Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Discussion and Conclusion
References
All Topics
Computer Science
Information Systems

Recent Trends in User Authentication – A Survey

Profile image of Syed wajahat Ali shahSyed wajahat Ali shah

2019, IEEE Access

https://doi.org/10.1109/ACCESS.2019.2932400
visibility

description

15 pages

link

1 file

Abstract

Recent advancements in technology have led to profusion of personal computing devices, such as smart phone, tablet, watch, glasses, and many more. This has contributed to the realization of a digital world where important daily tasks can be performed over the Internet from any place and at any time and using any device. At the same time, advances in pervasive computing technologies have brought to fruition the concept of smart spaces that target the automated provision of customized services to the inhabitants effortlessly. User authentication, i.e., a procedure to verify the identity of the user, is essential in the digital world so as to protect the user's personal data stored online (e.g., online bank accounts) and on personal devices (e.g., smart phones) and to also enable customized services in smart spaces (e.g., adjusting room temperature and so on). Recently, traditional authentication mechanisms (e.g., passwords or fingerprints) have been repeatedly shown to be vulnerable to subversion. Researchers thus have proposed numerous new mechanisms to authenticate the users in the aforementioned scenarios. This paper presents an overview of these novel systems, so as to guide the future research efforts in these domains.

Related papers

User authentication schemes for mobile and handheld devices
Naveen kumar

User authentication is a difficulty for every system providing safe access to precious, private information, or personalized services. It is a continual problem, particularly with mobile and handheld devices such as Personal Digital Assistants (PDAs). User authentication is the primary line of defence for a handheld device that comes into the hands of an unauthorized individual. Password or Personal Identification Number (PIN) based authentication is the leading mechanism for verifying the identity of actual device users but this method has been shown to have considerable drawbacks. For example, users tend to pick PIN or passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. To address this problem in handheld devices, some researchers have developed comparatively more secure, affordable and memorable authentication schemes based on graphical assistance, images and audio. In this paper, we conduct a comprehensive survey and analysis of such existing user authentication schemes for mobile and handheld devices. The complete analysis of these schemes in term of usability and security are also discussed in this paper. This paper will be useful for information security researchers and practitioners who are interested in finding an alternative to password based authentication schemes.

View PDFchevron_right
A novel identification/verification model using smartphone's sensors and user behavior
bachar elhassan

2013 2nd International Conference on Advances in Biomedical Engineering, 2013

Smartphones are increasingly entering people's life; every person in the house carry one or two smartphones (Android, iPhone, Tab…). They use explicit authentication, which is inefficient; once the smartphone is stolen, a thief can steal personal information stored on the phone and can access all services that might have the password stored. In addition, elderly and physically impaired users need to have their medical profile secured and easily accessed without password limitation. For this reason, smartphone sensors are good candidates for providing an implicit authentication. This work introduces a new perspective of context-based user authentication: users can be authenticated implicitly using data captured by sensors of the smartphone and user behavior; these data are used in the creation of a unique profile for each user. The proposed model is supposed to be as secure as traditional authentication methods.

View PDFchevron_right
An Overview on Authentication Approaches and Their Usability in Conjunction with Internet and Mobile Applications
IJERA Journal

The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.

View PDFchevron_right
Authentication Practices from Passwords to Biometrics
Moshe Zviran

Encyclopedia of Information Science and Technology, Third Edition, 2015

View PDFchevron_right
AUTHENTICATING DEVICES IN UBIQUITOUS COMPUTING ENVIRONMENT
SDIWC Organization

The deficient of a good authentication protocol in a ubiquitous application environment has made it a good target for adversaries. As a result, all the devices which are participating in such environment are said to be exposed to attacks such as identity impostor, man-in-the-middle attacks and also unauthorized attacks. Thus, this has created skeptical among the users and has resulted them of keeping their distance from such applications. For this reason, in this paper, we are proposing a new authentication protocol to be used in such environment. Unlike other authentication protocols which can be adopted to be used in such environment, our proposed protocol could avoid a single point of failures, implements trust level in granting access and also promotes decentralization. It is hoped that the proposed authentication protocol can reduce or eliminate the problems mentioned.

