survey

Open access

Adversary Models for Mobile Device Authentication

Authors:

René Mayrhofer,

Stephan SiggAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 9

Article No.: 198, Pages 1 - 35

https://doi.org/10.1145/3477601

Published: 08 October 2021 Publication History

All formats PDF

Abstract

Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods proposed and analyzed. In related areas, such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have been established and are used to qualitatively compare different methods. However, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. The proposed classification of adversaries provides a strong and practical adversary model that offers a comparable and transparent classification of security properties in mobile device authentication.

References

[1]

Martín Abadi. 1999. Secrecy by typing in security protocols. J. ACM 46, 5 (1999), 749–786.

Digital Library

[2]

Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay cool!: Understanding thermal attacks on mobile-based user authentication. In Proceedings of the CHI Conference on Human Factors in Computing Systems. 3751–3763.

Digital Library

[3]

Yasmeen Abdrabou, Mohamed Khamis, Rana Mohamed Eisa, Sherif Ismail, and Amrl Elmougy. 2019. Just gaze and wave: Exploring the use of gaze and gestures for shoulder-surfing resilient authentication. In Proceedings of the 11th ACM Symposium on Eye Tracking Research & Applications. 1–10.

Digital Library

[4]

Naveed Ahmed and Christian Damsgaard Jensen. 2011. Adaptable authentication model: Exploring security with weaker attacker models. In Proceedings of the International Conference on Engineering Secure Software and Systems (ESSoS’11). Springer, 234–247.

[5]

Heikki J. Ailisto, Mikko Lindholm, Jani Mantyjarvi, Elena Vildjiounaite, and Satu-Marja Makela. 2005. Identifying people from gait pattern with accelerometers. In Defense and Security. International Society for Optics and Photonics, 7–14.

[6]

Srinath Akula and Veerabhadram Devisetty. 2004. Image based registration and authentication system. In Proceedings of the Midwest Instruction and Computing Symposium, Vol. 4. 5.

[7]

Mojtaba Alizadeh, Saeid Abolfazli, Mazdak Zamani, Sabariah Baaaharun, and Kouichi Sakurai. 2016. Authentication in mobile cloud computing: A survey. J. Netw. Comput. Appl. 61, 1 2 (2016), 59–80.

Digital Library

[8]

Sadiq Almuairfi, Prakash Veeraraghavan, and Naveen Chilamkurti. 2013. A novel image-based implicit password authentication system (IPAS) for mobile and non-mobile devices. Math. Comput. Model. 58, 1 (2013), 108–116. https://www.sciencedirect.com/science/article/pii/S0895717712001719.

[9]

Fatmah H. Alqahtani and Fawaz A. Alsulaiman. 2020. Is image-based CAPTCHA secure against attacks based on machine learning? an experimental study. Comput. Secur. 88 (2020), 101635.

Digital Library

[10]

Faisal Alshanketi, Issa Traoré, and Ahmed Awad. 2019. Multimodal mobile keystroke dynamics biometrics combining fixed and variable passwords. Secur. Priv. 2, 1 (2019), e48. https://onlinelibrary.wiley.com/doi/10.1002/spy2.48.

[11]

Florian Alt, Stefan Schneegass, Alireza Sahami Shirazi, Mariam Hassib, and Andreas Bulling. 2015. Graphical passwords in the wild: Understanding how users choose pictures and passwords in image-based authentication schemes. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. ACM, 316–322.

Digital Library

[12]

M. Amine Ferrag, L. Maglaras, A. Derhab, A. V. Vasilakos, S. Rallis, and H. Janicke. 2018. authentication schemes for smart mobile devices: Threat models, countermeasures, and open research issues. arXiv:1803.10281. Retrieved from https://arxiv.org/abs/1803.10281.

[13]

S. Abhishek Anand and Nitesh Saxena. 2016. Vibreaker: Securing vibrational pairing with deliberate acoustic noise. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 103–108.

Digital Library

[14]

Md Tanvir Islam Aumi and Sven Kratz. 2014. Airauth: Evaluating in-air hand gestures for authentication. In Proceedings of the 16th International Conference on Human-computer Interaction With Mobile Devices & Services. ACM, 309–318.

[15]

Adam J. Aviv, Katherine L. Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge attacks on smartphone touch screens. InProceedings of the IEEE Workshop on Offensive Technologies (WOOT’10), 1–7.

[16]

Adam J. Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M. Smith. 2012. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 41–50.

[17]

Shiri Azenkot, Kyle Rector, Richard Ladner, and Jacob Wobbrock. 2012. Passchords: Secure multi-touch authentication for blind people. In Proceedings of the 14th International ACM SIGACCESS Conference on Computers and Accessibility. ACM, 159–166.

Digital Library

[18]

Abdullah Azfar, Kim-Kwang Raymond Choo, and Lin Liu. 2016. An android social app forensics adversary model. In 2016 Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS’16). IEEE, 5597–5606.

Digital Library

[19]

Lucas Ballard, Seny Kamara, Fabian Monrose, and Michael K. Reiter. 2008. Towards practical biometric key generation with randomized biometric templates. In Proceedings of the 15th ACM Conference on Computer and Communications Security. ACM, 235–244.

[20]

Lucas Ballard, Daniel Lopresti, and Fabian Monrose. 2007. Forgery quality and its implications for behavioral biometric security. IEEE Trans. Syst. Man Cybernet. B (Cybernet.) 37, 5 (2007), 1107–1118.

Digital Library

[21]

Lucas Ballard, Fabian Monrose, and Daniel P. Lopresti. 2006. Biometric authentication revisited: Understanding the impact of wolves in sheep’s clothing. In Proceedings of the USENIX Security Symposium.

[22]

Stacy J. Morris Bamberg, Ari Y. Benbasat, Donna Moxley Scarborough, David E. Krebs, and Joseph A. Paradiso. 2008. Gait analysis using a shoe-integrated wireless sensor system. IEEE Trans. Inf. Technol. Biomed. 12, 4 (2008), 413–423.

Digital Library

[23]

M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. 2011. Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In Proceedings of the IEEE Symposium on Security and Privacy. 96–111.

[24]

Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. 1998. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology. Springer, 26–45.

[25]

Mihir Bellare and Phillip Rogaway. 1995. Provably secure session key distribution: The three party case. In Proceedings of the 27th Annual ACM Symposium on Theory of Computing. 57–66.

Digital Library

[26]

Steven M Bellovin and Michael Merritt. 1993. Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the 1st ACM Conference on Computer and Communications Security. ACM, 244–250.

Digital Library

[27]

Bhaveer Bhana and Stephen Flowerday. 2020. Passphrase and keystroke dynamics authentication: Usable security. Comput. Secur. (2020), 101925.

[28]

Andrea Bianchi, Ian Oakley, Vassilis Kostakos, and Dong Soo Kwon. 2011. The phone lock: Audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices. In Proceedings of the 5th International Conference on Tangible, Embedded, and Embodied Interaction. ACM, 197–200.

[29]

Daniel Bichler, Guido Stromberg, Mario Huemer, and Manuel Löw. 2007. Key generation based on acceleration data of shaking processes. In Proceedings of the International Conference on Ubiquitous Computing. Springer, 304–317.

[30]

J.-C. Birget, Dawei Hong, and Nasir Memon. 2006. Graphical passwords based on robust discretization. IEEE Trans. Inf. Forens. Secur. 1, 3 (2006), 395–399.

Digital Library

[31]

Christopher M. Bishop. 2006. Pattern Recognition and Machine Learning.

[32]

Greg E. Blonder. 1996. Graphical password. (Sept. 24 1996). US Patent 5,559,961.

[33]

Cheng Bo, Lan Zhang, Xiang-Yang Li, Qiuyuan Huang, and Yu Wang. 2013. Silentsense: Silent user identification via touch and movement behavioral biometrics. In Proceedings of the 19th Annual International Conference on Mobile Computing & Networking. ACM, 187–190.

Digital Library

[34]

Chiara Bodei, Mikael Buchholtz, Pierpaolo Degano, Flemming Nielson, and H. Riis Nielson. 2003. Automatic validation of protocol narration. In Proceedings of the IEEE Computer Security Foundations Workshop.IEEE, 126–140.

[35]

Reinhardt A. Botha, Steven M. Furnell, and Nathan L. Clarke. 2009. From desktop to mobile: Examining the security experience. Comput. Secur. 28, 3–4 (2009), 130–137.

Digital Library

[36]

Nikolaos V. Boulgouris, Dimitrios Hatzinakos, and Konstantinos N. Plataniotis. 2005. gait recognition: A challenging signal processing technology for biometric identification. IEEE Sign. Process. Mag. 22, 6 (2005), 78–90.

[37]

Z. Boulkenafet, J. Komulainen, Lei. Li, X. Feng, and A. Hadid. 2017. OULU-NPU: A mobile face presentation attack database with real-world variations. In Proceedings of the IEEE International Conference on Automatic Face and Gesture Recognition.

[38]

Colin Boyd and Anish Mathuria. 2013. Protocols for Authentication and Key Establishment. Springer Science & Business Media.

[39]

Sacha Brostoff, Philip Inglesant, and M. Angela Sasse. 2010. Evaluating the usability and security of a graphical one-time PIN system. In Proceedings of the 24th BCS Interaction Specialist Group Conference. British Computer Society, 88–97.

[40]

Arne Bruesch, Le Nguyen, Dominik Schürmann, Stephan Sigg, and Lars C. Wolf. 2019. Security properties of gait for mobile device pairing. IEEE Trans. Mobile Comput. (2019).

[41]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 3011–3020.

Digital Library

[42]

Andreas Bulling, Ulf Blanke, and Bernt Schiele. 2014. A tutorial on human activity recognition using body-worn inertial sensors. ACM Comput. Surv. 46, 3 (2014), 33.

Digital Library

[43]

Attaullah Buriro, Bruno Crispo, and Mauro Conti. 2019. Answerauth: A bimodal behavioral biometric-based user authentication scheme for smartphones. J. Inf. Secur. Appl. 44 (2019), 89–103.

[44]

Mike Burmester and Jorge Munilla. 2009. A flyweight RFID authentication protocol.IACR Cryptology Eprint Archive 2009 (2009), 212.

[45]

Daniel Buschek, Fabian Hartmann, Emanuel Von Zezschwitz, Alexander De Luca, and Florian Alt. 2016. Snapapp: Reducing authentication overhead with a time-constrained fast unlock option. In Proceedings of the CHI Conference on Human Factors in Computing Systems. ACM, 3736–3747.

Digital Library

[46]

Pierluigi Casale, Oriol Pujol, and Petia Radeva. 2012. Personalization and user verification in wearable systems using biometric walking patterns. Pers. Ubiq. Comput. 16, 5 (2012), 563–580.

Digital Library

[47]

Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, and Jun Ho Huh. 2017. Boosting the guessing attack performance on android lock patterns with smudge attacks. In Proceedings of the ACM on Asia Conference on Computer and Communications Security. ACM, 313–326.

Digital Library

[48]

Si Chen, Kui Ren, Sixu Piao, Cong Wang, Qian Wang, Jian Weng, Lu Su, and Aziz Mohaisen. 2017. You can hear but you cannot steal: Defending against voice impersonation attacks on smartphones. In Proceedings of the IEEE 37th International Conference on Distributed Computing Systems (ICDCS’17). IEEE, 183–195.

[49]

Sonia Chiasson, Paul C. Van Oorschot, and Robert Biddle. 2007. Graphical password authentication using cued click points. In Proceedings of the European Symposium on Research in Computer Security. Springer, 359–374.

[50]

Ming Ki Chong, René Mayrhofer, and Hans Gellersen. 2014. A survey of user interaction for spontaneous device association. Comput. Surv. (2014).

[51]

Nathan L. Clarke and Steven M. Furnell. 2005. Authentication of users on mobile telephones–a survey of attitudes and practices. Comput. Secur. 24, 7 (2005), 519–527.

Digital Library

[52]

Nathan L. Clarke and Steven M. Furnell. 2007. Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6, 1 (2007), 1–14.

Digital Library

[53]

Mauro Conti, Giulio Lovisotto, Ivan Martinovic, and Gene Tsudik. 2017. Fadewich: Fast deauthentication over the wireless channel. In Proceedings of the IEEE 37th International Conference on Distributed Computing Systems (ICDCS’17). IEEE, 2294–2301.

[54]

Cory Cornelius and David Kotz. 2011. Recognizing whether sensors are on the same body. In Proceedings of the International Conference on Pervasive Computing (Pervasive’11). Springer-Verlag, Berlin, 332–349.

[55]

Mark D. Corner and Brian D. Noble. 2002. Zero-interaction authentication. In Proceedings of the 8th Annual International Conference on Mobile Computing and Networking. ACM, 1–11.

[56]

Artur Costa-Pazo, Sushil Bhattacharjee, Esteban Vazquez-Fernandez, and Sébastien Marcel. 2016. The REPLAY-MOBILE face presentation-attack database. In Proceedings of the International Conference on Biometrics Special Interests Group (BioSIG’16).

[57]

David Crouse, Hu Han, Deepak Chandra, Brandon Barbello, and Anil K. Jain. 2015. Continuous authentication of mobile user: Fusion of face image and inertial measurement unit data. In Proceedings of the International Conference on Biometrics (ICB’15). IEEE, 135–142.

[58]

Ivan Damgård and Michael Pedersen. 2008. RFID security: Tradeoffs between security and efficiency. In Cryptographers’ Track at the RSA Conference: Topics in Cryptology (CT-RSA’08), 318–332.

[59]

Dimitrios Damopoulos and Georgios Kambourakis. 2019. Hands-free one-time and continuous authentication using glass wearable devices. J. Inf. Secur. Appl. 46 (2019), 138–150.

Digital Library

[60]

Carlton R. Davis. 2001. IPSec: Securing VPNs. McGraw–Hill Professional.

[61]

Darren Davis, Fabian Monrose, and Michael K. Reiter. 2004. On user choice in graphical password schemes. In Proceedings of the USENIX Security Symposium, Vol. 13. 11–11.

Digital Library

[62]

Antonella De Angeli, Mike Coutts, Lynne Coventry, Graham I. Johnson, David Cameron, and Martin H. Fischer. 2002. VIP: A visual approach to user authentication. In Proceedings of the Working Conference on Advanced Visual Interfaces. ACM, 316–323.

[63]

Alexander De Luca, Martin Denzel, and Heinrich Hussmann. 2009. Look into my eyes!: Can you guess my password? In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS’09).

Digital Library

[64]

Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch me once and I know it’s you!: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 987–996.

Digital Library

[65]

Alexander De Luca, Marian Harbach, Emanuel von Zezschwitz, Max-Emanuel Maurer, Bernhard Ewald Slawik, Heinrich Hussmann, and Matthew Smith. 2014. Now you see me, now you don’t: Protecting smartphone authentication from shoulder surfers. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’14). Association for Computing Machinery, New York, NY, USA, 2937–2946.

Digital Library

[66]

Alexander De Luca and Janne Lindqvist. 2015. Is secure and usable smartphone authentication asking too much?Computer 48, 5 (2015), 64–68.

[67]

Alexander De Luca, Emanuel Von Zezschwitz, Ngo Dieu Huong Nguyen, Max-Emanuel Maurer, Elisa Rubegni, Marcello Paolo Scipioni, and Marc Langheinrich. 2013. Back-of-device authentication on smartphones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2389–2398.

[68]

Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of eye-gaze interaction methods for security enhanced PIN-entry. In Proceedings of the 19th Australasian Conference on Computer-human Interaction: Entertaining User Interfaces. ACM, 199–202.

[69]

Alexander De Luca, Roman Weiss, and Heinrich Hussmann. 2007. Passshape: Stroke based shape passwords. In Proceedings of the 19th Australasian Conference on Computer-human Interaction: Entertaining User Interfaces. ACM, 239–240.

[70]

Timothy Dee, Ian Richardson, and Akhilesh Tyagi. 2019. Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In Proceedings of the 32nd International Conference on VLSI Design and 2019 18th International Conference on Embedded Systems (VLSID’19). IEEE, 539–540.

[71]

Mohammad Omar Derawi. 2012. Smartphones and biometrics: Gait and activity recognition. (2012).

[72]

Mohammad Omar Derawi, Claudia Nickel, Patrick Bours, and Christoph Busch. 2010. Unobtrusive user-authentication on mobile phones using biometric gait recognition. In Proceedings of the 6th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP’10). IEEE, 306–311.

Digital Library

[73]

Rachna Dhamija and Adrian Perrig. 2000. Deja vu-a user study: Using images for authentication. In Proceedings of the USENIX Security Symposium, Vol. 9. 4–4.

[74]

Rainhard Dieter Findling and Rene Mayrhofer. 2013. Towards pan shot face unlock: Using biometric face information from different perspectives to unlock mobile devices. Int. J. Perv. Comput. Commun. 9, 3 (2013), 190–208.

[75]

Ahmet Emir Dirik, Nasir Memon, and Jean-Camille Birget. 2007. Modeling user choice in the passpoints graphical password scheme. In Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM, 20–28.

Digital Library

[76]

Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2015. Exfiltrating data from android devices. Comput. Secur. 48 (2015), 74–91.

Digital Library

[77]

Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2015. A forensically sound adversary model for mobile devices. PLoS One 10, 9 (2015), e0138449.

[78]

Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2019. The role of the adversary model in applied security research. Comput. Secur. 81 (2019), 156–181.

[79]

Danny Dolev and Andrew Yao. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory 29, 2 (1983), 198–208.

Digital Library

[80]

Hossein Falaki, Ratul Mahajan, Srikanth Kandula, Dimitrios Lymberopoulos, Ramesh Govindan, and Deborah Estrin. 2010. Diversity in smartphone usage. In Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services (MobiSys’10). ACM, New York, NY, 179–194.

Digital Library

[81]

Michael Farb, Yue-Hsun Lin, Tiffany Hyun-Jin Kim, Jonathan McCune, and Adrian Perrig. 2013. Safeslinger: Easy-to-use and secure public-key exchange. In Proceedings of the 19th Annual International Conference on Mobile Computing & Networking. ACM, 417–428.

Digital Library

[82]

P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. S. Gaur, M. Conti, and M. Rajarajan. 2015. Android security: A survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutor. 17, 2 (Secondquarter 2015), 998–1022.

