SmartCAMPP - Smartphone-based continuous authentication leveraging motion sensors with privacy preservation

Abstract Continuous Authentication (CA) approaches are attracting attention due to the explosion of available sensors from IoT devices such as smartphones. However, a critical privacy concern arises when CA data is outsourced. Data from motion sensors may reveal users’ private issues. Despite the need for CA in smartphones, no previous work has explored how to tackle this matter leveraging motion sensors in a privacy-preserving way. In this work, a mechanism dubbed SmartCAMPP is proposed to achieve CA based on gyroscope and accelerometer data. Format-preserving encryption techniques are applied to privately outsource them. Our results show the suitability of the proposed scheme, featuring 76.85 % of accuracy while taking 5.12 ms. of computation for authenticating each user. Interestingly, the use of cryptography does not lead to a significant impact as compared to a non-privacy-preserving mechanism.

[1]  Robert Tibshirani,et al.  The Elements of Statistical Learning: Data Mining, Inference, and Prediction, 2nd Edition , 2001, Springer Series in Statistics.

[2]  Davide Carneiro,et al.  Continuous authentication with a focus on explainability , 2021, Neurocomputing.

[3]  Francisco Herrera,et al.  Learning from Imbalanced Data Sets , 2018, Springer International Publishing.

[4]  José María de Fuentes,et al.  Privacy-Preserving Sensor-Based Continuous Authentication and User Profiling: A Review , 2020, Sensors.

[5]  Qing Yang,et al.  HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users , 2015, IEEE Transactions on Information Forensics and Security.

[6]  William J Buchanan,et al.  Lightweight cryptography methods , 2017 .

[7]  Qing Yang,et al.  Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones , 2016, IEEE Transactions on Information Forensics and Security.

[8]  Lior Rokach,et al.  SherLock vs Moriarty: A Smartphone Dataset for Cybersecurity Research , 2016, AISec@CCS.

[9]  Bernhard Jungk,et al.  There Goes Your PIN: Exploiting Smartphone Sensor Fusion Under Single and Cross User Setting , 2018, IACR Cryptol. ePrint Arch..

[10]  Christophe Rosenberger,et al.  Privacy Preserving Transparent Mobile Authentication , 2017, ICISSP.

[11]  Julinda Stefa,et al.  Mind your probes: De-anonymization of large crowds through smartphone WiFi probe requests , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[12]  Jonathan Loo,et al.  Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing , 2018, J. Netw. Comput. Appl..

[13]  Nasser M. Nasrabadi,et al.  Pattern Recognition and Machine Learning , 2006, Technometrics.

[14]  Ruby B. Lee,et al.  Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[15]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[16]  Yufei Chen,et al.  Performance Analysis of Multi-Motion Sensor Behavior for Active Smartphone Authentication , 2018, IEEE Transactions on Information Forensics and Security.

[17]  Jens Lehmann,et al.  How Complex Is Your Classification Problem? , 2018, ACM Comput. Surv..

[18]  Yong Wang,et al.  ISAR Imaging of Rotating Target with Equal Changing Acceleration Based on the Cubic Phase Function , 2008, EURASIP J. Adv. Signal Process..

[19]  Meng Sun,et al.  Decentralized Detection With Robust Information Privacy Protection , 2018, IEEE Transactions on Information Forensics and Security.

[20]  José María de Fuentes,et al.  Leveraging User-related Internet of Things for Continuous Authentication , 2019, ACM Comput. Surv..

[21]  Khelifa Benahmed,et al.  Efficient End-to-End Secure Key Management Protocol for Internet of Things , 2017 .

[22]  Jian Wang,et al.  A Continuous Identity Authentication Scheme Based on Physiological and Behavioral Characteristics , 2018, Sensors.

[23]  Gang Zhou,et al.  Using Data Augmentation in Continuous Authentication on Smartphones , 2019, IEEE Internet of Things Journal.

[24]  Xiaohui Peng,et al.  Deep Learning for Sensor-based Activity Recognition: A Survey , 2017, Pattern Recognit. Lett..

[25]  Waleed Ejaz,et al.  ADLAuth: Passive Authentication Based on Activity of Daily Living Using Heterogeneous Sensing in Smart Cities , 2019, Sensors.

[26]  Xiaohong Guan,et al.  Performance Analysis of Motion-Sensor Behavior for User Authentication on Smartphones , 2016, Sensors.

[27]  Yan Lindsay Sun,et al.  Secure and privacy preserving data processing support for active authentication , 2015, Inf. Syst. Frontiers.

[28]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[29]  Andrew Paverd,et al.  Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries , 2014 .

[30]  Kiran S. Balagani,et al.  Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[31]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[32]  Joachim Vance VAES 3 scheme for FFX An addendum to “ The FFX Mode of Operation for Format-Preserving Encryption ” , 2011 .

[33]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[34]  Reihaneh Safavi-Naini,et al.  Reconciling user privacy and implicit authentication for mobile devices , 2015, Comput. Secur..

[35]  Khelifa Benahmed,et al.  Efficient End-to-End Secure Key Management Protocol for Internet of Things , 2017 .

[36]  Gianni Fenu,et al.  Controlling User Access to Cloud-Connected Mobile Applications by Means of Biometrics , 2018, IEEE Cloud Computing.

[37]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..