Implicit authentication

Last updated

Implicit authentication (IA) is a technique that allows the smart device to recognize its owner by being acquainted with his/her behaviors. It is a technique that uses machine learning algorithms to learn user behavior through various sensors on the smart devices and achieve user identification. [1] [2] Most of the current authentication techniques, e.g., password, pattern lock, finger print and iris recognition, are explicit authentication which require user input. Comparing with explicit authentication, IA is transparent to users during the usage, and it significantly increases the usability by reducing time users spending on login, in which users find it more annoying than lack of cellular coverage. [3]

Contents

Model

In Implicit authentication (IA), user behaviors (raw) data are captured by various sensors embedded in the smart device, and stored in the database preparing for further processing. After filtering out noise and selecting suitable features, the data will be sent to machine learning tool(s) which will train and return a fine-tuned model back to smart device. The smart device then uses the model as signature to identify the current user. Due to the battery and computation limitation of smart device, the training phase, in which most of the computations are carried out, is usually implemented in the remote server. [4] Some lightweight algorithms, e.g., Kl divergence, are implemented in the local device as parts of real-time authentication units which control lock mechanism of the device.

The developing of IA model largely depends on the operating systems, which usually adopt Android and iOS, and there are two different approaches to establish IA model, which are device-centric and application-centric. [5] Device-centric approaches, as the traditional way to establish IA model, leverage most of the information gathered by operating system from various sensors, and IA model is directly running above the operating system. Application-centric approaches however achieve IA through establishing individual framework in each app, which executes independently in the sandbox, and it preserves the intrinsic structure of operating system, while simplifies IA developing.

History

In 1977, Helen M. Wood [6] indicated that there were two types of bio-metric authentication approaches - physiological and behavioral bio-metrics. The second approach related to user's gait, location information and keystroke patterns. The utilization of the bio-metrics for user authentication had been developed in the field such as: location-based access control, [7] [8] notably keystroke dynamics and typing pattern. [9] In 2010, Shi et al. had migrated bio-metrics authentication approach to mobile device which contained many sensors, and significantly increased the accuracy of the authentication, and they called the new approach "implicit authentication". [10] Due to the fast growth of smart technology, smart device became more and more sophisticated with computational power grew in each year, and it provided the foundation for IA to achieve high accurate and user-friendly authentication. The current IA approaches mainly focused on touch sensor, GPS and accelerometer, and the corresponding techniques were SVM, kNN, GMM and topic model.

Related Research Articles

<span class="mw-page-title-main">Keystroke logging</span> Action of recording the keys struck on a keyboard

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Context awareness refers, in information and communication technologies, to a capability to take into account the situation of entities, which may be users or devices, but are not limited to those. Location is only the most obvious element of this situation. Narrowly defined for mobile devices, context awareness does thus generalize location awareness. Whereas location may determine how certain processes around a contributing device operate, context may be applied more flexibly with mobile users, especially with users of smart phones. Context awareness originated as a term from ubiquitous computing or as so-called pervasive computing which sought to deal with linking changes in the environment with computer systems, which are otherwise static. The term has also been applied to business theory in relation to contextual application design and business process management issues.

A recommender system, or a recommendation system, is a subclass of information filtering system that provide suggestions for items that are most pertinent to a particular user. Typically, the suggestions refer to various decision-making processes, such as what product to purchase, what music to listen to, or what online news to read. Recommender systems are particularly useful when an individual needs to choose an item from a potentially overwhelming number of items that a service may offer.

<span class="mw-page-title-main">Typing</span> Text input method

Typing is the process of writing or inputting text by pressing keys on a typewriter, computer keyboard, mobile phone, or calculator. It can be distinguished from other means of text input, such as handwriting and speech recognition. Text can be in the form of letters, numbers and other symbols. The world's first typist was Lillian Sholes from Wisconsin in the United States, the daughter of Christopher Sholes, who invented the first practical typewriter.

Wireless sensor networks (WSNs) refer to networks of spatially dispersed and dedicated sensors that monitor and record the physical conditions of the environment and forward the collected data to a central location. WSNs can measure environmental conditions such as temperature, sound, pollution levels, humidity and wind.

GOMS is a specialized human information processor model for human-computer interaction observation that describes a user's cognitive structure on four components. In the book The Psychology of Human Computer Interaction. written in 1983 by Stuart K. Card, Thomas P. Moran and Allen Newell, the authors introduce: "a set of Goals, a set of Operators, a set of Methods for achieving the goals, and a set of Selections rules for choosing among competing methods for goals." GOMS is a widely used method by usability specialists for computer system designers because it produces quantitative and qualitative predictions of how people will use a proposed system.

<span class="mw-page-title-main">Gesture recognition</span> Topic in computer science and language technology

Gesture recognition is a topic in computer science and language technology with the goal of interpreting human gestures via mathematical algorithms. It is a subdiscipline of computer vision. Gestures can originate from any bodily motion or state, but commonly originate from the face or hand. Focuses in the field include emotion recognition from face and hand gesture recognition since they are all expressions. Users can make simple gestures to control or interact with devices without physically touching them. Many approaches have been made using cameras and computer vision algorithms to interpret sign language, however, the identification and recognition of posture, gait, proxemics, and human behaviors is also the subject of gesture recognition techniques. Gesture recognition can be seen as a way for computers to begin to understand human body language, thus building a better bridge between machines and humans than older text user interfaces or even GUIs, which still limit the majority of input to keyboard and mouse and interact naturally without any mechanical devices.

In human–computer interaction, the keystroke-level model (KLM) predicts how long it will take an expert user to accomplish a routine task without errors using an interactive computer system. It was proposed by Stuart K. Card, Thomas P. Moran and Allen Newell in 1980 in the Communications of the ACM and published in their book The Psychology of Human-Computer Interaction in 1983, which is considered as a classic in the HCI field. The foundations were laid in 1974, when Card and Moran joined the Palo Alto Research Center (PARC) and created a group named Applied Information-Processing Psychology Project (AIP) with Newell as a consultant aiming to create an applied psychology of human-computer interaction. The keystroke-level model is still relevant today, which is shown by the recent research about mobile phones and touchscreens.

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as eavesdropping.

Keystroke dynamics, keystroke biometrics, typing dynamics andtyping biometrics refer to the detailed timing information that describes each key press related event that occurs when a user is typing on a keyboard.

End-user development (EUD) or end-user programming (EUP) refers to activities and tools that allow end-users – people who are not professional software developers – to program computers. People who are not professional developers can use EUD tools to create or modify software artifacts and complex data objects without significant knowledge of a programming language. In 2005 it was estimated that by 2012 there would be more than 55 million end-user developers in the United States, compared with fewer than 3 million professional programmers. Various EUD approaches exist, and it is an active research topic within the field of computer science and human-computer interaction. Examples include natural language programming, spreadsheets, scripting languages, visual programming, trigger-action programming and programming by example.

Collaborative search engines (CSE) are Web search engines and enterprise searches within company intranets that let users combine their efforts in information retrieval (IR) activities, share information resources collaboratively using knowledge tags, and allow experts to guide less experienced people through their searches. Collaboration partners do so by providing query terms, collective tagging, adding comments or opinions, rating search results, and links clicked of former (successful) IR activities to users having the same or a related information need.

Urban computing is an interdisciplinary field which pertains to the study and application of computing technology in urban areas. This involves the application of wireless networks, sensors, computational power, and data to improve the quality of densely populated areas. Urban computing is the technological framework for smart cities.

Mouse tracking is the use of software to collect users' mouse cursor positions on the computer. This goal is to automatically gather richer information about what people are doing, typically to improve the design of an interface. Often this is done on the Web and can supplement eye tracking in some situations.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

<span class="mw-page-title-main">Transition (computer science)</span>

Transition refers to a computer science paradigm in the context of communication systems which describes the change of communication mechanisms, i.e., functions of a communication system, in particular, service and protocol components. In a transition, communication mechanisms within a system are replaced by functionally comparable mechanisms with the aim to ensure the highest possible quality, e.g., as captured by the quality of service.

<span class="mw-page-title-main">Subsea Internet of Things</span>

Subsea Internet of Things (SIoT) is a network of smart, wireless sensors and smart devices configured to provide actionable operational intelligence such as performance, condition and diagnostic information. It is coined from the term The Internet of Things (IoT). Unlike IoT, SIoT focuses on subsea communication through the water and the water-air boundary. SIoT systems are based around smart, wireless devices incorporating Seatooth radio and Seatooth Hybrid technologies. SIoT systems incorporate standard sensors including temperature, pressure, flow, vibration, corrosion and video. Processed information is shared among nearby wireless sensor nodes. SIoT systems are used for environmental monitoring, oil & gas production control and optimisation and subsea asset integrity management. Some features of IoT's share similar characteristics to cloud computing. There is also a recent increase of interest looking at the integration of IoT and cloud computing. Subsea cloud computing is an architecture design to provide an efficient means of SIoT systems to manage large data sets. It is an adaption of cloud computing frameworks to meet the needs of the underwater environment. Similarly to fog computing or edge computing, critical focus remains at the edge. Algorithms are used to interrogate the data set for information which is used to optimise production.

