Privacy-Enhancing Context Authentication from Location-Sensitive Data

This paper proposes a new privacy-enhancing, context-aware user authentication system, ConSec, which uses a transformation of general location-sensitive data, such as GPS location, barometric altitude and noise levels, collected from the user's device, into a representation based on locality-sensitive hashing (LSH). The resulting hashes provide a dimensionality reduction of the underlying data, which we leverage to model users' behaviour for authentication using machine learning. We present how ConSec supports learning from categorical and numerical data, while addressing a number of on-device and network-based threats. ConSec is implemented subsequently for the Android platform and evaluated using data collected from 35 users, which is followed by a security and privacy analysis. We demonstrate that LSH presents a useful approach for context authentication from location-sensitive data without directly utilising plain measurements.

[1]  Ian Oakley,et al.  CASA: context-aware scalable authentication , 2013, SOUPS.

[2]  Alec Wolman,et al.  Software abstractions for trusted sensors , 2012, MobiSys '12.

[3]  Ahmad-Reza Sadeghi,et al.  ConXsense: automated context classification for context-aware access control , 2013, AsiaCCS.

[4]  Sergei Vassilvitskii,et al.  k-means++: the advantages of careful seeding , 2007, SODA '07.

[5]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[6]  Danna Zhou,et al.  d. , 1934, Microbial pathogenesis.

[7]  Hsing Ping Fu,et al.  Pico: No More Passwords! , 2013 .

[8]  Reihaneh Safavi-Naini,et al.  Reconciling user privacy and implicit authentication for mobile devices , 2015, Comput. Secur..

[9]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[10]  Kiran S. Balagani,et al.  Secure Outsourced Biometric Authentication With Performance Evaluation on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.

[11]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[12]  N. Asokan,et al.  Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[13]  Alexander De Luca,et al.  Is secure and usable smartphone authentication asking too much? , 2015, Computer.

[14]  Kimmo Halunen,et al.  Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics , 2016, NordSec.

[15]  R. Carey Atmospheric Science: An Introductory Survey , 1978 .

[16]  Lujo Bauer,et al.  Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat , 2017, CCS.

[17]  George Danezis,et al.  A study on the value of location privacy , 2006, WPES '06.

[18]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[19]  Christoph Busch,et al.  Context-Aware Mobile Biometric Authentication based on Support Vector Machines , 2013, 2013 Fourth International Conference on Emerging Security Technologies.

[20]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[21]  Konstantinos Markantonakis,et al.  Towards trusted execution of multi-modal continuous authentication schemes , 2017, SAC.

[22]  Josep Domingo-Ferrer,et al.  Flexible and Robust Privacy-Preserving Implicit Authentication , 2015, SEC.

[23]  N. Asokan,et al.  Contextual Proximity Detection in the Face of Context-Manipulating Adversaries , 2015, ArXiv.

[24]  Anind K. Dey,et al.  Location-Based Services for Mobile Telephony: a Study of Users' Privacy Concerns , 2003, INTERACT.

[25]  George Danezis,et al.  How Much Is Location Privacy Worth? , 2005, WEIS.

[26]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[27]  Qi Tian,et al.  Super-Bit Locality-Sensitive Hashing , 2012, NIPS.

[28]  B. Barak Fully Homomorphic Encryption and Post Quantum Cryptography , 2010 .

[29]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[30]  Andrew Fisher Location Privacy: User Behavior in the Field , 2012 .