Continuous User Authentication on Everyday Devices

Project Summary

Current software for user authentication relies on the user to directly initiate some interaction (i.e., active authentication). However, active authentication systems are not accessible to individuals across all age groups. Continuous authentication schemes transparently observe a user’s natural multimodal behaviors to leverage all possible signals as input for authentication, and hence do not require explicit authentication interactions to be initiated by the user, and are thus a promising framework for authentication by individuals of different age groups. This project’s novelties were to 1) to advance understanding of how individuals of different age groups use and perceive existing authentication methods, especially concerning users’ mental models and acceptance of monitoring for the purposes of continuous authentication, and 2) to collect and analyze a variety of user signals in multiple behavioral and physiological modalities for age-aware continuous authentication on personal computing devices. This research also informs the design of continuous authentication interactions in other contexts such as public spaces and other smart environments, in which continuous authentication might be useful. The research included three phases. (1) Elicit the mental models multi-generational users have of what it means to authenticate to a system, if and when they expect the system to re-authenticate them to confirm their identity as they continue to interact, and if and how they expect to receive feedback of authentication attempts. (2) Produce a novel dataset of behavioral and physiological data, such as touch gestures, keystroke dynamics, heart-rate variability, and skin temperature, through a series of data collection sessions wherein individuals of different age groups will be recruited to complete a diverse set of tasks. (3) Develop fundamental knowledge of age-aware continuous authentication through the analysis of these data using state-of-the-art machine and deep learning techniques.

This project was a collaboration between the CIBeR Lab, the Affective Vision Lab, the Intelligent Natural Interaction Technology Lab, and the Ruiz Human- Computer Interaction Lab.

Publications

  • S. Aathreya, M. Chaudhary, T. Neal and S. Canavan, “Multimodal Context-Based Continuous Authentication,” 2023 IEEE International Joint Conference on Biometrics (IJCB), Ljubljana, Slovenia, 2023, pp. 1-10, doi: 10.1109/IJCB57857.2023.10448626.
  • Neal, Tempestt, Anthony, Lisa, Canavan, Shaun, Ruiz, Jaime, Aathreya, Saandeep, Chaudhary, Meghna, Chen, Yu-Peng, Wang, Heting, Calvo, Rodrigo, Jivnani, Liza, and Ng Wai, Nicolas. Toward Understanding Children’s Use and Understanding of User Authentication Systems: Work-in-Progress. Retrieved from https://par.nsf.gov/biblio/10394636. USENIX Symposium on Usable Privacy and Security (SOUPS).

Dataset

The dataset developed in this project is available upon request by sending an email to tjneal@usf.edu.

Cybersecurity Education

This project received Research Experience for Teachers and Undergraduates supplements through the U.S. National Science Foundation to engage with undergraduate students on the development of high school cybersecurity teaching materials. Read about it here.

This study was approved by USF’s Institutional Review Board as Study #005606, and was funded by NSF’s Secure and Trustworthy Cyberspace Program, Grant #2039373.