ANSWERAUTH: A bimodal behavioral biometric-based user authentication scheme for smartphones

作     者：Buriro, Attaullah Crispo, Bruno Conti, Mauro 

作者机构：Univ Trento Dept Informat Engn & Comp Sci DISI Trento Italy KFUEIT Dept Informat Secur Rahim Yar Khan Pakistan KULeuven Dept Comp Sci Imec DistriNet Leuven Belgium Univ Padua Dept Math Padua Italy 

出 版 物：《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 (J. Inf. Secur. Appl.)

年 卷 期：2019年第44卷第Feb.期

页      面：89-103页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：EIT Digital project: Android App Reputation Service (ARTS) European Training Network for CyberSecurity (NeCS) project XProbes - Provincia Autonoma di Trento Marie Curie Fellowship - European Commission [PCIG11-GA-2012-321980] EU Tag-ItSmart! Project [H2020-ICT30-2015-688061] EU-India REACH Project [ICI+/2014/342-896] project CNR-MOST/Taiwan 2016-17 "Verifiable Data Structure Streaming" Cisco University Research Program Fund [2017-166478 (3696)] Silicon Valley Community Foundation grant "Scalable IoT Management and Key security aspects in 5G systems" from Intel 

主　　题：Smartphone Sensors Biometric authentication Behavioral biometrics Human-centered computing 

摘      要：In this paper, we present a behavioral biometric-based smartphone user authentication mechanism, namely, AnswerAuth, which relies on the very common users behavior. Behavior, here, refers to the way a user slides the lock button on the screen, to unlock the phone, and brings the phone towards her ear. The authentication mechanism works with the biometric behavior based on the extracted features from the data recorded using the built-in smartphone sensors, i.e., accelerometer, gyroscope, gravity, magnetometer and touchscreen, while the user performed sliding and phone-lifting actions. We tested AnswerAuth on a dataset of 10,200 behavioral patterns collected from 85 users while they performed the unlocking actions, in sitting, standing, and walking postures, using six state-of-the-art conceptually different machine learning classifiers in two settings, i.e., with and without simultaneous feature selection and classification. Among all the chosen classifiers, Random Forest (RF) classifier proved to be the most consistent and accurate classifier on both full and reduced features and provided a True Acceptance Rate (TAR) as high as 99.35%. We prototype proof-of-the-concept Android app, based on our findings, and evaluate it in terms of security and usability. Security analysis of AnswerAuth confirms its robustness against the possible mimicry attacks. Similarly, the usability study based on Software Usability Scale (SUS)(1) questionnaire verifies the user-friendliness of the proposed scheme (SUS Score of 75.11). Experimental results prove AnswerAuth as a secure and usable authentication mechanism. (C) 2018 Elsevier Ltd. All rights reserved.