Brian J. Choi
Kun Sun
ABSTRACT
Smartphones are becoming more and more important in our daily life and carrying massive private data. Without a user authentication mechanism, an adversary may easily access all the sensitive information, such as contacts, messages, photos, credit card information and passwords. Therefore, a number of authentication techniques have been proposed and developed for mobile devices. Some of the most commonly used techniques include conventional password based scheme, pattern-based scheme, physiological biometric based techniques, etc. In this paper we focus on designing and developing an authentication scheme utilizing a series of geo-temporal queries for user authentication on smart phones. The basic idea is to use past knowledge on geographic and temporal (or geo-temporal) contextual perspectives to authenticate the user who wants to unlock the smart phone. On Android 4.3, we build a prototype App, which provides user authentication to unlock a Samsung Galaxy S4 smartphone with low power consumption.
- J. Daugman. High confidence visual recognition of persons by a test of statistical independence. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 15(11):1148--1161, 1993. Google Scholar
Digital Library
- R. Dhamija and A. Perrig. Deja Vu: A user study using images for authentication. In Proceedings of the 9th Conference on USENIX Security Symposium - Volume 9, SSYM'00, pages 4--4, 2000. Google ScholarDigital Library
- A. Jain, L. Hong, S. Pankanti, and R. Bolle. An identity-authentication system using fingerprints. Proceedings of the IEEE, 85(9), 1997.Google ScholarCross Ref
- A. K. Jain, R. Bolle, and S. Pankanti, editors. Biometrics: Personal Identification in Networked Society. Kluwer Academic Publishers, 1998. Google ScholarDigital Library
- S. Kurkovsky, T. Carpenter, and C. MacDonald. Experiments with simple iris recognition for mobile phones. In Proceedings of the 2010 Seventh International Conference on Information Technology: New Generations, ITNG '10, pages 1293--1294, 2010. Google ScholarDigital Library
- L. Li, X. Zhao, and G. Xue. Unobservable re-authentication for smartphones. In ISOC Network and Distributed System Security Symposium (NDSS), February 2013.Google Scholar
- M. Nishigaki and M. Koike. A user authentication based on personal history: A user authentication system using e-mail history. Systemics, Cybernetics and Informatics, Vol.5, No. 2, 2006.Google Scholar
- A. Nosseir, R. Connor, and M. Dunlop. Internet authentication based on personal history - a feasibility test. In Proceedings of Customer Focused Mobile Services Workshop at WWW2005, 2005.Google Scholar
- M. Okamoto. Knowledge-based authentication using twitter can we use lunch menus as passwords? International Journal of Network Security & Its Applications, Vol. 5, No. 5, September 2013.Google ScholarCross Ref
- K. N. Stevens, C. Williams, J. Carbonell, and B. Woods. Speaker authentication and identification: a comparison of spectrographic and auditory presentations of speech material. The Journal of the Acoustical Society of America, 44:1596, 1968.Google ScholarCross Ref
- X. Suo, Y. Zhu, and G. Owen. Graphical passwords: a survey. In Computer Security Applications Conference, 21st Annual, 2005. Google ScholarDigital Library
- S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, and S. Ben-David. Biometric authentication on a mobile device: A study of user effort, error and task disruption. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12, pages 159--168, 2012. Google ScholarDigital Library
- Z. Wang, J. Jing, and L. Li. Time evolving graphical password for securing mobile devices. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13, pages 347--352, 2013. Google ScholarDigital Library
- J. Wayman, A. Jain, D. Maltoni, and D. Maio. An introduction to biometric authentication systems. In J. ayman, A. Jain, D. Maltoni, and D. Maio, editors, Biometric Systems, pages 1--20. Springer London, 2005.Google Scholar
- S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon. Authentication using graphical passwords: Effects of tolerance and image choice. In Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS'05, 2005. Google ScholarDigital Library
- J. Zhang, Y. Yan, and M. Lades. Face recognition: eigenface, elastic matching, and neural nets. Proceedings of the IEEE, 85(9):1423--1435, 1997.Google ScholarCross Ref
- Director, Ordnance Survey of Northern Ireland. Making maps compatible with GPS. Government of Ireland 1999.Google Scholar
- F. Bergadano, D. Gunetti, and C. Picardi. User authentication through keystroke dynamics. ACM Transactions on Information and System Security (TISSEC), 5(4):367--397, 2002. Google ScholarDigital Library
- N. Zheng, A. Paloski, and H. Wang. An efficient user verification system via mouse movements. In Proceedings of ACM CCS2012, pages 139--150. ACM, 2011. Google ScholarDigital Library
- D. Gafurov, K. Helkala, and T. Søndrol, Biometric Gait Authentication Using Accelerometer Sensor. Journal of Computers, Vol. 1, No. 7, Oct./Nov. 2006.Google Scholar
- K. Lin, A. Kansal, D. Lymberopoulos, F. Zhao, Energy-accuracy trade-off for continuous mobile device location. Proceedings of the 8th international conference on Mobile systems, applications, and services. Pages 285--298. 2010. Google ScholarDigital Library
Index Terms
- Cloud-based user authentication with geo-temporal queries on smartphones
Recommendations
Remarks on fingerprint-based remote user authentication scheme using smart cards
In 2002, Lee, Ryu, and Yoo proposed a fingerprint-based remote user authentication scheme using smart cards. The scheme makes it possible for authenticating the legitimacy of each login user without any password table. In addition, the authors claimed ...
A hash-based strong-password authentication scheme without using smart cards
So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the ...
A New Dynamic ID-Based User Authentication Scheme Using Mobile Device: Cryptanalysis, the Principles and Design
The remote user authentication scheme is an important security technology, which provides authentication service before a user accesses the service provided by the remote server. In this paper, we analyze the security and design flaws of a recently ...
Comments