continuous authentication
Know Me by My Pulse: Toward Practical Continuous Authentication on Wearable Devices via Wrist-Worn PPG
Shao, Wei, Liang, Zequan, Zhang, Ruoyu, Fang, Ruijie, Miao, Ning, Kourkchi, Ehsan, Rafatirad, Setareh, Homayoun, Houman, Fang, Chongzhou
Biometric authentication using physiological signals offers a promising path toward secure and user-friendly access control in wearable devices. While electrocardiogram (ECG) signals have shown high discriminability, their intrusive sensing requirements and discontinuous acquisition limit practicality. Photoplethysmography (PPG), on the other hand, enables continuous, non-intrusive authentication with seamless integration into wrist-worn wearable devices. However, most prior work relies on high-frequency PPG (e.g., 75 - 500 Hz) and complex deep models, which incur significant energy and computational overhead, impeding deployment in power-constrained real-world systems. In this paper, we present the first real-world implementation and evaluation of a continuous authentication system on a smartwatch, We-Be Band, using low-frequency (25 Hz) multi-channel PPG signals. Our method employs a Bi-LSTM with attention mechanism to extract identity-specific features from short (4 s) windows of 4-channel PPG. Through extensive evaluations on both public datasets (PTTPPG) and our We-Be Dataset (26 subjects), we demonstrate strong classification performance with an average test accuracy of 88.11%, macro F1-score of 0.88, False Acceptance Rate (FAR) of 0.48%, False Rejection Rate (FRR) of 11.77%, and Equal Error Rate (EER) of 2.76%. Our 25 Hz system reduces sensor power consumption by 53% compared to 512 Hz and 19% compared to 128 Hz setups without compromising performance. We find that sampling at 25 Hz preserves authentication accuracy, whereas performance drops sharply at 20 Hz while offering only trivial additional power savings, underscoring 25 Hz as the practical lower bound. Additionally, we find that models trained exclusively on resting data fail under motion, while activity-diverse training improves robustness across physiological states.
AI-based Identity Fraud Detection: A Systematic Review
Zhang, Chuo Jun, Gill, Asif Q., Liu, Bo, Anwar, Memoona J.
With the rapid development of digital services, a large volume of personally identifiable information (PII) is stored online and is subject to cyberattacks such as Identity fraud. Most recently, the use of Artificial Intelligence (AI) enabled deep fake technologies has significantly increased the complexity of identity fraud. Fraudsters may use these technologies to create highly sophisticated counterfeit personal identification documents, photos and videos. These advancements in the identity fraud landscape pose challenges for identity fraud detection and society at large. There is a pressing need to review and understand identity fraud detection methods, their limitations and potential solutions. This research aims to address this important need by using the well-known systematic literature review method. This paper reviewed a selected set of 43 papers across 4 major academic literature databases. In particular, the review results highlight the two types of identity fraud prevention and detection methods, in-depth and open challenges. The results were also consolidated into a taxonomy of AI-based identity fraud detection and prevention methods including key insights and trends. Overall, this paper provides a foundational knowledge base to researchers and practitioners for further research and development in this important area of digital identity fraud.
From Clicks to Security: Investigating Continuous Authentication via Mouse Dynamics
Dave, Rushit, Handoko, Marcho, Rashid, Ali, Schoenbauer, Cole
In the realm of computer security, the importance of efficient and reliable user authentication methods has become increasingly critical. This paper examines the potential of mouse movement dynamics as a consistent metric for continuous authentication. By analyzing user mouse movement patterns in two contrasting gaming scenarios, "Team Fortress" and Poly Bridge we investigate the distinctive behavioral patterns inherent in high-intensity and low-intensity UI interactions. The study extends beyond conventional methodologies by employing a range of machine learning models. These models are carefully selected to assess their effectiveness in capturing and interpreting the subtleties of user behavior as reflected in their mouse movements. This multifaceted approach allows for a more nuanced and comprehensive understanding of user interaction patterns. Our findings reveal that mouse movement dynamics can serve as a reliable indicator for continuous user authentication. The diverse machine learning models employed in this study demonstrate competent performance in user verification, marking an improvement over previous methods used in this field. This research contributes to the ongoing efforts to enhance computer security and highlights the potential of leveraging user behavior, specifically mouse dynamics, in developing robust authentication systems.
Your device may know you better than you know yourself -- continuous authentication on novel dataset using machine learning
Nascimento, Pedro Gomes do, Witiak, Pidge, MacCallum, Tucker, Winterfeldt, Zachary, Dave, Rushit
This research aims to further understanding in the field of continuous authentication using behavioural biometrics. We are contributing a novel dataset that encompasses the gesture data of 15 users playing Minecraft with a Samsung Tablet, each for a duration of 15 minutes. Utilizing this dataset, we employed machine learning (ML) binary classifiers, being Random Forest (RF), K-Nearest Neighbors (KNN), and Support Vector Classifier (SVC), to determine the authenticity of specific user actions. Our most robust model was SVC, which achieved an average accuracy of approximately 90%, demonstrating that touch dynamics can effectively distinguish users. However, further studies are needed to make it viable option for authentication systems. NTRODUCTION The current authentication methods, which are primarily implemented at entry points, can be problematic in numerous scenarios.
