Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme

The paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process but also, throughout the active user session. The sche...

Full description

Saved in:
Bibliographic Details
Published in:Journal of signal processing systems 2021-09, Vol.93 (9), p.989-1006
Main Authors: Buriro, Attaullah, Gupta, Sandeep, Yautsiukhin, Artsiom, Crispo, Bruno
Format: Article
Language:English
Subjects:
Authentication
Biometrics
Circuits and Systems
Computer Imaging
Electrical Engineering
Engineering
Flexibility
Image Processing and Computer Vision
Passwords
Pattern Recognition
Pattern Recognition and Graphics
Risk
Security
Signal,Image and Speech Processing
Smartphones
Usability
User experience
Vision
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process but also, throughout the active user session. The scheme leverages the widely used PIN/password-based authentication technology by giving flexibility to users to enter any random 8-digit alphanumeric text, instead of pre-configured PIN/Passwords. Internally, the scheme exploits two behavioral biometric traits, i.e., touch-timing-differences of the entered strokes and the hand-movement gesture recorded during the random text entry, to authenticate users. And, for the entire user session, the scheme continuously authenticates the user by computing the risk-score every time the user initiates a sensitive activity. If the risk-score is higher than the predefined threshold, the current user session terminates. Afterward, the scheme requests the user to re-authenticate. Thus, our scheme serves three main objectives: Firstly, it offers users the flexibility to enter an 8 − d i g i t random alphanumeric text as their secret enhancing the usability of PIN/password-based schemes. Secondly, it strengthens the security of PIN/password-based schemes as verification decision is not binary, and mimicking the invisible touch-timings and hand-movements simultaneously, could be extremely difficult as our security analysis determined. Lastly, the scheme does not require any dedicated device (e.g., a smart token for OTP generation) for 2-factor authentication. The results obtained on 11,400 user-samples (collected by 3 days in-the-wild testing) and user-experience responses (received from the Software Usability Scale 4 survey) of 95 testers demonstrate our scheme as an accurate and acceptable user authentication scheme.
ISSN:1939-8018
1939-8115
DOI:10.1007/s11265-021-01654-2