CORMORANT
Autor: | Eckhard Koch, Philipp Kapfer, Matthias Füller, Rene Mayrhofer, Muhammad Muaaz, Sebastian Scholz, Daniel Hintze, Rainhard Dieter Findling |
---|---|
Rok vydání: | 2019 |
Předmět: |
Password
Authentication Biometrics Computer Networks and Communications Event (computing) Computer science 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Human-Computer Interaction Information sensitivity Keystroke dynamics Hardware and Architecture 0202 electrical engineering electronic engineering information engineering Strong authentication 020201 artificial intelligence & image processing computer Mobile device |
Zdroj: | Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies. 3:1-23 |
ISSN: | 2474-9567 |
DOI: | 10.1145/3351243 |
Popis: | People own and carry an increasing number of ubiquitous mobile devices, such as smartphones, tablets, and notebooks. Being small and mobile, those devices have a high propensity to become lost or stolen. Since mobile devices provide access to their owners' digital lives, strong authentication is vital to protect sensitive information and services against unauthorized access. However, at least one in three devices is unprotected, with inconvenience of traditional authentication being the paramount reason. We present the concept of CORMORANT, an approach to significantly reduce the manual burden of mobile user verification through risk-aware, multi-modal biometric, cross-device authentication. Transparent behavioral and physiological biometrics like gait, voice, face, and keystroke dynamics are used to continuously evaluate the user's identity without explicit interaction. The required level of confidence in the user's identity is dynamically adjusted based on the risk of unauthorized access derived from signals like location, time of day and nearby devices. Authentication results are shared securely with trusted devices to facilitate cross-device authentication for co-located devices. Conducting a large-scale agent-based simulation of 4 000 users based on more than 720 000 days of real-world device usage traces and 6.7 million simulated robberies and thefts sourced from police reports, we found the proposed approach is able to reduce the frequency of password entries required on smartphones by 97.82% whilst simultaneously reducing the risk of unauthorized access in the event of a crime by 97.72%, compared to conventional knowledge-based authentication. |
Databáze: | OpenAIRE |
Externí odkaz: |