An Effective Approach to Continuous User Authentication for Touch Screen Smart Devices

Due to the rapid increase in the use of personal smart devices, more sensitive data is stored and viewed on these smart devices. This trend makes it easier for attackers to access confidential data by physically compromising (including stealing) these smart devices. Currently, most personal smart devices employ one of the one-time user authentication schemes, such as four-to-six digits, fingerprint or pattern-based schemes. These authentication schemes are often not good enough for securing personal smart devices because the attackers can easily extract all the confidential data from the smart device by breaking such schemes, or by keeping the authenticated session open on a physically compromised smart device. In addition, existing re-authentication or continuous authentication techniques for protecting personal smart devices use centralized architecture and require servers at a centralized location to train and update the learning model used for continuous authentication, which impose additional communication overhead. In this paper, an approach is presented to generating and updating the authentication model on the user's smart device with user's gestures, instead of a centralized server. There are two major advantages in this approach. One is that this approach continuously learns and authenticates finger gestures of the user in the background without requiring the user to provide specific gesture inputs. The other major advantage is to have better authentication accuracy by treating uninterrupted user finger gestures over a short time interval as a single gesture for continuous user authentication.

[1]  Matthew Turk,et al.  Continuous Multimodal Authentication Using Dynamic Bayesian Networks , 2006 .

[2]  Vir V. Phoha,et al.  When kids' toys breach mobile phone security , 2013, CCS.

[3]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[4]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[5]  Stephen S. Yau,et al.  A Reference Architecture for Improving Security and Privacy in Internet of Things Applications , 2014, 2014 IEEE International Conference on Mobile Services.

[6]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[7]  Sandeep Kumar,et al.  Continuous Verification Using Multimodal Biometrics , 2007, IEEE Trans. Pattern Anal. Mach. Intell..

[8]  Hao Chen,et al.  Gesture Authentication with Touch Input for Mobile Devices , 2011, MobiSec.

[9]  Sean R Eddy,et al.  What is dynamic programming? , 2004, Nature Biotechnology.

[10]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[11]  R. Bellman,et al.  Dynamic Programming and Markov Processes , 1960 .

[12]  Tetsuo Sawaragi,et al.  Effective Integration of Imitation Learning and Reinforcement Learning by Generating Internal Reward , 2008, 2008 Eighth International Conference on Intelligent Systems Design and Applications.

[13]  Yingke Chen,et al.  Active Learning of Markov Decision Processes for System Verification , 2012, 2012 11th International Conference on Machine Learning and Applications.

[14]  Sandeep Kumar,et al.  Continuous Verification Using Multimodal Biometrics , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[15]  Stephen S. Yau,et al.  An Adaptive Approach to Optimizing Tradeoff Between Service Performance and Security in Service-Based Systems , 2011, Int. J. Web Serv. Res..

[16]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[17]  Stephen S. Yau,et al.  Intelligent Planning for Developing Mobile IoT Applications Using Cloud Systems , 2014, 2014 IEEE International Conference on Mobile Services.

[18]  Martin L. Puterman,et al.  Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994 .