An official website of the United States government
The ubiquity of mobile devices nowadays necessitates securing the apps and user information stored therein. However, existing one-time entry-point authentication mechanisms and enhanced security mechanisms such as Multi-Factor Authentication (MFA) are prone to a wide vector of attacks. Furthermore, MFA also introduces friction to the user experience. Therefore, what is needed is continuous authentication that once passing the entry-point authentication, will protect the mobile devices on a continuous basis by confirming the legitimate owner of the device and locking out detected impostor activities. Hence, more research is needed on the dynamic methods of mobile security such as behavioral biometrics-based continuous authentication, which is cost-effective and passive as the data utilized to authenticate users are logged from the phone's sensors. However, currently, there are not many mobile authentication datasets to perform benchmarking research. In this work, we share two novel mobile datasets (Clarkson University (CU) Mobile datasets I and II) consisting of multi-modality behavioral biometrics data from 49 and 39 users respectively (88 users in total). Each of our datasets consists of modalities such as swipes, keystrokes, acceleration, gyroscope, and pattern-tracing strokes. These modalities are collected when users are filling out a registration form in sitting both as genuine and impostor users. To exhibit the usefulness of the datasets, we have performed initial experiments on selected individual modalities from the datasets as well as the fusion of simultaneously available modalities.
more »
« less
An Evaluation of the Power Consumption of Coauthentication as a Continuous User Authentication Method in Mobile Systems
Methods for continuous user authentication have become important with the proliferation of mobile devices in m-Health and human-centered systems. These methods must guarantee user identity with high assurance, authenticate without explicit intervention, and be power-aware. We present an evaluation of the power consumption of collaborative authentication (coauthentication) as a continuous authentication method. Coauthentication is a single-factor method in which multiple registered devices work together to authenticate a user, minimizing obtrusiveness while providing high user authentication assurance. To evaluate coauthentication's power consumption, we conducted experiments using two Bluetooth-enabled mobile devices and a stand-alone server in a local area network and running coauthentication continuously for eight hours. We found that the protocol uses approximately between 1.19% and 4.0% of the total power used by the devices. These results give evidence of the feasibility of using coauthentication as a continuous authentication method in mobile devices from the power consumption perspective.
more »
« less
- Award ID(s):
- 1950416
- PAR ID:
- 10205943
- Date Published:
- Journal Name:
- ACM SE '20: Proceedings of the 2020 ACM Southeast Conference
- Page Range / eLocation ID:
- 268 to 271
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Despite rapid advancements in authentication technologies, little user testing has been conducted on the various authentication methods proposed for smart homes. Users’ preferences about authentication methods may be affected by their beliefs in the reliability of the method, the type and location of devices for which they must authenticate, the effort required for successful authentication, and more. In this paper, we provide insight into users’ concerns with these methods through a 46-participant user study. In particular, we seek to understand users’ preferences towards different authentication methods in terms of the perceived security and usability implications of each method.more » « less
-
The popularity of smart home devices has led to an increase in security incidents happening in smart homes. A key measure to avoid such incidents is to authenticate users before they can interact with smart devices. However, current methods often require additional hardware. This article proposes STATION, a gesture-based authentication system, an effective gesture-based authentication method built on top of the voice interfaces already available in these smart home devices, without adding new hardware. STATION uses a gesture processing pipeline that identifies Doppler-existing frames and detects the direction of arrival of Reflection to authenticate users in low SNR environments and at longer distances. Furthermore, regarding the nature of gesture-based authentication, this system also supports detecting user liveness, preventing replay and synthesis attacks from remote attackers. The evaluation of STATION shows high accuracy with a false acceptance rate (FAR) of 0.08% and false rejection rate (FRR) of 3.10% for users within 1.5 m of the device.more » « less
-
As mobile devices become increasingly integral to daily life, the need for robust security measures has intensified. Continuous user authentication (CUA) is an emerging paradigm designed to enhance security by verifying user identity throughout device usage, rather than solely at login. This study aims to explore user perceptions, experiences, and preferences concerning CUA methods, such as biometric scans (e.g., fingerprints, facial recognition) and behavioral analytics (e.g., typing patterns, swipe gestures). We will investigate the importance users place on continuous authentication for safeguarding personal data, as well as the usability challenges they encounter. Specifically, we will delve into how users perceive the reliability and accuracy of biometric and behavioral authentication methods, considering factors such as the perceived invasiveness of biometric scans and concerns about data privacy. Additionally, we will examine how perceptions and preferences for CUA vary across different age groups, as younger generations may be more accustomed to biometric authentication and less concerned about privacy implications, while older generations may have different preferences and concerns. The findings of this study will provide insights into user trust, privacy concerns, and the overall effectiveness of CUA in improving mobile security. By understanding user attitudes, this research seeks to inform the development of more intuitive and secure authentication solutions that align with user needs and expectations across various demographics.more » « less
-
The proliferation of low-end low-power internet-of-things (IoT) devices in smart environments necessitates secure identification and authentication of these devices via low-overhead fingerprinting methods. Previous work typically utilizes characteristics of the device's wireless modulation (WiFi, BLE, etc.) in the spectrum, or more recently, electromagnetic emanations from the device's DRAM to perform fingerprinting. The problem is that many devices, especially low-end IoT/embedded systems, may not have transmitter modules, DRAM, or other complex components, therefore making fingerprinting infeasible or challenging. To address this concern, we utilize electromagnetic emanations derived from the processor's clock to fingerprint. We present Digitus, an emanations-based fingerprinting system that can authenticate IoT devices at range. The advantage of Digitus is that we can authenticate low-power IoT devices using features intrinsic to their normal operation without the need for additional transmitters and/or other complex components such as DRAM. Our experiments demonstrate that we achieve ≥ 95% accuracy on average, applicability in a wide range of IoT scenarios (range ≥ 5m, non-line-of-sight, etc.), as well as support for IoT applications such as finding hidden devices. Digitus represents a low-overhead solution for the authentication of low-end IoT devices.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3374135.3385304
