Nicholas Cariello , Seth Levine , Gang Zhou , Blair Hoplight , Paolo Gasti , Kiran S. Balagani
{"title":"SMARTCOPE:用于持续验证的智能手机所有权变更评估","authors":"Nicholas Cariello , Seth Levine , Gang Zhou , Blair Hoplight , Paolo Gasti , Kiran S. Balagani","doi":"10.1016/j.pmcj.2023.101873","DOIUrl":null,"url":null,"abstract":"<div><p><span><span>The goal of continuous smartphone authentication is to detect when the adversary has gained possession of the user’s device post-login. This is achieved by triggering re-authentication at fixed, frequent intervals. However, these intervals do not take into account external information that might indicate that the impostor has gained physical access to the user’s device. Continuous smartphone authentication typically relies on behavioral cues, such as hand movement and touchscreen swipes, that can be collected without interrupting the user’s activity. Because these behavioral signals are characterized by relatively high error rates compared to physiological </span>biometrics, their use at fixed intervals leads to unnecessary interruptions to the user’s activity in case of a false reject, </span><em>and</em> to not recognizing the impostor in case of a false accept.</p><p>To address these issues, in this paper we introduce a novel framework called SMARTCOPE: <em>Smartphone Change Of Possession Evaluation</em><span>. In this work, SMARTCOPE leverages smartphone movement signals collected during user activity to determine when the smartphone is no longer in the hands of its owner. When this occurs, SMARTCOPE triggers re-authentication. By using these signals, we are able to reduce the total number of re-authentication points while simultaneously lowering re-authentication error rates. Our analysis shows that our technique can reduce equal error rates<span> by over 40%, from 7.8% to 4.6% using movement and keystroke features. Further, we show that SMARTCOPE can be used to transform a static (login-time) authentication system, such as face recognition, to a continuous re-authentication system, with a significant increase in security and limited impact on usability.</span></span></p></div>","PeriodicalId":49005,"journal":{"name":"Pervasive and Mobile Computing","volume":"97 ","pages":"Article 101873"},"PeriodicalIF":3.0000,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SMARTCOPE: Smartphone Change Of Possession Evaluation for continuous authentication\",\"authors\":\"Nicholas Cariello , Seth Levine , Gang Zhou , Blair Hoplight , Paolo Gasti , Kiran S. Balagani\",\"doi\":\"10.1016/j.pmcj.2023.101873\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><span><span>The goal of continuous smartphone authentication is to detect when the adversary has gained possession of the user’s device post-login. This is achieved by triggering re-authentication at fixed, frequent intervals. However, these intervals do not take into account external information that might indicate that the impostor has gained physical access to the user’s device. Continuous smartphone authentication typically relies on behavioral cues, such as hand movement and touchscreen swipes, that can be collected without interrupting the user’s activity. Because these behavioral signals are characterized by relatively high error rates compared to physiological </span>biometrics, their use at fixed intervals leads to unnecessary interruptions to the user’s activity in case of a false reject, </span><em>and</em> to not recognizing the impostor in case of a false accept.</p><p>To address these issues, in this paper we introduce a novel framework called SMARTCOPE: <em>Smartphone Change Of Possession Evaluation</em><span>. In this work, SMARTCOPE leverages smartphone movement signals collected during user activity to determine when the smartphone is no longer in the hands of its owner. When this occurs, SMARTCOPE triggers re-authentication. By using these signals, we are able to reduce the total number of re-authentication points while simultaneously lowering re-authentication error rates. Our analysis shows that our technique can reduce equal error rates<span> by over 40%, from 7.8% to 4.6% using movement and keystroke features. Further, we show that SMARTCOPE can be used to transform a static (login-time) authentication system, such as face recognition, to a continuous re-authentication system, with a significant increase in security and limited impact on usability.</span></span></p></div>\",\"PeriodicalId\":49005,\"journal\":{\"name\":\"Pervasive and Mobile Computing\",\"volume\":\"97 \",\"pages\":\"Article 101873\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2024-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Pervasive and Mobile Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1574119223001311\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pervasive and Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574119223001311","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
SMARTCOPE: Smartphone Change Of Possession Evaluation for continuous authentication
The goal of continuous smartphone authentication is to detect when the adversary has gained possession of the user’s device post-login. This is achieved by triggering re-authentication at fixed, frequent intervals. However, these intervals do not take into account external information that might indicate that the impostor has gained physical access to the user’s device. Continuous smartphone authentication typically relies on behavioral cues, such as hand movement and touchscreen swipes, that can be collected without interrupting the user’s activity. Because these behavioral signals are characterized by relatively high error rates compared to physiological biometrics, their use at fixed intervals leads to unnecessary interruptions to the user’s activity in case of a false reject, and to not recognizing the impostor in case of a false accept.
To address these issues, in this paper we introduce a novel framework called SMARTCOPE: Smartphone Change Of Possession Evaluation. In this work, SMARTCOPE leverages smartphone movement signals collected during user activity to determine when the smartphone is no longer in the hands of its owner. When this occurs, SMARTCOPE triggers re-authentication. By using these signals, we are able to reduce the total number of re-authentication points while simultaneously lowering re-authentication error rates. Our analysis shows that our technique can reduce equal error rates by over 40%, from 7.8% to 4.6% using movement and keystroke features. Further, we show that SMARTCOPE can be used to transform a static (login-time) authentication system, such as face recognition, to a continuous re-authentication system, with a significant increase in security and limited impact on usability.
期刊介绍:
As envisioned by Mark Weiser as early as 1991, pervasive computing systems and services have truly become integral parts of our daily lives. Tremendous developments in a multitude of technologies ranging from personalized and embedded smart devices (e.g., smartphones, sensors, wearables, IoTs, etc.) to ubiquitous connectivity, via a variety of wireless mobile communications and cognitive networking infrastructures, to advanced computing techniques (including edge, fog and cloud) and user-friendly middleware services and platforms have significantly contributed to the unprecedented advances in pervasive and mobile computing. Cutting-edge applications and paradigms have evolved, such as cyber-physical systems and smart environments (e.g., smart city, smart energy, smart transportation, smart healthcare, etc.) that also involve human in the loop through social interactions and participatory and/or mobile crowd sensing, for example. The goal of pervasive computing systems is to improve human experience and quality of life, without explicit awareness of the underlying communications and computing technologies.
The Pervasive and Mobile Computing Journal (PMC) is a high-impact, peer-reviewed technical journal that publishes high-quality scientific articles spanning theory and practice, and covering all aspects of pervasive and mobile computing and systems.