Towards Zero-trust Security for the Metaverse
Cheng, Ruizhi, Chen, Songqing, Han, Bo
By focusing on immersive interaction among users, the burgeoning Metaverse can be viewed as a natural extension of existing social media. Similar to traditional online social networks, there are numerous security and privacy issues in the Metaverse (e.g., attacks on user authentication and impersonation). In this paper, we develop a holistic research agenda for zero-trust user authentication in social virtual reality (VR), an early prototype of the Metaverse. Our proposed research includes four concrete steps: investigating biometrics-based authentication that is suitable for continuously authenticating VR users, leveraging federated learning (FL) for protecting user privacy in biometric data, improving the accuracy of continuous VR authentication with multimodal data, and boosting the usability of zero-trust security with adaptive VR authentication. Our preliminary study demonstrates that conventional FL algorithms are not well suited for biometrics-based authentication of VR users, leading to an accuracy of less than 10%. We discuss the root cause of this problem, the associated open challenges, and several future directions for realizing our research vision.
An Omnidirectional Approach to Touch-based Continuous Authentication
Aaby, Peter, Giuffrida, Mario Valerio, Buchanan, William J, Tan, Zhiyuan
This paper focuses on how touch interactions on smartphones can provide a continuous user authentication service through behaviour captured by a touchscreen. While efforts are made to advance touch-based behavioural authentication, researchers often focus on gathering data, tuning classifiers, and enhancing performance by evaluating touch interactions in a sequence rather than independently. However, such systems only work by providing data representing distinct behavioural traits. The typical approach separates behaviour into touch directions and creates multiple user profiles. This work presents an omnidirectional approach which outperforms the traditional method independent of the touch direction - depending on optimal behavioural features and a balanced training set. Thus, we evaluate five behavioural feature sets using the conventional approach against our direction-agnostic method while testing several classifiers, including an Extra-Tree and Gradient Boosting Classifier, which is often overlooked. Results show that in comparison with the traditional, an Extra-Trees classifier and the proposed approach are superior when combining strokes. However, the performance depends on the applied feature set. We find that the TouchAlytics feature set outperforms others when using our approach when combining three or more strokes. Finally, we highlight the importance of reporting the mean area under the curve and equal error rate for single-stroke performance and varying the sequence of strokes separately. Keywords: Behavioural Biometric; Continuous Authentication; Touch Biometric; Smartphone Security; Model Selection 1. Introduction In 2007, Apple caused a paradigm shift by releasing its first smartphone with a touch screen. Since then, smartphones have become ubiquitous, with an 81% penetration rate in the US [1].
Warmup and Transfer Knowledge-Based Federated Learning Approach for IoT Continuous Authentication
Wazzeh, Mohamad, Ould-Slimane, Hakima, Talhi, Chamseddine, Mourad, Azzam, Guizani, Mohsen
Continuous behavioural authentication methods add a unique layer of security by allowing individuals to verify their unique identity when accessing a device. Maintaining session authenticity is now feasible by monitoring users' behaviour while interacting with a mobile or Internet of Things (IoT) device, making credential theft and session hijacking ineffective. Such a technique is made possible by integrating the power of artificial intelligence and Machine Learning (ML). Most of the literature focuses on training machine learning for the user by transmitting their data to an external server, subject to private user data exposure to threats. In this paper, we propose a novel Federated Learning (FL) approach that protects the anonymity of user data and maintains the security of his data. We present a warmup approach that provides a significant accuracy increase. In addition, we leverage the transfer learning technique based on feature extraction to boost the models' performance. Our extensive experiments based on four datasets: MNIST, FEMNIST, CIFAR-10 and UMDAA-02-FD, show a significant increase in user authentication accuracy while maintaining user privacy and data security.
Continuous Authentication Using Mouse Movements, Machine Learning, and Minecraft
Siddiqui, Nyle, Dave, Rushit, Seliya, Naeem
Mouse dynamics has grown in popularity as a novel irreproducible behavioral biometric. Datasets which contain general unrestricted mouse movements from users are sparse in the current literature. The Balabit mouse dynamics dataset produced in 2016 was made for a data science competition and despite some of its shortcomings, is considered to be the first publicly available mouse dynamics dataset. Collecting mouse movements in a dull administrative manner as Balabit does may unintentionally homogenize data and is also not representative of realworld application scenarios. This paper presents a novel mouse dynamics dataset that has been collected while 10 users play the video game Minecraft on a desktop computer. Binary Random Forest (RF) classifiers are created for each user to detect differences between a specific users movements and an imposters movements. Two evaluation scenarios are proposed to evaluate the performance of these classifiers; one scenario outperformed previous works in all evaluation metrics, reaching average accuracy rates of 92%, while the other scenario successfully reported reduced instances of false authentications of imposters.
3 Ways That AI Can Help Users Avoid Weak Passwords
The scientists from Stevens will be giving a talk on the AI program's latest password-cracking developments at the 42nd IEEE Symposium on Security and Privacy in 2021. "Since 2017, we have improved PassGAN, and now it uses a form of reinforcement learning very similar to how AlphaZero has learned how to play chess," says Giuseppe Ateniese, the department chair of the Schaefer School of Engineering & Science at Stevens who co-authored the original paper on PassGAN. READ MORE: Three ways artificial intelligence can improve campus cybersecurity. The talk will expand on how deep learning models allow researchers to gain and interpret important intelligence -- such as semantic similarities between user passwords -- from large password data sets. "In our work, we show that these neural representations capture many properties of password distributions and enable new password guessing techniques," the study's leading researcher, Dario Pasquini, says in a preview of the upcoming IEEE talk.
BlackBerry CTO: 'More Security, Less Friction Is The Dream' - SDxCentral
BlackBerry CTO Charles Eagan says no security passwords is the dream. This may sound strange coming from a technologist whose company has invested billions in security and recently opened a new lab and business unit focused solely on research and development in the cybersecurity space. But he makes a compelling argument. "Passwords are painful and not that effective, and multi-factor authentication just makes it more complicated to compromise," Eagan told SDxCentral. "People do things to avoid having to remember passwords, or they take shortcuts. Our real vision is: we want more security with less friction. We would love it if you never had to use a password, and you had more security at the same time."