Multimedia Tools and Applications

, Volume 76, Issue 3, pp 3979–3998 | Cite as

Active authentication with reinforcement learning based on ambient radio signals

  • Jinliang Liu
  • Liang Xiao
  • Guolong Liu
  • Yifeng Zhao


Active authentication of mobile devices such as smartphones and ipads is promising to enhance security to access confidential data or systems. In this paper, we propose an active authentication scheme, which exploits the physical-layer properties of ambient radio signals to identify mobile devices in indoor environments. More specifically, we discriminate mobile devices in different locations by analyzing the ambient radio sources, because the received signal strength indicator set of the ambient signals measured by a smartphone is usually different from that observed by its spoofer located in another area. We formulate the interactions between the legitimate mobile device and its spoofer as an active authentication game, in which the receiver chooses its test threshold in the hypothesis test in the spoofing detection, while the spoofer chooses its attack strength. In a dynamic radio environment with unknown attack parameters, we propose a learning-based authentication algorithm based on the physical-layer properties of the ambient radio environments. Simulation results show that the proposed scheme accurately detects spoofers in typical indoor environments.


Active authentication Ambient radio signals Reinforcement learning Game theory Test threshold 


  1. 1.
    Aksari Y, Artuner H (2009) Active authentication by mouse movements. In: Proceedings of IEEE Int’l symposium computer and information sciences:571–574Google Scholar
  2. 2.
    Barto AG (1998) Reinforcement learning: an introduction. MIT pressGoogle Scholar
  3. 3.
    Bo C, Zhang L, Li X-Y (2013) Silentsense: silent user identification via dynamics of touch and movement behavioral biometrics. arXiv: 1309.0073
  4. 4.
    Chang JM, Fang C, Ho K, Kelly N, Wu P, Ding Y, Chu C, Gilbert S, Kamal AE, Kung S (2013) Capturing cognitive fingerprints from keystroke dynamics for active authentication. IEEE IT Prof 15(4):24– 28CrossRefGoogle Scholar
  5. 5.
    Chellappa R (2014) Screen fingerprints as a novel modality for active authentication. tech. rep., DTIC DocumentGoogle Scholar
  6. 6.
    Cuadrado F, Dueñas JC (2012) Mobile application stores: success factors, existing approaches, and future developments. IEEE Commun Mag 50(11):160–167CrossRefGoogle Scholar
  7. 7.
    De Luca A, Hang A, Brudy F, Lindner C, Hussmann H (2012) Touch me once and i know it’s you!: Implicit authentication based on touch screen patterns. In: Proceedings of ACM the SIGCHI Conference Human Factors in Computing Systems, pp 987–996Google Scholar
  8. 8.
    Deutschmann I, Nordstrom P, Nilsson L (2013) Continuous authentication, using behavioral biometrics, with keystroke and mouse. IEEE IT Prof 15(4):12–15CrossRefGoogle Scholar
  9. 9.
    Fathy ME, Patel VM, Yeh T, Zhang Y, Chellappa R, Davis LS (2014) Screen-based active user authentication. Pattern Recogn Lett 42:122–127CrossRefGoogle Scholar
  10. 10.
    Frank M, Biedert R, Ma E, Martinovic I, Song D (2013) Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forensic Secur 8(1):136–148CrossRefGoogle Scholar
  11. 11.
    Guidorizzi RP (2013) Security: active authentication. IEEE IT Prof 15(4):4–7CrossRefGoogle Scholar
  12. 12.
    Hou W, Wang X, Chouinard J, Refaey A (2014) Physical layer authentication for mobile systems with time-varying carrier frequency offsets. IEEE Trans Commun 62(5):1658–1667CrossRefGoogle Scholar
  13. 13.
    Jiang Z, Zhao J, Li X-Y, Han J, Xi W (2013) Rejecting the attack: Source authentication for wi-fi management frames using csi information. In: Proceedings of IEEE INFOCOM, pp 2544– 2552Google Scholar
  14. 14.
    Li F, Clarke N, Papadaki M, Dowland P (2014) Active authentication for mobile devices utilising behaviour profiling. Int’l J Inf Secur 13(3):229–244CrossRefGoogle Scholar
  15. 15.
    Liu FJ, Wang X, Tang H (2011) Robust physical layer authentication using inherent properties of channel impulse response. In: IEEE military communications conference (MILCOM), pp 538– 542Google Scholar
  16. 16.
    Liu FJ, Wang X, Primak SL (2013) A two dimensional quantization algorithm for cir-based physical layer authentication. In: IEEE Int’l Conference Communications (ICC):4724–4728Google Scholar
  17. 17.