Digital Library

[83]

Tao Feng, Ziyi Liu, Kyeong-An Kwon, Weidong Shi, Bogdan Carbunar, Yifei Jiang, and Nhung Nguyen. 2012. Continuous mobile authentication using touchscreen gestures. In Proceedings of the IEEE Conference on Technologies for Homeland Security (HST’12). IEEE, 451–456.

[84]

Mohamed Amine Ferrag, Leandros Maglaras, Abdelouahid Derhab, and Helge Janicke. 2020. Authentication schemes for smart mobile devices: Threat models, countermeasures, and open research issues. Telecommun. Syst. 73, 2 (2020), 317–348.

[85]

Tobias Fiebig, Jan Krissler, and Ronny Hänsch. 2014. Security impact of high resolution smartphone cameras. In Proceedings of the IEEE Workshop on Offensive Technologies (WOOT’14).

[86]

Julian Fierrez, Javier Galbally, Javier Ortega-Garcia, Manuel R. Freire, Fernando Alonso-Fernandez, Daniel Ramos, Doroteo Torre Toledano, Joaquin Gonzalez-Rodriguez, Juan A. Siguenza, and Javier Garrido-Salas. 2010. BiosecurID: A multimodal biometric database. Pattern Anal. Appl. 13, 2 (2010), 235–246.

Digital Library

[87]

Rainhard Dieter Findling, Michael Hölzl, and René Mayrhofer. 2018. Mobile match-on-card authentication using offline-simplified models with gait and face biometrics. IEEE Trans. Mobile Comput. 17, 11 (2018), 2578–2590.

Digital Library

[88]

Rainhard D. Findling and Rene Mayrhofer. 2013. Towards secure personal device unlock using stereo camera pan shots. In Proceedings of the International Conference on Computer Aided Systems Theory. Springer, 417–425.

[89]

Rainhard Dieter Findling and René Mayrhofer. 2015. Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns. In Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia (MUM’15). ACM, 131–136.

Digital Library

[90]

Rainhard Dieter Findling, Muhammad Muaaz, Daniel Hintze, and René Mayrhofer. 2014. shakeunlock: Securely unlock mobile devices by shaking them together. In Proceedings of the 12th International Conference on Advances in Mobile Computing and Multimedia. ACM, 165–174.

Digital Library

[91]

Rainhard Dieter Findling, Muhammad Muaaz, Daniel Hintze, and Rene Mayrhofer. 2017. shakeunlock: Securely transfer authentication states between mobile devices. IEEE Trans. Mobile Comput. 16, 4 (2017), 1163–1175.

Digital Library

[92]

Rainhard Dieter Findling, Tahmid Quddus, and Stephan Sigg. 2019. Hide my gaze with EOG! towards closed-eye gaze gesture passwords that resist observation-attacks with electrooculography in smart glasses. In Proceedings of the 17th International Conference on Advances in Mobile Computing & Multimedia (MoMM’19). Association for Computing Machinery, New York, NY, 107116.

[93]

Riccardo Focardi, Flaminia L. Luccio, and Heider A. M. Wahsheh. 2019. Usable security for QR code. J. Inf. Secur. Appl. 48 (2019), 102369.

[94]

Mikhail Fomichev, Flor Alvarez, Daniel Steinmetzer, Paul Gardner-Stephen, and Matthias Hollick. 2017. Survey and systematization of secure device pairing. IEEE Commun. Surv. Tutor. (Sep. 2017).

[95]

Alain Forget, Sonia Chiasson, and Robert Biddle. 2010. Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 1107–1110.

Digital Library

[96]

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forens. Secur. 8, 1 (2013), 136–148.

Digital Library

[97]

Eira Friström, Elias Lius, Niki Ulmanen, Paavo Hietala, Pauliina Kärkkäinen, Tommi Mäkinen, Stephan Sigg, and Rainhard Dieter Findling. 2019. Free-form gaze passwords from cameras embedded in smart glasses. In Proceedings of the 17th International Conference on Advances in Mobile Computing & Multimedia. 136–144.

Digital Library

[98]

Markus Funk, Karola Marky, Iori Mizutani, Mareike Kritzler, Simon Mayer, and Florian Michahelles. 2019. Lookunlock: Using spatial-targets for user-authentication on hmds. In Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems. 1–6.

Digital Library

[99]

Steven Furnell, Nathan Clarke, and Sevasti Karatzouni. 2008. Beyond the PIN: Enhancing user authentication for mobile devices. Comput. Fraud Secur. 2008, 8 (2008), 12–17.

[100]

Davrondzhon Gafurov. 2007. A survey of biometric gait recognition: Approaches, security and challenges. In Proceedings of the Annual Norwegian Computer Science Conference. 19–21.

[101]

Davrondzhon Gafurov. 2008. Performance and Security Analysis of Gait-based User Authentication. Ph.D. Dissertation. University of Oslo.

[102]

Davrondzhon Gafurov, Einar Snekkenes, and Patrick Bours. 2007. Spoof attacks on gait authentication system. IEEE Trans. Inf. Forens. Secur. 2, 3 (2007), 491–502.

Digital Library

[103]

Davrondzhon Gafurov, Einar Snekkenes, and Tor Erik Buvarp. 2006. Robustness of biometric gait authentication against impersonation attack. In Proceedings of the OTM Confederated International Conferences “on the Move to Meaningful Internet Systems.” Springer, 479–488.

Digital Library

[104]

Javier Galbally, Iwen Coisel, and Ignacio Sanchez. 2014. A probabilistic framework for improved password strength metrics. In Proceedings of the International Carnahan Conference on Security Technology (ICCST’14). IEEE, 1–6.

[105]

Pimmy Gandotra, Rakesh Kumar Jha, and Sanjeev Jain. 2016. A survey on device-to-device (D2D) communication: Architecture and security issues. J. Netw. Comput. Appl. 78 (11 2016).

[106]

Virgil D. Gligor. 2007. Handling New Adversaries in Secure Mobile Ad-hoc Networks. Technical Report. Department of Electrical and Computer Engineering, University of Maryland, College Park.

[107]

Neil Zhenqiang Gong, Altay Ozen, Yu Wu, Xiaoyu Cao, Richard Shin, Dawn Song, Hongxia Jin, and Xuan Bao. 2017. PIANO: Proximity-based user authentication on voice-powered internet-of-things devices. In Proceedings of the IEEE 37th International Conference on Distributed Computing Systems (ICDCS’17). IEEE, 2212–2219.

[108]

Sathya Govindarajan, Paolo Gasti, and Kiran S. Balagani. 2013. Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data. In Proceedings of the IEEE 6th International Conference on Biometrics: Theory, Applications and Systems (BTAS’13). IEEE, 1–8.

[109]

Bogdan Groza and Rene Mayrhofer. 2012. SAPHE: Simple accelerometer based wireless pairing with heuristic trees. In Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia. ACM, 161–168.

Digital Library

[110]

Agnes Grünerbl, Amir Muaremi, Venet Osmani, Gernot Bahle, Stefan Oehler, Gerhard Tröster, Oscar Mayora, Christian Haring, and Paul Lukowicz. 2015. Smartphone-based recognition of states and state changes in bipolar disorder patients. IEEE J. Biomed. Health Inf. 19, 1 (2015), 140–148.

[111]

Meriem Guerar, Luca Verderame, Mauro Migliardi, and Alessio Merlo. 2019. 2GesturePIN: Securing PIN-Based authentication on smartwatches. In Proceedings of the IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’19). IEEE, 327–333.

[112]

Richa Gupta and Priti Sehgal. 2016. A survey of attacks on iris biometric systems. Int. J. Biometr. 8, 2 (2016), 145–178.

Digital Library

[113]

Creighton Tsuan-Ren Hager. 2004. Context Aware and Adaptive Security for Wireless Networks. Ph.D. Dissertation.

[114]

Inken Hagestedt, Michael Backes, and Andreas Bulling. 2020. Adversarial attacks on classifiers for eye-based user modelling. In Proceedings of the ACM Symposium on Eye Tracking Research and Applications. 1–3.

Digital Library

[115]

Marian Harbach, Emanuel Von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It’sa hard lock life: A field study of smartphone (un) locking behavior and risk perception. In Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS’14). 213–230.

[116]

Mark A. Harris and Karen P. Patten. 2014. Mobile device security considerations for small- and medium-sized enterprise business mobility. Inf. Manage. Comput. Secur. 22, 1 (2014), 97–114.

[117]

Eiji Hayashi, Rachna Dhamija, Nicolas Christin, and Adrian Perrig. 2008. Use your illusion: Secure authentication usable anywhere. In Proceedings of the 4th Symposium on Usable Privacy and Security. ACM, 35–45.

Digital Library

[118]

Ernst A. Heinz, Kai S. Kunze, Stefan Sulistyo, Holger Junker, Paul Lukowicz, and Gerhard Tröster. 2003. experimental evaluation of variations in primary features used for accelerometric context recognition. In Proceedings of the European Symposium on Ambient Intelligence. Springer, 252–263.

[119]

Javier Hernandez, Daniel J. McDuff, and Rosalind W. Picard. 2015. Biophone: Physiology monitoring from peripheral smartphone motions. In Proceedings of the 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC’15). IEEE, 7180–7183.

[120]

Daniel Hintze, Rainhard Dieter Findling, Muhammad Muaaz, Eckhard Koch, and René Mayrhofer. 2015. CORMORANT: Towards continuous risk-aware multi-modal cross-device authentication. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication (UbiComp’15). ACM, 169–172.

[121]

Daniel Hintze, Philipp Hintze, Rainhard Dieter Findling, and René Mayrhofer. 2017. A large-scale, long-term analysis of mobile device usage characteristics. Proc. ACM Interact. Mob. Wear. Ubiq. Technol. 1, 2, Article 13 (Jun. 2017), 21 pages.

Digital Library

[122]

Thang Hoang, Deokjai Choi, and Thuc Nguyen. 2015. gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme. Int. J. Inf. Secur. 14, 6 (2015), 549–560.

Digital Library

[123]

Thang Hoang, Deokjai Choi, Viet Vo, Anh Nguyen, and Thuc Nguyen. 2013. A lightweight gait authentication on mobile phone regardless of installation error. In Proceedings of the IFIP International Information Security Conference. Springer, 83–101.

[124]

Michael Hoelzl, Michael Roland, and René Mayrhofer. 2017. Real-world identification for an extensible and privacy-preserving mobile eID. In The Proceedings of the 12th IFIP Smart World Revolution Conference on Privacy and Identity Management. Springer International Publishing, Ispra, Italy.

[125]

Ann-Marie Horcher. 2018. Conservation of Limited Resources: Design Principles for Security and Usability on Mobile Devices. Ph.D. Dissertation. Nova Southesastern University.

[126]

Mehdi Hosseinzadeh, Jan Lansky, Amir Masoud Rahman, Cuong Trinh, Masoumeh Safkhani, Nasour Bagheri, and Bao Huynh. 2020. A new strong adversary model for RFID authentication protocols. IEEE Access (2020).

[127]

Bufu Huang, Meng Chen, Panfeng Huang, and Yangsheng Xu. 2007. Gait modeling for human identification. In Proceedings of the IEEE International Conference on Robotics and Automation. IEEE, 4833–4838.

[128]

Otto Huhta, Prakash Shrestha, Swapnil Udar, Mika Juuti, Nitesh Saxena, and N. Asokan. 2015. Pitfalls in designing zero-effort deauthentication: Opportunistic human observation attacks. arXiv:1505.05779. Retrieved from https://arxiv.org/abs/1505.05779.

[129]

Seong-seob Hwang, Sungzoon Cho, and Sunghoon Park. 2009. Keystroke dynamics-based authentication for mobile devices. Comput. Secur. 28, 1 (2009), 85–93.

Digital Library

[130]

Tzonelih Hwang and Wei-Chi Ku. 1995. Reparable key distribution protocols for internet environments. IEEE Trans. Commun. 43, 5 (1995), 1947–1949.

[131]

ISA99 Committee and IEC Technical Committee 65 Working Group 10 (TC65WG10). 2016. The 62443 Series of standards: Industrial Automation and Control Systems Security.

[132]

Anil Jain, Patrick Flynn, and Arun A. Ross. 2007. Handbook of Biometrics. Springer Science & Business Media.

[133]

I. H. Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin. 1999. The Design and Analysis of Graphical Passwords.USENIX Association.

[134]

Shan Jia, Guodong Guo, and Zhengquan Xu. 2020. A survey on 3D mask presentation attack detection and countermeasures. Pattern Recogn. 98 (2020), 107032.

[135]

Shan Jia, Guodong Guo, Zhengquan Xu, and Qiangchang Wang. 2020. Face presentation attack detection in mobile scenarios: A comprehensive evaluation. Image Vision Comput. 93 (2020), 103826.

[136]

Lijun Jiang and Weizhi Meng. 2017. Smartphone user authentication using touch dynamics in the big data era: Challenges and opportunities. In Biometric Security and Privacy. Springer, 163–178.

[137]

Rong Jin, Liu Shi, Kai Zeng, Amit Pande, and Prasant Mohapatra. 2014. Magpairing: Exploiting magnetometers for pairing smartphones in close proximity. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’14). IEEE, 445–453.

[138]

Rong Jin, Liu Shi, Kai Zeng, Amit Pande, and Prasant Mohapatra. 2016. Magpairing: Pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Forens. Secur. 11, 6 (2016), 1306–1320.

Digital Library

[139]

Young-Hoo Jo, Seong-Yun Jeon, Jong-Hyuk Im, and Mun-Kyu Lee. 2016. Security analysis and improvement of fingerprint authentication for smartphones. Mobile Inf. Syst. 2016 (2016).

[140]

Ari Juels and Martin Wattenberg. 1999. A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security. ACM, 28–36.

Digital Library

[141]

Amir Kale, Naresh Cuntoor, B. Yegnanarayana, A. N. Rajagopalan, and Rama Chellappa. 2003. Gait analysis for human identification. In Proceedings of the International Conference on Audio-and Video-based Biometric Person Authentication. Springer, 706–714.

Digital Library

[142]

Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. 2015. Sound-proof: Usable two-factor authentication based on ambient sound. In Proceedings of the USENIX Security Symposium. 483–498.

[143]

Charlie Kaufman, Paul Hoffman, Yoav Nir, Parsi Eronen, and Tero Kivinen. 2014. Internet Key Exchange Protocol Version 2 (IKEv2). Technical Report.

[144]

Jaspreet Kaur, Amitoj Singh, and Virender Kadyan. 2020. Automatic speech recognition system for tonal languages: State-of-the-art survey. Arch. Comput. Methods Eng. (2020), 1–30.

[145]

Hassan Khan, Aaron Atwater, and Urs Hengartner. 2014. A comparative evaluation of implicit authentication schemes. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 255–275.

[146]

Hassan Khan, Urs Hengartner, and Daniel Vogel. 2018. Augmented reality-based mimicry attacks on behaviour-based smartphone authentication. In Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services. 41–53.

Digital Library

[147]

W. Z. Khan, Y. Xiang, M. Y. Aalsalem, and Q. Arshad. 2013. Mobile phone sensing systems: A survey. IEEE Commun. Surv. Tutor. 15, 1 (First 2013), 402–427.

[148]

Dongik Kim, Yujin Jung, Kar-Ann Toh, Byungjun Son, and Jaihie Kim. 2016. An empirical study on iris recognition in a mobile phone. Expert Syst. Appl. 54 (2016), 328–339.

Digital Library

[149]

Dong-Ju Kim, Kwang-Woo Chung, and Kwang-Seok Hong. 2010. Person authentication using face, teeth and voice modalities for mobile device security. IEEE Trans. Consum. Electr. 56, 4 (2010).

Digital Library

[150]

Daniel V. Klein. 1990. Foiling the cracker: A survey of, and improvements to, password security. In Proceedings of the 2nd USENIX Security Workshop. 5–14.

[151]

Lydia Kraus, Robert Schmidt, Marcel Walch, Florian Schaub, and Sebastian Möller. 2017. On the use of emojis in mobile authentication. In ICT Systems Security and Privacy Protection, Sabrina De Capitani di Vimercati and Fabio Martinelli (Eds.).

[152]

Katharina Krombholz, Thomas Hupperich, and Thorsten Holz. 2017. May the force be with you: The future of force-sensitive authentication. IEEE Internet Comput. 21, 3 (2017), 64–69.

Digital Library

[153]

Bogdan Ksiezopolski and Zbigniew Kotulski. 2007. adaptable security mechanism for dynamic environments. Comput. Secur. 26, 3 (2007), 246–255.

Digital Library

[154]

Wei-Chi Ku, Chien-Ming Chen, and Hui-Lung Lee. 2003. Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans. Commun. 86, 5 (2003), 1682–1684.

[155]

Wei-Chi Ku and Maw-Jinn Tsaur. 2005. A remote user authentication scheme using strong graphical passwords. In Proceedings of the IEEE Conference on Local Computer Networks. IEEE, 351–357.

[156]

Yeeun Ku, Leo Hyun Park, Sooyeon Shin, and Taekyoung Kwon. 2019. Draw it as shown: Behavioral pattern lock for mobile user authentication. IEEE Access 7 (2019), 69363–69378.

[157]

Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM, 13–19.

Digital Library

[158]

R. Kumar, V. V. Phoha, and A. Jain. 2015. Treadmill attack on gait-based authentication systems. In 2015 Proceedings of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS’15).

[159]

Douglas Kunda and Mumbi Chishimba. 2018. A survey of android mobile phone authentication schemes. Mobile Netw. Appl. (09 Aug. 2018).

[160]

Taekyoung Kwon and Sarang Na. 2014. Tinylock: Affordable defense against smudge attacks on smartphone pattern lock systems. Comput. Secur. 42 (2014), 137–150.

[161]

Andrew Kwong, Connor Bolton, Timothy Trippel, Wenyuan Xu, and Kevin Fu. 2017. Why Do You Trust Sensors? Analog Cybersecurity Attack Demos. https://ieeexplore.ieee.org/document/8615693.

[162]

Kyuin Lee, Vijay Raghunathan, Anand Raghunathan, and Younghyun Kim. 2018. SYNCVIBE: Fast and secure device pairing through physical vibration on commodity smartphones. In Proceedings of the IEEE 36th International Conference on Computer Design (ICCD’18). IEEE, 234–241.