Animal–Computer Interaction (ACI) is a field of research for the design and use of technology with, for and by animals covering different kinds of animals from wildlife, zoo and domesticated animals in different roles. It emerged from, and was heavily influenced by, the discipline of Human–computer interaction (HCI). As the field expanded, it has become increasingly multi-disciplinary, incorporating techniques and research from disciplines such as artificial intelligence (AI), requirements engineering (RE), and veterinary science.

Permissions are a means of controlling and regulating access to specific system- and device-level functions by software. Typically, types of permissions cover functions that may have privacy implications, such as the ability to access a device's hardware features, and personal data. Permissions are typically declared in an application's manifest, and certain permissions must be specifically granted at runtime by the user—who may revoke the permission at any time.

Spatial cloaking is a privacy mechanism that is used to satisfy specific privacy requirements by blurring users’ exact locations into cloaked regions. This technique is usually integrated into applications in various environments to minimize the disclosure of private information when users request location-based service. Since the database server does not receive the accurate location information, a set including the satisfying solution would be sent back to the user. General privacy requirements include K-anonymity, maximum area, and minimum area.

References

  1. Yang, Yingyuan (2015). "Retraining and Dynamic Privilege for Implicit Authentication Systems". 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems. pp. 163–171. doi:10.1109/MASS.2015.69. ISBN   978-1-4673-9101-6. S2CID   482566.
  2. Khan, Hassan; Atwater, Aaron; Hengartner, Urs (2014-01-01). "Itus". Proceedings of the 20th annual international conference on Mobile computing and networking. MobiCom '14. New York: ACM. pp. 507–518. doi:10.1145/2639108.2639141. ISBN   9781450327831. S2CID   17077058.
  3. "Sprint and Lookout Survey Reveals Consumers' Mobile Behaviors | Lookout Blog". blog.lookout.com. Retrieved 2016-03-14.
  4. Chow, Richard; Jakobsson, Markus; Masuoka, Ryusuke; Molina, Jesus; Niu, Yuan; Shi, Elaine; Song, Zhexuan (2010-01-01). "Authentication in the clouds". Proceedings of the 2010 ACM workshop on Cloud computing security workshop. CCSW '10. New York: ACM. pp. 1–6. doi:10.1145/1866835.1866837. ISBN   9781450300896. S2CID   2898476.
  5. Khan, Hassan; Hengartner, Urs (2014-01-01). "Towards application-centric implicit authentication on smartphones". Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. HotMobile '14. New York: ACM. pp. 10:1–10:6. doi:10.1145/2565585.2565590. ISBN   9781450327428. S2CID   10193574.
  6. Wood, Helen M. (1977-01-01). "The use of passwords for controlling access to remote computer systems and services". Proceedings of the June 13-16, 1977, national computer conference on - AFIPS '77. AFIPS '77. pp. 27–33. doi:10.1145/1499402.1499410. S2CID   1339992.
  7. Sastry, Naveen; Shankar, Umesh; Wagner, David (2003-01-01). "Secure verification of location claims". Proceedings of the 2nd ACM workshop on Wireless security. WiSe '03. New York: ACM. pp. 1–10. CiteSeerX   10.1.1.6.9946 . doi:10.1145/941311.941313. ISBN   978-1581137699. S2CID   7422300.
  8. Damiani, Maria Luisa; Silvestri, Claudio (2008-01-01). "Towards movement-aware access control". Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS. SPRINGL '08. New York: ACM. pp. 39–45. doi:10.1145/1503402.1503410. hdl:2434/50533. ISBN   9781605583242. S2CID   16964625.
  9. Monrose, Fabian; Rubin, Aviel (1997-01-01). "Authentication via keystroke dynamics". Proceedings of the 4th ACM conference on Computer and communications security - CCS '97. CCS '97. New York: ACM. pp.  48–56. CiteSeerX   10.1.1.33.1197 . doi:10.1145/266420.266434. ISBN   978-0897919128. S2CID   1015076.
  10. Shi, Elaine; Niu, Yuan; Jakobsson, Markus; Chow, Richard (2010-10-25). Burmester, Mike; Tsudik, Gene; Magliveras, Spyros; Ilić, Ivana (eds.). Implicit Authentication through Learning User Behavior. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 99–113. doi:10.1007/978-3-642-18178-8_9. ISBN   9783642181771.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.