TY - GEN
T1 - An Effective Approach to Continuous User Authentication for Touch Screen Smart Devices
AU - Buduru, Arun Balaji
AU - Yau, Sik-Sang
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/9/21
Y1 - 2015/9/21
N2 - Due to the rapid increase in the use of personal smart devices, more sensitive data is stored and viewed on these smart devices. This trend makes it easier for attackers to access confidential data by physically compromising (including stealing) these smart devices. Currently, most personal smart devices employ one of the one-time user authentication schemes, such as four-to-six digits, fingerprint or pattern-based schemes. These authentication schemes are often not good enough for securing personal smart devices because the attackers can easily extract all the confidential data from the smart device by breaking such schemes, or by keeping the authenticated session open on a physically compromised smart device. In addition, existing re-authentication or continuous authentication techniques for protecting personal smart devices use centralized architecture and require servers at a centralized location to train and update the learning model used for continuous authentication, which impose additional communication overhead. In this paper, an approach is presented to generating and updating the authentication model on the user's smart device with user's gestures, instead of a centralized server. There are two major advantages in this approach. One is that this approach continuously learns and authenticates finger gestures of the user in the background without requiring the user to provide specific gesture inputs. The other major advantage is to have better authentication accuracy by treating uninterrupted user finger gestures over a short time interval as a single gesture for continuous user authentication.
AB - Due to the rapid increase in the use of personal smart devices, more sensitive data is stored and viewed on these smart devices. This trend makes it easier for attackers to access confidential data by physically compromising (including stealing) these smart devices. Currently, most personal smart devices employ one of the one-time user authentication schemes, such as four-to-six digits, fingerprint or pattern-based schemes. These authentication schemes are often not good enough for securing personal smart devices because the attackers can easily extract all the confidential data from the smart device by breaking such schemes, or by keeping the authenticated session open on a physically compromised smart device. In addition, existing re-authentication or continuous authentication techniques for protecting personal smart devices use centralized architecture and require servers at a centralized location to train and update the learning model used for continuous authentication, which impose additional communication overhead. In this paper, an approach is presented to generating and updating the authentication model on the user's smart device with user's gestures, instead of a centralized server. There are two major advantages in this approach. One is that this approach continuously learns and authenticates finger gestures of the user in the background without requiring the user to provide specific gesture inputs. The other major advantage is to have better authentication accuracy by treating uninterrupted user finger gestures over a short time interval as a single gesture for continuous user authentication.
KW - Touch-screen smart devices
KW - adaptive continuous user authentication
KW - and user re-authentication
KW - reinforcement learning
UR - http://www.scopus.com/inward/record.url?scp=84962122735&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962122735&partnerID=8YFLogxK
U2 - 10.1109/QRS.2015.40
DO - 10.1109/QRS.2015.40
M3 - Conference contribution
AN - SCOPUS:84962122735
T3 - Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015
SP - 219
EP - 226
BT - Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - IEEE International Conference on Software Quality, Reliability and Security, QRS 2015
Y2 - 3 August 2015 through 5 August 2015
ER -