[163]

Jonathan Lester, Blake Hannaford, and Gaetano Borriello. 2004. Are you with me?—Using accelerometers to determine if two devices are carried by the same person. In Proceedings of the International Conference on Pervasive Computing. Springer, 33–50.

[164]

Lingjun Li, Xinxin Zhao, and Guoliang Xue. 2013. Unobservable re-authentication for smartphones. In Proceedings of the Network and Distributed System Security Symposium (NDSS’13).

[165]

Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI meets public wifi: Inferring your mobile phone password via wifi signals. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 1068–1079.

Digital Library

[166]

Sugang Li, Ashwin Ashok, Yanyong Zhang, Chenren Xu, Janne Lindqvist, and Macro Gruteser. 2016. Whose move is it anyway? authenticating smart wearable devices using unique head movement patterns. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’16). IEEE, 1–9.

[167]

Yan Li, Yingjiu Li, Ke Xu, Qiang Yan, and Robert H. Deng. 2018. Empirical study of face authentication systems under OSNFD attacks. IEEE Trans. Depend. Secure Comput. 15, 2 (2018), 231–245.

[168]

Robert LiKamWa, Yunxin Liu, Nicholas D. Lane, and Lin Zhong. 2013. Moodscope: Building a mood sensor from smartphone usage patterns. In Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 389–402.

Digital Library

[169]

Jian Liu, Chen Wang, Yingying Chen, and Nitesh Saxena. 2017. Vibwrite: Towards finger-input authentication on ubiquitous surfaces via physical vibration. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 73–87.

Digital Library

[170]

Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015. Snooping keystrokes with mm-level audio ranging on a single phone. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. ACM, 142–154.

Digital Library

[171]

Jiayang Liu, Lin Zhong, Jehan Wickramasuriya, and Venu Vasudevan. 2009. Uwave: Accelerometer-based personalized gesture recognition and its applications. Perv. Mobile Comput. 5, 6 (2009), 657–675.

Digital Library

[172]

Yu Liu and Jianwei Niu. 2014. Overlapped-shaking: A local authentication method for mobile applications. In Proceedings of the Computing, Communications and IT Applications Conference (ComComAp’14). IEEE, 93–97.

[173]

Hong Lu, A. J. Bernheim Brush, Bodhi Priyantha, Amy K. Karlson, and Jie Liu. 2011. Speakersense: Energy efficient unobtrusive speaker identification on mobile phones. In Proceedings of the International Conference on Pervasive Computing. Springer, 188–205.

[174]

Nemanja Maček, Saša Adamović, Milan Milosavljević, Miloš Jovanović, Milan Gnjatović, and Branimir Trenkić. 2019. Mobile banking authentication based on cryptographically secured iris biometrics. Acta Polytechn. Hung. 16, 1 (2019).

[175]

Bartłomiejczyk Maciej and Mirosław Kurkowski. 2019. Multifactor authentication protocol in a mobile environment. IEEE Access 7 (2019), 157185–157199.

[176]

Sébastien Marcel, Mark S. Nixon, Julian Fierrez, and Nicholas Evans. 2019. Handbook of Biometric Anti-spoofing: Presentation Attack Detection. Springer.

[177]

Shrirang Mare, Andrés Molina Markham, Cory Cornelius, Ronald Peterson, and David Kotz. 2014. Zebra: Zero-effort bilateral recurring authentication. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, 705–720.

Digital Library

[178]

Ivan Martinovic, Kasper Rasmussen, Marc Roeschlin, and Gene Tsudik. 2017. Authentication using pulse-response biometrics. Commun. ACM 60, 2 (2017), 108–115.

Digital Library

[179]

Suhas Mathur, Robert Miller, Alexander Varshavsky, Wade Trappe, and Narayan Mandayam. 2011. Proximate: Proximity-based secure pairing using ambient wireless signals. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services. ACM, 211–224.

Digital Library

[180]

Rene Mayrhofer. 2007. The candidate key protocol for generating secret shared keys from similar sensor data streams. In Proceedings of the European Workshop on Security in Ad-hoc and Sensor Networks. Springer, 1–15.

[181]

René Mayrhofer. 2014. An architecture for secure mobile devices. Secur. Commun. Netw. 8 (07/2014 2014), 1958–1970.

[182]

René Mayrhofer. 2019. Insider attack resistance in the android ecosystem. In Proceedings of Enigma 2019. USENIX Association.

[183]

René Mayrhofer, Jürgen Fuss, and Iulia Ion. 2013. UACAP: A unified auxiliary channel authentication protocol. IEEE Trans. Mobile Comput. 12 (Apr. 2013), 710–721.

Digital Library

[184]

Rene Mayrhofer and Hans Gellersen. 2007. Shake well before use: Authentication based on accelerometer data. In Proceedings of the International Conference on Pervasive Computing. Springer, 144–161.

[185]

Rene Mayrhofer and Hans Gellersen. 2009. Shake well before use: Intuitive and secure pairing of mobile devices. IEEE Trans. Mobile Comput. 8, 6 (Jun. 2009), 792–806.

Digital Library

[186]

Maryam Mehrnezhad, Feng Hao, and Siamak F. Shahandashti. 2014. Tap-Tap and Pay (TTP): Preventing man-in-the-middle attacks in NFC payment using mobile sensors. In Proceedings of the 2nd International Conference on Research in Security Standardisation (SSR’15).

[187]

Maryam Mehrnezhad, Feng Hao, and Siamak F. Shahandashti. 2015. Tap-tap and pay (TTP): Preventing the mafia attack in NFC payment. In Proceedings of the International Conference on Research in Security Standardisation. Springer, 21–39.

[188]

W. Meng, D. S. Wong, S. Furnell, and J. Zhou. 2015. Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17, 3 (thirdquarter 2015), 1268–1293.

Digital Library

[189]

Weizhi Meng, Duncan S. Wong, Steven Furnell, and Jianying Zhou. 2015. Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17, 3 (2015), 1268–1293.

Digital Library

[190]

Markus Miettinen, N. Asokan, Thien Duc Nguyen, Ahmad-Reza Sadeghi, and Majid Sobhani. 2014. Context-based zero-interaction pairing and key evolution for advanced personal devices. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 880–891.

Digital Library

[191]

Markus Miettinen, Thien Duc Nguyen, Ahmad-Reza Sadeghi, and N. Asokan. 2018. Revisiting context-based authentication in iot. In Proceedings of the 55th Annual Design Automation Conference. ACM, 32.

[192]

Chris J. Mitchell and Liqun Chen. 1996. Comments on the S/KEY user authentication scheme. ACM SIGOPS Operat. Syst. Rev. 30, 4 (1996), 12–16.

Digital Library

[193]

Bendik B. Mjaaland, Patrick Bours, and Danilo Gligoroski. 2010. Walk the walk: Attacking gait biometrics by imitation. In Proceedings of the International Conference on Information Security. Springer, 361–380.

[194]

Manar Mohamed, Prakash Shrestha, and Nitesh Saxena. 2019. Challenge-response behavioral mobile authentication: A comparative study of graphical patterns and cognitive games. In Proceedings of the 35th Annual Computer Security Applications Conference. 355–365.

Digital Library

[195]

John V. Monaco, Md Liakat Ali, and Charles C. Tappert. 2015. Spoofing key-press latencies with a generative keystroke dynamics model. In Proceedings of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS’15). IEEE, 1–8.

[196]

Stacy J. Morris. 2004. A Shoe-integrated Sensor System for Wireless Gait Analysis and Real-time Therapeutic Feedback. Ph.D. Dissertation. Massachusetts Institute of Technology.

[197]

Muhammad Muaaz and René Mayrhofer. 2013. An analysis of different approaches to gait recognition using cell phone based accelerometers. In Proceedings of the International Conference on Advances in Mobile Computing & Multimedia. ACM, 293.

Digital Library

[198]

Muhammad Muaaz and René Mayrhofer. 2014. Orientation independent cell phone based gait authentication. In Proceedings of the 12th International Conference on Advances in Mobile Computing and Multimedia. ACM, 161–164.

Digital Library

[199]

Muhammad Muaaz and René Mayrhofer. 2015. Cross pocket gait authentication using mobile phone based accelerometer sensor. In Proceedings of the International Conference on Computer Aided Systems Theory. Springer, 731–738.

[200]

Muhammad Muaaz and René Mayrhofer. 2017. Smartphone-based gait recognition: From authentication to imitation. IEEE Trans. Mobile Comput.

[201]

Tempestt Neal and Damon Woodard. 2020. Presentation attacks in mobile and continuous behavioral biometric systems. In Securing Social Identity in Mobile Platforms. Springer, 21–40.

[202]

Ching Yu Ng, Willy Susilo, Yi Mu, and Reihaneh Safavi-Naini. 2008. RFID privacy models revisited. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’08), Vol. 5283. Springer, 251–266.

Digital Library

[203]

Le Ngu Nguyen and Stephan Sigg. 2016. Personalized image-based user authentication using wearable cameras. arXiv:1612.06209. Retrieved from https://arxiv.org/abs/1612.06209.

