skip to main content


Title: Biometrics-Based Mobile User Authentication for the Elderly: Accessibility, Performance, and Method Design
Assistive technology is extremely important for maintaining and improving the elderly’s quality of life. Biometrics-based mobile user authentication (MUA) methods have witnessed rapid development in recent years owing to their usability and security benefits. However, there is a lack of a comprehensive review of such methods for the elderly. The primary objective of this research is to analyze the literature on state-of-the-art biometrics-based MUA methods via the lens of elderly users’ accessibility needs. In addition, conducting an MUA user study with elderly participants faces significant challenges, and it remains unclear how the performance of the elderly compares with non-elderly users in biometrics-based MUA. To this end, this research summarizes method design principles for user studies involving elderly participants and reveals the performance of elderly users relative to non-elderly users in biometrics-based MUA. The article also identifies open research issues and provides suggestions for the design of effective and accessible biometrics based MUA methods for the elderly.  more » « less
Award ID(s):
1917537
NSF-PAR ID:
10418012
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
International Journal of Human–Computer Interaction
ISSN:
1044-7318
Page Range / eLocation ID:
1 to 15
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Mobile user authentication (MUA) has become a gatekeeper for securing a wealth of personal and sensitive information residing on mobile devices. Keystrokes and touch gestures are two types of touch behaviors. It is not uncommon for a mobile user to make multiple MUA attempts. Nevertheless, there is a lack of an empirical comparison of different types of touch dynamics based MUA methods across different attempts. In view of the richness of touch dynamics, a large number of features have been extracted from it to build MUA models. However, there is little understanding of what features are important for the performance of such MUA models. Further, the training sample size of template generation is critical for real-world application of MUA models, but there is a lack of such information about touch gesture based methods. This study is aimed to address the above research limitations by conducting experiments using two MUA prototypes. Their empirical results can not only serve as a guide for the design of touch dynamics based MUA methods but also offer suggestions for improving the performance of MUA models. 
    more » « less
  2. Background

    Mobile mental health systems (MMHS) have been increasingly developed and deployed in support of monitoring, management, and intervention with regard to patients with mental disorders. However, many of these systems rely on patient data collected by smartphones or other wearable devices to infer patients’ mental status, which raises privacy concerns. Such a value-privacy paradox poses significant challenges to patients’ adoption and use of MMHS; yet, there has been limited understanding of it.

    Objective

    To address the significant literature gap, this research aims to investigate both the antecedents of patients’ privacy concerns and the effects of privacy concerns on their continuous usage intention with regard to MMHS.

    Methods

    Using a web-based survey, this research collected data from 170 participants with MMHS experience recruited from online mental health communities and a university community. The data analyses used both repeated analysis of variance and partial least squares regression.

    Results

    The results showed that data type (P=.003), data stage (P<.001), privacy victimization experience (P=.01), and privacy awareness (P=.08) have positive effects on privacy concerns. Specifically, users report higher privacy concerns for social interaction data (P=.007) and self-reported data (P=.001) than for biometrics data; privacy concerns are higher for data transmission (P=.01) and data sharing (P<.001) than for data collection. Our results also reveal that privacy concerns have an effect on attitude toward privacy protection (P=.001), which in turn affects continuous usage intention with regard to MMHS.

    Conclusions

    This study contributes to the literature by deepening our understanding of the data value-privacy paradox in MMHS research. The findings offer practical guidelines for breaking the paradox through the design of user-centered and privacy-preserving MMHS.

     
    more » « less
  3. Abstract

    In recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anything—they simply communicate “how you type” to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacy‐preserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes host‐based and network flow‐based features. Since the features include users' sensitive information, it needs to be protected from untrusted parties. To protect users' sensitive profiles and to handle the varying nature of the user profiles, we adopt two cryptographic methods: Fuzzy hashing and fully homomorphic encryption (FHE). Our results show that PINTA can successfully validate legitimate users and detect impostors. Although the results are promising, the trade‐off for privacy preservation is a slight reduction in performance compared with traditional identity‐based MFA techniques.

     
    more » « less
  4. The ubiquity of mobile devices nowadays necessitates securing the apps and user information stored therein. However, existing one-time entry-point authentication mechanisms and enhanced security mechanisms such as Multi-Factor Authentication (MFA) are prone to a wide vector of attacks. Furthermore, MFA also introduces friction to the user experience. Therefore, what is needed is continuous authentication that once passing the entry-point authentication, will protect the mobile devices on a continuous basis by confirming the legitimate owner of the device and locking out detected impostor activities. Hence, more research is needed on the dynamic methods of mobile security such as behavioral biometrics-based continuous authentication, which is cost-effective and passive as the data utilized to authenticate users are logged from the phone's sensors. However, currently, there are not many mobile authentication datasets to perform benchmarking research. In this work, we share two novel mobile datasets (Clarkson University (CU) Mobile datasets I and II) consisting of multi-modality behavioral biometrics data from 49 and 39 users respectively (88 users in total). Each of our datasets consists of modalities such as swipes, keystrokes, acceleration, gyroscope, and pattern-tracing strokes. These modalities are collected when users are filling out a registration form in sitting both as genuine and impostor users. To exhibit the usefulness of the datasets, we have performed initial experiments on selected individual modalities from the datasets as well as the fusion of simultaneously available modalities. 
    more » « less
  5. Earables (ear wearables) are rapidly emerging as a new platform encompassing a diverse range of personal applications. The traditional authentication methods hence become less applicable and inconvenient for earables due to their limited input interface. Nevertheless, earables often feature rich around-the-head sensing capability that can be leveraged to capture new types of biometrics. In this work, we propose ToothSonic that leverages the toothprint-induced sonic effect produced by a user performing teeth gestures for earable authentication. In particular, we design representative teeth gestures that can produce effective sonic waves carrying the information of the toothprint. To reliably capture the acoustic toothprint, it leverages the occlusion effect of the ear canal and the inward-facing microphone of the earables. It then extracts multi-level acoustic features to reflect the intrinsic toothprint information for authentication. The key advantages of ToothSonic are that it is suitable for earables and is resistant to various spoofing attacks as the acoustic toothprint is captured via the user's private teeth-ear channel that modulates and encrypts the sonic waves. Our experiment studies with 25 participants show that ToothSonic achieves up to 95% accuracy with only one of the users' tooth gestures. 
    more » « less