Skip to main content

Advertisement

Springer Nature Link
Log in

Continuous User Authentication System: A Risk Analysis Based Approach

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

With the expansion of smart device users, the security mechanism of these devices in terms of user authentication has been advanced a lot. These mechanisms consist of a pattern based authentication, biometric based authentication, etc. For security purpose whenever a user fails to authenticate themselves, these devices get locked. But as these devices consist of numerous applications (document creator, pdf viewer, e-banking, Social networking app, etc.), locking of the whole devices prevents the user from using any of the applications. Since the variety of applications provided by the devices have different security needs, we feel it is better to have application level security rather than device level. Here, in this paper, we have proposed a behavioral biometric based user authentication mechanism for application level security. First, we have performed a risk assessment of different applications. Then for complete protection, static multi-modal (keystroke and mouse dynamics) authentication at the start of an interactive session, and a continuous keystroke authentication during this session is performed. An analysis of the proposed authentication mechanism has been conducted on the basis of false acceptance rate (FAR), false rejection rate (FRR) and equal error rate (EER). The static multi-modal authentication achieved a FAR of 0.89%, FRR of 1.2% and EER of 1.04% using J48 classification algorithm. Whereas the continuous keystroke authentication has been analyzed by the time (no. of keystrokes pressed) taken to capture an intruder.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Fan, C. I., Chan, Y. C., & Zhang, Z. K. (2005). Robust remote authentication scheme with smart cards. Computers and Security, 24(8), 619–628.

    Article  Google Scholar 

  2. Lee, S. W., Kim, H. S., & Yoo, K. Y. (2005). Efficient nonce-based remote user authentication scheme using smart cards. Applied Mathematics and Computation, 167(1), 355–361.

    Article  MathSciNet  MATH  Google Scholar 

  3. Liu, J. Y., Zhou, A. M., & Gao, M. X. (2008). A new mutual authentication scheme based on nonce and smart cards. Computer Communications, 31(10), 2205–2209.

    Article  Google Scholar 

  4. Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  5. Li, L.-H., Lin, I.-C., & Hwang, M.-S. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.

    Article  Google Scholar 

  6. Weiss, R., & De Luca, A. (2008). PassShapes: Utilizing stroke based authentication to increase password memorability. In Proceedings of the 5th Nordic conference on human–computer interaction: building bridges (pp. 383–392). ACM.

  7. Gao, H., Guo, X., Chen, X., Wang, L., & Liu, X. (2008). Yagp: Yet another graphical password strategy. In Computer security applications conference, 2008. ACSAC 2008. Annual (pp. 121–129). IEEE.

  8. Bicakci, K., Atalay, N. B., Yuceel, M., Gurbaslar, H., & Erdeniz, B. (2009). Towards usable solutions to graphical password hotspot problem. In Computer software and applications conference, 2009. COMPSAC’09. 33rd annual IEEE international (Vol. 2, pp. 318–323). IEEE.

  9. Chang, C. C., & Lin, I. C. (2004). Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operating Systems Review, 38(4), 91–96.

    Article  Google Scholar 

  10. Kim, H. S., Lee, S. W., & Yoo, K. Y. (2003). ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review, 37(4), 32–41.

    Article  Google Scholar 

  11. Scott, M. (2004). Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review, 38(2), 73–75.

    Article  MathSciNet  Google Scholar 

  12. Choi, H., Choi, K., & Kim, J. (2011). Fingerprint matching incorporating ridge features with minutiae. IEEE Transactions on Information Forensics and Security, 6(2), 338–345.

    Article  Google Scholar 

  13. Das, R. K., Mukhopadhyay, S., & Bhattacharya, P. (2014). User authentication based on keystroke dynamics. IETE Journal of Research, 60(3), 229–239.

    Article  Google Scholar 

  14. Aviv, A. J., Gibson, K. L., Mossop, E., Blaze, M., & Smith, J. M. (2010). Smudge attacks on smartphone touch screens. Woot, 10, 1–7.

    Google Scholar 

  15. Jain, A. K., Ross, A., & Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4–20.

    Article  Google Scholar 

  16. Gunetti, D., & Picardi, C. (2005). Keystroke analysis of free text. ACM Transactions on Information and System Security (TISSEC), 8(3), 312–347.

    Article  MATH  Google Scholar 

  17. Pusara, M. (2007). An examination of user behavior for user re-authentication. Ph.D diss., Purdue University.

  18. Marsters, J.-D. (2009). Keystroke dynamics as a biometric. Ph.D. diss, University of Southampton.

  19. Li, F., Clarke, N., Papadaki, M., & Dowland, P. (2011). Behaviour profiling for transparent authentication for mobile devices. Academic Publishing Ltd, UK.

  20. Bours, P. (2012). Continuous keystroke dynamics: A different perspective towards biometric evaluation. Information Security Technical Report, 17(1–2), 36–43.

    Article  Google Scholar 

  21. Bailey, K. O., Okolica, J. S., & Peterson, G. L. (2014). User identification and authentication using multi-modal behavioral biometrics. Computers and Security, 43, 77–89.

    Article  Google Scholar 

  22. Roth, J., Liu, X., & Metaxas, D. (2014). On continuous user authentication via typing behavior. IEEE Transactions on Image Processing, 23(10), 4611–4624.

    Article  MathSciNet  MATH  Google Scholar 

  23. Li, F., Clarke, N., Papadaki, M., & Dowland, P. (2014). Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security, 13(3), 229–244.

    Article  Google Scholar 

  24. Saevanee, H., Clarke, N., Furnell, S., & Biscione, V. (2015). Continuous user authentication using multi-modal biometrics. Computers and Security, 53, 234–246.

    Article  Google Scholar 

  25. Patel, V. M., Chellappa, R., Chandra, D., & Barbello, B. (2016). Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine, 33(4), 49–61.

    Article  Google Scholar 

  26. Mondal, S., & Bours, P. (2017). A study on continuous authentication using a combination of keystroke and mouse biometrics. Neurocomputing, 230, 1–22.

    Article  Google Scholar 

  27. Fenu, G., Marras, M., & Boratto, L. (2018). A multi-biometric system for continuous student authentication in e-learning platforms. Pattern Recognition Letters, 113, 83–92.

    Article  Google Scholar 

  28. Kim, J., Kim, H., & Kang, P. (2018). Keystroke dynamics-based user authentication using freely typed text based on user-adaptive feature extraction and novelty detection. Applied Soft Computing, 62, 1077–1087.

    Article  Google Scholar 

  29. Liew, K.-M., Shen, H., See, S., Cai, W., Fan, P., & Horiguchi, S. (Eds.). (2004). Parallel and distributed computing: applications and technologies: 5th international conference, PDCAT 2004, Singapore, December 8–10, 2004, Proceedings (Vol. 3320). Springer.

  30. Cho, S., & Hwang, S. (2006). Artificial rhythms and cues for keystroke dynamics based authentication. In International conference on biometrics (pp. 626–632). Berlin: Springer.

  31. Hocquet, S., Ramel, J.-Y., & Cardot, H. (2007). User classification for keystroke dynamics authentication. In Advances in biometrics (pp. 531–539).

  32. Rybnik, M., Tabedzki, M., & Saeed, K. (2008). A keystroke dynamics based system for user identification. In Computer information systems and industrial management applications, 2008. CISIM’08. 7th (pp. 225–230). IEEE.

  33. Revett, K. (2009). A bioinformatics based approach to user authentication via keystroke dynamics. International Journal of Control, Automation and Systems, 7(1), 7–15.

    Article  Google Scholar 

  34. Giot, R., El-Abed, M., Hemery, B., & Rosenberger, C. (2011). Unconstrained keystroke dynamics authentication with shared secret. Computers and Security, 30(6), 427–445.

    Article  Google Scholar 

  35. Visumathi, J., & Jesu Jayarin., P. (2015). A secured and reliable biometric user authentication using keystroke template method. Journal of Applied Security Research, 10(3), 375–384.

    Article  Google Scholar 

  36. Abdi, H. (2010). Coefficient of variation. Encyclopedia of Research Design, 1, 169–171.

    Google Scholar 

  37. Yazar, Z. (2002). A qualitative risk analysis and management tool—CRAMM. SANS InfoSec Reading Room White Paper, 11, 12–32.

    Google Scholar 

  38. Danielsson, P.-E. (1980). Euclidean distance mapping. Computer Graphics and Image Processing, 14(3), 227–248.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Patna, Patna, Bihar, India

    Neha & Kakali Chatterjee

Authors
  1. Neha
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Kakali Chatterjee
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Neha.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Neha, Chatterjee, K. Continuous User Authentication System: A Risk Analysis Based Approach. Wireless Pers Commun 108, 281–295 (2019). https://doi.org/10.1007/s11277-019-06403-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06403-0

Keywords