Privacy Preserving Transparent Mobile Authentication

Julien Hatin, Estelle Cherrier, Jean-Jacques Schwartzmann, Christophe Rosenberger

Abstract

Transparent authentication on mobile phones suffers from privacy issues especially when biometric information is involved. In this paper, we propose a solution to address those two issues using the Biohashing algorithm on behavioral information extracted from a mobile phone. The authentication scenario is tested on a dataset composed of 100 users and shows promising results with a 10% EER in the worst case scenario (i.e when protection key is compromised) and a 1% EER in the best case one. In addition, privacy concerns are discussed and experimentally evaluated both in a quantitative and qualitative ways. This opens new perspectives concerning online authentication using smartphone sensing abilities.

References

  1. Bolle, R., Connell, J., and Ratha, N. (2002). Biometric perils and patches. Pattern Recognition, 35(12):2727- 2738.
  2. Boser, B. E., Guyon, I. M., and Vapnik, V. N. (1992). A training algorithm for optimal margin classifiers. In Proceedings of the fifth annual workshop on Computational learning theory, pages 144-152. ACM.
  3. Chang, C.-C. and Lin, C.-J. (2011). Libsvm: A library for support vector machines. ACM Trans. Intell. Syst. Technol., 2(3):27:1-27:27.
  4. Chow, R., Jakobsson, M., Masuoka, R., Molina, J., Niu, Y., and Song, Z. (2010). Authentication in the clouds: A framework and its application to mobile users. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop.
  5. Clarke, N. (2011). Transparent User Authentication Biometrics, RFID and Behavioural Profiling . Springer.
  6. Das, S., Hayashi, E., and Hong, J. l. (2013). Exploring capturable everyday memory for autobiographical authentication. In Proceedings of the 2013 ACM international joint conference on UbiComp 7813.
  7. Derawi, M. and Bours, P. (2013). Gait and activity recognition using commercial phones. Computers & Security.
  8. Dierks, T. (2015). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.
  9. Fridman, L., Weber, S., Greenstadt, R., and Kam, M. (2015). Active authentication on mobile devices via stylometry, application usage, web browsing, and gps location. arXiv preprint arXiv:1503.08479.
  10. Goh, A. and Ngo, D. (2003). Computation of cryptographic keys from face biometrics. In Communications and Multimedia Security, pages 1-13. LNCS 2828.
  11. Google (2016). Google Abacus project. http://www.androidcentral.com/project-abacusatap-project-aimed-killing-password. [Online; accessed 10-July-2016].
  12. Grosse, E. and Upadhyay, M. (2013). Authentication at scale. Security & Privacy, IEEE, 11(1):15-22.
  13. Guidorizzi, R. P. (2013). Security: Active authentication. IT Professional, 15(4):4-7.
  14. Hayashi, E., Das, S., Amini, S., Hong, J., and Oakley, I. (2013). Casa: Context-aware scalable authentication. In SOUPS 7813 Proceedings of the Ninth Symposium on Usable Privacy and Security.
  15. Jain, A. K., Ross, A., and Prabhakar, S. (2004). An introduction to biometric recognition. Circuits and Systems for Video Technology, IEEE Transactions on, 14(1):4- 20.
  16. Jakobsson, M., Shi, E., Golle, P., and Chow, R. (2009). Implicit authentication for mobile devices. In HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security.
  17. Kayacik, H. G., Just, M., Baillie, L., Aspinall, D., and Micallef, N. (2014). Data driven authentication: On the effectiveness of user behaviour modelling with mobile device sensors. CoRR, abs/1410.7743.
  18. Li, F., Clarke, N., Papadaki, M., and Dowland, P. (2013). Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security.
  19. Mondal, S. and Bours, P. (2013). Continuous authentication using mouse dynamics. In Biometrics Special Interest Group (BIOSIG), 2013 International Conference of the, pages 1-12. IEEE.
  20. Nauman, M., Ali, T., and Rauf, A. (2013). Using trusted computing for privacy preserving keystroke-based authentication in smartphones. Telecommunication Systems, 52(4):2149-2161.
  21. Patel, V. M., Chellappa, R., Chandra, D., and Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4):49-61.
  22. Patel, V. M., Ratha, N. K., and Chellappa, R. (2015). Cancelable biometrics: A review. IEEE Signal Processing Magazine, 32(5):54-65.
  23. Ratha, N., Connell, J., and Bolle, R. (2001). Enhancing security and privacy in biometrics-based authentication system. IBM Systems J., 37(11):2245-2255.
  24. Rathgeb, C. and Uhl, A. (2011). A survey on biometric cryptosystems and cancelable biometrics. EURASIP J. on Information Security, 3.
  25. Saevanee, H., Clarke, N., Furnell, S., and Biscione, V. (2014). Text-based active authentication for mobile devices. In ICT Systems Security and Privacy Protection, pages 99-112. Springer.
  26. Safa, N. A., Safavi-Naini, R., and Shahandashti, S. F. (2014). Privacy-preserving implicit authentication. In IFIP International Information Security Conference, pages 471-484. Springer.
  27. Sophos. Mobile usage. https://www.sophos.com/enus/press-office/press-releases/2013/03/mobilesecurity-survey.aspx. [Online; accessed 10-July2016].
  28. Tanviruzzaman, M. and Ahamed, S. I. (2014). Your phone knows you: Almost transparent authentication for smartphones. In Computer Software and Applications Conference (COMPSAC), 2014 IEEE 38th Annual, pages 374-383. IEEE.
  29. Teoh, A., Ngo, D., and Goh, A. (2004). Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition, 40.
  30. Vance, A. (2010). If your password is 123456, just make it hackme.
  31. Witte, H., Rathgeb, C., and Busch, C. (2013). Contextaware mobile biometric authentication based on support vector machines. In Emerging Security Technologies (EST), 2013 Fourth International Conference on, pages 29-32. IEEE.
Download


Paper Citation


in Harvard Style

Hatin J., Cherrier E., Schwartzmann J. and Rosenberger C. (2017). Privacy Preserving Transparent Mobile Authentication . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 354-361. DOI: 10.5220/0006186803540361


in Bibtex Style

@conference{icissp17,
author={Julien Hatin and Estelle Cherrier and Jean-Jacques Schwartzmann and Christophe Rosenberger},
title={Privacy Preserving Transparent Mobile Authentication},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={354-361},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006186803540361},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Privacy Preserving Transparent Mobile Authentication
SN - 978-989-758-209-7
AU - Hatin J.
AU - Cherrier E.
AU - Schwartzmann J.
AU - Rosenberger C.
PY - 2017
SP - 354
EP - 361
DO - 10.5220/0006186803540361