    Liu H, Wang Y, Liu J, Yang J, Chen Y (2014) Practical user authentication leveraging channel state information (csi). In: Proceedings of ACM symposium information, computer and communications security, pp 389–400Google Scholar
  18. 18.
    Liu H, Wang Y, Liu J, Yang J, Chen Y (2014) Practical user authentication leveraging channel state information (csi). In: Proceedings of ACM Symposium Information, computer and communications security, pp 389–400Google Scholar
  19. 19.
    Mathur S, Miller R, Varshavsky A, Trappe W, Mandayam N (2011) Proximate: proximity-based secure pairing using ambient wireless signals. In: Proceedings of ACM Int’l Conference Mobile systems, applications, and services, pp 211–224Google Scholar
  20. 20.
    Nag AK, Dasgupta D (2014) An adaptive approach for continuous multi-factor authentication in an identity eco-system. In: Proceedings of ACM Annual Cyber and Information Security Research Conference, pp 65–68Google Scholar
  21. 21.
    Primo A, Phoha VV, Kumar R, Serwadda A (2014) Context-aware active authentication using smartphone accelerometer measurements. In: Proceedings of IEEE Conference Computer Vision and Pattern Recognition Workshops (CVPRW), pp 98–105Google Scholar
  22. 22.
    Roy A, Halevi T, Memon N (2014) An HMM-based behavior modeling approach for continuous mobile authentication. In: Proceedings of IEEE Int’l Conference Acoustics, Speech and Signal Processing (ICASSP), pp 3789–3793Google Scholar
  23. 23.
    Sae-Bae N, Ahmed K, Isbister K, Memon N (2012) Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In: Proceedings of ACM the SIGCHI Conference Human Factors in Computing Systems, pp 977–986Google Scholar
  24. 24.
    Stolerman A, Fridman A, Greenstadt R, Brennan P, Juola P (2014) Active linguistic authentication using real-time stylometric evaluation for multi-modal decision fusion. In: Advances in digital forensics X. Springer, pp 165–183Google Scholar
  25. 25.
    Tugnait JK (2013) Wireless user authentication via comparison of power spectral densities. IEEE J Sel Areas Commun 31(9):1791–1802CrossRefGoogle Scholar
  26. 26.
    Tugnait JK, Kim H (2010) A channel-based hypothesis testing approach to enhance user authentication in wireless networks. In: IEEE Int’l Conference Communication Systems and Networks (COMSNETS), pp 1–9Google Scholar
  27. 27.
    Wu X, Yang Z (2015) Physical-layer authentication for multi-carrier transmission. IEEE Commun Lett 19(1):74–77CrossRefGoogle Scholar
  28. 28.
    Wu P, Fang C, Chang JM, Gilbert SB, Kung SY (2014) Cost-effective kernel ridge regression implementation for keystroke-based active authentication system. In: Proceedings of IEEE Int’l Conference Acoustics, Speech and Signal Processing (ICASSP), pp 6028–6032Google Scholar
  29. 29.
    Xiao L, Greenstein L, Mandayam N, Trappe W (2007) Fingerprints in the ether: Using the physical layer for wireless authentication. In: IEEE Int’l conference communication (ICC), pp 4646– 4651Google Scholar
  30. 30.
    Xiao L, Yan Q, Lou W, Chen G, Hou YT (2013) Proximity-based security techniques for mobile users in wireless networks. IEEE Trans Inf Forensic Secur 8(12):2089–2100CrossRefGoogle Scholar
  31. 31.
    Xiao L, Yan Q, Lou W, Hou YT (2013) Proximity-based security using ambient radio signals. In: IEEE Int’l Conference Communications (ICC), pp 1609–1613Google Scholar
  32. 32.
    Yang J, Chen Y, Trappe W, Cheng J (2013) Detection and localization of multiple spoofing attackers in wireless networks. IEEE Trans Parallel Distrib Syst 24 (1):44–58CrossRefGoogle Scholar
  33. 33.
    Yu PL, Baras JS, Sadler BM (2008) Physical-layer authentication. IEEE Trans Inf Forensic Secur 3(1):38–51CrossRefGoogle Scholar
  34. 34.
    Zhang Y, Monrose F, Reiter MK (2010) The security of modern password expiration: an algorithmic framework and empirical analysis. In: Proceedings of ACM Conference Computer and Communications Security, pp 176–186Google Scholar
  35. 35.
    Zeng K, Govindan K, Mohapatra P (2010) Non-cryptographic authentication and identification in wireless networks. Netw Secur 17(5):56–62Google Scholar
  36. 36.
    Zheng Y, Li M, Lou W, Hou YT (2012) Sharp: private proximity test and secure handshake with cheat-proof location tags. In: ESORICS computer security. Springer, pp 361–378Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Jinliang Liu
    • 1
  • Liang Xiao
    • 1
  • Guolong Liu
    • 1
  • Yifeng Zhao
    • 1
  1. 1.Department of Communication EngineeringXiamen UniversityXiamenChina

Personalised recommendations