skip to main content

Title: User preferences and situational needs of mobile user authentication methods
As it becomes commonplace to use mobile devices to store personal and sensitive data, mobile user authentication (MUA) methods have witnessed significant advancement to improve data and device security. On the other hand, traditional MUA methods such as password (or passcode) are still being widely deployed. Despite the growing body of knowledge on technical strengths and security vulnerabilities of various MUA methods, the perception of mobile users may be different, which can play a decisive role in MUA adoption. Additionally, user preferences for MUA methods may be subject to the influence of their demographic factors and device types. Furthermore, the pervasive use of mobile devices has generated many situations that create new usability and security needs of MUA methods such as support of one-handed and/or sight-free interaction. This study investigates user perception and situational needs of MUA methods using a survey questionnaire. The research findings can guide the design and selection of MUA methods.
Award ID(s):
Publication Date:
Journal Name:
IEEE International Conference on Intelligence and Security Informatics
Sponsoring Org:
National Science Foundation
More Like this
  1. Smartphones are the most commonly used computing platform for accessing sensitive and important information placed on the Internet. Authenticating the smartphone's identity in addition to the user's identity is a widely adopted security augmentation method since conventional user authentication methods, such as password entry, often fail to provide strong protection by itself. In this paper, we propose a sensor-based device fingerprinting technique for identifying and authenticating individual mobile devices. Our technique, called MicPrint, exploits the unique characteristics of embedded microphones in mobile devices due to manufacturing variations in order to uniquely identify each device. Unlike conventional sensor-based device fingerprinting thatmore »are prone to spoofing attack via malware, MicPrint is fundamentally spoof-resistant since it uses acoustic features that are prominent only when the user blocks the microphone hole. This simple user intervention acts as implicit permission to fingerprint the sensor and can effectively prevent unauthorized fingerprinting using malware. We implement MicPrint on Google Pixel 1 and Samsung Nexus to evaluate the accuracy of device identification. We also evaluate its security against simple raw data attacks and sophisticated impersonation attacks. The results show that after several incremental training cycles under various environmental noises, MicPrint can achieve high accuracy and reliability for both smartphone models.« less
  2. Distributed devices such as mobile phones can produce and store large amounts of data that can enhance machine learning models; however, this data may contain private information specific to the data owner that prevents the release of the data. We wish to reduce the correlation between user-specific private information and data while maintaining the useful information. Rather than learning a large model to achieve privatization from end to end, we introduce a decoupling of the creation of a latent representation and the privatization of data that allows user-specific privatization to occur in a distributed setting with limited computation and minimalmore »disturbance on the utility of the data. We leverage a Variational Autoencoder (VAE) to create a compact latent representation of the data; however, the VAE remains fixed for all devices and all possible private labels. We then train a small generative filter to perturb the latent representation based on individual preferences regarding the private and utility information. The small filter is trained by utilizing a GAN-type robust optimization that can take place on a distributed device. We conduct experiments on three popular datasets: MNIST, UCI-Adult, and CelebA, and give a thorough evaluation including visualizing the geometry of the latent embeddings and estimating the empirical mutual information to show the effectiveness of our approach.« less
  3. Background The use of wearables facilitates data collection at a previously unobtainable scale, enabling the construction of complex predictive models with the potential to improve health. However, the highly personal nature of these data requires strong privacy protection against data breaches and the use of data in a way that users do not intend. One method to protect user privacy while taking advantage of sharing data across users is federated learning, a technique that allows a machine learning model to be trained using data from all users while only storing a user’s data on that user’s device. By keeping datamore »on users’ devices, federated learning protects users’ private data from data leaks and breaches on the researcher’s central server and provides users with more control over how and when their data are used. However, there are few rigorous studies on the effectiveness of federated learning in the mobile health (mHealth) domain. Objective We review federated learning and assess whether it can be useful in the mHealth field, especially for addressing common mHealth challenges such as privacy concerns and user heterogeneity. The aims of this study are to describe federated learning in an mHealth context, apply a simulation of federated learning to an mHealth data set, and compare the performance of federated learning with the performance of other predictive models. Methods We applied a simulation of federated learning to predict the affective state of 15 subjects using physiological and motion data collected from a chest-worn device for approximately 36 minutes. We compared the results from this federated model with those from a centralized or server model and with the results from training individual models for each subject. Results In a 3-class classification problem using physiological and motion data to predict whether the subject was undertaking a neutral, amusing, or stressful task, the federated model achieved 92.8% accuracy on average, the server model achieved 93.2% accuracy on average, and the individual model achieved 90.2% accuracy on average. Conclusions Our findings support the potential for using federated learning in mHealth. The results showed that the federated model performed better than a model trained separately on each individual and nearly as well as the server model. As federated learning offers more privacy than a server model, it may be a valuable option for designing sensitive data collection methods.« less
  4. Mobile computing devices are widely used in our daily life. With their increased use, a large amount of sensitive data are collected, stored, and managed in the mobile devices. To protect sensitive data, encryption is often used but, traditional encryption is vulnerable to coercive attacks in which the device owner is coerced by the adversary to disclose the decryption key. To defend against the coercive attacks, Plausibly Deniable Encryption (PDE) has been designed which can allow the victim user to deny the existence of hidden sensitive data. The PDE systems have been explored broadly for smartphones. However, the PDE systemsmore »which are suitable for wearable mobile devices are still missing in the literature. In this work, we design MobiWear, the first PDE system specifically for wearable mobile devices. To accommodate the hardware nature of wearable devices, MobiWear: 1) uses image steganography to achieve PDE, which suits the resource-limited wearable devices; and 2) relies on various sensors equipped with the wearable devices to input passwords, rather than requiring users to enter them via a keyboard or a touchscreen. Security analysis and experimental evaluation using a real-world prototype (ported to an LG G smartwatch) show that MobiWear can ensure deniability with a small computational overhead as well as a small decrease of image quality.« less
  5. Smart mobile devices have become an integral part of people's life and users often input sensitive information on these devices. However, various side channel attacks against mobile devices pose a plethora of serious threats against user security and privacy. To mitigate these attacks, we present a novel secure Back-of-Device (BoD) input system, SecTap, for mobile devices. To use SecTap, a user tilts her mobile device to move a cursor on the keyboard and tap the back of the device to secretly input data. We design a tap detection method by processing the stream of accelerometer readings to identify the user'smore »taps in real time. The orientation sensor of the mobile device is used to control the direction and the speed of cursor movement. We also propose an obfuscation technique to randomly and effectively accelerate the cursor movement. This technique not only preserves the input performance but also keeps the adversary from inferring the tapped keys. Extensive empirical experiments were conducted on different smart phones to demonstrate the usability and security on both Android and iOS platforms.« less