Towards cross-domain and behavior-based user authentication in mobile edge and IoT
Description
TitleTowards cross-domain and behavior-based user authentication in mobile edge and IoT
Date Created2022
Other Date2022-10 (degree)
Extent160 pages : illustrations
DescriptionUser authentication, the process of verifying the identity of a person who connects to important mobile and IoT edge devices (e.g., smartphones, wearable devices, laptops, and smart home appliances), has become increasingly vital. It serves as a key component to prevent unauthorized access and protects users from security and privacy leakage (e.g., identity theft, credit card fraud, confidential and healthcare information leakage). Furthermore, recent mobile and IoT applications are exploring the ability to identify users and deliver customized services, such as recommending music channels, managing calendar events, and adjusting room temperature/lighting conditions. Traditional user authentication solutions mainly rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint readers), which add extra burden to end users. In addition, the users may still suffer from various attacks, such as password theft, shoulder surfing, and forged biometrics attacks. To support the evolving concept of user authentication, this dissertation aims at investigating using built-in sensors readily available on current mobile and IoT devices to perform low-effort and hard-to-forge user authentication. The designed solutions can be used along with existing authentication schemes (e.g., voice authentication, face recognition) to provide enhanced security. We first study vulnerabilities of emerging voice assistant systems under machine-induced audio attacks, such as replay, synthesis, and hidden voice attacks. We further develop a holistic solution to detect these audio attacks leveraging multi-channel microphone arrays that are available on current mobile and IoT devices. Second, we design a user verification system by utilizing unique cardiac biometrics extracted from the readily available mobile cameras. We demonstrate that the unique cardiac features can be extracted from cardiac motion patterns in fingertips, by pressing on the mobile camera. Third, we develop a training-free voice authentication system that leverages the cross-domain speech similarity between the audio domain and the vibration domain to provide enhanced security to the deployment of voice assistant systems. Our system exploits motion sensors on the user’s wearable device to capture the aerial speech in the vibration domain and verify it with the speech captured in the audio domain via the voice assistant device’s microphone. Our solution is low-effort and privacy-preserving, as it neither requires users’ active inputs nor stores users’ privacy-sensitive voice samples for training. Lastly, we resort to contactless user authentication methods where we use prevalent WiFi signals available in many IoT devices. The designed system utilizes WiFi signals to capture unique human physiological and behavioral characteristics inherited from their daily activities. We extract representative features from channel state information (CSI) measurements of WiFi signals and develop a deep-learning-based user authentication scheme to accurately identify each individual user while mitigating signal distortions induced by wireless environmental changes. We implement all the aforementioned solutions and demonstrate that the systems can perform accurate and robust enhanced authentication under real-world settings. This dissertation can advance the knowledge on user authentication and further contribute to the successful deployment of emerging mobile and IoT applications.
NotePh.D.
NoteIncludes bibliographical references
Genretheses
LanguageEnglish
CollectionSchool of Graduate Studies Electronic Theses and Dissertations
Organization NameRutgers, The State University of New Jersey
RightsThe author owns the copyright to this work.