Towards Generalizable User Authentication Systems on Personal Devices
Date:
Popularity in remote work and online learning has increased in recent years due to the promotion of health safety, modernized work policies, self-paced learning of employer degree programs, among other reasons. These trends place significant responsibility on the computing industry to support internet users across demographic groups, particularly on personal computing devices (PCDs). This is especially important as some demographics impact users’ ability to recognize and mitigate security and privacy risks. Since user authentication systems are generally the first security checkpoint when accessing a PCD, they play a critical role as one of many precautionary measures of an entire computing experience.
User authentication is often a prerequisite for allowing user access to resources in a system. There are three common authentication methods: knowledge-based, token-based, and biometrics. How all three methods support users across various demographic groups has not been well studied.
In this talk, we provide fundamental understanding of user authentication systems and discuss prior work of the Cyber Identity and Behavior Research Lab. These efforts include various approaches to mobile biometrics, including user recognition, soft biometric classification, and detection of adversary attacks in mobile biometric authentication systems. We then overview ongoing research specifically concerning age-aware user authentication systems for PCDs. We conclude with a brief discussion of additional research on user identity and IoT devices and discuss open research challenges of interest to the lab.