ABSTRACT
Multimodal data harvested by the Internet of Things sensors has recently been utilised for behavioural biometrics and consequently user authentication. While strengthening the security, these data nevertheless present a privacy threat to users whose behaviour can now be modelled in detail, thus allowing the authenticating authority to not only know who is present, but also what the present person is doing. In this work we reconsider IoT sensor-based authentication and provide a solution mitigating the privacy risk associated with unnecessary information leaks. Our approach harnesses adversarial learning and identifies such a projection of the data that maintains identity separability, yet obfuscates activity separability, thus ensuring that the authenticating authority can successfully identify the user, but not her actions within the sensed environment. We evaluate our approach on a real-world dataset of three activities performed by fifteen users and show that the activity obfuscation is achieved without compromising identification capabilities.
- Hamed Alqahtani, Manolya Kavakli-Thorne, and Gulshan Kumar. 2019. Applications of Generative Adversarial Networks (GANs): An Updated Review. Archives of Computational Methods in Engineering 28, 2(2019), 525–552. https://doi.org/10.1007/s11831-019-09388-yGoogle ScholarCross Ref
- Mahmoud Ammar, Giovanni Russello, and Bruno Crispo. 2018. Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications (2018). https://doi.org/10.1016/j.jisa.2017.11.002Google Scholar
- Jagmohan Chauhan, Young D. Kwon, Pan Hui, and Cecilia Mascolo. 2020. ContAuth : Continual Learning Framework for Behavioral-based User Authentication. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 4 (2020), 1–19. https://doi.org/10.1145/3432203Google ScholarDigital Library
- Antonia Creswell, Tom White, Vincent Dumoulin, Kai Arulkumaran, Biswa Sengupta, and Anil A. Bharath. 2018. Generative Adversarial Networks: An Overview. , 53–65 pages. https://doi.org/10.1109/MSP.2017.2765202Google Scholar
- Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security (2013). https://doi.org/10.1109/TIFS.2012.2225048Google ScholarDigital Library
- Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2020. Generative adversarial networks. Commun. ACM 63, 11 (2020), 139–144. https://doi.org/10.1145/3422622Google ScholarDigital Library
- Felix Juefei-Xu, Chandrasekhar Bhagavatula, Aaron Jaech, Unni Prasad, and Marios Savvides. 2012. Gait-ID on the move: Pace independent human identification using cell phone accelerometer dynamics. 2012 IEEE 5th International Conference on Biometrics: Theory, Applications and Systems, BTAS 2012(2012), 8–15. https://doi.org/10.1109/BTAS.2012.6374552Google ScholarCross Ref
- Atul N. Kataria, Dipak M. Adhyaru, Ankit K. Sharma, and Tanish H. Zaveri. 2013. A survey of automated biometric authentication techniques. 2013 Nirma University International Conference on Engineering, NUiCONE 2013 (2013), 1–6. https://doi.org/10.1109/NUiCONE.2013.6780190Google ScholarCross Ref
- Andraž Krašovec, Daniel Pellarini, Dimitrios Geneiatakis, Gianmarco Baldini, and Veljko Pejović. 2020. Not Quite Yourself Today: Behaviour-Based Continuous Authentication in IoT Environments. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 4 (2020).Google ScholarDigital Library
- Fudong Li, Nathan Clarke, Maria Papadaki, and Paul Dowland. 2014. Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security 13, 3 (2014), 229–244. https://doi.org/10.1007/s10207-013-0209-6Google ScholarDigital Library
- Sicong Liu, Junzhao Du, Anshumali Shrivastava, and Lin Zhong. 2019. Privacy adversarial network: Representation learning for mobile data privacy. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3, 4 (2019). https://doi.org/10.1145/3369816Google ScholarDigital Library
- Ahmed Mahfouz, Tarek M. Mahmoud, and Ahmed Sharaf Eldin. 2017. A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications 37 (2017), 28–37. https://doi.org/10.1016/j.jisa.2017.10.002Google ScholarCross Ref
- Apostolos Malatras, Dimitris Geneiatakis, and Ioannis Vakalis. 2017. On the efficiency of user identification: a system-based approach. International Journal of Information Security 16, 6 (2017), 653–671. https://doi.org/10.1007/s10207-016-0340-2Google ScholarDigital Library
- Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (sp) iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM conference on Computer and communications security. 551–562.Google ScholarDigital Library
- Robert Morris and Ken Thompson. 1979. Password Security: A Case History. Commun. ACM 22, 11 (1979), 594–597. https://doi.org/10.1145/359168.359172Google ScholarDigital Library
- Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. 2016. Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine(2016). https://doi.org/10.1109/MSP.2016.2555335Google Scholar
- Soumen Roy, Devadatta Sinha, and Utpal Roy. 2017. User authentication: keystroke dynamics with soft biometric features. Internet of Things (IoT): Technologies, Applications, Challenges and Solutions (2017), 99.Google Scholar
- Zhang Rui and Zheng Yan. 2019. A Survey on Biometric Authentication: Toward Secure and Privacy-Preserving Identification. IEEE Access 7(2019), 5994–6009. https://doi.org/10.1109/ACCESS.2018.2889996Google ScholarCross Ref
- Chao Shen, Shichao Pei, Zhenyu Yang, and Xiaohong Guan. 2015. Input extraction via motion-sensor behavior analysis on smartphones. Computers and Security 53 (2015), 143–155. https://doi.org/10.1016/j.cose.2015.06.013Google ScholarDigital Library
- Chao Shen, Tianwen Yu, Haodi Xu, Gengshan Yang, and Xiaohong Guan. 2016. User practice in password security: An empirical study of real-life passwords in the wild. Computers and Security 61 (2016), 130–141. https://doi.org/10.1016/j.cose.2016.05.007Google ScholarDigital Library
- Weidong Shi, Jun Yang, Yifei Jiang, Feng Yang, and Yingen Xiong. 2011. SenGuard: Passive user identification on smartphones using multiple sensors. International Conference on Wireless and Mobile Computing, Networking and Communications (2011), 141–148. https://doi.org/10.1109/WiMOB.2011.6085412Google ScholarDigital Library
- Zdeňka Sitová, Jaroslav Šeděnka, Qing Yang, Ge Peng, Gang Zhou, Paolo Gasti, and Kiran S Balagani. 2015. HMOG: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security 11, 5(2015), 877–892.Google ScholarDigital Library
- Daniel F. Smith, Arnold Wiliem, and Brian C. Lovell. 2015. Face recognition on consumer devices: Reflections on replay attacks. IEEE Transactions on Information Forensics and Security 10, 4(2015), 736–745. https://doi.org/10.1109/TIFS.2015.2398819Google ScholarDigital Library
- Lina Yao, Quan Z. Sheng, Boualem Benatallah, Schahram Dustdar, Xianzhi Wang, Ali Shemshadi, and Salil S. Kanhere. 2018. WITS: an IoT-endowed computational framework for activity recognition in personalized smart homes. Computing 100, 4 (2018), 369–385. https://doi.org/10.1007/s00607-018-0603-zGoogle ScholarDigital Library
- Verena Zimmermann and Nina Gerber. 2020. The password is dead, long live the password – A laboratory study on user perceptions of authentication schemes. International Journal of Human Computer Studies 133, April 2019(2020), 26–44. https://doi.org/10.1016/j.ijhcs.2019.08.006Google ScholarDigital Library
Recommendations
Privacy preserving multi-factor authentication with biometrics
DIM '06: Proceedings of the second ACM workshop on Digital identity managementAn emerging approach to the problem of reducing the identity theft is represented by the adoption of biometric authentication systems. Such systems however present however several challenges, related to privacy, reliability, security of the biometric ...
An effective value swapping method for privacy preserving data publishing
Privacy is an important concern in the society, and it has been a fundamental issue when to analyze and publish data involving human individual's sensitive information. Recently, the slicing method has been popularly used for privacy preservation in ...
Privacy preserving multi-factor authentication with biometrics
The Second ACM Workshop on Digital Identity Management - DIM 2006An emerging approach to the problem of identity theft is represented by the adoption of biometric authentication systems. Such systems however present several challenges, related to privacy, reliability and security of the biometric data. Inter-...
Comments