SMARTCOPE: Smartphone Change Of Possession Evaluation for continuous authentication

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Pervasive and Mobile Computing Pub Date : 2024-01-01 DOI:10.1016/j.pmcj.2023.101873

Nicholas Cariello , Seth Levine , Gang Zhou , Blair Hoplight , Paolo Gasti , Kiran S. Balagani

{"title":"SMARTCOPE: Smartphone Change Of Possession Evaluation for continuous authentication","authors":"Nicholas Cariello , Seth Levine , Gang Zhou , Blair Hoplight , Paolo Gasti , Kiran S. Balagani","doi":"10.1016/j.pmcj.2023.101873","DOIUrl":null,"url":null,"abstract":"<div>The goal of continuous smartphone authentication is to detect when the adversary has gained possession of the user’s device post-login. This is achieved by triggering re-authentication at fixed, frequent intervals. However, these intervals do not take into account external information that might indicate that the impostor has gained physical access to the user’s device. Continuous smartphone authentication typically relies on behavioral cues, such as hand movement and touchscreen swipes, that can be collected without interrupting the user’s activity. Because these behavioral signals are characterized by relatively high error rates compared to physiological biometrics, their use at fixed intervals leads to unnecessary interruptions to the user’s activity in case of a false reject, and to not recognizing the impostor in case of a false accept.To address these issues, in this paper we introduce a novel framework called SMARTCOPE: Smartphone Change Of Possession Evaluation. In this work, SMARTCOPE leverages smartphone movement signals collected during user activity to determine when the smartphone is no longer in the hands of its owner. When this occurs, SMARTCOPE triggers re-authentication. By using these signals, we are able to reduce the total number of re-authentication points while simultaneously lowering re-authentication error rates. Our analysis shows that our technique can reduce equal error rates by over 40%, from 7.8% to 4.6% using movement and keystroke features. Further, we show that SMARTCOPE can be used to transform a static (login-time) authentication system, such as face recognition, to a continuous re-authentication system, with a significant increase in security and limited impact on usability.</div>","PeriodicalId":49005,"journal":{"name":"Pervasive and Mobile Computing","volume":null,"pages":null},"PeriodicalIF":3.0000,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pervasive and Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574119223001311","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The goal of continuous smartphone authentication is to detect when the adversary has gained possession of the user’s device post-login. This is achieved by triggering re-authentication at fixed, frequent intervals. However, these intervals do not take into account external information that might indicate that the impostor has gained physical access to the user’s device. Continuous smartphone authentication typically relies on behavioral cues, such as hand movement and touchscreen swipes, that can be collected without interrupting the user’s activity. Because these behavioral signals are characterized by relatively high error rates compared to physiological biometrics, their use at fixed intervals leads to unnecessary interruptions to the user’s activity in case of a false reject, and to not recognizing the impostor in case of a false accept.

To address these issues, in this paper we introduce a novel framework called SMARTCOPE: Smartphone Change Of Possession Evaluation. In this work, SMARTCOPE leverages smartphone movement signals collected during user activity to determine when the smartphone is no longer in the hands of its owner. When this occurs, SMARTCOPE triggers re-authentication. By using these signals, we are able to reduce the total number of re-authentication points while simultaneously lowering re-authentication error rates. Our analysis shows that our technique can reduce equal error rates by over 40%, from 7.8% to 4.6% using movement and keystroke features. Further, we show that SMARTCOPE can be used to transform a static (login-time) authentication system, such as face recognition, to a continuous re-authentication system, with a significant increase in security and limited impact on usability.

查看原文本刊更多论文

SMARTCOPE：用于持续验证的智能手机所有权变更评估

持续智能手机身份验证的目标是在用户登录后，检测对手是否已获得用户设备的所有权。要做到这一点，就必须在固定、频繁的时间间隔内触发重新认证。然而，这些时间间隔并没有考虑到可能表明冒名顶替者已获得用户设备物理访问权的外部信息。连续的智能手机身份验证通常依赖于行为线索，如手部动作和触摸屏轻扫，这些线索可以在不中断用户活动的情况下收集。与生理生物识别技术相比，这些行为信号具有误差率相对较高的特点，因此在固定时间间隔内使用这些信号会导致在出现错误拒绝时不必要地中断用户活动，以及在出现错误接受时无法识别冒名顶替者：为了解决这些问题，我们在本文中提出了一个新颖的框架，称为 SMARTCOPE：智能手机占有权变更评估。在这项工作中，SMARTCOPE 利用在用户活动期间收集到的智能手机移动信号来确定智能手机何时不再在其所有者手中。当这种情况发生时，SMARTCOPE 会触发重新认证。通过使用这些信号，我们能够减少重新认证点的总数，同时降低重新认证错误率。我们的分析表明，利用移动和按键特征，我们的技术可以将相等的错误率降低 40% 以上，从 7.8% 降至 4.6%。此外，我们还表明，SMARTCOPE 可用于将静态（登录时）身份验证系统（如人脸识别）转换为连续的重新身份验证系统，从而显著提高安全性，并对可用性产生有限的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Pervasive and Mobile Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

7.70

自引率

2.30%

发文量

审稿时长

68 days

期刊介绍： As envisioned by Mark Weiser as early as 1991, pervasive computing systems and services have truly become integral parts of our daily lives. Tremendous developments in a multitude of technologies ranging from personalized and embedded smart devices (e.g., smartphones, sensors, wearables, IoTs, etc.) to ubiquitous connectivity, via a variety of wireless mobile communications and cognitive networking infrastructures, to advanced computing techniques (including edge, fog and cloud) and user-friendly middleware services and platforms have significantly contributed to the unprecedented advances in pervasive and mobile computing. Cutting-edge applications and paradigms have evolved, such as cyber-physical systems and smart environments (e.g., smart city, smart energy, smart transportation, smart healthcare, etc.) that also involve human in the loop through social interactions and participatory and/or mobile crowd sensing, for example. The goal of pervasive computing systems is to improve human experience and quality of life, without explicit awareness of the underlying communications and computing technologies. The Pervasive and Mobile Computing Journal (PMC) is a high-impact, peer-reviewed technical journal that publishes high-quality scientific articles spanning theory and practice, and covering all aspects of pervasive and mobile computing and systems.