Enhancing smartphone security with human centric bimodal fallback authentication leveraging sensors.
Authentication
Behavioral bio-metrics
Fallback
Sensors
Journal
Scientific reports
ISSN: 2045-2322
Titre abrégé: Sci Rep
Pays: England
ID NLM: 101563288
Informations de publication
Date de publication:
21 Oct 2024
21 Oct 2024
Historique:
received:
30
05
2024
accepted:
26
09
2024
medline:
22
10
2024
pubmed:
22
10
2024
entrez:
21
10
2024
Statut:
epublish
Résumé
Smartphones store valuable personal information, necessitating robust authentication methods to protect user data. This research proposes a lightweight bi-model fallback authentication technique that combines dynamic security questions and finger pattern recognition using inertial measurement units. The dynamic security questions are generated based on the smartphone's usage behavior, while the owner's finger movements are captured using four different inertial sensors: accelerometer, gyroscope, gravity sensor, and magnetometer. By combining the answers to the questions and the owner's finger movements, the user can be authenticated even if the primary authentication method fails. In this study, data was collected from 24 participants, including 12 primary phone users and 12 close adversaries, over a span of 28 days. The dynamic security questions, derived from call, SMS, battery charging events, application usage, location, and physical activity categories, achieved high accuracy rates, with call, SMS, and application usage surpassing
Identifiants
pubmed: 39433835
doi: 10.1038/s41598-024-74473-7
pii: 10.1038/s41598-024-74473-7
doi:
Types de publication
Journal Article
Langues
eng
Sous-ensembles de citation
IM
Pagination
24730Subventions
Organisme : King Saud University, Riyadh, Saudi Arabia.
ID : RSPD2023R609
Informations de copyright
© 2024. The Author(s).
Références
Hang, A., De Luca, A., Von Zezschwitz, E., Demmler, M. & Hussmann, H. Locked your phone? buy a new one? from tales of fallback authentication on smartphones to actual concepts. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, 295–305 (2015).
Albayram, Y. & Khan, M. M. H. Evaluating smartphone-based dynamic security questions for fallback authentication: a field study. Human-Centric Computing and Information Sciences 6, 1–35 (2016).
doi: 10.1186/s13673-016-0072-3
Hang, A., De Luca, A. & Hussmann, H. I know what you did last week! do you? dynamic security questions for fallback authentication on smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 1383–1392 (2015).
Hang, A., De Luca, A., Smith, M., Richter, M. & Hussmann, H. Where have you been? using [Formula: see text]Location-Based[Formula: see text] security questions for fallback authentication. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), 169–183 (2015).
Bonner, J., O’Hagan, J., Mathis, F., Ferguson, J. & Khamis, M. Using personal data to support authentication: User attitudes and suitability. In 20th International Conference on Mobile and Ubiquitous Multimedia, 35–42 (2021).
Iwasokun, G., Udoh, S. & Akinyokun, O. Multi-modal biometrics: Applications, strategies and operations. Global Journal of Computer Science and Technology (2015).
Krombholz, K., Hupperich, T. & Holz, T. May the force be with you: The future of force-sensitive authentication. IEEE Internet Computing 21, 64–69 (2017).
doi: 10.1109/MIC.2017.78
Schnabel, B. & Behringer, M. Biometric protection for mobile devices is now more reliable: Research award for the development of an infrared led for reliable iris recognition in smartphones and tablets. Optik & Photonik 11, 16–19 (2016).
doi: 10.1002/opph.201600001
Chen, S., Pande, A. & Mohapatra, P. Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services, 109–122 (2014).
Florencio, D. & Herley, C. A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web, 657–666 (2007).
Micallef, N. & Arachchilage, N. A. G. A gamified approach to improve users’ memorability of fall-back authentication. In SOUPS (2017).
Zhao, P. et al. Understanding smartphone sensor and app data for enhancing the security of secret questions. IEEE Transactions on Mobile Computing 16, 552–565 (2016).
doi: 10.1109/TMC.2016.2546245
Zviran, M. & Haga, W. J. User authentication by cognitive passwords: an empirical assessment. In Proceedings of the 5th Jerusalem Conference on Information Technology, 1990.’Next Decade in Information Technology’, 137–144 (IEEE, 1990).
Podd, J., Bunnell, J. & Henderson, R. Cost-effective computer security: Cognitive and associative passwords. In Proceedings Sixth Australian Conference on Computer-Human Interaction, 304–305 (IEEE, 1996).
Micallef, N. & Just, M. Using avatars for improved authentication with challenge questions. In Proc. of the The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011) (2011).
Just, M. & Aspinall, D. Personal choice and challenge questions: a security and usability assessment. In Proceedings of the 5th Symposium on Usable Privacy and Security, 1–11 (2009).
Buriro, A., Crispo, B., Delfrari, F. & Wrona, K. Hold and sign: A novel behavioral biometrics for smartphone user authentication. In 2016 IEEE security and privacy workshops (SPW), 276–285 (IEEE, 2016).
Sitová, Z. et al. Hmog: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security 11, 877–892 (2015).
doi: 10.1109/TIFS.2015.2506542
Espín López, J. M., Huertas Celdrán, A., Marín-Blázquez, J. G., Esquembre, F. & Martínez Pérez, G. S3: An ai-enabled user continuous authentication for smartphones based on sensors, statistics and speaker information. Sensors 21, 3765 (2021).
doi: 10.3390/s21113765
pubmed: 34071655
pmcid: 8199259
Gupta, S., Buriro, A. & Crispo, B. A chimerical dataset combining physiological and behavioral biometric traits for reliable user authentication on smart devices and ecosystems. Data in brief 28, 104924 (2020).
doi: 10.1016/j.dib.2019.104924
pubmed: 31886356
Giorgi, G., Saracino, A. & Martinelli, F. Using recurrent neural networks for continuous authentication through gait analysis. Pattern Recognition Letters 147, 157–163 (2021).
doi: 10.1016/j.patrec.2021.03.010
Alobaidi, H., Clarke, N., Li, F. & Alruban, A. Real-world smartphone-based gait recognition. Computers & Security 113, 102557 (2022).
doi: 10.1016/j.cose.2021.102557
Mekruksavanich, S., Jantawong, P. & Jitpattanakul, A. Enhancement of sensor-based user identification using data augmentation techniques. In 2022 Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT & NCON), 333–337 (IEEE, 2022).
Takahashi, Y., Nakamura, K., Kamiyama, T., Oguchi, M. & Yamaguchi, S. Person identification based on accelerations sensed in smartphones with lstm. Journal of Information Processing 29, 707–716 (2021).
doi: 10.2197/ipsjjip.29.707
Buddhacharya, S. M. & Awale, N. Cnn-based continous authentication of smartphones using mobile sensors. (2022).
Ankalaki, S. & Thippeswamy, M. The customized 1d cnn for sensor-based human activity recognition using various benchmark datasets. Journal of Engineering Science and Technology 17, 2315–2335 (2022).
Batool, S., Hassan, A., Khattak, M. A. K., Shahzad, A. & Farooq, M. U. Iotauth: Iot sensor data analytics for user authentication using discriminative feature analysis. IEEE Access 10, 59115–59124 (2022).
doi: 10.1109/ACCESS.2022.3178635
Humayoun, S. R., Abbas, G. & Al-Tarawneh, R. Touch-behavioral authentication on smartphones using machine learning. In 27th International Conference on Intelligent User Interfaces, 105–108 (2022).
Das, S., Dingman, A. & Camp, L. J. Why johnny doesn’t use two factor a two-phase usability study of the fido u2f security key. In Financial Cryptography and Data Security: 22nd International Conference, FC 2018, Nieuwpoort, Curaçao, February 26–March 2, 2018, Revised Selected Papers 22, 160–179 (Springer, 2018).
Goel, R., Mehmood, I. & Ugail, H. A study of deep learning-based face recognition models for sibling identification. Sensors 21, 5068 (2021).
doi: 10.3390/s21155068
pubmed: 34372306
pmcid: 8347212
Eberz, S., Rasmussen, K. B., Lenders, V. & Martinovic, I. Evaluating behavioral biometrics for continuous authentication: Challenges and metrics. In Proceedings of the 2017 ACM on Asia conference on computer and communications security, 386–399 (2017).
Buriro, A., Crispo, B., Frari, F. D. & Wrona, K. Touchstroke: Smartphone user authentication based on touch-typing biometrics. In International Conference on Image Analysis and Processing, 27–34 (Springer, 2015).
Witten, I. H., Frank, E., Hall, M. A., Pal, C. J. & DATA, M. Practical machine learning tools and techniques. In Data Mining, vol. 2, 4 (2005).