Advertisement

A Methodology for Silent and Continuous Authentication in Mobile Environment

  • Gerardo Canfora
  • Paolo di Notte
  • Francesco Mercaldo
  • Corrado Aaron VisaggioEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 764)

Abstract

Since the pervasiveness of mobile technologies has been increasing, sensitive user information is often stored on mobile devices. Currently, mobile devices do not verify the identity of the user after the login. This enables attackers full access to sensitive data and applications on the device, if they obtain the password or grab the device after login. In order to mitigate this risk, we propose a continuous and silent monitoring process based on a set of features: orientation, touch and cell tower. The assumption is that the features are representative of smartphone owner interaction with the device and this is the reason why the features can be useful to distinguish the owner from an impostor. Results show that our system, modeling the user behavior of 21 volunteer participants, obtains encouraging results, since we measured a precision in distinguishing an impostor from the owner between 99% and 100%.

References

  1. 1.
    Akula, S., Devisetty, V.: Image based registration and authentication system. In: Proceedings of Midwest Instruction and Computing Symposium, vol. 4 (2004)Google Scholar
  2. 2.
    Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13, p. 11 (2004)Google Scholar
  3. 3.
    Dhamija, R., Perrig, A.: Déjà Vu: a user study using images for authentication (2000)Google Scholar
  4. 4.
    Sae-Bae, N., Memon, N.: A simple and effective method for online signature verification. In: BIOSIG, pp. 1–12. IEEE (2013)Google Scholar
  5. 5.
    Shepherd, S.: Continuous authentication by analysis of keyboard typing characteristics. In: European Convention on Security and Detection, pp. 111–114. IET (1995)Google Scholar
  6. 6.
    Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 48–56. ACM (1997)Google Scholar
  7. 7.
    Bhattacharyya, D., Ranjan, R., Farkhod Alisherov, A., Choi, M.: Biometric authentication: a review. Int. J. u- e-Serv. Sci. Technol. 2(3), 13–28 (2009)Google Scholar
  8. 8.
    Bailey, K.O., Okolica, J.S., Peterson, G.L.: User identification and authentication using multi-modal behavioral biometrics. Comput. Secur. 43, 77–89 (2014)CrossRefGoogle Scholar
  9. 9.
    Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. ACM 33(2), 168–176 (1990)CrossRefGoogle Scholar
  10. 10.
    Brown, M., Rogers, S.J.: User identification via keystroke characteristics of typed names using neural networks. Int. J. Man Mach. Stud. 39(6), 999–1014 (1993)CrossRefGoogle Scholar
  11. 11.
    Ahmed, A.A.E., Traore, I.: Anomaly intrusion detection based on biometrics. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 452–453. IEEE (2005)Google Scholar
  12. 12.
    Shen, C., Cai, Z., Guan, X., Cai, J.: A hypo-optimum feature selection strategy for mouse dynamics in continuous identity authentication and monitoring. In: 2010 IEEE International Conference on Information Theory and Information Security (ICITIS), pp. 349–353. IEEE (2010)Google Scholar
  13. 13.
    Gamboa, H., Fred, A.: A behavioral biometric system based on human-computer interaction. In: Defense and Security, International Society for Optics and Photonics, pp. 381–392 (2004)Google Scholar
  14. 14.
    Canfora, G., Notte, P.D., Mercaldo, F., Visaggio, C.A.: Silent and continuous authentication in mobile environment. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, pp. 97–108, Lisbon, Portugal, 26–28 July 2016 (2016)Google Scholar
  15. 15.
    Koreman, J., Morris, A., Wu, D., Jassim, S., Sellahewa, H., Ehlers, J., Chollet, G., Aversano, G., Bredin, H., Garcia-Salicetti, S., et al.: Multi-modal biometric authentication on the securephone PDA. In: Proceedings of the MMUA workshop on Multimodal User Authentication (2006)Google Scholar
  16. 16.
    Nicholson, A.J., Corner, M.D., Noble, B.D.: Mobile device security using transient authentication. IEEE Trans. Mob. Comput. 5(11), 1489–1502 (2006)CrossRefGoogle Scholar
  17. 17.
    Dunphy, P., Heiner, A.P., Asokan, N.: A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 3. ACM (2010)Google Scholar
  18. 18.
    De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and I know it’s you!: Implicit authentication based on touch screen patterns. In: Proceedings of the SIGCHI, pp. 987–996. ACM (2012)Google Scholar
  19. 19.
    Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: ICNP, pp. 221–232. IEEE (2014)Google Scholar
  20. 20.
    Seo, H., Kim, E., Kim, H.K.: A novel biometric identification based on a users input pattern analysis for intelligent mobile devices. Int. J. Adv. Rob. Syst. 9, 1–10 (2012)CrossRefGoogle Scholar
  21. 21.
    Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 301–316 (2012)Google Scholar
  22. 22.
    Kwapisz, J.R., Weiss, G.M., Moore, S.A.: Cell phone-based biometric identification. In: 2010 Fourth IEEE International Conference on Biometrics: Theory Applications and Systems (BTAS), pp. 1–7. IEEE (2010)Google Scholar
  23. 23.
    Frank, M., Biedert, R., Ma, E.D., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRefGoogle Scholar
  24. 24.
    Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, pp. 125–134. IEEE (2009)Google Scholar
  25. 25.
    Bo, C., Zhang, L., Jung, T., Han, J., Li, X.Y., Wang, Y.: Continuous user identification via touch and movement behavioral biometrics. In: 2014 IEEE International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2014)Google Scholar
  26. 26.
    Murmuria, R., Stavrou, A., Barbará, D., Fleck, D.: Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 405–424. Springer, Cham (2015). doi: 10.1007/978-3-319-26362-5_19 CrossRefGoogle Scholar
  27. 27.
    Gascon, H., Uellenbeck, S., Wolf, C., Rieck, K.: Continuous authentication on mobile devices by analysis of typing motion behavior. In: Sicherheit, pp. 1–12 (2014)Google Scholar
  28. 28.
    Clarke, N., Mekala, A.: Transparent handwriting verification for mobile devices. In: Proceedings of the Sixth International Network Conference (INC 2006), pp. 11–14, Plymouth, UK. Citeseer (2006)Google Scholar
  29. 29.
    Brocardo, M.L., Traore, I.: Continuous authentication using micro-messages. In: Privacy, Security and Trust (PST), pp. 179–188. IEEE (2014)Google Scholar
  30. 30.
    Wu, J.S., Lin, W.C., Lin, C.T., Wei, T.E.: Smartphone continuous authentication based on keystroke and gesture profiling. In: 2015 International Carnahan Conference on Security Technology (ICCST), pp. 191–197. IEEE (2015)Google Scholar
  31. 31.
    Piuri, V., Scotti, F.: Fingerprint biometrics via low-cost sensors and webcams. In: 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems, BTAS 2008, pp. 1–6. IEEE (2008)Google Scholar
  32. 32.
    Kotropoulos, C., Samaras, S.: Mobile phone identification using recorded speech signals. In: 2014 19th International Conference on Digital Signal Processing (DSP), pp. 586–591. IEEE (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Gerardo Canfora
    • 1
  • Paolo di Notte
    • 2
  • Francesco Mercaldo
    • 3
  • Corrado Aaron Visaggio
    • 1
    Email author
  1. 1.Department of EngineeringUniversity of SannioBeneventoItaly
  2. 2.Koine srlBeneventoItaly
  3. 3.Institute for Informatics and TelematicsNational Research Council of Italy (CNR)PisaItaly

Personalised recommendations