<p>The current initial smartphone authentication mechanisms (personal identification numbers (PINs) and swipe patterns) are difficult for smartphone users to remember and are vulnerable to eavesdropping. The simple PINs and swipe patterns weaken user authentication. Smartphones support biometric-based authentication, but it requires the user’s active participation. Initial authentications are done with biometrics, but users are not continually verified throughout their activities. This work proposes the PPCA, a novel LSTM-based continuous authentication system with privacy conservation. Our approach uses motion sensors in smartphones or mobile-connected devices of the authorized user to provide continuous authentication based on their activities. Privacy of the smartphone user is the major issue when outsourcing sensor data to the server for various applications like continuous authentication. Format-preserving encryption (FPE) is a technique used in our work to conserve smartphone users’ privacy when outsourcing. Compared to the non-privacy-conserving systems, PPCA offers the smartphone user privacy and authenticates the user continuously without significant impact on the performance. In PPCA, authorized and unauthorized user classification time is less than one second. Informal security analysis was carried out using a variety of security attacks and proved that the PPCA is secure against a variety of well-known attacks.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PPCA: privacy conservation of the smartphone users in continuous authentication environment

  • S. Manimaran,
  • V. N. Sastry,
  • N. P. Gopalan

摘要

The current initial smartphone authentication mechanisms (personal identification numbers (PINs) and swipe patterns) are difficult for smartphone users to remember and are vulnerable to eavesdropping. The simple PINs and swipe patterns weaken user authentication. Smartphones support biometric-based authentication, but it requires the user’s active participation. Initial authentications are done with biometrics, but users are not continually verified throughout their activities. This work proposes the PPCA, a novel LSTM-based continuous authentication system with privacy conservation. Our approach uses motion sensors in smartphones or mobile-connected devices of the authorized user to provide continuous authentication based on their activities. Privacy of the smartphone user is the major issue when outsourcing sensor data to the server for various applications like continuous authentication. Format-preserving encryption (FPE) is a technique used in our work to conserve smartphone users’ privacy when outsourcing. Compared to the non-privacy-conserving systems, PPCA offers the smartphone user privacy and authenticates the user continuously without significant impact on the performance. In PPCA, authorized and unauthorized user classification time is less than one second. Informal security analysis was carried out using a variety of security attacks and proved that the PPCA is secure against a variety of well-known attacks.