Privacy-Aware Wearable-Assisted Continuous Authentication Framework
The login process for a mobile or desktop device does not guarantee that the person using it is necessarily the intended user. If one is logged in for a long period of time, the user’s identity should be periodically re-verified throughout the session without impacting their experience, something that is not easily achievable with existing login and authentication systems. Hence, continuous authentication, which re-verifies the user without interrupting their browsing session, is essential. However, authentication in such settings is highly intrusive and may expose users’ sensitive information to third parties. To address these concerns, this project develops a novel privacy-aware wearable-assisted continuous authentication (WACA) framework. User-specific data is acquired through built-in sensors on a wearable device. The user data goes through privacy-preserving operations throughout the authentication process. This login procedure can be applied to a wide variety of existing enterprise authentication systems such as university campuses, corporate Information Technology divisions, and government agencies. Prototype deployments at Florida International University (FIU) and Florida Atlantic University (FAU), both of which serve large and diverse student populations, provide valuable feedback for future improvements. Continuous authentication and digital privacy are timely and relevant topics in today’s Internet-centric always-on society.
This project exploits the ubiquitous nature of sensor-based wearables by designing an innovative usable continuous authentication mechanism. By leveraging the expertise of the project team on authentication, privacy-preservation, and machine learning, this project addresses the following problems: 1) Investigation of novel sensory features on wearable smartwatches and identification of an optimal subset of these features along with distance measures and machine-learning algorithms to strike the balance between accuracy and speed; 2) Discovery of novel privacy-preserving mechanisms based on secure noise-tolerant template generation and comparison techniques, multi-party computation, and homomorphic encryption; 3) Trade-offs between privacy and performance to optimize the scheme in terms of accuracy, efficiency, and security; 4) Security of sensor-based keystroke dynamics against some common attacks such as simple zero-effort, imitation, and more complex statistical attacks including, but not limited to, classical keyboard-only keystroke dynamics attacks; and 5) Development, testing, and deployment of the proposed framework with a rich set of users, devices, and usage context in a prototype system. The success of the WACA project will contribute to the growth of knowledge in privacy and authentication domains and to societal understanding of these matters.