[204]

Phuc Nguyen, Ufuk Muncuk, Ashwin Ashok, Kaushik R. Chowdhury, Marco Gruteser, and Tam Vu. 2016. Battery-free identification token for touch sensing devices. In Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM. ACM, 109–122.

Digital Library

[205]

Mark Nixon, John Carter, D. Cunado, Ping Huang, and S. V. Stevenage. 1996. Automatic gait recognition. In Biometrics. Springer, 231–249.

[206]

Ian Oakley and Andrea Bianchi. 2012. Multi-touch passwords for mobile device access. In Proceedings of the ACM Conference on Ubiquitous Computing. ACM, 611–612.

Digital Library

[207]

Chui Sian Ong, Klara Nahrstedt, and Wanghong Yuan. 2003. Quality of protection for mobile multimedia applications. In Proceedings of the 2003 International Conference on Multimedia and Expo (ICME’03), Vol. 2. IEEE, II–137.

[208]

Rolf Oppliger. 2011. Contemporary Cryptography. Artech House.

[209]

Radu-Ioan Paise and Serge Vaudenay. 2008. Mutual authentication in RFID: Security and privacy. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. ACM, 292–299.

Digital Library

[210]

Keyurkumar Patel, Hu Han, and A. K. Jain. 2016. Secure face unlock: Spoof detection on smartphones. IEEE Trans. Inf. Forens. Secur. (Jun. 2016).

Digital Library

[211]

Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. 2016. Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Sign. Process. Mag. 33, 4 (2016), 49–61.

[212]

Raphael C.-W. Phan and Patrick Mingard. 2012. Analyzing the secure simple pairing in bluetooth v4. 0. Wireless Pers. Commun. 64, 4 (2012), 719–737.

Digital Library

[213]

Justin D. Pierce, Jason G. Wells, Matthew J. Warren, and David R. Mackay. 2003. A conceptual model for graphical authentication. In Proceedings of the 1st Australian Information Security Management Conference, Vol. 24. 347–351.

[214]

M. La Polla, F. Martinelli, and D. Sgandurra. 2013. A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15, 1 (2013), 446–471.

[215]

Sarah Prange, Lukas Mecke, Michael Stadler, Maximilian Balluff, Mohamed Khamis, and Florian Alt. 2019. Securing personal items in public space: Stories of attacks and threats. In Proceedings of the 18th International Conference on Mobile and Ubiquitous Multimedia. 1–8.

Digital Library

[216]

Sarah Prange, Emanuel von Zezschwitz, and Florian Alt. 2019. Vision: Exploring challenges and opportunities for usable authentication in the smart home. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS&PW’19). IEEE, 154–158.

[217]

Khandaker A. Rahman, Kiran S. Balagani, and Vir V. Phoha. 2013. Snoop-forge-replay attacks on continuous verification with keystrokes. IEEE Trans. Inf. Forens. Secur. 8, 3 (2013), 528–541.

Digital Library

[218]

Raghavendra Ramachandra and Christoph Busch. 2017. Presentation attack detection methods for face recognition systems: A comprehensive survey. ACM Comput. Surv. 50, 1 (2017), 1–37.

Digital Library

[219]

Nalini K. Ratha, Jonathan H. Connell, and Ruud M. Bolle. 2001. Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40, 3 (2001), 614–634.

Digital Library

[220]

S. Ray and J. Bhadra. 2016. Security challenges in mobile and iot systems. In Proceedings of the 29th IEEE International System-on-chip Conference (SOCC’16). 356–361.

[221]

Girish Revadigar, Chitra Javali, Weitao Xu, Athanasios V. Vasilakos, Wen Hu, and Sanjay Jha. 2017. Accelerometer and fuzzy vault-based secure group key generation and sharing protocol for smart wearables. IEEE Trans. Inf. Forens. Secur. 12, 10 (2017), 2467–2482.

Digital Library

[222]

A. Revathi, C. Jeyalakshmi, and Karuppusamy Thenmozhi. 2019. Person authentication using speech as a biometric against play back attacks. Multimedia Tools Appl. 78, 2 (2019), 1569–1582.

Digital Library

[223]

Daniel Ritter, Florian Schaub, Marcel Walch, and Michael Weber. 2013. MIBA: Multitouch image-based authentication on smartphones. In CHI’13 Extended Abstracts on Human Factors in Computing Systems. ACM, 787–792.

Digital Library

[224]

Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos. 2012. Progressive authentication: Deciding when to authenticate on mobile phones. In Proceedings of the USENIX Security Symposium. 301–316.

[225]

Paul Cador Roberts, Laura Posey Benofsky, William Gifford Holt, Leslie Helena Johnson, Madeline Jinx Bryant, and Nicholas I. Nussbaum. 2009. Systems and methods for demonstrating authenticity of a virtual machine using a security image. https://patents.google.com/patent/US20060253706A1/en.

[226]

Paul Cador Roberts, Laura Posey Benofsky, William Gifford Holt, Leslie Helena Johnson, Bryan Mark Willman, and Madeline Jinx Bryant. 2010. Systems and methods for determining if applications executing on a computer system are trusted. https://www.freepatentsonline.com/y2006/0253705.

[227]

Liu Rong, Zhou Jianzhong, Liu Ming, and Hou Xiangfeng. 2007. A wearable acceleration sensor system for gait recognition. In Proceedings of the IEEE Conference on Industrial Electronics and Applications. 2654–2659.

[228]

Liu Rong, Duan Zhiguo, Zhou Jianzhong, and Liu Ming. 2007. identification of individual walking patterns using gait acceleration. In Proceedings of the International Conference on Bioinformatics and Biomedical Engineering. 543–546.

[229]

Volker Roth, Kai Richter, and Rene Freidinger. 2004. A PIN-entry method resilient against shoulder surfing. In Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, 236–245.

Digital Library

[230]

Virginia Ruiz-Albacete, Pedro Tome-Gonzalez, Fernando Alonso-Fernandez, Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia. 2008. Direct attacks using fake images in iris verification. In Proceedings of the European Workshop on Biometrics and Identity Management. Springer, 181–190.

Digital Library

[231]

Pouya Samangouei, Vishal M. Patel, and Rama Chellappa. 2015. Attribute-based continuous user authentication on mobile devices. In Proceedings of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS’15). IEEE, 1–8.

[232]

S. Sandhya and K. A. S. Devi. 2012. Analysis of bluetooth threats and v4.0 security features. In Proceedings of the International Conference on Computing, Communication and Applications.

[233]

J. Schmidt. 2017. Requirements for Password-authenticated Key Agreement (PAKE) Schemes. Technical Report.

[234]

Stefan Schneegass, Frank Steimle, Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2014. Smudgesafe: Geometric image transformations for smudge-resistant user authentication. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 775–786.

Digital Library

[235]

Bruce Schneier. 1999. The uses and abuses of biometrics. Commun. ACM 42, 8 (1999), 136–136.

Digital Library

[236]

Dominik Schürmann, Arne Brüsch, Ngu Nguyen, Stephan Sigg, and Lars Wolf. 2018. Moves like jagger: Exploiting variations in instantaneous gait for spontaneous device pairing. Perv. Mobile Comput. 47 (2018), 1–12.

[237]

Dominik Schürmann, Arne Brüsch, Stephan Sigg, and Lars Wolf. 2017. BANDANA—Body area network device-to-device authentication using natural gait. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’17). 190–196.

[238]

Dominik Schürmann and Stephan Sigg. 2013. Secure communication based on ambient audio. IEEE Trans. Mobile Comput. 12, 2 (2013), 358–370.

Digital Library

[239]

Abdul Serwadda and Vir V. Phoha. 2013. Examining a large keystroke biometrics dataset for statistical-attack openings. ACM Trans. Inf. Syst. Secur. 16, 2 (2013), 8.

Digital Library

[240]

Abdul Serwadda, Vir V. Phoha, Zibo Wang, Rajesh Kumar, and Diksha Shukla. 2016. Toward robotic robbery on the touch screen. ACM Trans. Inf. Syst. Secur. 18, 4 (2016), 14.

Digital Library

[241]

Mohit Sethi, Markku Antikainen, and Tuomas Aura. 2014. Commitment-based device pairing with synchronized drawing. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’14). IEEE, 181–189.

[242]

Misbah Shafi and Rakesh Kumar Jha. 2020. Half-duplex attack: An effectual attack modelling in D2D communication. In Proceedings of the International Conference on Communication Systems & Networks (COMSNETS’20). IEEE, 879–881.

[243]

Jiacheng Shang and Jie Wu. 2019. A usable authentication system using wrist-worn photoplethysmography sensors on smartwatches. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’19). IEEE, 1–9.

[244]

Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K. Reiter. 2016. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1528–1540.

[245]

Sang-Yun Shin, Yong-Won Kang, and Yong-Guk Kim. 2020. Android-GAN: Defending against android pattern attacks using multi-modal generative network as anomaly detector. Expert Syst. Appl. 141 (2020), 112–964.

[246]

Babins Shrestha, Manar Mohamed, Sandeep Tamrakar, and Nitesh Saxena. 2016. Theft-resilient mobile wallets: Transparently authenticating NFC users with tapping gesture biometrics. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 265–276.

Digital Library

[247]

Babins Shrestha, Nitesh Saxena, Hien Thi Thu Truong, and N. Asokan. 2014. Drone to the rescue: Relay-resilient authentication using ambient multi-sensing. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 349–364.

[248]

Babins Shrestha, Nitesh Saxena, Hien Thi Thu Truong, and N. Asokan. 2018. Sensor-based proximity detection in the face of active adversaries. IEEE Trans. Mobile Comput. (2018).

[249]

Stephan Sigg, Eemil Lagerspetz, Ella Peltonen, Petteri Nurmi, and Sasu Tarkoma. 2016. Sovereignty of the apps: There’s more to relevance than downloads. arXiv:1611.10161. Retrieved from https://arxiv.org/abs/1611.10161.

[250]

Leon Sloman, Mavis Berridge, S. Homatidis, D. Hunter, and T. Duck. 1982. Gait patterns of depressed patients and normal subjects.Am. J. Psychiatr. (1982).

[251]

Youngbae Song, Geumhwan Cho, Seongyeol Oh, Hyoungshick Kim, and Jun Ho Huh. 2015. On the effectiveness of pattern lock strength meters: Measuring the strength of real world pattern locks. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. 2343–2352.

Digital Library

[252]

R. Spreitzer, V. Moonsamy, T. Korak, and S. Mangard. 2018. Systematic classification of side-channel attacks: A case study for mobile devices. IEEE Commun. Surv. Tutor. 20, 1 (Firstquarter 2018), 465–488.

[253]

Animesh Srivastava, Jeremy Gummeson, Mary Baker, and Kyu-Han Kim. 2015. step-by-step detection of personally collocated mobile devices. In Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications. ACM, 93–98.

Digital Library

[254]

Øyvind Stang. 2007. Gait Analysis: Is It Easy to Learn to Walk Like Someone Else?Master’s thesis.

[255]

Martin Stokkenes, Raghavendra Ramachandra, and Christoph Busch. 2016. Biometric authentication protocols on smartphones: An overview. In Proceedings of the 9th International Conference on Security of Information and Networks. ACM, 136–140.

Digital Library

[256]

Jonathan D. Stosz and Lisa A. Alyea. 1994. Automated system for fingerprint authentication using pores and ridge structure. In Automatic Systems for the Identification and Inspection of Humans, Vol. 2277. International Society for Optics and Photonics, 210–224.

[257]

Chen Sun, Yang Wang, and Jun Zheng. 2014. Dissecting pattern unlock: The effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19, 4 (2014), 308–320.

Digital Library

[258]

Jingchao Sun, Rui Zhang, Jinxue Zhang, and Yanchao Zhang. 2014. Touchin: Sightless two-factor authentication on multi-touch mobile devices. In Proceedings of the IEEE Conference on Communications and Network Security. IEEE, 436–444.

[259]

Yan Sun and Anup Kumar. 2008. Quality-of-protection (QoP): a quantitative methodology to grade security services. In Proceedings of the 28th International Conference on Distributed Computing Systems Workshops (ICDCS’08). IEEE, 394–399.

Digital Library

[260]

Yingnan Sun, Charence Wong, Guang-Zhong Yang, and Benny Lo. 2017. Secure key generation using gait features for body sensor networks. In Proceedings of the IEEE 14th International Conference on Wearable and Implantable Body Sensor Networks (BSN’17). IEEE, 206–210.

[261]

Xiaoyuan Suo, Ying Zhu, and G. Scott Owen. 2005. Graphical passwords: A survey. In Proceedings of the 21st Annual Computer Security Applications Conference. IEEE.

[262]

Jani Suomalainen, Jukka Valkonen, and N. Asokan. 2007. Security Associations in Personal Networks: A Comparative Analysis. 43–57.

[263]

Tetsuji Takada and Hideki Koike. 2003. Awase-e: Image-based authentication for mobile phones using users favorite images. Hum.-Comput. Interact. Mobile Dev. Serv. (2003), 347–351.

[264]

Tetsuji Takada and Yuki Kokubun. 2013. Extended pin authentication scheme allowing multi-touch key input. In Proceedings of the International Conference on Advances in Mobile Computing & Multimedia. ACM, 307.

Digital Library

[265]

Tetsuji Takada and Yuki Kokubun. 2014. MTAPIN: Multi-touch key input enhances security of PIN authentication while keeping usability. Int. J. Perv. Comput. Commun. 10, 3 (2014), 276–290.

[266]

Furkan Tari, Ant Ozok, and Stephen H. Holden. 2006. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proceedings of the 2nd Symposium on Usable Privacy and Security. ACM, 56–66.

[267]

Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh, and Ke Chen. 2016. A survey on touch dynamics authentication in mobile devices. Comput. Secur. 59 (2016), 210–235.

Digital Library

[268]

Chee Meng Tey, Payas Gupta, and Debin Gao. 2013. I can be you: Questioning the use of keystroke dynamics as biometrics.(2013). In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS’13). 1–16.

[269]

Julie Thorpe and Paul C. Van Oorschot. 2004. Towards secure design choices for implementing graphical passwords. In Proceedings of the 20th Annual Computer Security Applications Conference. IEEE, 50–60.

[270]

Christian Tiefenau, Maximilian Häring, Mohamed Khamis, and Emanuel von Zezschwitz. 2019. “Please enter your PIN”—On the risk of bypass attacks on biometric authentication on mobile devices. arXiv:1911.07692. Retrieved from https://arxiv.org/abs/1911.07692.

[271]

Ruben Tolosana, Ruben Vera-Rodriguez, and Julian Fierrez. 2019. Biotouchpass: Handwritten passwords for touchscreen biometrics. IEEE Trans. Mobile Comput. (2019).

[272]

Ruben Tolosana, Ruben Vera-Rodriguez, Julian Fierrez, Aythami Morales, and Javier Ortega-Garcia. 2017. Benchmarking desktop and mobile handwriting across COTS devices: The e-biosign biometric database. PLoS One 12, 5 (2017), e0176792.

[273]

Ruben Tolosana, Ruben Vera-Rodriguez, Julian Fierrez, and Javier Ortega-Garcia. 2019. Presentation attacks in signature biometrics: Types and introduction to attack detection. In Handbook of Biometric Anti-spoofing. Springer, 439–453.

[274]

Mohsen Toorani. 2014. Security analysis of J-PAKE. In Proceedings of the IEEE Symposium on Computers and Communication (ISCC’14). IEEE, 1–6.

[275]

Hien Thi Thu Truong, Xiang Gao, Babins Shrestha, Nitesh Saxena, N. Asokan, and Petteri Nurmi. 2014. Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’14). IEEE, 163–171.

[276]

Umut Uludag and Anil K. Jain. 2004. Attacks on biometric systems: A case study in fingerprints. In Security, Steganography, and Watermarking of Multimedia Contents VI, Vol. 5306. International Society for Optics and Photonics, 622–634.

[277]

Tom Van Goethem, Wout Scheepers, Davy Preuveneers, and Wouter Joosen. 2016. Accelerometer-based device fingerprinting for multi-factor mobile authentication. In Proceedings of the International Symposium on Engineering Secure Software and Systems. Springer, 106–121.

Digital Library

[278]

Alex Varshavsky, Adin Scannell, Anthony LaMarca, and Eyal De Lara. 2007. Amigo: Proximity-based authentication of mobile devices. In Proceedings of the International Conference on Ubiquitous Computing. Springer, 253–270.

[279]

Vassilios Vassilakis, Emmanouil Panaousis, and Haralambos Mouratidis. 2016. Security challenges of small cell as a service in virtualized mobile edge, computing environments. In Proceedings of the IFIP International Conference on Information Security Theory and Practice. Springer, 70–84.

[280]

Serge Vaudenay. 2005. Secure communications over insecure channels based on short authenticated strings. In Crypto, Vol. 3621. Springer, 309–326.

[281]

Prateek Verma, Maheedhar Dubey, Somak Basu, and Praveen Verma. 2012. Hough transform method for iris recognition-a biometric approach. Int. J. Eng. Innov. Technol. 1, 6 (2012), 43–48.

[282]

Elena Vildjiounaite, Satu-Marja Mäkelä, Mikko Lindholm, Reima Riihimäki, Vesa Kyllönen, Jani Mäntyjärvi, and Heikki Ailisto. 2006. unobtrusive multimodal biometrics for ensuring privacy and information security with personal devices. In Proceedings of the International Conference on Pervasive Computing. Springer, 187–201.

Digital Library

[283]

Emanuel Von Zezschwitz, Anton Koslow, Alexander De Luca, and Heinrich Hussmann. 2013. Making graphic-based authentication secure against smudge attacks. In Proceedings of the 2013 International Conference on Intelligent User Interfaces. ACM, 277–286.

Digital Library

[284]

Jonathan Voris, Yingbo Song, Malek Ben Salem, and Salvatore Stolfo. 2016. You are what you use: An initial study of authenticating mobile users via application usage. In Proceedings of the 8th EAI International Conference on Mobile Computing, Applications and Services. Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 51–61.

Digital Library

[285]

Avani Vyas and Sujata Pal. 2020. Preventing security and privacy attacks in WBANs. In Handbook of Computer Networks and Cyber Security. Springer, 201–225.

