Nasser Allheeib,Summrina Kanwal

DOI: https://doi.org/10.1038/s41598-024-74473-7

IF: 4.6

2024-10-23

Scientific Reports

Abstract:Smartphones store valuable personal information, necessitating robust authentication methods to protect user data. This research proposes a lightweight bi-model fallback authentication technique that combines dynamic security questions and finger pattern recognition using inertial measurement units. The dynamic security questions are generated based on the smartphone's usage behavior, while the owner's finger movements are captured using four different inertial sensors: accelerometer, gyroscope, gravity sensor, and magnetometer. By combining the answers to the questions and the owner's finger movements, the user can be authenticated even if the primary authentication method fails. In this study, data was collected from 24 participants, including 12 primary phone users and 12 close adversaries, over a span of 28 days. The dynamic security questions, derived from call, SMS, battery charging events, application usage, location, and physical activity categories, achieved high accuracy rates, with call, SMS, and application usage surpassing . Incorporating the inertial measurement units significantly improved the accuracy of all question types, increasing from a maximum of to , while also enhancing the True Positive Rate from 0.79 to 0.99 compared to a previous study. This research presents a promising lightweight bi-model fallback authentication technique that leverages dynamic security questions and inertial measurement units data, demonstrating its effectiveness for enhancing smartphone security.

multidisciplinary sciences

tao feng,xi zhao,nicholas desalvo,zhimin gao,xi wang,weidong shi

DOI: https://doi.org/10.1109/THS.2015.7225268

2015-01-01

Abstract:Coinciding with the surge in popularity and adoption of mobile devices and the ever-expanding capabilities of these devices, the amount of sensitive information accessed and stored has increased exponentially. Inasmuch, these advancements have, and continue to demand great efforts from researchers and the industry alike in terms of improving security therein. Existing technologies either conduct user identity verification via a login stage or request authentication every time the user accesses a sensitive app. We propose, in this paper, an IdentityTracker. This framework is dedicated to tracking the user's identity, performing app-level access control management. Continuous and implicit tracking of the user's identity is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hand. This approach leverages multiple onboard sensors. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of IdentityTracker.

Shihong Zou,Huizhong Sun,Guosheng Xu,Chenyu Wang,Xuanwen Zhang,Ruijie Quan

DOI: https://doi.org/10.1155/2023/3673113

IF: 1.968

2023-04-27

Security and Communication Networks

Abstract:Since the continuous authentication (CA) system based on smartphone sensors has been facing the challenge of the low-data regime under some practical scenarios, which leads to low accuracy of CA, it needs to be solved urgently. To this end, currently, the generative adversarial networks (GAN) provide a powerful method to train the result generative model that could generate very convincing verisimilar data. The framework of the GAN and its variants shed much light on improving the performance of CA. Therefore, in this article, we propose a continuous authentication system on smartphones based on a Wasserstein generative adversarial network (WGAN) for sensor data augmentation, which utilizes accelerometers, gyroscopes, and magnetometers of smartphone sensors to sense phone movements caused by user operation behavior. Specifically, based on sensor data under different user activities, the WGAN is used to create additional data in training data for data augmentation. With the augmented data, we design a convolutional neural network to learn and extract deep features from sensor data, and then use four classifiers of RF, OCSVM, DT, and KNN to train these features. Finally, we train and test on the HMOG dataset, and the results show that the EER of the authentication system is between 3.68% and 6.39% on the sensor data with a time window of 2 s.

computer science, information systems,telecommunications

Chao Shen,Yufei Chen,Xiaohong Guan

DOI: https://doi.org/10.1016/j.ins.2017.11.058

IF: 8.1

2018-01-01

Information Sciences

Abstract:The pervasiveness of mobile devices not only facilitates people’s daily life with a wide variety of services, but also brings users risks of private information leakage (e.g., photos, contact lists, bank accounts), which emphasizes the demand for reliable, feasible and user-friendly authentication mechanisms on mobile devices. In this paper, we develop an authentication mechanism using motion sensors (accelerometer and gyroscope) embedded in smartphones. Our proposed mechanism performs authentication continuously and implicitly by monitoring the user daily activities. We extract time-, frequency- and wavelet-domain features from motion-sensor data, and conduct empirical feature analysis to investigate the optimal combination of features, to acquire a fine-grained characterization of users’ movement patterns. To make a systematic performance evaluation, we have established a dataset containing 27,681 samples, including five kinds of actions and five different smartphone placements. In the evaluation procedure, four kinds of contexts are considered (nothing-aware context, action-aware context, placement-aware context and full-information-aware context), and ten one-class detectors are implemented. The best accuracy (represented as EER) for the four conditions achieves 28.22%, 2.21%, 5.50% and 3.28%, respectively, indicating our proposed approach is feasible and applicable in some real scenarios. Moreover, the performance analyses for sensor combinations and feature combinations are also conducted.

Yantao Li,Jiaxing Luo,Shaojiang Deng,Gang Zhou

DOI: https://doi.org/10.1145/3599727

2023-01-01

ACM Transactions on Sensor Networks

Abstract:Mobile devices have been playing significant roles in our daily lives, which has made device security and privacy protection extremely important. These mobile devices storing user sensitive and private information, therefore, need rigorous user authentication mechanisms. In this article, we present SearchAuth, a novel continuous authentication system on smartphones exploiting a neural architecture search (NAS) to find an optimal network architecture and an auto augmentation search (AAS) to more effectively train the optimal network along with the best data augmentation policies, by leveraging the accelerometer, gyroscope, and magnetometer on smartphones to capture users' behavioral patterns. Specifically, SearchAuth consists of three stages, i.e., the offline stage, registration stage, and authentication stage. In the offline stage, we utilize the NAS on sensor data of the accelerometer, gyroscope, and magnetometer to find an optimal network architecture based on the designed search space. With the optimal network architecture, namely, NAS-based model, the AAS automatically optimizes the augmentation of the input data for more effectively training the model that is for feature extraction. In the registration stage, we use the trained NAS-based model to learn and extract deep features from the legitimate user's data, and train the LOF classifier with 55 features selected by the PCA. In the authentication stage, with the well-trained NAS-based model and LOF classifier, SearchAuth identifies the current user as a legitimate user or an impostor when the user starts operating a smartphone. Based on our dataset, we evaluate the performance of the proposed SearchAuth, and the experimental results demonstrate that SearchAuth surpasses the representative authentication schemes by achieving the best accuracy of 93.95%, F1-score of 94.30%, and EER of 5.30% on the LOF classifier with dataset size of 100.

Chao Shen,Yuanxun Li,Yufei Chen,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tifs.2017.2737969

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The increasing use of smartphones as personal computing platforms to access personal information has stressed the demand for secure and usable authentication techniques, and for constantly protecting privacy. Smartphone sensors can measure users' unique behavioral characteristics when they interact with smartphones, based on different habits, gestures, and angle preferences of touch actions. This paper investigates the reliability and applicability of using motion-sensor behavior for active and continuous smartphone authentication across various operational scenarios, and presents a systematic evaluation of the distinctiveness and permanence properties of the behavior. For each sample of sensor behavior, kinematic information sequences are extracted and analyzed, which are characterized by statistic-, frequency-, and wavelet-domain features, to provide accurate and fine-grained characterization of users' touch actions. A Markov-based decision procedure, using one-class learning techniques, is developed and applied to the feature space for performing authentication. Analyses are conducted using the sensor data of 520 200 touch actions from 102 subjects across various operational scenarios. Extensive experiments show that motion-sensor behavior exhibits sufficient discriminability and stability for active and continuous authentication, and can achieve a false-rejection rate of 5.03% and a false-acceptance rate of 3.98%. Additional experiments on usability to operation length, sensitivity to application scenario, scalability to user size, contribution to different sensors, and response to behavior change are provided to further explore the effectiveness and applicability. We also implement an authentication system into the Android system that can react to the presence of the legitimate user.

Zhuo Chang,Yan Meng,Wenyuan Liu,Haojin Zhu,Lin Wang

DOI: https://doi.org/10.1016/j.jisa.2022.103130

IF: 4.96

2022-05-01

Journal of Information Security and Applications

Abstract:The prosperity of mobile sensing technology makes smartphone-based authentication more prevalent in mobile environment. The present single-modality security authentication based on human biometrics is vulnerable to counterfeit, and the procedure of basic two-factor authentication (2FA) is cumbersome. In this work, we propose a 2FA method without additional devices and procedures, namely WiCapose. The essential technique is to use the unique correlation of the two side-channel to complete multi-modal feature extraction and fusion authentication. WiCapose can simultaneously extract the radio frequency (RF) gain feature that directly characterizes the finger movement and the inter-frame spatio-temporal difference from the rear camera that indirectly portrays the tapping behaviors, to blend the micro-scale behavior pattern feature of the user's finger and implicit biological features. Then we design and train a deep neural network to fuse both factors for mitigating the limitation of the RF factor in environmental generalization and the uniqueness of the image factor on authentication performance. Experiments involving ten participants demonstrate that our method can achieve a 98% average accuracy on authentication and effectively resist shoulder-surfing attacks and mimic attacks.

computer science, information systems