No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
The Light Will Be with You. Always -- A Novel Continuous Mobile Authentication with the Light Sensor
Abstract
Existing continuous authentication proposals tend to have two major drawbacks. First, touch-based smartphone authentication approaches typically require explicit user interactions with the smartphone to collect sufficient touch data. These approaches may provide an attacker the opportunity to steal a victim's sensitive data before the system detects the attacker's intrusion. Likewise, an attacker may disable the continuous authentication scheme itself before detection. Second, sensor-based continuous authentication approaches inherently suffer from high energy consumption due to the constant usage of multiple sensors. In this paper, we present a novel continuous authentication system that collects light sensor data from a user's smartphone and analyzes them to authenticate users using support vector machines. We focus on the possibility of collecting light sensor data from users' smartphones while they are conducting daily behaviors to develop an anomaly detection system.
As personal computing platforms, smartphones are commonly used to store private, sensitive, and security information, such as photos, emails, and Android Pay. To protect such information from adversaries, continuous authentication on smartphone users becomes more and more important. In this paper, we present a novel authentication system, SensorAuth, for continuous authentication of users based on their behavioral patterns, by leveraging the accelerometer and gyroscope ubiquitously built into smartphones. We are among the first to exploit five data augmentation approaches including permutation, sampling, scaling, cropping, and jittering to create additional data by applying them on training data. With the augmented data, SensorAuth extracts sensor-based features in both time and frequency domains within a time window, then utilizes the one-class SVM to train the classifier, and finally authenticates users. We evaluate the authentication performance of SensorAuth in terms of the impact of window size, accuracy on each of and combinations of data augmentation approaches, time efficiency, energy consumption, and comparisons with the representative classifiers and with the existing approaches, respectively. The experimental results show that SensorAuth performs highly accurate and time-efficient continuous authentication, by reaching the lowest median equal error rate (EER) of 4.66%, and consuming a short authentication time of approximately 5 seconds.
People prefer to store important, private, and sensitive information on smartphones for convenient storage and fast access, such as photos and emails. To prevent information leakage and smartphone illegal access, we propose a novel sensor-based continuous authentication system, SensorCA, for continuously monitoring users’ behavior patterns, by leveraging the accelerometer, gyroscope, and magnetometer ubiquitously built-in smartphones. We are among the first to exploit the data augmentation approach of the rotation, which creates additional data by applying it on the collected raw data and improves the robustness of the proposed system. With the augmented data, SensorCA extracts sensorbased features in both time and frequency domains within a time window, then utilizes the kernel ridge regression with truncated Gaussian radial basis function kernel (KRR-TRBF) to train the classifier, and finally authenticates the current user as a legitimate user or an impostor. We evaluate the authentication performance of SensorCA in terms of different classifiers including KRR-TRBF, KRR-POLY and SVMRBF, and the data augmentation approach rotation on KRR-TRBF6 and SVM-RBF. The experimental results show that under the KRR-TRBF6 classifier, SensorCA reaches the lowest median equal error rate (EER) of 3.0% with dataset size 8000 and consumes the shortest training time of 0.054 seconds with dataset size 1000.
The increasing use of smartphones as personal computing platforms to access personal information has stressed the demand for secure and usable authentication techniques, and for constantly protecting privacy. Smartphone sensors can measure users’ unique behavioral characteristics when they interact with smartphones, based on different habits, gestures, and angle preferences of touch actions. This paper investigates the reliability and applicability of using motion-sensor behavior for active and continuous smartphone authentication across various operational scenarios, and presents a systematic evaluation of the distinctiveness and permanence properties of the behavior. For each sample of sensor behavior, kinematic information sequences are extracted and analyzed, which are characterized by statistic-, frequency-, and wavelet-domain features, to provide accurate and fine-grained characterization of users’ touch actions. A Markov-based decision procedure, using one-class learning techniques, is developed and applied to the feature space for performing authentication. Analyses are conducted using the sensor data of 520,200 touch actions from 102 subjects across various operational scenarios. Extensive experiments show that motion-sensor behavior exhibits sufficient discriminability and stability for active and continuous authentication, and can achieve a false-rejection rate of 5.03% and a false-acceptance rate of 3.98%. Additional experiments on usability to operation length, sensitivity to application scenario, scalability to user size, contribution to different sensors, and response to behavior change are provided to further explore the effectiveness and applicability. We also implement an authentication system into the Android system that can react to the presence of the legitimate user.