[286]

Dayong Wang, Steven C. H. Hoi, Ying He, Jianke Zhu, Tao Mei, and Jiebo Luo. 2013. Retrieval-based face annotation by weak label regularized local coordinate coding. IEEE Trans. Pattern Anal. Mach. Intelligence 36, 3 (2013), 550–563.

Digital Library

[287]

Yuhua Wang, Chunhua Wu, Kangfeng Zheng, and Xiujuan Wang. 2019. Improving reliability: User authentication on smartphones using keystroke biometrics. IEEE Access 7 (2019), 26218–26228.

[288]

Zibo Wang, Abdul Serwadda, Kiran S Balagani, and Vir V. Phoha. 2012. Transforming animals in a cyber-behavioral biometric menagerie with frog-boiling attacks. In Proceedings of the IEEE 5th International Conference on Biometrics: Theory, Applications and Systems (BTAS’12). IEEE, 289–296.

[289]

Colin Ware and Harutune H. Mikaelian. 1987. An evaluation of an eye tracker as a device for computer input2. ACM SIGCHI Bull. 18, 4 (1987), 183–188.

Digital Library

[290]

James Wayman, Anil Jain, Davide Maltoni, and Dario Maio. 2005. An introduction to biometric authentication systems. Biometr. Syst. (2005), 1–20.

[291]

Justin Weaver, Kenrick Mock, and Bogdan Hoanca. 2011. Gaze-based password authentication through automatic clustering of gaze points. In Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics (SMC’11). IEEE, 2749–2754.

[292]

Daphna Weinshall and Scott Kirkpatrick. 2004. Passwords you’ll never forget, but can’t recall. In CHI’04 Extended Abstracts on Human Factors in Computing Systems. ACM, 1399–1402.

[293]

Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. 2005. Passpoints: Design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63, 1–2 (2005), 102–127.

Digital Library

[294]

Susan Wiedenbeck, Jim Waters, Leonardo Sobrado, and Jean-Camille Birget. 2006. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proceedings of the Working Conference on Advanced Visual Interfaces. ACM, 177–184.

Digital Library

[295]

Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du. 2020. Liveness is not enough: Enhancing fingerprint authentication with behavioral biometrics to defeat puppet attacks. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20).

[296]

Thomas D. Wu. 1998. The secure remote password protocol. In Proceedings of the Network and Distributed System Security Symposium (NDSS’98), Vol. 98. 97–111.

[297]

Weitao Xu, Chitra Javali, Girish Revadigar, Chengwen Luo, Neil Bergmann, and Wen Hu. 2017. Gait-key: A gait-based shared secret key generation protocol for wearable devices. ACM Trans. Sens. Netw. 13, 1 (2017), 6.

Digital Library

[298]

W. Xu, G. Revadigar, C. Luo, N. Bergmann, and W. Hu. 2016. Walkie-talkie: Motion-assisted automatic key generation for secure on-body device communication. In Proceedings of the 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN’16).

[299]

Lin Yang, Wei Wang, and Qian Zhang. 2016. Secret from muscle: Enabling secure pairing with electromyography. In Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM. ACM, 28–41.

Digital Library

[300]

Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, and Wei Zhao. 2014. Blind recognition of touched keys on mobile devices. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1403–1414.

Digital Library

[301]

Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu. 2017. Dolphinattack: Inaudible voice commands. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 103–117.

Digital Library

[302]

Linghan Zhang, Sheng Tan, and Jie Yang. 2017. Hearing your voice is not enough: An articulatory gesture based liveness detection for voice authentication. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 57–71.

Digital Library

[303]

Philip Zimmermann, Alan Johnston, and Jon Callas. 2011. ZRTP: Media Path Key Agreement for Unicast Secure RTP. Technical Report.

Cited By

Guo YGuo YXiong PYang FZhang C(2024)Deeper Insight Into Why Authentication Schemes in IoT Environments Fail to Achieve the Desired SecurityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.338293419(4615-4627)Online publication date: 2-Apr-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3382934
Hernández-Marcial BLimón XSánchez-García ÁPérez-Arriaga J(2024)Secure Cryptography Usage in Software Development: A Systematic Literature Review2024 12th International Conference in Software Engineering Research and Innovation (CONISOFT)10.1109/CONISOFT63288.2024.00036(218-227)Online publication date: 28-Oct-2024
https://doi.org/10.1109/CONISOFT63288.2024.00036
Al-Rumaim APawar J(2024)Enhancing User Authentication: An Approach Utilizing Context-Based Fingerprinting With Random Forest AlgorithmIEEE Access10.1109/ACCESS.2024.344018712(110850-110861)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3440187
Show More Cited By

Index Terms

Adversary Models for Mobile Device Authentication
1. Security and privacy

Recommendations

Characterizing Composite User-Device Touchscreen Physical Unclonable Functions (PUFs) for Mobile Device Authentication
TrustED '15: Proceedings of the 5th International Workshop on Trustworthy Embedded Devices

Mobile systems have unique authentication requirements. A composite user-device identity that is computationally difficult to decompose into its user and device contribution is better suited for mobile context authentication for services such as Google ...
Mobile Device Security Using Transient Authentication

Mobile devices are vulnerable to theft and loss due to their small size and the characteristics of their common usage environment. Since they allow users to work while away from their desk, they are most useful in public locations and while traveling. ...
Mobile device security
InfoSecCD '04: Proceedings of the 1st annual conference on Information security curriculum development

Because of their small size, memory capability, and the case with which information can be downloaded and removed from a facility, mobile devices pose a risk to organizations when used and transported outside physical boundaries. Mobile devices, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 9

December 2022

800 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3485140

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 Copyright held by the owner/author(s).

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2021

Accepted: 01 July 2021

Revised: 01 May 2021

Received: 01 August 2020

Published in CSUR Volume 54, Issue 9

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Refereed

Funding Sources

Christian Doppler Forschungsgesellschaft, 3 Banken IT GmbH, Kepler Universitätsklinikum GmbH, NXP Semiconductors Austria GmbH
Österreichische Staatsdruckerei GmbH
LIT Secure and Correct Systems Lab
State of Upper Austria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
3,216
Total Downloads

Downloads (Last 12 months)1,362
Downloads (Last 6 weeks)256

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Guo YGuo YXiong PYang FZhang C(2024)Deeper Insight Into Why Authentication Schemes in IoT Environments Fail to Achieve the Desired SecurityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.338293419(4615-4627)Online publication date: 2-Apr-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3382934
Hernández-Marcial BLimón XSánchez-García ÁPérez-Arriaga J(2024)Secure Cryptography Usage in Software Development: A Systematic Literature Review2024 12th International Conference in Software Engineering Research and Innovation (CONISOFT)10.1109/CONISOFT63288.2024.00036(218-227)Online publication date: 28-Oct-2024
https://doi.org/10.1109/CONISOFT63288.2024.00036
Al-Rumaim APawar J(2024)Enhancing User Authentication: An Approach Utilizing Context-Based Fingerprinting With Random Forest AlgorithmIEEE Access10.1109/ACCESS.2024.344018712(110850-110861)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3440187
Farzand HAbraham MBrewster SKhamis MMarky K(2024)A Systematic Deconstruction of Human-Centric Privacy & Security Threats on Mobile PhonesInternational Journal of Human–Computer Interaction10.1080/10447318.2024.2361519(1-24)Online publication date: 12-Jun-2024
https://doi.org/10.1080/10447318.2024.2361519
Dittrich JFindling R(2024)Good Vibes! Towards Phone-to-User Authentication Through Wristwatch VibrationsAdvances in Mobile Computing and Multimedia Intelligence10.1007/978-3-031-78049-3_3(24-30)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1007/978-3-031-78049-3_3
Matiushin IKorkhov VBusko I(2024)Analysis of Attacks on Continuous Authentication Methods and Ways of Defending Against ThemComputational Science and Its Applications – ICCSA 2024 Workshops10.1007/978-3-031-65308-7_26(369-385)Online publication date: 22-Aug-2024
https://doi.org/10.1007/978-3-031-65308-7_26
Kim JPark JOakley I(2023)SonarAuth: Using Around Device Sensing to Improve Smartwatch Behavioral BiometricsAdjunct Proceedings of the 2023 ACM International Joint Conference on Pervasive and Ubiquitous Computing & the 2023 ACM International Symposium on Wearable Computing10.1145/3594739.3610696(83-87)Online publication date: 8-Oct-2023
https://dl.acm.org/doi/10.1145/3594739.3610696
Nguyen LSigg SLietzen JFindling RRuttik K(2023)Camouflage Learning: Feature Value Obscuring Ambient Intelligence for Constrained DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2021.309227122:2(781-796)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TMC.2021.3092271
Yao MTao DGao RWang JHelal SMao S(2023)PresSafe: Barometer-Based On-Screen Pressure-Assisted Implicit Authentication for SmartphonesIEEE Internet of Things Journal10.1109/JIOT.2022.319965710:1(285-302)Online publication date: 1-Jan-2023
https://doi.org/10.1109/JIOT.2022.3199657
Zuo SSigg S(2022)Personalized Gestures Through Motion Transfer: Protecting Privacy in Pervasive SurveillanceIEEE Pervasive Computing10.1109/MPRV.2022.321015621:4(8-16)Online publication date: 1-Oct-2022
https://doi.org/10.1109/MPRV.2022.3210156

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents