research-article

Opposing Data Exploitation: Behaviour Biometrics for Privacy-Preserving Authentication in IoT Environments

Authors:

Andraž Krašovec,

Gianmarco Baldini,

Veljko PejovićAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 117, Pages 1 - 7

https://doi.org/10.1145/3465481.3470101

Published: 17 August 2021 Publication History

Abstract

Multimodal data harvested by the Internet of Things sensors has recently been utilised for behavioural biometrics and consequently user authentication. While strengthening the security, these data nevertheless present a privacy threat to users whose behaviour can now be modelled in detail, thus allowing the authenticating authority to not only know who is present, but also what the present person is doing. In this work we reconsider IoT sensor-based authentication and provide a solution mitigating the privacy risk associated with unnecessary information leaks. Our approach harnesses adversarial learning and identifies such a projection of the data that maintains identity separability, yet obfuscates activity separability, thus ensuring that the authenticating authority can successfully identify the user, but not her actions within the sensed environment. We evaluate our approach on a real-world dataset of three activities performed by fifteen users and show that the activity obfuscation is achieved without compromising identification capabilities.

References

[1]

Hamed Alqahtani, Manolya Kavakli-Thorne, and Gulshan Kumar. 2019. Applications of Generative Adversarial Networks (GANs): An Updated Review. Archives of Computational Methods in Engineering 28, 2(2019), 525–552. https://doi.org/10.1007/s11831-019-09388-y

[2]

Mahmoud Ammar, Giovanni Russello, and Bruno Crispo. 2018. Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications (2018). https://doi.org/10.1016/j.jisa.2017.11.002

[3]

Jagmohan Chauhan, Young D. Kwon, Pan Hui, and Cecilia Mascolo. 2020. ContAuth : Continual Learning Framework for Behavioral-based User Authentication. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 4 (2020), 1–19. https://doi.org/10.1145/3432203

Digital Library

[4]

Antonia Creswell, Tom White, Vincent Dumoulin, Kai Arulkumaran, Biswa Sengupta, and Anil A. Bharath. 2018. Generative Adversarial Networks: An Overview., 53–65 pages. https://doi.org/10.1109/MSP.2017.2765202

[5]

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Transactions on Information Forensics and Security (2013). https://doi.org/10.1109/TIFS.2012.2225048

Digital Library

[6]

Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2020. Generative adversarial networks. Commun. ACM 63, 11 (2020), 139–144. https://doi.org/10.1145/3422622

Digital Library

[7]

Felix Juefei-Xu, Chandrasekhar Bhagavatula, Aaron Jaech, Unni Prasad, and Marios Savvides. 2012. Gait-ID on the move: Pace independent human identification using cell phone accelerometer dynamics. 2012 IEEE 5th International Conference on Biometrics: Theory, Applications and Systems, BTAS 2012(2012), 8–15. https://doi.org/10.1109/BTAS.2012.6374552

[8]

Atul N. Kataria, Dipak M. Adhyaru, Ankit K. Sharma, and Tanish H. Zaveri. 2013. A survey of automated biometric authentication techniques. 2013 Nirma University International Conference on Engineering, NUiCONE 2013 (2013), 1–6. https://doi.org/10.1109/NUiCONE.2013.6780190

[9]

Andraž Krašovec, Daniel Pellarini, Dimitrios Geneiatakis, Gianmarco Baldini, and Veljko Pejović. 2020. Not Quite Yourself Today: Behaviour-Based Continuous Authentication in IoT Environments. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 4 (2020).

Digital Library

[10]

Fudong Li, Nathan Clarke, Maria Papadaki, and Paul Dowland. 2014. Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security 13, 3 (2014), 229–244. https://doi.org/10.1007/s10207-013-0209-6

Digital Library

[11]

Sicong Liu, Junzhao Du, Anshumali Shrivastava, and Lin Zhong. 2019. Privacy adversarial network: Representation learning for mobile data privacy. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3, 4 (2019). https://doi.org/10.1145/3369816

Digital Library

[12]

Ahmed Mahfouz, Tarek M. Mahmoud, and Ahmed Sharaf Eldin. 2017. A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications 37 (2017), 28–37. https://doi.org/10.1016/j.jisa.2017.10.002

[13]

Apostolos Malatras, Dimitris Geneiatakis, and Ioannis Vakalis. 2017. On the efficiency of user identification: a system-based approach. International Journal of Information Security 16, 6 (2017), 653–671. https://doi.org/10.1007/s10207-016-0340-2

Digital Library

[14]

Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (sp) iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM conference on Computer and communications security. 551–562.

Digital Library

[15]

Robert Morris and Ken Thompson. 1979. Password Security: A Case History. Commun. ACM 22, 11 (1979), 594–597. https://doi.org/10.1145/359168.359172

Digital Library

[16]

Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. 2016. Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges. IEEE Signal Processing Magazine(2016). https://doi.org/10.1109/MSP.2016.2555335

[17]

Soumen Roy, Devadatta Sinha, and Utpal Roy. 2017. User authentication: keystroke dynamics with soft biometric features. Internet of Things (IoT): Technologies, Applications, Challenges and Solutions (2017), 99.

