基于移动智能终端交互行为的持续身份认证技术综述*

doi:10.12267/j.issn.2096-5931.2024.01.004

信息通信技术与政策 ›› 2024, Vol. 50 ›› Issue (1): 19-31.doi: 10.12267/j.issn.2096-5931.2024.01.004

基于移动智能终端交互行为的持续身份认证技术综述^*

Continuous identity authentication of mobile intelligent terminal users via interactive behavior

宋天乐¹, 蔺琛皓¹, 高书馨¹, 赵竣毅², 周亚杰¹, 纪英帅³, 杨明慧⁴, 沈超¹

1.西安交通大学网络空间安全学院,西安 710049
2.西安交通大学信息与通信工程学院,西安 710049
3.西安交通大学自动化科学与工程学院,西安 710049
4.OPPO广东移动通信有限公司,东莞 523860

收稿日期:2023-12-28 出版日期:2024-01-25 发布日期:2024-02-01
通讯作者: 蔺琛皓,西安交通大学网络空间安全学院特聘研究员,长期从事人工智能安全、智能身份安全等方面的研究工作
作者简介:
宋天乐,西安交通大学网络空间安全学院硕士研究生在读,主要从事身份认证、生物特征识别等方面的研究工作
高书馨,西安交通大学网络空间安全学院硕士研究生在读,主要从事可持续身份认证等方面的研究工作
赵竣毅,西安交通大学信息工程学院硕士研究生在读,主要从事身份认证、生物特征识别等方面的研究工作
周亚杰,西安交通大学网络空间安全学院硕士研究生在读,主要从事人机交互行为分析与生成式数据增强等方面的研究工作
纪英帅,西安交通大学自动化科学与工程学院本科生在读,主要从事身份识别方面的研究工作
杨明慧,OPPO广东移动通信有限公司高级软件架构师,长期从事移动终端安全、可信身份识别技术等方面的研究工作
沈超,西安交通大学网络空间安全学院教授,长期从事智能系统安全与控制、可信人工智能与AI安全、软件测试和AI测试、智能人机行为分析等方面的研究工作
基金资助:
*国家自然科学基金项目(62006181);国家自然科学基金项目(62161160337);国家自然科学基金项目(62132011);国家自然科学基金项目(U21B2018);国家自然科学基金项目(U20A201);国家自然科学基金项目(62206217)

SONG Tianle¹, LIN Chenhao¹, GAO Shuxin¹, ZHAO Junyi², ZHOU Yajie¹, JI Yingshuai³, YANG Minghui⁴, SHEN Chao¹

1. School of Cyber Science and Engineering, Xi’an Jiaotong University, Xi’an 710049, China
2. School of Information and Communications Engineering, Xi’an Jiaotong University, Xi’an 710049, China
3. School of Automation Science and Engineering, Xi’an Jiaotong University, Xi’an 710049, China
4. Guangdong OPPO Mobile Telecommunications Co., Ltd., Dongguan 523860, China

Received:2023-12-28 Online:2024-01-25 Published:2024-02-01

摘要/Abstract

摘要：

随着移动智能终端的发展和普及,更多用户在智能手机、平板等移动终端上进行支付、转账、存储个人信息等活动。为了提高用户使用移动智能终端的安全性和便利性,目前移动智能终端身份认证的发展趋向于持续认证。首先,回顾了现有基于移动智能终端的身份认证工作;其次,整理了目前主流的性能评估指标和产业界应用;最后,对持续身份认证在移动智能终端中亟待解决的问题以及发展趋势进行了总结和探讨。

关键词: 移动智能终端, 持续认证, 性能评估指标

Abstract:

With the development and popularization of mobile intelligent terminals, more and more users are performing activities such as payment, transfer, and storing personal information on mobile terminals, including smartphones and tablets. In order to improve the security and convenience for users to use mobile intelligent terminals, the current development of mobile intelligent terminal identity authentication tends to be continuous authentication. Firstly, the existing identity authentication work based on mobile intelligent terminal is reviewed. Secondly, the current mainstream performance evaluation indicators and industry applications are organized. Finally, a summary and a discussion are conducted on the urgent issues and development trends of continuous identity authentication in mobile intelligent terminals.

Key words: mobile intelligent terminal, continuous authentication, performance evaluation index

中图分类号:

宋天乐, 蔺琛皓, 高书馨, 赵竣毅, 周亚杰, 纪英帅, 杨明慧, 沈超. 基于移动智能终端交互行为的持续身份认证技术综述^*[J]. 信息通信技术与政策, 2024, 50(1): 19-31.

SONG Tianle, LIN Chenhao, GAO Shuxin, ZHAO Junyi, ZHOU Yajie, JI Yingshuai, YANG Minghui, SHEN Chao. Continuous identity authentication of mobile intelligent terminal users via interactive behavior[J]. Information and Communications Technology and Policy, 2024, 50(1): 19-31.

导出引用管理器 EndNote|Ris|BibTeX

链接本文:

http://ictp.caict.ac.cn/CN/10.12267/j.issn.2096-5931.2024.01.004

http://ictp.caict.ac.cn/CN/Y2024/V50/I1/19

图/表 6

参考文献 57

[1]	KHAN W Z, XIANG Y, AALSALEM M Y, et al. Mobile phone sensing systems: a survey[J]. IEEE Communications Surveys & Tutorials, 2013, 15(1):402-427. DOI:10.1109/SURV.2012.031412.000.
[2]	ANDERSON J P. Computer security threat monitoring and surveillance[EB/OL]. 2023[2023-12-28]. https://www.researchgate.net/publication/239587894_Computer_Security_Threat_Monitoring_and_Surveillance.
[3]	ZHAO Z M, AHN G J, HU H X. Picture gesture authentication: empirical analysis, automated attacks, and scheme evaluation[J]. Acm Transactions on Information and System Security, 2015, 17(4):1-37. DOI:10.1145/2701423.
[4]	ACAR T, BELENKIY M, KUEPCUE A. Single password authentication[J]. Computer Networks, 2013, 57(13):2597-2614. doi: 10.1016/j.comnet.2013.05.007 URL
[5]	SHEILA M, FAIZAL M A, SHAHRIN S. Dimension of mobile security model: mobile user security threats and awareness[J]. International Journal of Mobile Learning and Organisation, 2015, 9(1):66-85. DOI:10.1504/ijmlo.2015.069718.
[6]	AVIV A J, GIBSON K, MOSSOP E, et al. Smudge attacks on smartphone touch screens[J]. USENIX Association, 2010:1-7. DOI:doi:http://dx.doi.org/.
[7]	AMIN R, GABER T, ELTAWEEL G, et al. Biometric and traditional mobile authentication techniques: overviews and open issues[J]. Intelligent Systems Reference Library, 2014, 70(2). DOI:10.1007/978-3-662-43616-5_16.
[8]	SHUKLA D, PHOHA V V. Stealing passwords by observing hands movement[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(12):3086-3101. DOI:10.1109/TIFS.2019.2911171.
[9]	MALKIN N, HARBACH M, DE LUCA A, et al. The anatomy of smartphone unlocking[J]. GetMobile: Mobile Computing and Communications Review, 2016, 20(3):42-46.
[10]	BONTRAGER P, TOGELIUS J, MEMON N. Deepmasterprint: generating fingerprints for presentation attacks[J]. arXiv Preprint, arXiv:1705.07386, 2017.
[11]	ERDOGMUS N, MARCEL S. Spoofing face recognition with 3D masks[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(7):1084-1097. doi: 10.1109/TIFS.2014.2322255 URL
[12]	CZAJKA A, BOWYER K W, KRUMDICK M, et al. Recognition of image-orientation-based iris spoofing[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(9):2184-2196. doi: 10.1109/TIFS.2017.2701332 URL
[13]	GUPTA R, SEHGAL P. A survey of attacks on iris biometric systems[J]. International Journal of Biometrics, 2016, 8(2):145-178. doi: 10.1504/IJBM.2016.077833 URL
[14]	FERRERO R, GANDINO F, MONTRUCCHIO B, et al. On gait recognition with smartphone accelerometer[C]// 2015 4th Mediterranean Conference on Embedded Computing. Budva: IEEE Press, 2015:368-373.
[15]	FANTANA A L, RAMACHANDRAN S, SCHUNCK C H, et al. Movement based biometric authentication with smartphones[C]// 2015 International Carnahan Conference on Security Technology. Taipei: IEEE Press, 2015:235-239.
[16]	LAGHARI A, MEMON Z A. Biometric authentication technique using smartphone sensor[C]// 2016 13th International Bhurban Conference on Applied Sciences and Technology. Islamabad: IEEE Press, 2016:381-384.
[17]	LEE W H, LEE R. Implicit sensor-based authentication of smartphone users with smartwatch[J]. ACM, 2017. DOI:10.1145/2948618.2948627.
[18]	LI Y, HU H, ZHOU G. Using data augmentation in continuous authentication on smartphones[J]. IEEE Internet of Things Journal, 2018, 6(1):628-640. doi: 10.1109/JIOT.2018.2851185 URL
[19]	EHATISHAM-UL-HAQ M, AZAM M A, NAEEM U, et al. Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing[J]. Journal of Network and Computer Applications, 2018, 109:24-35. doi: 10.1016/j.jnca.2018.02.020 URL
