Continuous Authentication for Modern Personal Devices
Abstract:
Today, there is a rapid increase in the use of personal computing devices, such as smartwatches and mobile devices. Various security-critical services such as banking, e-commerce, and the use as a token for two-step authentication are now available on these devices. However, these devices are highly shareable, making them vulnerable to session hijacking and theft. Session-based authentication schemes, which are predominantly used today, fail to protect against these threats. Therefore, Continuous Authentication (CA) has gained popularity as an alternative authentication scheme for personal devices.
This thesis identifies and addresses concerns preventing widespread adoption of CA. First, perceptions towards CA systems are explored with a user study, which shows that users acknowledge the benefits of CA and are willing to adopt it. However, the study also highlights key concerns toward CA. This research focuses on two main concerns; (1) additional resource consumption and (2) privacy invasion, due to the continuous monitoring of biometrics. We generate a Resource Profile Curve (RPC) for biometrics which reveals the trade-off between authentication accuracy and resource usage. These RPCs can be used to provide CA with minimum strain on resources. RPCs also highlight IMU-gait as a suitable biometric with minimal resource consumption.
The privacy invasiveness of IMU-gait was studied by looking at the possibility to infer ancillary details about a user (such as age, height, weight) from gait signals. We show that gait data can reveal physical attributes with high accuracy, which may be a privacy concern. We introduce a privacy vulnerability index which highlights how users can reduce privacy invasiveness by simply switching the device location. Finally, we highlight the issues IMU-gait faces in a CA setting. Mainly, the drastic variance in gait pattern when the actions change. We propose a Siamese network to learn action-invariant gait features. Our action invariant gait features provide robust authentication performance with a single action enrolment in a real-world setting.
This thesis shows that a CA system utilizing gait can overcome common concerns such as resource strain, privacy invasiveness and facilitate widespread adoption with single action enrolment to provide a higher level of security for modern personal devices.