[18]

Zhang Rui and Zheng Yan. 2019. A Survey on Biometric Authentication: Toward Secure and Privacy-Preserving Identification. IEEE Access 7(2019), 5994–6009. https://doi.org/10.1109/ACCESS.2018.2889996

[19]

Chao Shen, Shichao Pei, Zhenyu Yang, and Xiaohong Guan. 2015. Input extraction via motion-sensor behavior analysis on smartphones. Computers and Security 53 (2015), 143–155. https://doi.org/10.1016/j.cose.2015.06.013

Digital Library

[20]

Chao Shen, Tianwen Yu, Haodi Xu, Gengshan Yang, and Xiaohong Guan. 2016. User practice in password security: An empirical study of real-life passwords in the wild. Computers and Security 61 (2016), 130–141. https://doi.org/10.1016/j.cose.2016.05.007

Digital Library

[21]

Weidong Shi, Jun Yang, Yifei Jiang, Feng Yang, and Yingen Xiong. 2011. SenGuard: Passive user identification on smartphones using multiple sensors. International Conference on Wireless and Mobile Computing, Networking and Communications (2011), 141–148. https://doi.org/10.1109/WiMOB.2011.6085412

Digital Library

[22]

Zdeňka Sitová, Jaroslav Šeděnka, Qing Yang, Ge Peng, Gang Zhou, Paolo Gasti, and Kiran S Balagani. 2015. HMOG: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security 11, 5(2015), 877–892.

Digital Library

[23]

Daniel F. Smith, Arnold Wiliem, and Brian C. Lovell. 2015. Face recognition on consumer devices: Reflections on replay attacks. IEEE Transactions on Information Forensics and Security 10, 4(2015), 736–745. https://doi.org/10.1109/TIFS.2015.2398819

Digital Library

[24]

Lina Yao, Quan Z. Sheng, Boualem Benatallah, Schahram Dustdar, Xianzhi Wang, Ali Shemshadi, and Salil S. Kanhere. 2018. WITS: an IoT-endowed computational framework for activity recognition in personalized smart homes. Computing 100, 4 (2018), 369–385. https://doi.org/10.1007/s00607-018-0603-z

Digital Library

[25]

Verena Zimmermann and Nina Gerber. 2020. The password is dead, long live the password – A laboratory study on user perceptions of authentication schemes. International Journal of Human Computer Studies 133, April 2019(2020), 26–44. https://doi.org/10.1016/j.ijhcs.2019.08.006

Digital Library

Cited By

吴铎(2023)An Efficient Biometric Identification Privacy Protection Protocol on the CloudComputer Science and Application10.12677/CSA.2023.13916313:09(1641-1654)Online publication date: 2023
https://doi.org/10.12677/CSA.2023.139163
Azam NMichala LAnsari STruong N(2023)Data Privacy Threat Modelling for Autonomous Systems: A Survey From the GDPR's PerspectiveIEEE Transactions on Big Data10.1109/TBDATA.2022.32273369:2(388-414)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TBDATA.2022.3227336
R BM SK SS R S(2023)Designing Secure and Efficient Biometric Access Mechanism for Banking Systems2023 5th International Conference on Inventive Research in Computing Applications (ICIRCA)10.1109/ICIRCA57980.2023.10220875(1236-1240)Online publication date: 3-Aug-2023
https://doi.org/10.1109/ICIRCA57980.2023.10220875
Show More Cited By

Index Terms

Opposing Data Exploitation: Behaviour Biometrics for Privacy-Preserving Authentication in IoT Environments
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Security services
    1. Authentication
      1. Biometrics
      2. Multi-factor authentication
    2. Pseudonymity, anonymity and untraceability

Index terms have been assigned to the content through auto-classification.

Recommendations

An effective value swapping method for privacy preserving data publishing

Privacy is an important concern in the society, and it has been a fundamental issue when to analyze and publish data involving human individual's sensitive information. Recently, the slicing method has been popularly used for privacy preservation in data ...
Privacy preserving multi-factor authentication with biometrics
DIM '06: Proceedings of the second ACM workshop on Digital identity management

An emerging approach to the problem of reducing the identity theft is represented by the adoption of biometric authentication systems. Such systems however present however several challenges, related to privacy, reliability, security of the biometric ...
Privacy preserving security using biometrics in cloud computing

Cloud computing and the efficient storage provide new paradigms and approaches designed at efficiently utilization of resources through computation and many alternatives to guarantee the privacy preservation of individual user. It also ensures the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
133
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

吴铎(2023)An Efficient Biometric Identification Privacy Protection Protocol on the CloudComputer Science and Application10.12677/CSA.2023.13916313:09(1641-1654)Online publication date: 2023
https://doi.org/10.12677/CSA.2023.139163
Azam NMichala LAnsari STruong N(2023)Data Privacy Threat Modelling for Autonomous Systems: A Survey From the GDPR's PerspectiveIEEE Transactions on Big Data10.1109/TBDATA.2022.32273369:2(388-414)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TBDATA.2022.3227336
R BM SK SS R S(2023)Designing Secure and Efficient Biometric Access Mechanism for Banking Systems2023 5th International Conference on Inventive Research in Computing Applications (ICIRCA)10.1109/ICIRCA57980.2023.10220875(1236-1240)Online publication date: 3-Aug-2023
https://doi.org/10.1109/ICIRCA57980.2023.10220875
Yang LTian CZhang GLi LWang H(2022)Efficient Biometric Identification on the Cloud With Privacy Preservation GuaranteeIEEE Access10.1109/ACCESS.2022.321870310(115520-115531)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3218703

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten