ABSTRACT
The present study carries out a literature review on the topic of Continuous Authentication (CA) using behavioral biometrics. CA systems have been proposed in order to solve the shortcomings of other user authentication methods. CA processes are considered to raise systems security and reliability, and biometric technologies have increasingly become part of security architectures. Since some of uni-biometrics' vulnerabilities have already been revealed, they have been replaced or enhanced by multi-biometrics where behavioral biometrics are gaining ground as a new way of establishing the identity of a user. We therefore present a collection of selected published sources relevant to this topic accompanied by annotation, critical analysis of contents and, in some cases apposition of the main conclusions of each work. This work can help new researchers, scientists and the industry develop new systems and technologies by providing them a ready to use literature base with theoretical and practical aspects on Continuous Authentication using behavioral biometrics.
- Androulidakis, I., Christou, V., Bardis, N., Stylios, I., (2009): Surveying users' practices regarding mobile phones' security features. Electrical And Computer Engineering Series, Proceedings of the 3rd WSEAS international conference. Google ScholarDigital Library
- Saevanee H., Bhatarakosol, P., (2008). User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device. International Conference on Computer and Electrical Engineering, 2008. Page(s): 82--86. Google ScholarDigital Library
- Stylios, I. C., Chatzis, S., Thanou, O., Kokolakis, S., (2015). Mobile Phones & Behavioral Modalities: Surveying Users' Practices. TELFOR 2015 International IEEE Conference, At SAVA Center, Belgrade, Serbia. DOI: 10.1109/TELFOR.2015.7377614Google Scholar
- Clarke N., L., Furnell, S., M., (2005). Authentication of users on mobile telephones -- A survey of attitudes and practices. Computers & Security 24, 519e527, Elsevier. Google ScholarDigital Library
- Sujithra, M., Padmavathi, G., (2012): A Survey on Mobile Device Threats, Vulnerabilities and their Defensive Mechanism. International Journal of Computer Applications (0975-8887) Volume 56-- No.14.Google Scholar
- Ahern, S., Eckles, D., Good, N.S., King, S., Naaman, M., Nair, R., (2007). Over-exposed?: privacy patterns and considerations in online and mobile photo sharing. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. Pages 357--366. Publisher ACM New York, USA. Google ScholarDigital Library
- Kurkovsky, S., and Syta, E., (2010). Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. 2010 IEEE International Symposium on Technology and Society (ISTAS). Conference Location: Wollongong, NSW. Page(s): 441--449. Print ISBN: 978-1-4244-7777-7.Google ScholarCross Ref
- Chin, E., Porter Felt, A., Sekar, V., Wagner, D., (2012). Measuring user confidence in smartphone security and privacy. Proceedings of the Eighth Symposium on Usable Privacy and Security. Article No. 1. ISBN: 978-1-4503-1532-6NY, Publisher ACM New York, USA. Google ScholarDigital Library
- Keith, M. J., Thompson, S. C., Hale, J., Lowry, P. B., Greer, C., (2013). Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior. International Journal of Human-Computer Studies Volume 71, Issue 12, December 2013, Pages 1163--1173. ELSEVIER. Google ScholarDigital Library
- Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M, (2010). Smudge attacks on smartphone touch screens. Proceedings of the 4th USENIX conference on Offensive technologies. pp. 1--7. USENIX Association. Google ScholarDigital Library
- N.L. Clarke, S.M. Furnell, P.M. Rodwell, P.L. Reynolds, (2002). Acceptance of Subscriber Authentication Methods for Mobile Telephony Devices. Computers & Security Volume 21, Issue 3, 1 June 2002, Pages 220--228. Google ScholarDigital Library
- S. Karatzouni, S. M. Furnell, N. L. Clarke and R. A. Botha, (2007). Perceptions of User Authentication on Mobile Devices. In Proceedings of the 6th Annual ISOnEworld Conference, April 11-13, 2007, Las Vegas, NV.Google Scholar
- Ahmed Awad E. Ahmed, Issa Traore. (2011). Continuous Authentication Using Biometrics: Data, Models and Metrics. Publisher: IGI Global. ISBN: 9781613501290. Release Date: September 2011. Google ScholarDigital Library
- Derawi, M. O., Gafurov, D., Bours, P., (2011). Towards continuous authentication based on gait using wearable motion recording sensors. ResearchGate. Article · January 2011. DOI: 10.4018/978-1-61350-129-0.ch008Google Scholar
- Benabdelkader, C., Cutler, R., Davis L. S. (2002). Person Identification Using Automatic Height and Stride Estimation. IEEE International Conference on Automatic Face and Gesture Recognition - FGR, pp. 372--377, 2002.Google Scholar
- Mantyjarvi, J., Lindholm, M., Vildjiounaite E., Makela, S.-M., Ailisto, H. A. (2005). Identifying users of portable devices from gait pattern with accelerometers. IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005. (Volume:2). Page(s): ii/973--ii/976 Vol. 2.Google ScholarCross Ref
- Gafurov, D., Helkala, K., Søndrol T., (2006). Biometric Gait Authentication Using Accelerometer Sensor, Journal of Computers, Vol 1, No 7 (2006), 51--59, Nov 2006. doi:10.4304/jcp.1.7.51-59.Google ScholarCross Ref
- Derawi, M. O., Nickel, C., Bours, P., and Busch, C., (2010). Unobtrusive User-Authentication on Mobile Phones using Biometric GaitRecognition. Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing. IEEE 2010. Page(s): 306--311. Google ScholarDigital Library
- Kwapisz, J. R., Weiss, G. M., Moore S. A., (2010). Cell phone-based biometric identification. Fourth IEEE International Conference on Biometrics: Theory Applications and Systems (BTAS), 2010. Page(s): 1--7.Google ScholarCross Ref
- Tao Feng, Xi Zhao, Weidong Shi, (2013). Investigating Mobile Device Picking-up motion as a novel biometric modality. IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS), 2013. Page(s): 1--6.Google ScholarCross Ref
- Tao Feng, Ziyi Liu, Kyeong-An Kwon, Weidong Shi, (2012). Continuous mobile authentication using touchscreen gestures. IEEE Conference on Technologies for Homeland Security (HST), 2012. Page(s):451--456.Google ScholarCross Ref
- Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D., (2012). Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication. IEEE Transactions on Information Forensics and Security. 2012. (Volume:8, Issue: 1). Page(s): 136--148. Google ScholarDigital Library
- Lingjun Li, Xinxin Zhao, Guoliang Xue, (2013). Unobservable Re-authentication for Smartphones. Proceedings of the 20th Annual Network & Distributed System Security Symposium, NDSS 2013. Publisher: Internet Society.Google Scholar
- Xi Zhao, Tao Feng, Weidong Shi, (2013). Continuous mobile authentication using a novel Graphic Touch Gesture Feature. 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS). Page(s): 1--6.Google ScholarCross Ref
- Bo, C., Zhang, L., Jung, T., Han, J., Li, X.-Y., Wang, Y. (2014). Continuous user identification via touch and movement behavioral biometrics. Performance Computing and Communications Conference (IPCCC), 2014 IEEE International. pp. 1--8. IEEE (2014).Google ScholarCross Ref
- Xu H, Zhou Y, Lyu MR, (2014). Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones. Symposium On Usable Privacy and Security (SOUPS 2014). USENIX Association. ISBN Number 978-1-931971-13-3.Google Scholar
- Sitová, Z., Šeděnka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., Balagani, K. S., (2015). HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users. IEEE Transactions on Information Forensics and Security (Volume: 11, Issue: 5). Page(s): 877--892. Google ScholarDigital Library
- A. Ross and A.K. Jain, "Information Fusion in Biometrics", Proc. of AVBPA, Halmstad, Sweden, June 2001, pp. 354--359. Google ScholarDigital Library
- Dong-Ju Kim, Kwang-Woo Chung, and Kwang-Seok Hong, "Person authentication using face, teeth and voice modalities for mobile device security," in IEEE Transactions on Consumer Electronics, 2010, pp. 2678--2685. Google ScholarDigital Library
- H. Saevanee, H., Clarke, N.L, and Furnell, S.M., (2011). Multi-Modal Behavioural Biometric Authentication for Mobile Devices. Information Security and Privacy Research. Volume 376 of the series IFIP Advances in Information and Communication Technology pp 465--474.Google Scholar
- Shi, E., Niu, Y., Jakobsson, M., and Chow R., (2011). Implicit Authentication through Learning User Behavior. Information Security, Volume 6531 of the series Lecture Notes in Computer Science pp 99--113. Google ScholarDigital Library
- Riva, O., Qin, C., Strauss, K., Lymberopoulos, D., (2012). Progressive authentication: deciding when to authenticate on mobile phones. Proceedings of the 21st USENIX conference on Security symposium. Pages 15--15. USENIX Association Berkeley, CA, USA ©2012. Google ScholarDigital Library
- Bo, C., Zhang, L., Li, (2013).SilentSense: Silent User Identification via Dynamics of Touch and Movement Behavioral Biometrics. Cornell University Library. (Submitted on 31 Aug 2013). Cite as: arXiv:1309.0073Google Scholar
- Wolff, M., (2013). Behavioral Biometric Identification on Mobile Devices. 7th International Conference, AC 2013, Held as Part of HCI International 2013, Las Vegas, NV, USA, July 21-26, 2013. Pages pp 783--791. DOI 10.1007/978-3-642-39454-6_84.Google Scholar
- Crawford, H., Renaud, K., Storer, T., (2013). A framework for continuous, transparent mobile device authentication. Computers & Security Volume 39, Part B, November 2013, Pages 127--136. ELSEVIER. Google ScholarDigital Library
- Nan Zheng, Kun Bai., Hai Huang, Haining Wang, (2014). You Are How You Touch: User Verification on Smartphones via Tapping Behaviors. 2014 IEEE 22nd International Conference on Network Protocols. Page(s): 221--232. Google ScholarDigital Library
- Seo, H., Kim, E., & Kim, H. K. (2012). A novel biometric identification based on a user's input pattern analysis for intelligent mobile devices. International Journal of Advanced Robotic Systems, 9, {46}. 10.5772/51319.Google Scholar
- De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H., (2012). Touch me once and i know it's you!: implicit authentication based on touch screen patterns. CHI '12 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. Pages 987--996. ACM New York, NY, USA ©2012 Google ScholarDigital Library
- Shen, C.; Yu, T.; Yuan, S.; Li, Y.; Guan, X. (2016). Performance Analysis of Motion-Sensor Behavior for User Authentication on Smartphones. Sensors 2016, 16, 345. doi:10.3390/s16030345Google Scholar
- Brosso, I., La Neve, A., Bressan, G., Ruggiero W. V., (2010). A Continuous Authentication System Based on User Behavior Analysis. ARES '10 International Conference on Availability, Reliability, and Security, 2010. Page(s): 380--385. DOI: 10.1109/ARES.2010.63. Publisher: IEEEGoogle ScholarCross Ref
- Gupta, A., Miettinen, M., Asokan, N., Nagy, M., (2012). Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling. International Conference on and 2012 International Confernece on Social Computing (SocialCom) Privacy, Security, Risk and Trust (PASSAT), 2012.Page(s): 471--480 Google ScholarDigital Library
- Murmuria, R., Medsger, J., Stavrou, A., Voas, J. M., (2012). Mobile Application and Device Power Usage Measurements. Proceedings of the 2012 IEEE Sixth International Conference on Software Security and Reliability. Pages 147--156. IEEE Computer Society Washington, DC, USA ©2012. Google ScholarDigital Library
- Shye, A., Scholbrock, B., Memik, G., (2009). Into the Wild: Studying Real User Activity Patterns to Guide Power Optimizations for Mobile Architectures. In proceedings of the 42nd IEEE/ACM International Symposium on Microarchitecture (MICRO). New York, NY. December 12-16, 2009. Google ScholarDigital Library
- Murmuria, R,. Stavrou, A., Barbara, D., and Fleck D., (2015). Continuous Authentication on Mobile Devices Using Power Consumption, Touch Gestures and Physical Movement of Users. Chapter Research in Attacks, Intrusions, and Defenses. Volume 9404 of the series Lecture Notes in Computer Science pp 405--424 Date: 12 December 2015. Google ScholarDigital Library
- Buriro, A., Crispo, B., Delfrari, F., Wrona, K., (2016). Hold & Sign: A Novel Behavioral Biometrics for Smartphone User Authentication. Conference: Mobile Security Technologies (MoST) 2016 in conjunction with IEEE Security and Privacy (S&P 16).Google Scholar
- Buriro, A., Crispo, B., Delfrari, F., Wrona, K., (2015). ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones. 9th International Conference on Passwords (Passwords15 London). Lecture Notes in Computer Science, Volume 9551. Page(s): 45--61. Publisher: Springer.Google Scholar
Recommendations
Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityIn recent years, behavioral biometrics have become a popular approach to support continuous authentication systems. Most generally, a continuous authentication system can make two types of errors: false rejects and false accepts. Based on this, the most ...
Continuous Authentication Using Behavioral Biometrics
A continuous behaviometric authentication system is tested on 99 users over 10 weeks, focusing on keystroke dynamics, mouse movements, application usage, and the system footprint. In the process, a new trust model was created to enable continuous ...
BioPrivacy: Development of a Keystroke Dynamics Continuous Authentication System
Computer Security. ESORICS 2021 International WorkshopsAbstractSession authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones ...
Comments