The paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process but also, throughout the active user session. The scheme leverages the widely used PIN/password-based authentication technology by giving flexibility to users to enter any random 8-digit alphanumeric text, instead of pre-configured PIN/Passwords. Internally, the scheme exploits two behavioral biometric traits, i.e., touch-timing-differences of the entered strokes and the hand-movement gesture recorded during the random text entry, to authenticate users. And, for the entire user session, the scheme continuously authenticates the user by computing the risk-score every time the user initiates a sensitive activity. If the risk-score is higher than the predefined threshold, the current user session terminates. Afterward, the scheme requests the user to re-authenticate. Thus, our scheme serves three main objectives: Firstly, it offers users the flexibility to enter an 8 − digit random alphanumeric text as their secret enhancing the usability of PIN/password-based schemes. Secondly, it strengthens the security of PIN/password-based schemes as verification decision is not binary, and mimicking the invisible touch-timings and hand-movements simultaneously, could be extremely difficult as our security analysis determined. Lastly, the scheme does not require any dedicated device (e.g., a smart token for OTP generation) for 2-factor authentication. The results obtained on 11,400 user-samples (collected by 3 days in-the-wild testing) and user-experience responses (received from the Software Usability Scale4 survey) of 95 testers demonstrate our scheme as an accurate and acceptable user authentication scheme.
Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme / Buriro, A.; Gupta, S.; Yautsiukhin, A.; Crispo, B.. - In: JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL, IMAGE, AND VIDEO TECHNOLOGY. - ISSN 1939-8018. - 2021(2021).
Scheda prodotto non validato
I dati visualizzati non sono stati ancora sottoposti a validazione formale da parte dello Staff di IRIS, ma sono stati ugualmente trasmessi al Sito Docente Cineca (Loginmiur).
|Titolo:||Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme|
|Autori:||Buriro, A.; Gupta, S.; Yautsiukhin, A.; Crispo, B.|
|Titolo del periodico:||JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL, IMAGE, AND VIDEO TECHNOLOGY|
|Anno di pubblicazione:||2021|
|Codice identificativo Scopus:||2-s2.0-85103900296|
|Codice identificativo WOS:||WOS:000637648600002|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.1007/s11265-021-01654-2|
|Citazione:||Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme / Buriro, A.; Gupta, S.; Yautsiukhin, A.; Crispo, B.. - In: JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL, IMAGE, AND VIDEO TECHNOLOGY. - ISSN 1939-8018. - 2021(2021).|
|Appare nelle tipologie:||03.1 Articolo su rivista (Journal article)|