View PDFchevron_right
A personal authentication scheme using mobile technology
Josep Prieto-Blazquez

Proceedings ITCC 2003. International Conference on Information Technology: Coding and Computing, 2003

Security is a major concern in mobile commerce where information is send over the air. Authentication is possibly the most important property since achieving privacy and integrity may have no sense without the guaranty of the receiver identity. Cryptographic strong authentication protocols are known but the hard problem is to protect secret information, like shared or private keys, used in these protocols. Regarding the problem of smart cards availability (devices and readers) we propose a mobile architecture using more deployed technologies like cellular phones or PDAs and wireless personal area networks (WPAN) like Bluetooth. The mobile device (cellular phones or PDAs) acts as a smart card storing private information and performing cryptographic operations while WPAN replace smart card readers. The risk of insecure wireless networks inclusion is studied and solved using suitable authentication protocols.

View PDFchevron_right
Smartphone-based Biometric Authentication Scheme for Access Control Management in Client-server Environment
Ajaz Mir

International Journal of Information Technology and Computer Science

As the information put together by the blend of smartphones, the cloud, the IOT, and ubiquitous computing continue to expand at an alarming rate, a data breach increases. Today, users' strong authentication and authorization approaches are increasingly important to secure sensitive, confidential, secret information. Possession and knowledge-based authentication techniques for computers, the internet, email accounts, etc., are commonly used to access vital information; they do not link a user to an established identity, resulting in most security vulnerabilities. Biometric authentication, on the other hand, has the privilege of being more reliable than traditional authentication as biometric characteristics of a person can’t be lost; they are tough to distribute, exchange or duplicate; and it requires the user to be present during the authentication process, thereby relating the users to established identities. Biometrics provides a higher level of assurance that the individual a...

View PDFchevron_right
Design and Development of a Secure and Efficient Authentication System for Mobile Devices
Tapomoy Adhikari

IEEE Xplore, 2023

With the widespread adoption of mobile devices in our daily lives, the need for robust and secure authentication systems has become paramount. This paper presents the design and development of a novel authentication system specifically tailored for mobile devices. Our system addresses the challenges posed by the vulnerabilities and limitations inherent in mobile platforms while ensuring high security and efficiency. Through an extensive analysis of existing authentication methods, we propose a novel approach that combines multi-factor authentication and biometrics to enhance security. We provide implementation details, including the integration of biometric techniques such as fingerprint recognition and facial recognition, and evaluate the system's performance through rigorous testing. The results demonstrate the effectiveness of our solution in providing a secure and efficient authentication mechanism for mobile devices.

View PDFchevron_right
A flexible, privacy-preserving authentication framework for ubiquitous computing environments
Roy Campbell

Proceedings 22nd International Conference on Distributed Computing Systems Workshops, 2002

The proliferation of smart gadgets, appliances, mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into "Active Information Spaces" augmented with intelligence and enhanced with services. This new exciting computing paradigm promises to revolutionize the way we interact with computers, services, and the surrounding physical spaces, yielding higher productivity and more seamless interaction between users and computing services. However, the deployment of this computing paradigm in real-life is hindered by poor security, particularly, the lack of proper authentication and access control techniques and privacy preserving protocols. We propose an authentication framework that addresses this problem through the use of different wearable and embedded devices. These devices authenticate entities with varied levels of confidence, in a transparent, convenient, and private manner, allowing the framework to blend nicely into ubiquitous computing environments.

View PDFchevron_right
A critical insight into the identity authentication systems on smartphones
Sajaad Lone

Indonesian Journal of Electrical Engineering and Computer Science

The advancement of computing power on mobile devices and their popularity among people in performing sensitive data exchange is uncovering an urgent need for a highly secure solution than the existing ones. The need for such a security solution persists that should be able to thwart not only the contemporary threats but also offer continued support without bowing down to progression in technology. Though some security solutions have been contemplated, a lack of standardised or absolute security solution which can provide a feasible and secure solution to mobile phones exists. In this paper, a survey based on various biometric and non-biometric access management schemes has been performed. The copious solutions put forward by researchers so far were discovered to fail in traits like user adaptability and efficiency. Each of the works put forward by various researchers has been single-handedly contemplated followed by analysis. Ultimately, open problems and challenges were inferences from the survey conducted.

View PDFchevron_right

References (98)

  1. 2018). Importance of User Authentication in Network Security-Seqrite. [Online]. Available: https://blogs.seqrite.com/
  2. Craig Mathias. (2014). Why Mobile User Authentication is More Important than Ever. [Online]. Available: https://searchmobilecomputing. techtarget.com/
  3. C. Shi, J. Liu, H. Liu, and Y. Chen, ''Smart user authentication through actuation of daily activities leveraging WiFi-enabled IoT,'' in Proc. Mobi- Hoc, 2017, Art. no. 5.
  4. N. L. Clarke and S. M. Furnell, ''Authentication of users on mobile telephones-A survey of attitudes and practices,'' Comput. Secur., vol. 24, no. 7, pp. 519-527, 2005.
  5. A. Vance. (2010). If Your Password is 12345, Just Make it HackMe. [Online]. Available: http://www.nytimes.com/
  6. H. League. (2018). What is Brute Force Attack? [Online]. Available: https://medium.com/
  7. Mahesh. (2019). How Hackers Hack Your Accounts and Passwords and Ways to Avoid Being Compromised. [Online]. Available: https://www. shoutmeloud.com/
  8. M. Li, Y. Meng, J. Liu, H. Zhu, X. Liang, Y. Liu, and N. Ruan, ''When CSI meets public WiFi: Inferring your mobile phone password via WiFi signals,'' in Proc. ACM SIGSAC Conf. Comput. Commun. Secur. (CCS), New York, NY, USA, 2016, pp. 1068-1079. [Online]. Available: http://doi.acm.org/10.1145/2976749.2978397
  9. A. Kelly, ''Cracking passwords using keyboard acoustics and language modeling,'' M.S. thesis, School Inform., Univ. Edinburgh, Edinburgh, U.K., 2010.
  10. A. Ng. (2019). Massive Breach Leaks 773 Million Email Addresses, 21 Million Passwords. [Online]. Available: https://www.cnet.com/
  11. N. Lord. (2018). Uncovering Password Habits: Are Users' Pass- word Security Habits Improving? Infographic. [Online]. Available: https://digitalguardian.com/
  12. M. Tullock. (2018). Do Password Managers Keep You Secure-Or Give You a False Sense of Security? [Online]. Available: http://techgenix.com/
  13. D. Tapellini. (2014). Smart Phone Thefts Rose to 3.1 Million in 2013: Industry Solution Falls Short, While Legislative Efforts to Curb Theft Continue. [Online]. Available: http://www.consumerreports.org
  14. H. Khan, U. Hengartner, and D. Vogel, ''Usability and security perceptions of implicit authentication: Convenient, secure, sometimes annoying,'' in Proc. SOUPS, 2015, pp. 225-239.
  15. S. Egelman, S. Jain, R. S. Portnoff, K. Liao, S. Consolvo, and D. Wagner, ''Are you ready to lock?'' in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2014, pp. 750-761.
  16. M. Harbach, E. von Zezschwitz, A. Fichtner, A. De Luca, and M. Smith, ''It's a hard lock life: A field study of smartphone (un)locking behavior and risk perception,'' in Proc. Symp. Usable Privacy Secur. (SOUPS), 2014, pp. 213-230.
  17. A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, ''Smudge attacks on smartphone touch screens,'' in Proc. 4th USENIX Conf., 2010, pp. 1-10.
  18. P. Cheng, I. E. Bagci, U. Roedig, and J. Yan, ''SonarSnoop: Active acous- tic side-channel attacks,'' 2018, arXiv:1808.10250. [Online]. Available: https://arxiv.org/abs/1808.10250
  19. Fingerprints are Not Fit for Secure Device Locking, Secur. Res. Labs, Berlin, Germany, 2019. [Online]. Available: https://srlabs.de/bites/ spoofing-fingerprints/
  20. L. H. Newman. (2016). Hackers Trick Facial-Recognition Logins with Pho- tos From Facebook What Else? [Online]. Available: https://www.wired. com/2016/08/
  21. R. Brandom. (2017). Two-Factor Authentication is a Mess. [Online]. Avail- able: https://www.theverge.com/
  22. N. Gunson, D. Marshall, H. Morton, and M. Jack, ''User perceptions of security and usability of single-factor and two-factor authentica- tion in automated telephone banking,'' Comput. Secur., vol. 30, no. 4, pp. 208-220, Jun. 2011.
  23. V. Patel, R. Chellappa, D. Chandra, and B. Barbello, ''Continuous user authentication on mobile devices: Recent progress and remaining chal- lenges,'' IEEE Signal Process. Mag., vol. 33, no. 4, pp. 49-61, Jul. 2016.
  24. A. Hang, A. De Luca, M. Smith, M. Richter, and H. Hussman, ''Where have you been? Using location-based security questions for fallback authentication,'' in Proc. Symp. Usable Privacy Secur. (SOUPS), 2015, pp. 169-183.
  25. J. Thorpe, B. MacRae, and A. Salehi-Abari, ''Usability and security evalua- tion of GeoPass: A geographic location-password scheme,'' in Proc. Symp. Usable Privacy Secur. (SOUPS), 2013, Art. no. 14.
  26. N. Shone, C. Dobbins, W. Hurst, and Q. Shi, ''Digital memories based mobile user authentication for IoT,'' in Proc. IEEE Int. Conf. Comput. Inf. Technol.; Ubiquitous Comput. Commun.; Dependable, Autonomic Secure Comput.; Pervasive Intell. Comput., Oct. 2015, pp. 1796-1802.
  27. Y. Albayram, M. M. H. Khan, A. Bamis, S. Kentros, N. Nguyen, and R. Jiang, ''A location-based authentication system leveraging smart- phones,'' in Proc. IEEE 15th Int. Conf. Mobile Data Manage., Jun. 2014, pp. 83-88.
  28. P. Gupta, T. K. Wee, N. Ramasubbu, D. Lo, D. Gao, and R. K. Balan, ''HuMan: Creating memorable fingerprints of mobile users,'' in Proc. IEEE Int. Conf. Pervasive Comput. Commun. Workshops, Mar. 2012, pp. 479-482.
  29. S. Das, E. Hayashi, and J. I. Hong, ''Exploring capturable everyday memory for autobiographical authentication,'' in Proc. UbiComp, 2013, pp. 211-220.
  30. S. K. Dandapat, S. Pradhan, B. Mitra, R. R. Choudhury, and N. Ganguly, ''ActivPass: Your daily activity is your password,'' in Proc. ACM Conf. Hum. Factors Comput., 2015, pp. 2325-2334.
  31. H. Sun, K. Wang, X. Li, N. Qin, and Z. Chen, ''PassApp: My app is my password!'' in Proc. 17th Int. Conf. Hum.-Comput. Interact. Mobile Devices Services (MobileHCI), Copenhagen, Denmark, no. 10, 2015, pp. 306-315. doi: 10.1145/2785830.2785880.
  32. H. Hang, A. De Luca, and H. Hussmann, ''I know what you did last week! Do You?: Dynamic security questions for fallback authentication on smartphones,'' in Proc. CHI, 2015, pp. 1383-1392.
  33. J. Naftulin. (2016). Research Shows We Touch Our Cell Phones 2,617 Times Per Day. [Online]. Available: https://www.businessinsider.com.au/
  34. M. Dammak, O. R. M. Boudia, M. A. Messous, S. M. Senouci, and C. Gransart, ''Token-based lightweight authentication to secure IoT net- works,'' in Proc. 16th IEEE Annu. Consum. Commun. Netw. Conf. (CCNC), Jan. 2018, pp. 1-4.
  35. J. Liu, Y. Xiao, and C. L. P. Chen, ''Authentication and access control in the Internet of Things,'' in Proc. 32nd Int. Conf. Distrib. Comput. Syst. Workshops, Jun. 2012, pp. 588-592.
  36. Kwikset. (2019). No More Keys. [Online]. Available: https://www.kwikset. com/electronics/homeowners/keylessentry.aspx
  37. Yale. (2019). Yale Assure Lock. [Online]. Available: https://www.yalelock. com.au/en/yale/yale-au/yale-products/secure-connect/yale-assure-digital- lock/
  38. M. Sandström, ''Liveness detection in fingerprint recognition systems,'' M.S. thesis, Dept. Syst. Eng., Linköpings Univ., Linköping, Sweden, 2004.
  39. T. van der Putte and J. Keuning, ''Biometrical fingerprint recognition: Don't get your fingers burned,'' in Proc. 4th Working Conf. Smart Card Res. Adv. Appl. Smart Card Res. Adv. Appl., Sep. 2000, pp. 289-303.
  40. M. Sepasian, C. Mares, and W. Balachandran, ''Liveness and spoofing in fingerprint identification: Issues and challenges,'' in Proc. Int. Conf. Comput. Eng. Appl., 2010, pp. 150-158.
  41. C. Yuan, X. Sun, and Q. M. J. Wu, ''Difference co-occurrence matrix using BP neural network for fingerprint liveness detection,'' Soft Comput., vol. 23, no. 13, pp. 5157-5169, Jul. 2019.
  42. Z. Xia, C. Yuan, R. Lv, X. Sun, N. N. Xiong, and Y.-Q. Shi, ''A novel weber local binary descriptor for fingerprint liveness detection,'' IEEE Trans. Syst., Man, Cybern., Syst., to be published.
  43. W. Yang, S. Wang, J. Hu, G. Zheng, and C. Valli, ''Security and accuracy of fingerprint-based biometrics: A review,'' Symmetry, vol. 11, no. 2, p. 141, 2019.
  44. M. Staff and G. Fleishman. (2017). Face ID on the iPhone X: Everything You Need to Know About Apple's Facial Recognition. [Online]. Available: https://www.macworld.com
  45. T. Brewster. (2018). We Broke Into a Bunch of Android Phones with a 3D-Printed Head. [Online]. Available: https://www.forbes.com/
  46. 2017). Bkav's New Mask Beats Face ID, 'Twin Way': Severity Level Raised, Do Not Use Face ID in Business Transactions. [Online]. Available: http://www.bkav.com
  47. Samsung. (2016). Iris Recognition on Galaxy S8. [Online]. Available: https://www.samsung.com/au/iris/
  48. D. Goodin. (2016). Breaking the Iris Scanner Locking Samsung's Galaxy S8 is Laughably Easy. [Online]. Available: https://arstechnica.com/
  49. Stacy. (2017). Is the Galaxy S8 Hazardous to Your Eyesight? Samsung Users Claim Iris Scanner is Causing Eye Discomfort. [Online]. Available: https://www.dailymail.co.uk/
  50. H. Zhong, S. S. Kanhere, and C. T. Chou, ''VeinDeep: Smartphone unlock using vein patterns,'' in Proc. PerCom, Mar. 2017, pp. 2-10.
  51. J. Cox. (2018). Hackers Make a Fake Hand to Beat Vein Authentication. [Online]. Available: https://www.vice.com/
  52. J. Chauhan, Y. Hu, S. Seneviratne, A. Misra, A. Seneviratne, and Y. Lee, ''BreathPrint: Breathing acoustics-based user authentication,'' in Proc. MobiSys, 2017, pp. 278-291.
  53. NEC. (2018). Biometric Authentication Based on the Acoustic Character- istics of the Ears. [Online]. Available: https://www.nec.com
  54. A. F. P. Negara, E. Kodirov, D.-J. Choi, G.-S. Lee, M. F. A. Abdullah, and S. Sayeed, ''Implicit authentication based on ear shape biometrics using smartphone camera during a call,'' in Proc. IEEE Int. Conf. Syst., Man, Cybern. (SMC), Oct. 2012, pp. 2272-2276.
  55. X. Zhang, L. Yao, S. S. Kanhere, Y. Liu, T. Gu, and K. Chen, ''MindID: Person identification from brain waves through attention-based recurrent neural network,'' Proc. ACM Interact. Mob. Wearable Ubiquitous Tech- nol., vol. 2, no. 3, pp. 149:1-149:23, Sep. 2018. [Online]. Available: http://doi.acm.org/10.1145/3264959
  56. I. Martinovic, K. Rasmussen, M. Roeschlin, and G. Tsudik, ''Authenti- cation using pulse-response biometrics,'' Commun. ACM, vol. 60, no. 2, pp. 108-115, Jan. 2017. [Online]. Available: http://doi.acm.org/10.1145/ 3023359
  57. N. Zheng, K. Bai, H. Huang, and H. Wang, ''You are how you touch: User verification on smartphones via tapping behaviors,'' in Proc. IEEE 22nd Int. Conf. Netw. Protocols, Oct. 2014, pp. 211-221.
  58. Y. Chen, J. Sun, R. Zhang, and Y. Zhang, ''Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices,'' in Proc. IEEE Conf. Comput. Commun. (INFOCOM), Apr./May 2015, pp. 2686-2694.
  59. J. Sun, R. Zhang, J. Zhang, and Y. Zhang, ''Touchin: Sightless two- factor authentication on multi-touch mobile devices,'' in Proc. IEEE Conf. Commun. Netw. Secur., Oct. 2014, pp. 436-444.
  60. T. Feng, X. Zhao, N. DeSalvo, Z. Gao, X. Wang, and W. Shi, ''Security after login: Identity change detection on smartphones using sensor fusion,'' in Proc. IEEE Int. Symp. Technol. Homeland Secur. (HST), Apr. 2015, pp. 1-6.
  61. C. Bo, L. Zhang, X.-Y. Li, Q. Huang, and Y. Wang, ''Silentsense: Silent user identification via touch and movement behavioral biometrics,'' in Proc. MobiCom, 2013, pp. 187-190.
  62. N. Neverova, C. Wolf, G. Lacey, L. Fridman, D. Chandra, B. Barbello, and G. Taylor, ''Learning human identity from motion patterns,'' Apr. 2016, arXiv:1511.03908. [Online]. Available: https://arxiv.org/abs/1511.03908
  63. L. Fridman, S. Weber, R. Greenstadt, and M. Kam, ''Active authentication on mobile devices via stylometry, application usage, Web browsing, and GPS location,'' IEEE Syst. J., vol. 11, no. 2, pp. 513-521, Jun. 2016.
  64. R. Kumar, V. V. Phoha, and R. Raina, ''Authenticating users through their arm movement patterns,'' Mar. 2016, arXiv:1603.02211. [Online]. Available: https://arxiv.org/abs/1603.02211
  65. J. Yang, Y. Li, and M. Xie, ''MotionAuth: Motion-based authentica- tion for wrist worn smart devices,'' in Proc. IEEE PerCom, Mar. 2015, pp. 550-555.
  66. S. Li, A. Ashok, Y. Zhang, C. Xu, J. Lindqvist, and M. Gruteser, ''Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns,'' in Proc. IEEE PerCom, Mar. 2016, pp. 1-9.
  67. T. Alpcan, S. Kesici, D. Bicher, M. K. Mihçak, C. Bauckhage, and S. Çamtepe, ''A lightweight biometric signature scheme for user authenti- cation over networks,'' in Proc. SecureComm, 2008, Art. no. 33.
  68. S. W. Shah and S. S. Kanhere, ''Wi-sign: Device-free second factor user authentication,'' in Proc. MobiQuitous, 2018, pp. 135-144.
  69. S. W. Shah and S. S. Kanhere, ''Wi-access: Second factor user authen- tication leveraging WiFi signals,'' in Proc. PerCom Workshops, 2018, pp. 330-335.
  70. L. Middleton, A. A. Buss, A. Bazin, and M. S. Nixon, ''A floor sensor sys- tem for gait recognition,'' in Proc. 4th IEEE Workshop Autom. Identificat. Adv. Technol. (AutoID), Oct. 2005, pp. 171-176.
  71. J. Cheng, M. Sundholm, B. Zhou, M. Kreil, and P. Lukowicz, ''Rec- ognizing subtle user activities and person identity with cheap resistive pressure sensing carpet,'' in Proc. Int. Conf. Intell. Environ., Jun./Jul. 2014, pp. 148-153.
  72. H. Kim, I. Kim, and J. Kim, ''Designing the smart foot mat and its applications: As a user identification sensor for smart home scenarios,'' Adv. Sci. Technol. Lett., vol. 87, pp. 1-5, Apr. 2015.
  73. A. S. Guinea, A. Boytsov, L. Mouline, and Y. Le Traon, ''Continuous identification in smart environments using wrist-worn inertial sensors,'' in Proc. MobiQuitous, 2018, pp. 87-96.
  74. X. Wang, A. M. Bernardos, P. Tarrío, and J. R. Casar, ''A gesture-enabled method for natural identification in smart spaces,'' in Proc. 16th Int. Conf. Inf. Fusion, Jul. 2013, pp. 827-834.
  75. J. Zhang, B. Wei, W. Hu, and S. S. Kanhere, ''WiFi-ID: Human identifica- tion using WiFi signal,'' in Proc. Int. Conf. Distrib. Comput. Sensor Syst., May 2016, pp. 75-82.
  76. W. Wang, A. X. Liu, and M. Shahzad, ''Gait recognition using WiFi signals,'' in Proc. UbiComp, 2016, pp. 363-373.
  77. Y. Zeng, P. H. Pathak, and P. Mohapatra, ''WiWho: WiFi-based person identification in smart spaces,'' in Proc. ISPN, 2016, Art. no. 4.
  78. S. Davidson, D. Smith, C. Yang, and S. C. Cheah, ''Smartwatch user identification as a mean of authentication,'' Univ. California San Diego, San Diego, CA, USA, 2016.
  79. F. Zhang, A. Kondor, and S. Muftic, ''Location-based authentication and authorization using smart phones,'' in Proc. IEEE 11th Int. Conf. Trust, Secur. Privacy Comput. Commun., Jun. 2012, pp. 1285-1292.
  80. U. A. Abdurrahman, M. Kaiiali, and J. Muhammad, ''A new mobile- based multi-factor authentication scheme using pre-shared number, GPS location and time stamp,'' in Proc. Int. Conf. Electron., Comput. Comput., Nov. 2013, pp. 293-296.
  81. N. Karapanos, C. Marforio, C. Soriente, and S. Čapkun, ''Sound-proof: Usable two-factor authentication based on ambient sound,'' in Proc. 24th USENIX Secur. Symp., 2015, pp. 483-498.
  82. J. Zhang, X. Tan, X. Wang, A. Yan, and Z. Qin, ''T2FA: Transpar- ent two-factor authentication,'' IEEE Access, vol. 6, pp. 32677-32686, 2018.
  83. S. W. Shah and S. S. Kanhere, ''Wi-Auth: WiFi based second factor user authentication,'' in Proc. MobiQuitous, 2017, pp. 393-402.
  84. RSA. (2019). RSA SecureID. [Online]. Available: https:www.rsa.com
  85. Yubico. (2019). YubiKeys. [Online]. Available: https:www.yubico.com
  86. Kwikset. (2019).Touch-to-Open Smart Lock. [Online]. Available: https://www.kwikset.com/kevo/default
  87. Aug. 2019). Your Smart Home Starts at the Front Door. [Online]. Avail- able: https://august.com/
  88. M. Wollerton. (2016). Here's What Happened when Someone Hacked the August Smart Lock. [Online]. Available: https://august.com/
  89. B. M. Wolf and L. Gil. (2019). How to Enable Auto Unlock on Your Mac and Apple Watch. [Online]. Available: https://www.imore.com/auto- unlock
  90. S. Klee, ''Understanding the apple auto unlock protocol,'' B.S. thesis, Dept. Comput. Sci., Tech. Univ. Darmstadt, Darmstadt, Germany, 2017.
  91. Motiv. (2018). Motiv Ring Now Provides New, Easy-to-Use Secu- rity Features to Protect Your Online Identity.. [Online]. Available: https://mymotiv.com/online-security/
  92. Duo Security. (2019). Duo Push. [Online]. Available: https://duo.com/ product/trusted-users/two-factor-authentication/authentication- methods/duo-push
  93. Encap Security. (2019). Encap Security. [Online]. Available: https://www. encapsecurity.com/
  94. Auth0. (2017). Two Factor Authentication Using Biometrics. [Online]. Available: https://auth0.com/blog/two-factor-authentication-using- biometrics/
  95. Biosig-ID. (2018). Biometric Multi-Factor Authentication Smart Pass- word. [Online]. Available: https://www.biosig-id.com
  96. V. M. Patel, R. Gopalan, R. Li, and R. Chellappa, ''Visual domain adap- tation: A survey of recent advances,'' IEEE Signal Process. Mag., vol. 32, no. 3, pp. 53-69, May 2015.
  97. SYED W. SHAH received the M.S. degree in elec- trical and electronics engineering from the Univer- sity of Bradford, U.K. He is currently pursuing the Ph.D. degree from the University of New South Wales (UNSW), Sydney, Australia. His research interests include pervasive/ubiquitous computing, user authentication/identification, the Internet of Things, and signal processing.
  98. SALIL S. KANHERE received the M.S. and Ph.D. degrees in electrical engineering from Drexel Uni- versity, Philadelphia, PA, USA. He is currently a Professor with the School of Computer Science and Engineering, UNSW, Sydney, Australia. He is also a Conjoint Researcher with CSIRO Data61. He has published over 200 peer-reviewed articles and delivered over 30 tutorials and keynote talks on these topics. His research has been featured on ABC News Australia, Forbes, the IEEE Spectrum, Wired, ZDNET, Computer World, Medium, MIT Technology Review, and other media outlets. His research interests include the Internet of Things, pervasive computing, blockchain, crowdsourcing, data analytics, privacy, and security. He is a Senior Member of the ACM. He is a recipient of the Alexander von Humboldt Research Fellowship. He regularly serves on the organizing committee of a number of the IEEE and ACM international conferences. He is on the Editorial Board of Elsevier's Pervasive and Mobile Computing and Computer Communications and serves as an ACM Distin- guished Speaker.

Related papers

Enhanced Authentication Mechanisms for Desktop Platform and Smart Phones
Dina El

International Journal of Advanced Computer Science and Applications, 2012

With hundreds of millions using computers and mobile devices all over the globe, these devices have an established position in modern society. Nevertheless, most of these devices use weak authentication techniques with passwords and PINs which can be easily hacked. Thus, stronger identification is needed to ensure data security and privacy. In this paper, we will explain the employment of biometrics to computer and mobile platforms. In addition, the possibility of using keystroke and mouse dynamics for computer authentication is being checked. Finally, we propose an authentication scheme for smart phones that shows positive results.

View PDFchevron_right
Evaluation of user authentication methods in the gadget-free world
Juha Häikiö

Pervasive and Mobile Computing, 2017

Mobile and sensor related technologies are significantly revolutionizing the medical and healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT /AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics based remote user authentication schemes.

View PDFchevron_right
A potpourri of authentication mechanisms the mobile device way
Alexandre Augusto, Manuel Eduardo Correia

Nowadays the use of mobile devices, such as smartphones and tablets, are rapidly increasing in network services, proliferating to almost every environment. This massive appearance of mobile devices creates significant opportunities to leverage these mobile devices to establish novel types of services. However there are also significant concerns about the privacy and security of sensitive data exchanged and stored on these devices. Since these devices are usually embodied with numerous characteristics like camera devices, 3G and NFC connection that can be used to create new alternative authentication schemes in order to guarantee users identity.

View PDFchevron_right
Biometric Cryptographic Authentication in Pervasive Environment
Engineering Research Trends & Articles

International Journal of Computational Science, Information Technology and Control Engineering (IJCSITCE), 2016

Day by day technology is moving towards advancements and pervasive computing environment is leading where the users can get services everywhere. The ubiquity of the smart spaces brings new security challenges, in which the user and the service provider have to be authenticated with the strong authentication technique. In this proposal, a very flexible common authentication scheme based on biometric encryption to protect communications between a user and a service provider is proposed. In this proposal, user’s hidden authentication is achieved

View PDFchevron_right
User Authentication for Mobile Devices
Khalid Saeed

Lecture Notes in Computer Science, 2013

The paper is intended as a short review of user authentication problem for mobile devices. The emphasis is put on smartphones and tablets, that nowadays are very similar to miniaturized personal computers with much more sensors of various origin. The sensors are described with remarks on their usefulness for user authentication. Deficiencies of traditional user authentication methods based on knowledge are pointed out and the need for new-more secure but also comfortable-user authentication mechanisms is reasoned. Preliminary user authentication systems employing biometric features are discussed and hence the generally unused potential of biometrics for mobile devices is demonstrated.

View PDFchevron_right

Related topics

  • Engineering
  • Computer Science
  • Technology
  • Smart spaces
  • Online services
  • User authentication
  • Electrical and Electronic Engine...
  • Computer Science Information Sys...

    • Cited by

    Anomalous behavior detection-based approach for authenticating smart home system users
    Belhassen ZOUARI

    International Journal of Information Security

    This paper presents Duenna, an authentication framework for smart home systems (SHSs). When using controlling apps (e.g., a smartphone app), Duenna makes sure that only legitimate SHS users are allowed to operate their Internet of things (IoT) devices. Duenna is built upon a behavioral anomaly detection (BAD)-based approach. In particular, we hypothesize that SHS users usually operate their home IoT devices in typical and distinctive patterns. Therefore, users that attempt to operate devices differently from such a regular behavior are considered malicious. Technically, Duenna operates in two modes. In an initialization operation, Duenna first collects and processes the historical cyber and physical activities of an SHS user in addition to the historical states of the SHS itself to build a set of incremental anomaly detection (AD) models. Then, in an interactive operation, the trained AD models are, then, used as a baseline from which anomalous commands (i.e., outliers) are detected and rejected, while regular commands (i.e., targets) are considered legitimate and allowed to be executed. Through an empirical evaluation conducted on real-world data, Duenna exhibits high authentication rates ensuring both security and user experience. The findings obtained from such evaluation show that a user behavior-based approach is a promising security scheme that could be integrated into existing SHS platforms.

    View PDFchevron_right
    Leakage or Identification
    Dian Ding

    Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2021

    The convenience of laptops brings with it the risk of information leakage, and conventional security systems based on the password or the explicit biometric do little to alleviate this problem. Biometric identification based on anatomical features provides far stronger security; however, a lack of suitable sensors on laptops limits the applicability of this technology. In this paper, we developed a behavior-irrelevant user identification system applicable to laptops with a metal casing. The proposed scheme, referred to as LeakPrint, is based on leakage current, wherein the system uses an earphone to capture current leaking through the body and then transmits the corresponding signal to a server for identification. The user identification is achieved via denoising, dimension reduction, and feature extraction. Compared to other biometric identification methods, the proposed system is less dependent on external hardware and more robust to environmental noise. The experiments in real-wo...

    View PDFchevron_right
    DigiHEALTH: Suite of Digital Solutions for Long-Term Healthy and Active Aging
    Luis Unzueta

    International Journal of Environmental Research and Public Health, 2023

    This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY

    View PDFchevron_right
    A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication
    Muath obaidat

    Sensors, 2020

    A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client–server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client–server authentication paradigms, despite insecurities stemming fro...

    View PDFchevron_right
    An authentication alternative using histogram shifting steganography method
    Antonius C Prihandoko

    Jurnal Teknologi dan Sistem Komputer, 2021

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved