Behavioural Authentication Based on Smartphone Protected Personal Communication Data

Smartphones have become ubiquitous in everyday life, storing and generating a huge amount of sensitive personal data which make them vulnerable to increasing security and privacy threats. While protecting smartphones has become a necessity, existing traditional authentication methods, which are mainly PINs and passwords, are facing remarkable drawbacks and behavioural biometrics-based authentication was adopted as the best alternative to ensure better protection. This paper presents a comparative study of many behavioural authentica-tion solutions using smartphone personal communication data. Different approaches are compared such as using Distance Minimization, K-means and Support Vector Machine (SVM) as classification method. The data privacy protection by using the BioHashing algorithm is also considered in the paper. The authentication approaches were tested on a dataset of 93 users with more than 16.000 samples and show promising results with an EER of 10% without any data protection with the One Class SVM method and an EER remarkably lower than 1% for the 3 adopted methods with data privacy protection.

[1]  W. Eric L. Grimson,et al.  Gait analysis for recognition and classification , 2002, Proceedings of Fifth IEEE International Conference on Automatic Face Gesture Recognition.

[2]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[3]  Ian Oakley,et al.  CASA: context-aware scalable authentication , 2013, SOUPS.

[4]  Mohammad Nauman,et al.  Using trusted computing for privacy preserving keystroke-based authentication in smartphones , 2013, Telecommun. Syst..

[5]  Christophe Rosenberger,et al.  An Overview on Privacy Preserving Biometrics , 2011 .

[6]  Christophe Rosenberger,et al.  Evaluation of Biometric Template Protection Schemes based on a Transformation , 2018, ICISSP.

[7]  Richard P. Guidorizzi Security: Active Authentication , 2013, IT Prof..

[8]  Nathan L. Clarke Transparent User Authentication - Biometrics, RFID and Behavioural Profiling , 2011 .

[9]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[10]  Rama Chellappa,et al.  Cancelable Biometrics: A review , 2015, IEEE Signal Processing Magazine.

[11]  Christoph Busch,et al.  On application of bloom filters to iris biometrics , 2014, IET Biom..

[12]  Reihaneh Safavi-Naini,et al.  Privacy-Preserving Implicit Authentication , 2014, IACR Cryptol. ePrint Arch..

[13]  Christophe Rosenberger,et al.  Privacy Preserving Transparent Mobile Authentication , 2017, ICISSP.

[14]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[15]  Gian Luca Foresti,et al.  Biometric Liveness Detection: Challenges and Research Opportunities , 2015, IEEE Security & Privacy.

[16]  Tengyu Ma,et al.  CS229 Lecture notes , 2007 .

[17]  Maria Papadaki,et al.  Active authentication for mobile devices utilising behaviour profiling , 2014, International Journal of Information Security.

[18]  Patrick Bours,et al.  Gait and activity recognition using commercial phones , 2013, Comput. Secur..

[19]  Steven Furnell,et al.  Transparent authentication systems for mobile device security: A review , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[20]  Omer Berkman,et al.  The Unbearable Lightness of PIN Cracking , 2007, Financial Cryptography.

[21]  Steven Furnell,et al.  Text-Based Active Authentication for Mobile Devices , 2014, SEC.

[22]  Helen Marie Wood,et al.  The use of passwords for controlled access to computer resources. , 1977 .

[23]  Zhe Jin,et al.  Ranking-Based Locality Sensitive Hashing-Enabled Cancelable Biometrics: Index-of-Max Hashing , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Sheikh Iqbal Ahamed,et al.  Your Phone Knows You: Almost Transparent Authentication for Smartphones , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[25]  Rama Chellappa,et al.  Sectored Random Projections for Cancelable Iris Biometrics , 2010, 2010 IEEE International Conference on Acoustics, Speech and Signal Processing.

[26]  Sargur N. Srihari,et al.  On-Line and Off-Line Handwriting Recognition: A Comprehensive Survey , 2000, IEEE Trans. Pattern Anal. Mach. Intell..