[20]	LI Y, ZOU B, DENG S, et al. Using feature fusion strategies in continuous authentication on smartphones[J]. IEEE Internet Computing, 2020, 24(2):49-56. doi: 10.1109/MIC.2020.2971447 URL
[21]	SHEN C, LI Y, CHEN Y, et al. Performance analysis of multi-motion sensor behavior for active smartphone authentication[J]. IEEE Transactions on Information Forensics and Security, 2017, 13(1):48-62. doi: 10.1109/TIFS.2017.2737969 URL
[22]	AMINI S, NOROOZI V, PANDE A, et al. Deepauth: a framework for continuous user re-authentication in mobile apps[C]// Proceedings of the 27th ACM International Conference on Information and Knowledge Management. New York: ACM, 2018:2027-2035.
[23]	HU H, LI Y, ZHU Z, et al. CNNAuth: continuous authentication via two-stream convolutional neural networks[C]// 2018 IEEE International Conference on Networking, Architecture and Storage. Chongqing: IEEE Press, 2018:1-9.
[24]	FEREIDOONI H, KöNIG J, RIEGER P, et al. Authenti Sense: a scalable behavioral biometrics authentication scheme using few-shot learning for mobile platforms[J]. arXiv Preprint, arXiv:2302.02740v1, 2023.
[25]	ZHANG Y, HU W, XU W, et al. Continuous authentication using eye movement response of implicit visual stimuli[J]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2018, 1(4):1-22. DOI:10.1145/3161410.
[26]	AGAC S, INCEL O D. User authentication and identification on smart glasses with motion sensors[J]. SN Computer Science, 2023, 4(6):1-14. doi: 10.1007/s42979-022-01425-1
[27]	MONDAL S, BOURS P. Swipe gesture based continuous authentication for mobile devices[C]// 2015 International Conference on Biometrics. Phuket: IEEE Press, 2015:458-465.
[28]	NOHARA T, UDA R. Personal identification by flick input using self-organizing maps with acceleration sensor and gyroscope[J]. ACM, 2016:1-6. DOI:10.1145/2857546.2857605.
[29]	FRANK M, BIEDERT R, MA E, et al. Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication[J]. IEEE Transactions on Information Forensics and Security, 2012, 8(1):136-148. DOI:10.1109/TIFS.2012.2225048.
[30]	ANTAL M, SZABó L Z. Biometric authentication based on touchscreen swipe patterns[J]. Procedia Technology, 2016, 22:862-869. DOI:10.1016/j.protcy.2016.01.061.
[31]	LEYFER K, SPIVAK A. Continuous user authentication by the classification method based on the dynamic touchscreen biometrics[C]// 2019 24th Conference of Open Innovations Association (FRUCT). Moscow: IEEE Press, 2019:228-234.
[32]	POZO A, FIERREZ J, MARTINEZ-DIAZ M, et al. Exploring a statistical method for touchscreen swipe biometrics[C]// 2017 International Carnahan Conference on Security Technology. Madrid: IEEE Press, 2017:1-4.
[33]	SONG Y, CAI Z. Integrating handcrafted features with deep representations for smartphone authentication[J]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2022, 6(1):1-27.
[34]	BEVAN C, FRASER D S. Different strokes for different folks? Revealing the physical characteristics of smartphone users from their swipe gestures[J]. International Journal of Human-Computer Studies, 2016, 88:51-61. doi: 10.1016/j.ijhcs.2016.01.001 URL
[35]	CHENG Y, JI X, LI X, et al. Identifying child users via touchscreen interactions[J]. ACM Transactions on Sensor Networks, 2020, 16(4):1-25.
[36]	LIN C, SONG T, MIAO Y, et al. ChildShield: an implicit and continuous child identification system on smartphones[J]. IEEE Transactions on Dependable and Secure Computing, 2023.
[37]	ZHANG L F, YU M Z, CHEN T, et al. Auxiliary training: towards accurate and robust models[C]// IEEE/CVF Conference on Computer Vision and Pattern Recognition. Seattle: IEEE Press, 2020:369-378.
[38]	MIAO Y, TIAN Q, LIN C, et al. Learning heuristically-selected and neurally-guided feature for age group recognition using unconstrained smartphone interaction[C]// Proceedings of the Thirty-Second International Joint Conference on Artificial Intelligence. IJCAI, 2023:3029-3037.
[39]	MONROSE F, RUBIN A. Authentication via keystroke dynamics[C]// CCS’97: Proceedings of the 4th ACM Conference on Computer and Communications Security. New York: ACM, 1997:48-56.
[40]	SHEN T P, JIN T A B, SHIGANG Y. A survey of keystroke dynamics biometrics[EB/OL]. (2013-11-03)[2023-12-28]. www.hindawi.com/journals/tswj/2013/408280/.
[41]	BHATT S, SANTHANAM T. Keystroke dynamics for biometric authentication: a survey[C]// International Conference on Pattern Recognition. Salem: IEEE Press, 2013:1-7. DOI:10.1109/ICPRIME.2013.6496441.
[42]	CILIA D, INGUANEZ F. Multi-model authentication using keystroke dynamics for smartphones[C]// 2018 IEEE 8th International Conference on Consumer Electronics-Berlin. Berlin:IEEE Press, 2018:1-6. DOI:10.1109/ICCE-Berlin.2018.8576226.
[43]	JOYCE R, GUPTA G. Identity authentication based on keystroke latencies[J]. Communications of the ACM, 1990, 33(2):168-176. doi: 10.1145/75577.75582 URL
[44]	LIN C, HE J, SHEN C, et al. CrossBehaAuth: cross-scenario behavioral biometrics authentication using keystroke dynamics[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(3):2314-2327. DOI:10.1109/TDSC.2022.3179603.
[45]	KANG P, CHO S. Keystroke dynamics-based user authentication using long and free text strings from various input devices[J]. Information Sciences, 2015, 308:72-93. doi: 10.1016/j.ins.2014.08.070 URL
[46]	HWANG S S, CHO S, PARK S. Keystroke dynamics-based authentication for mobile devices[J]. Computers & Security, 2009, 28(1-2):85-93. DOI:10.1016/j.cose.2008.10.002.
[47]	INGUANEZ F, AHMADI S. Securing smartphones via typing heat maps[C]// 2016 IEEE 6th International Conference on Consumer Electronics-Berlin. Berlin: IEEE Press, 2016:193-197.
[48]	BURIRO A, CRISPO B, GUPTA S, et al. Dialerauth: a motion-assisted touch-based smartphone user authentication scheme[C]// Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. New York: ACM, 2018: 267-276. DOI:10.1145/3176258.3176318.
[49]	WU J S, LIN W C, LIN C T, et al. Smartphone continuous authentication based on keystroke and gesture profiling[C]// 2015 International Carnahan Conference on Security Technology. Taipei: IEEE Press, 2015:191-197.
[50]	HRIEZ S, OBEID N, AWAJAN A. User authentication on smartphones using keystroke dynamics[C]// Proceedings of the Second International Conference on Data Science, E-Learning and Information Systems. New York: ACM, 2019:1-4.
[51]	WANG L, NING H, TAN T, et al. Fusion of static and dynamic body biometrics for gait recognition[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2004, 14(2):149-158. doi: 10.1109/TCSVT.2003.821972 URL
[52]	GAFUROV D, SNEKKENES E. Gait recognition using wearable motion recording sensors[J]. EURASIP Journal on Advances in Signal Processing, 2009, 2009:1-16.
[53]	THANG H M, VIET V Q, THUC N D, et al. Gait identification using accelerometer on mobile phone[C]// 2012 International Conference on Control, Automation and Information Sciences. Saigon: IEEE Press, 2012:344-348.
[54]	HOANG T, NGUYEN T, LUONG C, et al. Adaptive cross-device gait recognition using a mobile accelerometer[J]. Journal of Information Processing Systems, 2013, 9(2):333-348. doi: 10.3745/JIPS.2013.9.2.333 URL
[55]	KORK S K A, GOWTHAMI I, SAVATIER X, et al. Biometric database for human gait recognition using wearable sensors and a smartphone[C]// 2017 2nd International Conference on Bio-engineering for Smart Technologies. Paris: IEEE Press, 2017:1-4.
[56]	LI F, CLARKE N, PAPADAKI M, et al. Active authentication for mobile devices utilising behaviour profiling[J]. International Journal of Information Security, 2014, 13:229-244. doi: 10.1007/s10207-013-0209-6 URL
[57]	CAO H, CHANG K C C. Nonintrusive smartphone user verification using anonymized multimodal data[J]. IEEE Transactions on Knowledge and Data Engineering, 2018, 31(3):479-492. doi: 10.1109/TKDE.2018.2828309 URL

编辑推荐

Metrics

阅读次数

全文

691

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	51	0	0	640

来源	本网站	其他网站

次数	582	109
比例	84%	16%

摘要

518

最新录用	在线预览	正式出版

0	0	518

	来源	本网站

	次数	518
	比例	100%

研究者	采集的数据	模型方法	数据集规模	试验结果
Asadullah等	传感器数据	Distance	10	FAR:1.46%,FRR:6.87%
Lee等	传感器数据	KRR	20	ACC:92%,FAR:7.5%
Li等	传感器数据	SVM	100	FAR:7.65%,FRR:9.01%
Ehatisham等	传感器数据	SVM	10	ACC:97.95%
Li等	传感器数据	SVDD	100	FAR:2.85%,FRR:0.74%
Shen等	传感器数据	HMM	102	FAR:3.98%,FRR:5.03%
Amini等	传感器数据	LSTM	47	ACC:96.7%
Hu等	传感器数据	SVM	100	ACC:87.14%,EER:2.3%
Fereidooni等	传感器数据	CNN	45	FAR:2.3%,FRR:5.7%

研究者	采集的数据	模型方法	数据集规模	试验结果
Asadullah等	传感器数据	Distance	10	FAR:1.46%,FRR:6.87%
Lee等	传感器数据	KRR	20	ACC:92%,FAR:7.5%
Li等	传感器数据	SVM	100	FAR:7.65%,FRR:9.01%
Ehatisham等	传感器数据	SVM	10	ACC:97.95%
Li等	传感器数据	SVDD	100	FAR:2.85%,FRR:0.74%
Shen等	传感器数据	HMM	102	FAR:3.98%,FRR:5.03%
Amini等	传感器数据	LSTM	47	ACC:96.7%
Hu等	传感器数据	SVM	100	ACC:87.14%,EER:2.3%
Fereidooni等	传感器数据	CNN	45	FAR:2.3%,FRR:5.7%

研究者	采集的数据	模型方法	数据集规模	试验结果
Frank等	触屏交互数据	SVM、KNN	20	EER:2%~3%
Antal等	触屏交互数据、传感器数据	Bayes Net、KNN、RF	40	EER:0.2%
Leyfer等	触屏交互数据	RF、Gradient Boosting	14	AUC:96%
Pozo等	触屏交互数据	GMM with UBM	190	EER:15%~22%
Song等	触屏交互数据	FRN	161	EER:2%
Cheng等	触屏交互数据、传感器数据	RF、ET、SVM、KNN	100	ACC:98.3%
Lin等	触屏交互数据、传感器数据	CNN、DNN	1 875	EER:4.38%,AUC:99.2%
Miao等	触屏交互数据、传感器数据	LSTM、DNN	2 100	EER:16.4%

研究者	采集的数据	模型方法	数据集规模	试验结果
Frank等	触屏交互数据	SVM、KNN	20	EER:2%~3%
Antal等	触屏交互数据、传感器数据	Bayes Net、KNN、RF	40	EER:0.2%
Leyfer等	触屏交互数据	RF、Gradient Boosting	14	AUC:96%
Pozo等	触屏交互数据	GMM with UBM	190	EER:15%~22%
Song等	触屏交互数据	FRN	161	EER:2%
Cheng等	触屏交互数据、传感器数据	RF、ET、SVM、KNN	100	ACC:98.3%
Lin等	触屏交互数据、传感器数据	CNN、DNN	1 875	EER:4.38%,AUC:99.2%
Miao等	触屏交互数据、传感器数据	LSTM、DNN	2 100	EER:16.4%

研究者	采集的数据	模型方法	数据集规模	试验结果
Kang等	击键数据	R+A Measure	35	EER:1.9%
Hwang等	击键数据	Distance	25	EER:4%
Inguanez等	击键数据	MLP	32	ACC:94.81%,FAR:6.33%
Buriro等	击键数据、传感器数据	RF	85	TAR:99.35%
Wu等	击键数据、传感器数据	RF	142	ACC:96.85%,FPR:4.01%
Hriez等	击键数据	RF	42	ACC:94.26%

基于移动智能终端交互行为的持续身份认证技术综述^*

Continuous identity authentication of mobile intelligent terminal users via interactive behavior

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 57

相关文章 1

编辑推荐

Metrics

本文评价

研究者	采集的数据	模型方法	数据集规模	试验结果
Wang等	步态数据	KNN	20	EER:3.54%,ACC:87.5%
Gafurov等	步态数据	KNN	21	EER:5.00%,ACC:85.7%
Thang等	步态数据	SVM	11	ACC:92.7%
Hoang等	步态数据	SVM	14	TAR:91.33%
Kork等	步态数据	Distance	50	EER:0.17%~2.28%
Li等	行为分析数据	Rule-based/RBF	42	ACC:94.26%
Cao等	行为分析数据	HMM	26 / 99	EER:30%/16.16%