Continuous Authentication Using Smartphone Inertial Sensors and Deep Learning
Abstract
Smartphones are part of our daily lives and can help perform various tasks, from measuring physical activities to banking operations. To ensure the data security of this device, most systems employ static authentication solutions, such as password, pattern, PIN or fingerprint. However, in a scenario where an imposter user has access to the passwords or gains physical access to the unlocked device, all sensitive data ends up being exposed. To deal with this problem, this work proposes a continuous authentication method for mobile devices using data from inertial sensors. The process of identifying the genuine or imposter user is performed through an authentication model defined from a deep network architecture based on convolutional neural networks with recurrent layers. Furthermore, this work employs a trust model to avoid blocking genuine users and prevent an imposter from being undetected for a long time. Tests using data from 30 users show that the proposed model can detect imposter users in up to 61 seconds.
Keywords:
Continuous authentication, Inertial Sensors, Deep Neural Networks, DeepConvLSTM Networks
References
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., & Smith, J. M. (2010). Smudge attacks on smartphone touch screens. In Proceedings of the 4th usenix conference on offensive technologies (p. 1–7). USA: USENIX Association.
Banos, O., Galvez, J.-M., Damas, M., Pomares, H., & Rojas, I. (2014). Window size impact in human activity recognition. Sensors, 14(4), 6474–6499. Retrieved from https://www.mdpi.com/1424-8220/14/4/6474 doi: 10.3390/s140406474
Bhattarai, A., & Siraj, A. (2018). Increasing accuracy of hand-motion based continuous authentication systems. In 2018 9th ieee annual ubiquitous computing, electronics mobile communication conference (uemcon) (p. 70-76). doi: 10.1109/UEMCON.2018.8796725
Bours, P. (2012). Continuous keystroke dynamics: A different perspective towards biometric evaluation. Information Security Technical Report, 17(1), 36-43. Retrieved from [link] (Human Factors and Bio-metrics) doi: https://doi.org/10.1016/j.istr.2012.02.001
Bragança, H. L. d. S., et al. (2019). Reconhecimento de atividades humanas usando medidas estatísticas dos sensores inerciais dos smartphones (mastersthesis). Universidade Federal do Amazonas.
Büch, H. (2019). Continuous Authentication using Inertial-Sensors of Smartphones and Deep Learning (mastersthesis, Hochschule der Medien, Stuttgart). Retrieved from [link]
Centeno, M. P., Moorsel, A. v., & Castruccio, S. (2017). Smartphone continuous authentication using deep learning autoencoders. In 2017 15th annual conference on privacy, security and trust (pst) (p. 147-1478). doi: 10.1109/PST.2017.00026
Centeno, M. P. n., Guan, Y., & van Moorsel, A. (2018). Mobile based continuous authentication using deep features. In Proceedings of the 2nd international workshop on embedded and mobile deep learning (p. 19–24). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3212725.3212732 doi: 10.1145/3212725.3212732
Darabseh, A., & Siami Namin, A. (2015). Keystroke active authentications based on most frequently used words. In Proceedings of the 2015 acm international workshop on international workshop on security and privacy analytics (p. 49–54). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2713579.2713589 doi: 10.1145/2713579.2713589
Dee, T., Richardson, I., & Tyagi, A. (2019). Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In 2019 32nd international conference on vlsi design and 2019 18th international conference on embedded systems (vlsid) (p. 539-540). doi: 10.1109/VLSID.2019.00125
Gao, Z., Diao, W., Huang, Y., Xu, R., Lu, H., & Zhang, J. (2021). Identity authentication based on keystroke dynamics for mobile device users. Pattern Recognition Letters, 148, 61-67. Retrieved from [link] doi: https://doi.org/10.1016/j.patrec.2021.04.019
Javed, A. R., Beg, M. O., Asim, M., Baker, T., & Al-Bayatti, A. H. (2020). Alphalogger: Detecting motion-based side-channel attack using smartphone keystrokes. Journal of Ambient Intelligence and Humanized Computing, 1–14.
Jin, Y., Tomoishi, M., & Matsuura, S. (2017). An in-depth concealed file system with gps authentication adaptable for multiple locations. In 2017 ieee 41st annual computer software and applications conference (compsac) (Vol. 1, p. 608-613). doi: 10.1109/COMPSAC.2017.56
Lee, W.-H., & Lee, R. (2016). Implicit sensor-based authentication of smartphone users with smartwatch. In Proceedings of the hardware and architectural support for security and privacy 2016. New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2948618.2948627 doi: 10.1145/2948618.2948627
Mahbub, U., Patel, V. M., Chandra, D., Barbello, B., & Chellappa, R. (2016). Partialface detection for continuous authentication. In 2016 ieee international conference on image processing (icip) (p. 2991-2995). doi: 10.1109/ICIP.2016.7532908
Mahfouz, A., Mahmoud, T. M., & Eldin, A. S. (2017). A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications, 37, 28-37. Retrieved from [link] doi: https://doi.org/10.1016/j.jisa.2017.10.002
Marques, D., Guerreiro, T., Carriço, L., Beschastnikh, I., & Beznosov, K. (2019). Vulnerability amp; blame: Making sense of unauthorized access to smartphones. In Proceedings of the 2019 chi conference on human factors in computing systems (p. 1–13). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3290605.3300819 doi: 10.1145/3290605.3300819
Mondal, S., & Bours, P. (2015a). A computational approach to the continuous authentication biometric system. Information Sciences, 304, 28-53. Retrieved from https://www.sciencedirect.com/science/article/pii/S0020025514011979 doi: https://doi.org/10.1016/j.ins.2014.12.045
Mondal, S., & Bours, P. (2015b). Swipe gesture based continuous authentication for mobile devices. In 2015 international conference on biometrics (icb) (p. 458-465). doi: 10.1109/ICB.2015.7139110
Muaaz, M., & Mayrhofer, R. (2017). Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing, 16(11), 3209-3221. doi: 10.1109/TMC.2017.2686855
Nguyen, T. V., Sae-Bae, N., & Memon, N. (2017). Draw-a-pin: Authentication using finger-drawn pin on touch devices. Computers Security, 66, 115-128. Retrieved from [link] doi: https://doi.org/10.1016/j.cose.2017.01.008
Ordóñez, F. J., & Roggen, D. (2016). Deep convolutional and lstm recurrent neural networks for multimodal wearable activity recognition. Sensors, 16(1). Retrieved from https://www.mdpi.com/1424-8220/16/1/115 doi: 10.3390/s16010115
Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4), 49-61. doi: 10.1109/MSP.2016.2555335
Santos, G., et al. (2017). Tecnicas para autenticação contínua em dispositivos móveis a partir do modo de caminhar.
Shen, C., Chen, Y., & Guan, X. (2018). Performance evaluation of implicit smartphones authentication via sensor-behavior analysis. Information Sciences, 430-431, 538-553. Retrieved from [link] doi: https://doi.org/10.1016/j.ins.2017.11.058
Sitová, Z., Sedenka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., & Balagani, K. S. (2016). Hmog: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security, 11(5), 877-892. doi: 10.1109/TIFS.2015.2506542
Banos, O., Galvez, J.-M., Damas, M., Pomares, H., & Rojas, I. (2014). Window size impact in human activity recognition. Sensors, 14(4), 6474–6499. Retrieved from https://www.mdpi.com/1424-8220/14/4/6474 doi: 10.3390/s140406474
Bhattarai, A., & Siraj, A. (2018). Increasing accuracy of hand-motion based continuous authentication systems. In 2018 9th ieee annual ubiquitous computing, electronics mobile communication conference (uemcon) (p. 70-76). doi: 10.1109/UEMCON.2018.8796725
Bours, P. (2012). Continuous keystroke dynamics: A different perspective towards biometric evaluation. Information Security Technical Report, 17(1), 36-43. Retrieved from [link] (Human Factors and Bio-metrics) doi: https://doi.org/10.1016/j.istr.2012.02.001
Bragança, H. L. d. S., et al. (2019). Reconhecimento de atividades humanas usando medidas estatísticas dos sensores inerciais dos smartphones (mastersthesis). Universidade Federal do Amazonas.
Büch, H. (2019). Continuous Authentication using Inertial-Sensors of Smartphones and Deep Learning (mastersthesis, Hochschule der Medien, Stuttgart). Retrieved from [link]
Centeno, M. P., Moorsel, A. v., & Castruccio, S. (2017). Smartphone continuous authentication using deep learning autoencoders. In 2017 15th annual conference on privacy, security and trust (pst) (p. 147-1478). doi: 10.1109/PST.2017.00026
Centeno, M. P. n., Guan, Y., & van Moorsel, A. (2018). Mobile based continuous authentication using deep features. In Proceedings of the 2nd international workshop on embedded and mobile deep learning (p. 19–24). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3212725.3212732 doi: 10.1145/3212725.3212732
Darabseh, A., & Siami Namin, A. (2015). Keystroke active authentications based on most frequently used words. In Proceedings of the 2015 acm international workshop on international workshop on security and privacy analytics (p. 49–54). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2713579.2713589 doi: 10.1145/2713579.2713589
Dee, T., Richardson, I., & Tyagi, A. (2019). Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In 2019 32nd international conference on vlsi design and 2019 18th international conference on embedded systems (vlsid) (p. 539-540). doi: 10.1109/VLSID.2019.00125
Gao, Z., Diao, W., Huang, Y., Xu, R., Lu, H., & Zhang, J. (2021). Identity authentication based on keystroke dynamics for mobile device users. Pattern Recognition Letters, 148, 61-67. Retrieved from [link] doi: https://doi.org/10.1016/j.patrec.2021.04.019
Javed, A. R., Beg, M. O., Asim, M., Baker, T., & Al-Bayatti, A. H. (2020). Alphalogger: Detecting motion-based side-channel attack using smartphone keystrokes. Journal of Ambient Intelligence and Humanized Computing, 1–14.
Jin, Y., Tomoishi, M., & Matsuura, S. (2017). An in-depth concealed file system with gps authentication adaptable for multiple locations. In 2017 ieee 41st annual computer software and applications conference (compsac) (Vol. 1, p. 608-613). doi: 10.1109/COMPSAC.2017.56
Lee, W.-H., & Lee, R. (2016). Implicit sensor-based authentication of smartphone users with smartwatch. In Proceedings of the hardware and architectural support for security and privacy 2016. New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2948618.2948627 doi: 10.1145/2948618.2948627
Mahbub, U., Patel, V. M., Chandra, D., Barbello, B., & Chellappa, R. (2016). Partialface detection for continuous authentication. In 2016 ieee international conference on image processing (icip) (p. 2991-2995). doi: 10.1109/ICIP.2016.7532908
Mahfouz, A., Mahmoud, T. M., & Eldin, A. S. (2017). A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications, 37, 28-37. Retrieved from [link] doi: https://doi.org/10.1016/j.jisa.2017.10.002
Marques, D., Guerreiro, T., Carriço, L., Beschastnikh, I., & Beznosov, K. (2019). Vulnerability amp; blame: Making sense of unauthorized access to smartphones. In Proceedings of the 2019 chi conference on human factors in computing systems (p. 1–13). New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3290605.3300819 doi: 10.1145/3290605.3300819
Mondal, S., & Bours, P. (2015a). A computational approach to the continuous authentication biometric system. Information Sciences, 304, 28-53. Retrieved from https://www.sciencedirect.com/science/article/pii/S0020025514011979 doi: https://doi.org/10.1016/j.ins.2014.12.045
Mondal, S., & Bours, P. (2015b). Swipe gesture based continuous authentication for mobile devices. In 2015 international conference on biometrics (icb) (p. 458-465). doi: 10.1109/ICB.2015.7139110
Muaaz, M., & Mayrhofer, R. (2017). Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing, 16(11), 3209-3221. doi: 10.1109/TMC.2017.2686855
Nguyen, T. V., Sae-Bae, N., & Memon, N. (2017). Draw-a-pin: Authentication using finger-drawn pin on touch devices. Computers Security, 66, 115-128. Retrieved from [link] doi: https://doi.org/10.1016/j.cose.2017.01.008
Ordóñez, F. J., & Roggen, D. (2016). Deep convolutional and lstm recurrent neural networks for multimodal wearable activity recognition. Sensors, 16(1). Retrieved from https://www.mdpi.com/1424-8220/16/1/115 doi: 10.3390/s16010115
Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4), 49-61. doi: 10.1109/MSP.2016.2555335
Santos, G., et al. (2017). Tecnicas para autenticação contínua em dispositivos móveis a partir do modo de caminhar.
Shen, C., Chen, Y., & Guan, X. (2018). Performance evaluation of implicit smartphones authentication via sensor-behavior analysis. Information Sciences, 430-431, 538-553. Retrieved from [link] doi: https://doi.org/10.1016/j.ins.2017.11.058
Sitová, Z., Sedenka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., & Balagani, K. S. (2016). Hmog: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security, 11(5), 877-892. doi: 10.1109/TIFS.2015.2506542
Published
2022-09-12
How to Cite
PAZ, Ismael J. V.; BRAGANÇA, Hendrio L. S.; SOUTO, Eduardo.
Continuous Authentication Using Smartphone Inertial Sensors and Deep Learning. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 209-222.
DOI: https://doi.org/10.5753/sbseg.2022.225312.
