Autenticação Contínua Usando Sensores Inerciais dos Smartphones e Aprendizagem Profunda
Resumo
Muitos usuários têm optado pelo uso de dispositivos móveis como smartphones para a realização de tarefas do dia a dia. Para garantir a segurança desses dados, a maioria dos sistemas emprega soluções de autenticação estática, tais como senha, padrão em grade, chave de segurança ou sensor de impressão digital. Entretanto, em um cenário onde um usuário impostor tem acesso às senhas ou obtém acesso físico ao dispositivo desbloqueado, todos os dados acabam sendo expostos. Para lidar com esse problema, este trabalho propõe o desenvolvimento de um método de autenticação contínua para dispositivos móveis utilizando os dados de sensores inerciais. O processo de identificação do usuário genuíno ou impostor é realizado por meio de um modelo de autenticação definido a partir de uma arquitetura de rede profunda baseada em redes neurais convolucionais com camadas recorrentes. Além disso, este trabalho emprega um modelo de confiança visando evitar o bloqueio de usuários genuínos e impedir que um impostor fique muito tempo agindo sem ser detectado. Testes utilizando dados de 30 usuários mostram que o modelo proposto consegue detectar os usuários impostores em até 61 segundos.
Palavras-chave:
Autenticação contínua, Sensores Inerciais, Redes Neurais Profundas, Redes DeepConvLSTM
Referências
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., & Smith, J. M. (2010). Smudge attacks on smartphone touch screens. In Proceedings of the 4th usenix conference on offensive technologies (p. 1–7). USA: USENIX Association.
Banos, O., Galvez, J.-M., Damas, M., Pomares, H., & Rojas, I. (2014). Window size impact in human activity recognition. Sensors, 14(4), 6474–6499. Retrieved from https://www.mdpi.com/1424-8220/14/4/6474 doi: 10.3390/s140406474
Bhattarai, A., & Siraj, A. (2018). Increasing accuracy of hand-motion based continuous authentication systems. In 2018 9th ieee annual ubiquitous computing, electronics mobile communication conference (uemcon) (p. 70-76). doi: 10.1109/UEMCON.2018.8796725
Bours, P. (2012). Continuous keystroke dynamics: A different perspective towards biometric evaluation. Information Security Technical Report, 17(1), 36-43. Retrieved from [link] (Human Factors and Bio-metrics) doi: https://doi.org/10.1016/j.istr.2012.02.001
Bragança, H. L. d. S., et al. (2019). Reconhecimento de atividades humanas usando medidas estatísticas dos sensores inerciais dos smartphones (mastersthesis). Universidade Federal do Amazonas.
Büch, H. (2019). Continuous Authentication using Inertial-Sensors of Smartphones and Deep Learning (mastersthesis, Hochschule der Medien, Stuttgart). Retrieved from [link]
Centeno, M. P., Moorsel, A. v., & Castruccio, S. (2017). Smartphone continuous authentication using deep learning autoencoders. In 2017 15th annual conference on privacy, security and trust (pst) (p. 147-1478). doi: 10.1109/PST.2017.00026
Centeno, M. P. n., Guan, Y., & van Moorsel, A. (2018). Mobile based continuous authentication using deep features. In Proceedings of the 2nd international workshop on embedded and mobile deep learning (p. 19–24). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3212725.3212732 doi: 10.1145/3212725.3212732
Darabseh, A., & Siami Namin, A. (2015). Keystroke active authentications based on most frequently used words. In Proceedings of the 2015 acm international workshop on international workshop on security and privacy analytics (p. 49–54). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2713579.2713589 doi: 10.1145/2713579.2713589
Dee, T., Richardson, I., & Tyagi, A. (2019). Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In 2019 32nd international conference on vlsi design and 2019 18th international conference on embedded systems (vlsid) (p. 539-540). doi: 10.1109/VLSID.2019.00125
Gao, Z., Diao, W., Huang, Y., Xu, R., Lu, H., & Zhang, J. (2021). Identity authentication based on keystroke dynamics for mobile device users. Pattern Recognition Letters, 148, 61-67. Retrieved from [link] doi: https://doi.org/10.1016/j.patrec.2021.04.019
Javed, A. R., Beg, M. O., Asim, M., Baker, T., & Al-Bayatti, A. H. (2020). Alphalogger: Detecting motion-based side-channel attack using smartphone keystrokes. Journal of Ambient Intelligence and Humanized Computing, 1–14.
Jin, Y., Tomoishi, M., & Matsuura, S. (2017). An in-depth concealed file system with gps authentication adaptable for multiple locations. In 2017 ieee 41st annual computer software and applications conference (compsac) (Vol. 1, p. 608-613). doi: 10.1109/COMPSAC.2017.56
Lee, W.-H., & Lee, R. (2016). Implicit sensor-based authentication of smartphone users with smartwatch. In Proceedings of the hardware and architectural support for security and privacy 2016. New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2948618.2948627 doi: 10.1145/2948618.2948627
Mahbub, U., Patel, V. M., Chandra, D., Barbello, B., & Chellappa, R. (2016). Partialface detection for continuous authentication. In 2016 ieee international conference on image processing (icip) (p. 2991-2995). doi: 10.1109/ICIP.2016.7532908
Mahfouz, A., Mahmoud, T. M., & Eldin, A. S. (2017). A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications, 37, 28-37. Retrieved from [link] doi: https://doi.org/10.1016/j.jisa.2017.10.002
Marques, D., Guerreiro, T., Carriço, L., Beschastnikh, I., & Beznosov, K. (2019). Vulnerability amp; blame: Making sense of unauthorized access to smartphones. In Proceedings of the 2019 chi conference on human factors in computing systems (p. 1–13). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3290605.3300819 doi: 10.1145/3290605.3300819
Mondal, S., & Bours, P. (2015a). A computational approach to the continuous authentication biometric system. Information Sciences, 304, 28-53. Retrieved from https://www.sciencedirect.com/science/article/pii/S0020025514011979 doi: https://doi.org/10.1016/j.ins.2014.12.045
Mondal, S., & Bours, P. (2015b). Swipe gesture based continuous authentication for mobile devices. In 2015 international conference on biometrics (icb) (p. 458-465). doi: 10.1109/ICB.2015.7139110
Muaaz, M., & Mayrhofer, R. (2017). Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing, 16(11), 3209-3221. doi: 10.1109/TMC.2017.2686855
Nguyen, T. V., Sae-Bae, N., & Memon, N. (2017). Draw-a-pin: Authentication using finger-drawn pin on touch devices. Computers Security, 66, 115-128. Retrieved from [link] doi: https://doi.org/10.1016/j.cose.2017.01.008
Ordóñez, F. J., & Roggen, D. (2016). Deep convolutional and lstm recurrent neural networks for multimodal wearable activity recognition. Sensors, 16(1). Retrieved from https://www.mdpi.com/1424-8220/16/1/115 doi: 10.3390/s16010115
Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4), 49-61. doi: 10.1109/MSP.2016.2555335
Santos, G., et al. (2017). Tecnicas para autenticação contínua em dispositivos móveis a partir do modo de caminhar.
Shen, C., Chen, Y., & Guan, X. (2018). Performance evaluation of implicit smartphones authentication via sensor-behavior analysis. Information Sciences, 430-431, 538-553. Retrieved from [link] doi: https://doi.org/10.1016/j.ins.2017.11.058
Sitová, Z., Sedenka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., & Balagani, K. S. (2016). Hmog: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security, 11(5), 877-892. doi: 10.1109/TIFS.2015.2506542
Banos, O., Galvez, J.-M., Damas, M., Pomares, H., & Rojas, I. (2014). Window size impact in human activity recognition. Sensors, 14(4), 6474–6499. Retrieved from https://www.mdpi.com/1424-8220/14/4/6474 doi: 10.3390/s140406474
Bhattarai, A., & Siraj, A. (2018). Increasing accuracy of hand-motion based continuous authentication systems. In 2018 9th ieee annual ubiquitous computing, electronics mobile communication conference (uemcon) (p. 70-76). doi: 10.1109/UEMCON.2018.8796725
Bours, P. (2012). Continuous keystroke dynamics: A different perspective towards biometric evaluation. Information Security Technical Report, 17(1), 36-43. Retrieved from [link] (Human Factors and Bio-metrics) doi: https://doi.org/10.1016/j.istr.2012.02.001
Bragança, H. L. d. S., et al. (2019). Reconhecimento de atividades humanas usando medidas estatísticas dos sensores inerciais dos smartphones (mastersthesis). Universidade Federal do Amazonas.
Büch, H. (2019). Continuous Authentication using Inertial-Sensors of Smartphones and Deep Learning (mastersthesis, Hochschule der Medien, Stuttgart). Retrieved from [link]
Centeno, M. P., Moorsel, A. v., & Castruccio, S. (2017). Smartphone continuous authentication using deep learning autoencoders. In 2017 15th annual conference on privacy, security and trust (pst) (p. 147-1478). doi: 10.1109/PST.2017.00026
Centeno, M. P. n., Guan, Y., & van Moorsel, A. (2018). Mobile based continuous authentication using deep features. In Proceedings of the 2nd international workshop on embedded and mobile deep learning (p. 19–24). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3212725.3212732 doi: 10.1145/3212725.3212732
Darabseh, A., & Siami Namin, A. (2015). Keystroke active authentications based on most frequently used words. In Proceedings of the 2015 acm international workshop on international workshop on security and privacy analytics (p. 49–54). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2713579.2713589 doi: 10.1145/2713579.2713589
Dee, T., Richardson, I., & Tyagi, A. (2019). Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In 2019 32nd international conference on vlsi design and 2019 18th international conference on embedded systems (vlsid) (p. 539-540). doi: 10.1109/VLSID.2019.00125
Gao, Z., Diao, W., Huang, Y., Xu, R., Lu, H., & Zhang, J. (2021). Identity authentication based on keystroke dynamics for mobile device users. Pattern Recognition Letters, 148, 61-67. Retrieved from [link] doi: https://doi.org/10.1016/j.patrec.2021.04.019
Javed, A. R., Beg, M. O., Asim, M., Baker, T., & Al-Bayatti, A. H. (2020). Alphalogger: Detecting motion-based side-channel attack using smartphone keystrokes. Journal of Ambient Intelligence and Humanized Computing, 1–14.
Jin, Y., Tomoishi, M., & Matsuura, S. (2017). An in-depth concealed file system with gps authentication adaptable for multiple locations. In 2017 ieee 41st annual computer software and applications conference (compsac) (Vol. 1, p. 608-613). doi: 10.1109/COMPSAC.2017.56
Lee, W.-H., & Lee, R. (2016). Implicit sensor-based authentication of smartphone users with smartwatch. In Proceedings of the hardware and architectural support for security and privacy 2016. New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2948618.2948627 doi: 10.1145/2948618.2948627
Mahbub, U., Patel, V. M., Chandra, D., Barbello, B., & Chellappa, R. (2016). Partialface detection for continuous authentication. In 2016 ieee international conference on image processing (icip) (p. 2991-2995). doi: 10.1109/ICIP.2016.7532908
Mahfouz, A., Mahmoud, T. M., & Eldin, A. S. (2017). A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications, 37, 28-37. Retrieved from [link] doi: https://doi.org/10.1016/j.jisa.2017.10.002
Marques, D., Guerreiro, T., Carriço, L., Beschastnikh, I., & Beznosov, K. (2019). Vulnerability amp; blame: Making sense of unauthorized access to smartphones. In Proceedings of the 2019 chi conference on human factors in computing systems (p. 1–13). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3290605.3300819 doi: 10.1145/3290605.3300819
Mondal, S., & Bours, P. (2015a). A computational approach to the continuous authentication biometric system. Information Sciences, 304, 28-53. Retrieved from https://www.sciencedirect.com/science/article/pii/S0020025514011979 doi: https://doi.org/10.1016/j.ins.2014.12.045
Mondal, S., & Bours, P. (2015b). Swipe gesture based continuous authentication for mobile devices. In 2015 international conference on biometrics (icb) (p. 458-465). doi: 10.1109/ICB.2015.7139110
Muaaz, M., & Mayrhofer, R. (2017). Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing, 16(11), 3209-3221. doi: 10.1109/TMC.2017.2686855
Nguyen, T. V., Sae-Bae, N., & Memon, N. (2017). Draw-a-pin: Authentication using finger-drawn pin on touch devices. Computers Security, 66, 115-128. Retrieved from [link] doi: https://doi.org/10.1016/j.cose.2017.01.008
Ordóñez, F. J., & Roggen, D. (2016). Deep convolutional and lstm recurrent neural networks for multimodal wearable activity recognition. Sensors, 16(1). Retrieved from https://www.mdpi.com/1424-8220/16/1/115 doi: 10.3390/s16010115
Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4), 49-61. doi: 10.1109/MSP.2016.2555335
Santos, G., et al. (2017). Tecnicas para autenticação contínua em dispositivos móveis a partir do modo de caminhar.
Shen, C., Chen, Y., & Guan, X. (2018). Performance evaluation of implicit smartphones authentication via sensor-behavior analysis. Information Sciences, 430-431, 538-553. Retrieved from [link] doi: https://doi.org/10.1016/j.ins.2017.11.058
Sitová, Z., Sedenka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., & Balagani, K. S. (2016). Hmog: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security, 11(5), 877-892. doi: 10.1109/TIFS.2015.2506542
Publicado
12/09/2022
Como Citar
PAZ, Ismael J. V.; BRAGANÇA, Hendrio L. S.; SOUTO, Eduardo.
Autenticação Contínua Usando Sensores Inerciais dos Smartphones e Aprendizagem Profunda. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 209-222.
DOI: https://doi.org/10.5753/sbseg.2022.225312.
