Abstract
Identity theft through phishing and session hijacking attacks has become a major attack vector in recent years, and is expected to become more frequent due to the pervasive use of mobile devices. Continuous authentication based on the characterization of user behavior, both in terms of user interaction patterns and usage patterns, is emerging as an effective solution for mitigating identity theft, and could become an important component of defense-in-depth strategies in cyber-physical systems as well. In this paper, the interaction between an attacker and an operator using continuous authentication is modeled as a stochastic game. In the model, the attacker observes and learns the behavioral patterns of an authorized user whom it aims at impersonating, whereas the operator designs the security measures to detect suspicious behavior and to prevent unauthorized access while minimizing the monitoring expenses. It is shown that the optimal attacker strategy exhibits a threshold structure, and consists of observing the user behavior to collect information at the beginning, and then attacking (rather than observing) after gathering enough data. From the operator’s side, the optimal design of the security measures is provided. Numerical results are used to illustrate the intrinsic trade-off between monitoring cost and security risk, and show that continuous authentication can be effective in minimizing security risk.
This work was partly funded by the Swedish Civil Contingencies Agency (MSB) through the CERCES project and has received funding from the European Institute of Innovation and Technology (EIT). This body of the European Union receives support from the European Union’s Horizon 2020 research and innovation programme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In the case of an attacker, the third state AD (attacker is detected) is introduced in Sect. 3.4.
- 2.
For ease of exposition, \(\omega \) denotes \(L(t)=\omega \). Notice the time dependency of \(\omega \) (even though it is not explicitly stated in the notation).
- 3.
The sum in (10) can be partitioned into \(\sum _{n=1}^{\mathcal {C}}\) and \(\sum _{n=\mathcal {C}+1}^{\infty }\) for any arbitrary \(\mathcal {C}\), and \(\chi _{\omega }\) can be approximated from below by utilizing \(\mathcal {L}_{\omega }\ge 1\) in the latter one. Then, the corresponding \(\widetilde{\omega }\) can be calculated accordingly.
- 4.
As depicted in Fig. 1(b), the average amount of observation learnt by the attacker is \(\sum _{N=1}^{\infty }(1-\delta _l(m))(1-\eta _u){\mathrm {e}^{-\lambda _u}\lambda _u^N \over N!}N=(1-\delta _l(m))(1-\eta _u)\lambda _u\). Thus, after \(\widetilde{\omega }\over (1-\delta _l(m))(1-\eta _u)\lambda _u\) time-slots, the defender can assume that the attacker has learned enough information to imitate the user; i.e., attacking is optimal for the attacker.
References
Castiglione, A., Raymond Choo, K., Nappi, M., Ricciardi, S.: Context aware ubiquitous biometrics in edge of military things. IEEE Cloud Comput. 4(6), 16–20 (2017)
Dee, T., Richardson, I., Tyagi, A.: Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In: International Conference on VLSI Design (VLSID), pp. 539–540, January 2019
Deutschmann, I., Nordström, P., Nilsson, L.: Continuous authentication using behavioral biometrics. IT Prof. 15(4), 12–15 (2013)
Ferro, M., Pioggia, G., Tognetti, A., Mura, G.D., De Rossi, D.: Event related biometrics: towards an unobtrusive sensing seat system for continuous human authentication. In: International Conference on Intelligent Systems Design and Applications, pp. 679–682, November 2009
Goncalves, L., Subtil, A., Oliveira, R.M., de Zea Bermudez, P.: ROC curve estimation: an overview. Revstat - Stat. J. 12, 1–20 (2014)
Khouzani, M.H.R., Mardziel, P., Cid, C., Srivatsa, M.: Picking vs. guessing secrets: a game-theoretic analysis. In: IEEE Computer Security Foundations Symposium, pp. 243–257, July 2015
Peng, G., Zhou, G., Nguyen, D.T., Qi, X., Yang, Q., Wang, S.: Continuous authentication with touch behavioral biometrics and voice on wearable glasses. IEEE Trans. Hum.-Mach. Syst. 47(3), 404–416 (2017)
Sitová, Z., Šeděnka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., Balagani, K.S.: HMOG: new behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Inf. Forensics Secur. 11(5), 877–892 (2016)
Xiao, L., Li, Y., Han, G., Liu, G., Zhuang, W.: PHY-layer spoofing detection with reinforcement learning in wireless networks. IEEE Trans. Veh. Technol. 65(12), 10037–10047 (2016)
Yang, L., Lu, Y., Liu, S., Guo, T., Liang, Z.: A dynamic behavior monitoring game-based trust evaluation scheme for clustering in wireless sensor networks. IEEE Access 6, 71404–71412 (2018)
Yunchuan, G., Lihua, Y., Licai, L., Binxing, F.: Utility-based cooperative decision in cooperative authentication. In: IEEE INFOCOM, pp. 1006–1014, April 2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Sarıtaş, S., Shereen, E., Sandberg, H., Dán, G. (2019). Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach. In: Alpcan, T., Vorobeychik, Y., Baras, J., Dán, G. (eds) Decision and Game Theory for Security. GameSec 2019. Lecture Notes in Computer Science(), vol 11836. Springer, Cham. https://doi.org/10.1007/978-3-030-32430-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-32430-8_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32429-2
Online ISBN: 978-3-030-32430-8
eBook Packages: Computer ScienceComputer Science (R0)