research-article

Privacy-preserving continuous authentication using behavioral biometrics

Authors:

Ahmed Fraz Baig,

Sigurd Eskeland,

Bian YangAuthors Info & Claims

International Journal of Information Security, Volume 22, Issue 6

Pages 1833 - 1847

https://doi.org/10.1007/s10207-023-00721-y

Published: 13 July 2023 Publication History

Abstract

Continuous authentication modalities collect and utilize users’ sensitive data to authenticate them continuously. Such data contain information about user activities, behaviors, and other demographic information, which causes privacy concerns. In this paper, we propose two privacy-preserving protocols that enable continuous authentication while preventing the disclosure of user-sensitive information to an authentication server. We utilize homomorphic cryptographic primitives that protect the privacy of biometric features with an oblivious transfer protocol that enables privacy-preserving information retrieval. We performed the biometric evaluation of the proposed protocols on two datasets, a swipe gesture dataset and a keystroke dynamics dataset. The biometric evaluation shows that the protocols have very good performance. The execution time of the protocols is measured by considering continuous authentication using: only swipe gestures, keystroke dynamics, and hybrid modalities. The execution time proves the protocols are very efficient, even on high-security levels.

References

[1]

Baig AF and Eskeland S Security, privacy, and usability in continuous authentication: a survey Sensors 2021 21 17 5967

[2]

Antal M, Bokor Z, and Szabó LZ Information revealed from scrolling interactions on mobile devices Pattern Recogn. Lett. 2015 56 7-13

[3]

Govindarajan, S., Gasti, P., Balagani, K.S.: “Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data,” in 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS). IEEE, pp. 1–8 (2013)

[4]

Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: “Privacy-preserving face recognition,” in International symposium on privacy enhancing technologies symposium. Springer, pp. 235–253 (2009)

[5]

Damgård I, Geisler M, and Krøigard M Homomorphic encryption and secure comparison Int. J. Appl. Cryptogr. 2008 1 1 22-31

[6]

Sitová Z, Šeděnka J, Yang Q, Peng G, Zhou G, Gasti P, and Balagani KS HMOG: new behavioral biometric features for continuous authentication of smartphone users IEEE Trans. Inf. Forensics Secur. 2015 11 5 877-892

[7]

Juels, A., Wattenberg, M.: “A fuzzy commitment scheme,” in Proceedings of the 6th ACM conference on Computer and communications security, pp. 28–36 (1999)

[8]

Bringer J, Chabanne H, and Patey A Privacy-preserving biometric identification using secure multiparty computation—an overview and recent trends IEEE Signal Process. Mag. 2013 30 2 42-52

[9]

Balagani KS, Gasti P, Elliott A, Richardson A, and O’Neal M The impact of application context on privacy and performance of keystroke authentication systems J. Comput. Secur. 2018 26 4 543-556

[10]

Wei F, Vijayakumar P, Kumar N, Zhang R, and Cheng Q Privacy-preserving implicit authentication protocol using cosine similarity for internet of things IEEE Internet Things J. 2020 8 7 5599-5606

[11]

Eskeland, S., Baig, A.F.: “Cryptanalysis of a privacy-preserving behavior-oriented authentication scheme,” in Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT 2022, INSTICC. SciTePress, pp. 299–304 (2022)

[12]

Safa, N.A., Safavi-Naini, R., Shahandashti, S.F.: “Privacy-preserving implicit authentication,” in IFIP International Information Security Conference. Springer, pp. 471–484 (2014)

[13]

Shahandashti SF, Safavi-Naini R, and Safa NA Reconciling user privacy and implicit authentication for mobile devices Comput. Secur. 2015 53 215-233

[14]

Domingo-Ferrer, J., Wu, Q., Blanco-Justicia, A.: “Flexible and robust privacy-preserving implicit authentication,” in IFIP International Information Security and Privacy Conference. Springer, pp. 18–34 (2015)

[15]

