Smartphones have become crucial for our daily life activities and are increasingly loaded with our personal information to perform several sensitive tasks, including, mobile banking and ...communication, and are used for storing private photos and files. Therefore, there is a high demand for applying usable authentication techniques that prevent unauthorized access to sensitive information. In this article, we propose AUTo Sen , a deep-learning-based active authentication approach that exploits sensors in consumer-grade smartphones to authenticate a user. Unlike conventional approaches, AUTo Sen is based on deep learning to identify user distinct behavior from the embedded sensors with and without the user's interaction with the smartphone. We investigate different deep learning architectures in modeling and capturing users' behavioral patterns for the purpose of authentication. Moreover, we explore the sufficiency of sensory data required to accurately authenticate users. We evaluate AUTo Sen on a real-world data set that includes sensors data of 84 participants' smartphones collected using our designed data-collection application. The experiments show that AUTo Sen operates accurately using readings of only three sensors (accelerometer, gyroscope, and magnetometer) with a high authentication frequency, e.g., one authentication attempt every 0.5 s. Using sensory data of one second enables an authentication F1-score of approximately 98%, false acceptance rate (FAR) of 0.95%, false rejection rate (FRR) of 6.67%, and equal error rate (EER) of 0.41%. While using sensory data of half a second enables an authentication F1-score of 97.52%, FAR of 0.96%, FRR of 8.08%, and EER of 0.09%. Moreover, we investigate the effects of using different sensory data at variable sampling periods on the performance of the authentication models under various settings and learning architectures.
Smartphones and tablets have become ubiquitous in our daily lives. Smartphones, in particular, have become more than personal assistants. These devices have provided new avenues for consumers to ...play, work, and socialize whenever and wherever they want. Smartphones are small in size, so they are easy to handle and to stow and carry in users' pockets or purses. However, mobile devices are also susceptible to various problems. One of the greatest concerns is the possibility of breach in security and privacy if the device is seized by an outside party. It is possible that threats can come from friends as well as strangers. Due to the size of smart devices, they can be easily lost and may expose details of users' private lives. In addition, this might enable pervasive observation or imitation of one's movements and activities, such as sending messages to contacts, accessing private communication, shopping with a credit card, and relaying information about where one has been. This paper highlights the potential risks that occur when smartphones are stolen or seized, discusses the concept of continuous authentication, and analyzes current approaches and mechanisms of behavioral biometrics with respect to methodology, associated datasets and evaluation approaches.
With the progress in wireless communication technology and the increasing number of vehicles, vehicular ad hoc networks (VANETs) have become essential for improving road conditions and enhancing ...driving experience. The core of the VANETs is the communication between different vehicles, and the security of the communication is based on message authentication. Several schemes have been designed to enhance the efficiency of message authentication. However, these schemes have the disadvantage of redundant authentication, i.e., repeated authentication of the same message, and fail to seek invalid messages from the batch of messages. To solve these problems, this paper introduces a novel edge-computing concept into the message-authentication process of VANETs. In our scheme, the roadside unit can efficiently authenticate messages from nearby vehicles and broadcast the authentication results to the vehicles within its communication range, thereby reducing redundant authentication and enhancing the efficiency of the entire system. The security analysis results show that the proposed scheme satisfies the security requirements of the VANETs. The performance analysis results show that the proposed scheme can not only work well in an ideal environment where the attacker is absent but also capable of quickly identifying valid and invalid messages even if the VANET is attacked.
Biometric systems based on brain activity have been proposed as an alternative to passwords or to complement current authentication techniques. By leveraging the unique brainwave patterns of ...individuals, these systems offer the possibility of creating authentication solutions that are resistant to theft, hands-free, accessible, and potentially even revocable. However, despite the growing stream of research in this area, faster advance is hindered by reproducibility problems. Issues such as the lack of standard reporting schemes for performance results and system configuration, or the absence of common evaluation benchmarks, make comparability and proper assessment of different biometric solutions challenging. Further, barriers are erected to future work when, as so often, source code is not published open access. To bridge this gap, we introduce NeuroIDBench, a flexible open source tool to benchmark brainwave-based authentication models. It incorporates nine diverse datasets, implements a comprehensive set of pre-processing parameters and machine learning algorithms, enables testing under two common adversary models (known vs unknown attacker), and allows researchers to generate full performance reports and visualizations. We use NeuroIDBench to investigate the shallow classifiers and deep learning-based approaches proposed in the literature, and to test robustness across multiple sessions. We observe a 37.6% reduction in Equal Error Rate (EER) for unknown attacker scenarios (typically not tested in the literature), and we highlight the importance of session variability to brainwave authentication. All in all, our results demonstrate the viability and relevance of NeuroIDBench in streamlining fair comparisons of algorithms, thereby furthering the advancement of brainwave-based authentication through robust methodological practices.
•We design a system to authenticate online students continuously and transparently.•We design a device/interaction-agnostic biometric system for student authentication.•We define a reliability ...measure of the biometric system on different interactions.•We compare systems used to verify students’ identities in e-learning platforms.
In recent years, online courses have emerged as a new way to educate students in distance learning settings. However, as the demand increases, educational institutions are facing the challenge of how to prove that online students are who they claim to be during e-learning activities, especially exams. Human proctoring is a non-scalable approach which requires a person to monitor each student remotely. On the other hand, automated proctors tend to target a specific type of device and verify the students’ presence without considering their interaction with the e-learning platform. In this paper, we propose a device/interaction-agnostic multi-biometric system aimed at continuously and transparently verifying both the presence and the interaction. By performing a score-level fusion of different biometric responses (face, voice, touch, mouse, keystroke) based on the device used and the interaction carried out with it, the system is able to attest the student's identity throughout the learning experience. In preliminary comparison with the existing approaches, our contribution has a good potential to provide a flexible and reliable support on a larger set of online experiences.
Mobile devices and technologies have become increasingly popular, offering comparable storage and computational capabilities to desktop computers allowing users to store and interact with sensitive ...and private information. The security and protection of such personal information are becoming more and more important since mobile devices are vulnerable to unauthorized access or theft. User authentication is a task of paramount importance that grants access to legitimate users at the point of entry and continuously through the usage session. This task is made possible with today's smartphones' embedded sensors that enable continuous and implicit user authentication by capturing behavioral biometrics and traits. In this article, we survey more than 140 recent behavioral biometric-based approaches for continuous user authentication, including motion-based methods (28 studies), gait-based methods (19 studies), keystroke dynamics-based methods (20 studies), touch gesture-based methods (29 studies), voice-based methods (16 studies), and multimodal-based methods (34 studies). The survey provides an overview of the current state-of-the-art approaches for continuous user authentication using behavioral biometrics captured by smartphones' embedded sensors, including insights and open challenges for adoption, usability, and performance.
We consider a basic system to securely and remotely control many IoT devices. Specifically, we require that: (1) a system manager broadcasts information to IoT devices, e.g., wireless environment, ...only the designated devices can identify operations sent from the manager; (2) each IoT device can detect (malicious) manipulation of the broadcast information and hence prevents maliciously generated operations from being executed. In this paper, we introduce anonymous broadcast authentication (ABA) as a core cryptographic primitive of the basic remote-control system. Specifically, we formally define the syntax and security notions for ABA so that it achieves the above requirements. We then show provably-secure ABA constructions and their implementations to provide their practical performance. Our promising results show that the ABA constructions can remotely control devices over a typical wireless network within a second.
The Biometric authentication has become progressively more desired in current years. With this expansion of cloud computing, database holders be influenced to expand this extensive volume of ...biometric information & detection operations to CLOUD for eradicate of this high-priced storage and result overheads, is still conveys possible dangers to users' seclusion. In this document, we recommend an well-organized, well planned and confidentiality-protecting biometric classification strategy. Particularly, biometric information was encrypted & farmed out for Cloud database. For complete a biometric confirmation, server holder encrypts the inquiry information and proposes that to cloud. The Cloud implements recognition tasks on the encrypted server and sends this conclusion to the server holder. The systematic protection assessment specifies the recommended system is protected still if attackers can fake detection appeals and conspire through the cloud. Evaluated with previous protocols, investigational and new outcomes prove the recommended strategy accomplishes enhanced performance in both preparation and discovery measures.
The Internet of Things (IoT) is increasingly empowering people with an interconnected world of physical objects ranging from smart buildings to portable smart devices, such as wearables. With recent ...advances in mobile sensing, wearables have become a rich collection of portable sensors and are able to provide various types of services, including tracking of health and fitness, making financial transactions, and unlocking smart locks and vehicles. Most of these services are delivered based on users' confidential and personal data, which are stored on these wearables. Existing explicit authentication approaches (i.e., PINs or pattern locks) for wearables suffer from several limitations, including small or no displays, risk of shoulder surfing, and users' recall burden. Oftentimes, users completely disable security features out of convenience. Therefore, there is a need for a burden-free (implicit) authentication mechanism for wearable device users based on easily obtainable biometric data. In this paper, we present an implicit wearable device user authentication mechanism using combinations of three types of coarse-grain minute-level biometrics: behavioral (step counts), physiological (heart rate), and hybrid (calorie burn and metabolic equivalent of task). From our analysis of over 400 Fitbit users from a 17-month long health study, we are able to authenticate subjects with average accuracy values of around .93 (sedentary) and .90 (non-sedentary) with equal error rates of .05 using binary SVM classifiers. Our findings also show that the hybrid biometrics perform better than other biometrics and behavioral biometrics do not have a significant impact, even during non-sedentary periods.