The paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process but also, throughout the active user session. The scheme leverages the widely used PIN/password-based authentication technology by giving flexibility to users to enter any random 8-digit alphanumeric text, instead of pre-configured PIN/Passwords. Internally, the scheme exploits two behavioral biometric traits, i.e., touch-timing-differences of the entered strokes and the hand-movement gesture recorded during the random text entry, to authenticate users. And, for the entire user session, the scheme continuously authenticates the user by computing the risk-score every time the user initiates a sensitive activity. If the risk-score is higher than the predefined threshold, the current user session terminates. Afterward, the scheme requests the user to re-authenticate. Thus, our scheme serves three main objectives: Firstly, it offers users the flexibility to enter an 8 − digit random alphanumeric text as their secret enhancing the usability of PIN/password-based schemes. Secondly, it strengthens the security of PIN/password-based schemes as verification decision is not binary, and mimicking the invisible touch-timings and hand-movements simultaneously, could be extremely difficult as our security analysis determined. Lastly, the scheme does not require any dedicated device (e.g., a smart token for OTP generation) for 2-factor authentication. The results obtained on 11,400 user-samples (collected by 3 days in-the-wild testing) and user-experience responses (received from the Software Usability Scale4 survey) of 95 testers demonstrate our scheme as an accurate and acceptable user authentication scheme.

Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme / Buriro, Attaullah; Gupta, Sandeep; Yautsiukhin, Artsiom; Crispo, Bruno. - In: JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL, IMAGE, AND VIDEO TECHNOLOGY. - ISSN 1939-8018. - 93:9(2021), pp. 989-1006. [10.1007/s11265-021-01654-2]

Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme

Buriro, Attaullah;Gupta, Sandeep;Yautsiukhin, Artsiom;Crispo, Bruno
2021-01-01

Abstract

The paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process but also, throughout the active user session. The scheme leverages the widely used PIN/password-based authentication technology by giving flexibility to users to enter any random 8-digit alphanumeric text, instead of pre-configured PIN/Passwords. Internally, the scheme exploits two behavioral biometric traits, i.e., touch-timing-differences of the entered strokes and the hand-movement gesture recorded during the random text entry, to authenticate users. And, for the entire user session, the scheme continuously authenticates the user by computing the risk-score every time the user initiates a sensitive activity. If the risk-score is higher than the predefined threshold, the current user session terminates. Afterward, the scheme requests the user to re-authenticate. Thus, our scheme serves three main objectives: Firstly, it offers users the flexibility to enter an 8 − digit random alphanumeric text as their secret enhancing the usability of PIN/password-based schemes. Secondly, it strengthens the security of PIN/password-based schemes as verification decision is not binary, and mimicking the invisible touch-timings and hand-movements simultaneously, could be extremely difficult as our security analysis determined. Lastly, the scheme does not require any dedicated device (e.g., a smart token for OTP generation) for 2-factor authentication. The results obtained on 11,400 user-samples (collected by 3 days in-the-wild testing) and user-experience responses (received from the Software Usability Scale4 survey) of 95 testers demonstrate our scheme as an accurate and acceptable user authentication scheme.
2021
9
Buriro, Attaullah; Gupta, Sandeep; Yautsiukhin, Artsiom; Crispo, Bruno
Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme / Buriro, Attaullah; Gupta, Sandeep; Yautsiukhin, Artsiom; Crispo, Bruno. - In: JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL, IMAGE, AND VIDEO TECHNOLOGY. - ISSN 1939-8018. - 93:9(2021), pp. 989-1006. [10.1007/s11265-021-01654-2]
File in questo prodotto:
File Dimensione Formato  
2020_Journal_Risk_Driven_One_Shot_Cum_Continuous_Auth__Springer_.pdf

accesso aperto

Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.54 MB
Formato Adobe PDF
1.54 MB Adobe PDF Visualizza/Apri
s11265-021-01654-2 (1).pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.75 MB
Formato Adobe PDF
1.75 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/308776
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 9
  • OpenAlex ND
social impact