Paillier, P.: “Public-key cryptosystems based on composite degree residuosity classes,” in International conference on the theory and applications of cryptographic techniques. Springer, pp. 223–238 (1999)

[16]

Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T., Nicolosi, A.A.: Efficient RSA key generation and threshold Paillier in the two-party setting. J. Cryptol. 32(2), 265–323 (2019)

[17]

Pinkas, B., Schneider, T., Zohner, M.: “Faster private set intersection based on

{

OT

}

extension,” in 23rd USENIX Security Symposium (USENIX Security 14), pp. 797–812 (2014)

[18]

Cong, K., Moreno, R.C., da Gama, M.B., Dai, W., Iliashenko, I., Laine, K., Rosenberg, M.: “Labeled psi from homomorphic encryption with reduced computation and communication,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1135–1150 (2021)

[19]

Karakoç, F., Nateghizad, M., Erkin, Z.: “Set-ot: A secure equality testing protocol based on oblivious transfer,” in Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–9 (2019)

[20]

Acien A, Morales A, Monaco JV, Vera-Rodriguez R, and Fierrez J Typenet: deep learning keystroke biometrics IEEE Trans. Biom., Behav., Identity Sci. 2021 4 1 57-70

[21]

Lazar C, Taminau J, Meganck S, Steenhoff D, Coletta A, Molter C, de Schaetzen V, Duque R, Bersini H, and Nowe A A survey on filter techniques for feature selection in gene expression microarray analysis IEEE/ACM Trans. Comput. Biol. Bioinf. 2012 9 4 1106-1119

[22]

Šeděnka J, Govindarajan S, Gasti P, and Balagani KS Secure outsourced biometric authentication with performance evaluation on smartphones IEEE Trans. Inf. Forensics Secur. 2014 10 2 384-396

[23]

Damgård, I., Geisler, M., Krøigaard, M.: “Efficient and secure comparison for on-line auctions,” in Australasian conference on information security and privacy. Springer, pp. 416–430 (2007)

[24]

Damgård I, Geisler M, and Krøigard M A correction to ’Efficient and secure comparison for on-line auctions Int. J. Appl. Cryptogr. 2009 1 4 323-324

[25]

Killourhy, K.S., Maxion, R.A.: “Free vs. transcribed text for keystroke-dynamics evaluations,” in Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results, pp. 1–8 (2012)

[26]

Python-paillier.readthedocs.io, “Python library for Partially Homomorphic Encryption,” https://python-paillier.readthedocs.io/en/develop/index.html, 2016, [Accessed 11.05.2022]

Cited By

Ibanez-Lissen LDe Fuentes JGonzalez-Manzano LAnciaux N(2024)Continuous Authentication Leveraging Matrix ProfileProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664481(1-13)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664481

Recommendations

Continuous Authentication Using Behavioral Biometrics

A continuous behaviometric authentication system is tested on 99 users over 10 weeks, focusing on keystroke dynamics, mouse movements, application usage, and the system footprint. In the process, a new trust model was created to enable continuous ...
Privacy preserving multi-factor authentication with biometrics
DIM '06: Proceedings of the second ACM workshop on Digital identity management

An emerging approach to the problem of reducing the identity theft is represented by the adoption of biometric authentication systems. Such systems however present however several challenges, related to privacy, reliability, security of the biometric ...
Privacy preserving multi-factor authentication with biometrics
The Second ACM Workshop on Digital Identity Management - DIM 2006

An emerging approach to the problem of identity theft is represented by the adoption of biometric authentication systems. Such systems however present several challenges, related to privacy, reliability and security of the biometric data. Inter-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Information Security

International Journal of Information Security Volume 22, Issue 6

Dec 2023

483 pages

ISSN:1615-5262

EISSN:1615-5270

Issue’s Table of Contents

© The Author(s) 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 13 July 2023

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ibanez-Lissen LDe Fuentes JGonzalez-Manzano LAnciaux N(2024)Continuous Authentication Leveraging Matrix ProfileProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664481(1-13)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664481

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents