Daniel Hintze
Muhammad Muaaz
Rainhard D. Findling
René Mayrhofer
ABSTRACT
Mobile devices, ubiquitous in modern lifestyle, embody and provide convenient access to our digital lives. Being small and mobile, they are easily lost or stole, therefore require strong authentication to mitigate the risk of unauthorized access. Common knowledge-based mechanism like PIN or pattern, however, fail to scale with the high frequency but short duration of device interactions and ever increasing number of mobile devices carried simultaneously. To overcome these limitations, we present CORMORANT, an extensible framework for risk-aware multi-modal biometric authentication across multiple mobile devices that offers increased security and requires less user interaction.
- International Statistics on Crime and Justice. In S. Harrendorf, M. Heiskanen, and S. Malby, editors, European Institute for Crime Prevention and Control. 2010.Google Scholar
- A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith. Smudge Attacks on Smartphone Touch Screens. Proceedings of the 4th USENIX conference on Offensive technologies, pages 1--10, 2010. Google ScholarDigital Library
- K. Z. Bijon, R. Krishnan, and R. Sandhu. A framework for risk-aware role based access control. 2013 IEEE Conference on Communications and Network Security (CNS), pages 462--469, 2013.Google ScholarCross Ref
- F. Bimbot, J.-F. Bonastre, C. Fredouille, G. Gravier, I. Magrin-Chagnolleau, S. Meignier, T. Merlin, J. Ortega-García, D. Petrovska-Delacrétaz, and D. A. Reynolds. A tutorial on text-independent speaker verification. EURASIP J. Appl. Signal Process., 2004:430--451, Jan. 2004. Google ScholarDigital Library
- H. Crawford, K. Renaud, and T. Storer. A framework for continuous, transparent mobile device authentication. Computers and Security, 39:127--136, 2013. Google ScholarDigital Library
- M. O. Derawi. Smartphones and Biometrics: Gait and Activity Recognition. PhD thesis, Gjøvik University College, November 2012.Google Scholar
- N. N. Diep, S. Lee, Y.-K. Lee, and H. Lee. Contextual Risk-Based Access Control. Security and Management, 2007.Google Scholar
- M. Felson and E. Poulsen. Simple indicators of crime by time of day. International Journal of Forecasting, 19:595--601, 2003.Google ScholarCross Ref
- R. D. Findling. Pan shot face unlock: Towards unlocking personal mobile devices using stereo vision and biometric face information from multiple perspectives. Master's thesis, University of Applied Sciences Upper Austria, Hagenberg, Austria, Sept. 2013.Google Scholar
- M. Harbach, E. V. Zezschwitz, A. Fichtner, A. De Luca, and M. Smith. It's a Hard Lock Life: A Field Study of Smartphone (Un) Locking Behavior and Risk Perception. Symposium on Usable Privacy and Security (SOUPS), pages 213--230, 2014.Google Scholar
- E. Hayashi and J. I. Hong. Knock x Knock: The Design and Evaluation of a Unified Authentication Management System. 2015.Google Scholar
- D. Hintze, R. D. Findling, M. Muaaz, E. Koch, and R. Mayrhofer. CORMORANT: Towards Continuous Risk-Aware Multi-Modal Cross-Device Authentication. Proc. UbiComp 2015: Adjunct Publication, 2015. Google ScholarDigital Library
- D. Hintze, R. D. Findling, S. Scholz, and R. Mayrhofer. Mobile Device Usage Characteristics: The Effect of Context and Form Factor on Locked and Unlocked Usage. In Proc. MoMM 2014, 2014. Google ScholarDigital Library
- C. G. Hocking, S. M. Furnell, N. L. Clarke, and P. L. Reynolds. Authentication Aura - A distributed approach to user authentication. Journal of Information Assurance and Security, 6(2):149----156, 2011.Google Scholar
- A. Hurkala and J. Hurkala. Architecture of Context-Risk-Aware Authentication System for Web Environments. ICIEIS'2014, pages 219--228, 2014.Google Scholar
- D. J. Kim, K. W. Chung, and K. S. Hong. Person Authentication using Face, Teeth and Voice Modalities for Mobile Device Security. IEEE Transactions on Consumer Electronics, 56(4):2678--2685, 2010. Google ScholarDigital Library
- T. Kinnunen and H. Li. An overview of text-independent speaker recognition: from features to supervectors. Speech Communication, 52(1), 2010. Google ScholarDigital Library
- J. R. Kwapisz, G. M. Weiss, and S. A. Moore. Cell phone-based biometric identification. In Biometrics: Theory Applications and Systems (BTAS), 2010 Fourth IEEE International Conference on, pages 1--7. IEEE, 2010.Google ScholarCross Ref
- R. Lienhart and J. Maydt. An extended set of haar-like features for rapid object detection. In IEEE International Conference on Image Processing 2002, pages 900--903, 2002.Google ScholarCross Ref
- M. Muaaz and R. Mayrhofer. Orientation Independent Cell Phone Based Gait Authentication. Proc. MoMM 2014, pages 161--164, 2014. Google ScholarDigital Library
- C. Nickel. Accelerometer-based Biometric Gait Recognition for Authentication on Smartphones. PhD thesis, TU Darmstadt, June 2012.Google Scholar
- OSGi Alliance. Listeners Considered Harmful: The "Whiteboard" Pattern. 2004.Google Scholar
- A. Ross and A. K. Jain. Multimodal Biometrics: an Overview. Signal Processing, (September):1221--1224, 2004.Google Scholar
- P. S. Sanjekar and J. B. Patil. An Overview of Multimodal Biometrics. Signal & Image Processing (SIPIJ), 4(1):57--64, 2013.Google Scholar
- F. Stajano. Pico: No more passwords! Lecture Notes in Computer Science, 7114 LNCS:49--81, 2011. Google ScholarDigital Library
- I. Traore, I. Woungang, M. S. Obaidat, Y. Nakkabi, and I. Lai. Combining Mouse and Keystroke Dynamics Biometrics for Risk-Based Authentication in Web Environments. 2012 Fourth International Conference on Digital Home, pages 138--145, 2012. Google ScholarDigital Library
- P. Tresadern, T. F. Cootes, N. Poh, P. Matejka, A. Hadid, C. Lévy, C. McCool, and S. Marcel. Mobile Biometrics: Combined Face and Voice Verification for a Mobile Platform. IEEE Pervasive Computing, 12(01):79--87, 2013. Google ScholarDigital Library
- P. Viola and M. Jones. Rapid object detection using a boosted cascade of simple features. Proceedings of these 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 1:511--518, 2001.Google ScholarCross Ref
- J. Yan, A. Blackwells, R. Anderson, and A. Grant. Password Memorability and Security: Empirical Results. IEEE Security & Privacy, 2(5):25--31, 2004. Google ScholarDigital Library
Index Terms
- Confidence and Risk Estimation Plugins for Multi-Modal Authentication on Mobile Devices using CORMORANT
Recommendations
Cormorant: towards continuous risk-aware multi-modal cross-device authentication
UbiComp/ISWC'15 Adjunct: Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable ComputersNowadays, people own and carry an increasing number of mobile devices, such as smartphones and smartwatches. Since these devices store and provide access to sensitive information, authentication is required to prevent unauthorized access. Widely used ...
Location-based risk assessment for mobile authentication
UbiComp '16: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: AdjunctMobile devices offer access to our digital lives and thus need to be protected against the risk of unauthorized physical access by applying strong authentication, which in turn adversely affects usability. The actual risk, however, depends on dynamic ...
CORMORANT: Ubiquitous Risk-Aware Multi-Modal Biometric Authentication across Mobile Devices
People own and carry an increasing number of ubiquitous mobile devices, such as smartphones, tablets, and notebooks. Being small and mobile, those devices have a high propensity to become lost or stolen. Since mobile devices provide access to their ...
Comments