Abstract
Among all Internet of Things (IoT) devices, a subset of them are related to users. Leveraging these user-related IoT elements, it is possible to ensure the identity of the user for a period of time, thus avoiding impersonation. This need is known as Continuous Authentication (CA). Since 2009, a plethora of IoT-based CA academic research and industrial contributions have been proposed. We offer a comprehensive overview of 58 research papers regarding the main components of such a CA system. The status of the industry is studied as well, covering 32 market contributions, research projects, and related standards. Lessons learned, challenges, and open issues to foster further research in this area are finally presented.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, Leveraging User-related Internet of Things for Continuous Authentication: A Survey
- ISO/IEC 17922. 2017. Security techniques—Telebiometric authentication framework using biometric hardware security module. Retrieved from https://www.iso.org/standard/61023.html.Google Scholar
- Sixth Framework Programme (FP6). STREP Specific Targeted Research Project 2006--2008. {n.d.}. HUMABIO (HUman Monitoring and Authentication using Biodynamic Indicators and behaviOural Analysis). Retrieved from http://www.humabio-eu.org/.Google Scholar
- Seventh Framework Programme (FP7). ERC-SG ERC Starting Grant 2013--2017. {n.d.}. Pico: No more passwords. Retrieved from http://mypico.org/.Google Scholar
- National Science Foundation (NSF) 2015--2018. {n.d.}. Spoof-Resistant Smartphone Authentication using Cooperating Wearables. Retrieved from https://www.nsf.gov/awardsearch/showAward?AWD_ID=1527795&HistoricalAwards===false.Google Scholar
- National Science Foundation (NSF) 2016--2019. {n.d.}. Continuous Human-User Authentication by Induced Procedural Visual-Motor Biometrics. Retrieved from https://nsf.gov/awardsearch/showAward?AWD_ID=1718116&HistoricalAwards===false.Google Scholar
- Horizon 2020 Innovation Framework Programme. MSCA-ITN-ETN European Training Networks 2017--2020. {n.d.}. AMBER—EnhAnced Mobile BiomEtRics. Retrieved from https://www.amber-biometrics.eu/.Google Scholar
- National Science Foundation (NSF) 2017--2020. {n.d.}. Cardiac Password: Exploring a Non-Contact and Continuous Approach to Secure User Authentication. Retrieved from https://www.nsf.gov/awardsearch/showAward?AWD_ID=17184838HistoricalAwards=false.Google Scholar
- National Science Foundation (NSF) 2017--2020. {n.d.}. Implicit One-handed Mobile User Authentication by Induced Thumb Biometrics on Touch-screen Handheld Devices. Retrieved from https://www.nsf.gov/awardsearch/showAward?AWD_ID=17048008HistoricalAwards=false.Google Scholar
- ISO/IEC 29115. 2013. Security techniques—Entity authentication assurance framework. Retrieved from https://www.iso.org/standard/45138.html.Google Scholar
- ISO/IEC 9798-1. 2010. Entity authentication—Part 1: General. Retrieved from https://www.iso.org/standard/53634.html.Google Scholar
- ISO/IEC 9798-2. 2008. Entity authentication—Part 2: Mechanisms using symmetric encipherment algorithms. Retrieved from https://www.iso.org/standard/50522.html.Google Scholar
- ISO/IEC 9798-3. 2017. Entity authentication—Part 3: Mechanisms using digital signature techniques. Retrieved from https://www.iso.org/standard/67115.html.Google Scholar
- ISO/IEC 9798-4. 1999. Entity authentication—Part 4: Mechanisms using a cryptographic check function. Retrieved from https://www.iso.org/standard/31488.html.Google Scholar
- ISO/IEC 9798-5. 2009. Entity authentication—Part 5: Mechanisms using zero-knowledge techniques. Retrieved from https://www.iso.org/standard/50456.html.Google Scholar
- A. Acar, H. Aksu, A. S. Uluagac, and K. Akkaya. 2018. WACA: Wearable-assisted continuous authentication. In Proceedings of the IEEE Security and Privacy Workshops (SPW’18). 264--269.Google Scholar
- Acceptto. {n.d.}. First Cognitive Continuous Authentication. Retrieved from https://www.acceptto.com/continuous-authentication.html.Google Scholar
- Horizon 2020 Innovation Framework Programme. Innovation action 2015--2017. {n.d.}. Face and body Analysis Natural Computer Interaction (FANCI). Retrieved from http://cordis.europa.eu/project/rcn/85410_en.html.Google Scholar
- Aetna. {n.d.}. Next Generation Authentication. Retrieved from https://news.aetna.com/2017/08/aetnas-next-generation-authentication/.Google Scholar
- Ahmed Awad E. Ahmed and Issa Traoré. 2012. Performance metrics and models for continuous authentication systems. In Continuous Authentication Using Biometrics: Data, Models, and Metrics. IGI Global, 23--39.Google Scholar
- aimbrain. {n.d.}. Improve your user experience with continuous authentication. Retrieved from https://aimbrain.com/step-up-authentication-process/.Google Scholar
- Abdulwahid Al Abdulwahid, Nathan Clarke, Ingo Stengel, Steven Furnell, and Christoph Reich. 2015. A survey of continuous and transparent multibiometric authentication systems. In Proceedings of the 14th European Conference on Cyber Warfare and Security. 1--10.Google Scholar
- Abdulwahid Al Abdulwahid, Nathan Clarke, Ingo Stengel, Steven Furnell, and Christoph Reich. 2016. Continuous and transparent multimodal authentication: Reviewing the state of the art. Cluster Comput. 19, 1 (2016), 455--474. Google ScholarDigital Library
- Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Commun. Surveys Tutor. 17, 4 (2015), 2347--2376.Google ScholarDigital Library
- Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker Targio Hashem, and Faiz Alotaibi. 2017. Internet of things security: A survey. J. Netw. Comput. Appl. 88 (2017), 10--28. Google ScholarDigital Library
- Mahmoud Ammar, Giovanni Russello, and Bruno Crispo. 2018. Internet of Things: A survey on the security of IoT frameworks. J. Info. Secur. Appl. 38 (2018), 8--27.Google ScholarCross Ref
- Intensity analytics. {n.d.}. TickStream.CV. Retrieved from http://intensityanalytics.com/products/tickstream.cv.aspx.Google Scholar
- Android. {n.d.}. Sensors Overview (Android developers). Retrieved from https://developer.android.com/guide/topics/sensors/sensors_overview.html.Google Scholar
- Fazel Anjomshoa, Moayad Aloqaily, Burak Kantarci, Melike Erol-Kantarci, and Stephanie Schuckers. 2017. Social behaviometrics for personalized devices in the internet of things era. IEEE Access 5 (2017), 12199--12213.Google ScholarCross Ref
- Juan Sebastian Arteaga-Falconi, Hussein Al Osman, and Abdulmotaleb El Saddik. 2016. ECG authentication for mobile devices. IEEE Trans. Instrument. Measure. 65, 3 (2016), 591--600.Google ScholarCross Ref
- Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The Internet of Things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805. Google ScholarDigital Library
- Shu-Di Bao, Yuan-Ting Zhang, and Lian-Feng Shen. 2005. Physiological signal-based entity authentication for body area sensor networks and mobile healthcare systems. In Proceedings of the IEEE 27th Annual International Conference of the Engineering in Medicine and Biology Society (EMBS’05). IEEE, 2455--2458.Google Scholar
- BEAT4KEY. {n.d.}. Embedded biometrics. Retrieved from http://www.beat4key.com/products/.Google Scholar
- BehavioSec. {n.d.}. Continuous Authentication with Passive Behavioral Biometrics. Retrieved from https://www.behaviosec.com/.Google Scholar
- Albert Bifet and Richard Kirkby. 2009. Data stream mining a practical approach. University of WAIKATO, Centre for Open Software Innovation.Google Scholar
- Biocatch. {n.d.}. Less friction. Less fraud. Retrieved from https://www.biocatch.com/.Google Scholar
- Bitwoke. {n.d.}. Secure A. I.-based edge analytics powering smart connected devices. Retrieved from https://www.bitwoke.com/.Google Scholar
- Angelo Bonissi, Ruggero Donida Labati, Luca Perico, Roberto Sassi, Fabio Scotti, and Luca Sparagino. 2013. A preliminary study on continuous authentication methods for photoplethysmographic biometrics. In Proceedings of the IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BIOMS’13). IEEE, 28--33.Google ScholarCross Ref
- Tuhin Borgohain, Uday Kumar, and Sugata Sanyal. 2015. Survey of security and privacy issues of Internet of Things. arXiv preprint arXiv:1501.02211.Google Scholar
- Leo Breiman. 1996. Bagging predictors. Machine Learn. 24, 2 (1996), 123--140. Google ScholarDigital Library
- J. David Brown, William Pase, Chris McKenzie, Mazda Salmanian, and Helen Tang. 2017. A prototype implementation of continuous authentication for tactical applications. In Ad Hoc Networks. Springer, 342--353.Google Scholar
- Arun Balaji Buduru and Stephen S. Yau. 2015. An effective approach to continuous user authentication for touch screen smart devices. In Software Quality, Reliability and Security (QRS), 2015 IEEE International Conference on. IEEE, 219--226. Google ScholarDigital Library
- Carmen Camara, Pedro Peris-Lopez, Lorena Gonzalez-Manzano, and Juan Tapiador. 2018. Real-time electrocardiogram streams for continuous authentication. Appl. Soft Comput. 68 (2018), 784--794.Google ScholarCross Ref
- Carmen Camara, Pedro Peris-Lopez, and Juan E. Tapiador. 2015. Security and privacy issues in implantable medical devices: A comprehensive survey. J. Biomed. Informat. 55 (2015), 272--289. Google ScholarDigital Library
- Gerardo Canfora, Paolo Di Notte, Francesco Mercaldo, and Corrado Aaron Visaggio. 2016. Silent and continuous authentication in mobile environment. In Proceedings of the International Conference on Security and Cryptography (SECRYPT’16). 97--108.Google ScholarDigital Library
- Mario Parreño Centeno, Yu Guan, and Aad van Moorsel. 2018. Mobile-based continuous authentication using deep features. In Proceedings of the 2nd International Workshop on Embedded and Mobile Deep Learning. Google ScholarDigital Library
- PEW Research Center. {n.d.}. Mobile Fact Sheet. Retrieved from http://www.pewinternet.org/fact-sheet/mobile/.Google Scholar
- Jagmohan Chauhan, Hassan Jameel Asghar, Anirban Mahanti, and Mohamed Ali Kaafar. 2016. Gesture-based continuous authentication for wearable devices: The smart glasses use case. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 648--665.Google ScholarCross Ref
- Roger Clarke. 1994. Human identification in information systems: Management challenges and public policy issues. Info. Technol. People 7, 4 (1994), 6--37.Google ScholarCross Ref
- Lorrie Faith Cranor and Norbou Buchler. 2014. Better together: Usability and security go hand in hand. IEEE Secur. Privacy 12, 6 (2014), 89--93.Google ScholarCross Ref
- Heather Crawford, Karen Renaud, and Tim Storer. 2013. A framework for continuous, transparent mobile device authentication. Comput. Secur. 39 (2013), 127--136. Google ScholarDigital Library
- David Crouse, Hu Han, Deepak Chandra, Brandon Barbello, and Anil K. Jain. 2015. Continuous authentication of mobile user: Fusion of face image and inertial measurement unit data. In Proceedings of the International Conference on Biometrics (ICB’15). IEEE, 135--142.Google Scholar
- Li Da Xu, Wu He, and Shancang Li. 2014. Internet of things in industries: A survey. IEEE Trans. Industr. Info. 10, 4 (2014), 2233--2243.Google ScholarCross Ref
- Jessamyn Dahmen, Diane J. Cook, Xiaobo Wang, and Wang Honglei. 2017. Smart secure homes: A survey of smart home technologies that sense, assess, and respond to security threats. J. Reliable Intell. Environ. (2017), 1--16.Google Scholar
- Daon. {n.d.}. Join our ecosystem. Retrieved from https://www.daon.com/company/join-our-ecosystem.Google Scholar
- Manik Lal Das, Ashutosh Saxena, and Ved P. Gulati. 2004. A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50, 2 (2004), 629--631. Google ScholarDigital Library
- Jose Maria de Fuentes, Lorena Gonzalez-Manzano, and Arturo Ribagorda. 2018. Secure and usable user-in-a-context continuous authentication in smartphones leveraging non-assisted sensors. Sensors 18, 4 (2018), 1219.Google ScholarCross Ref
- Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch me once and i know it’s you! Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 987--996.Google ScholarDigital Library
- Michael P. Down and R. J. Sands. 2004. Biometrics: An overview of the technology, challenges and control considerations. Info. Syst. Control J. 4 (2004), 53--56.Google Scholar
- Sergio Roberto de Lima e Silva, Mauro Roisenberg et al. 2006. Continuous authentication by keystroke dynamics using committee machines. In Proceedings of the International Conference on Intelligence and Security Informatics. Springer, 686--687. Google ScholarDigital Library
- Muhammad Ehatisham-ul Haq, Muhammad Awais Azam, Usman Naeem, Yasar Amin, and Jonathan Loo. 2018. Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing. J. Netw. Comput. Appl. 109 (2018), 24--35. Google ScholarDigital Library
- Saad El Jaouhari, Ahmed Bouabdallah, Jean-Marie Bonnin, and Tayeb Lemlouma. 2017. Toward a smart health-care architecture using WebRTC and WoT. In Proceedings of the World Conference on Information Systems and Technologies. Springer, 531--540.Google ScholarCross Ref
- Mehdia Ajana El Khaddar and Mohammed Boulmalf. 2017. Smartphone: The ultimate IoT and IoE device. In Smartphones from an Applied Research Perspective. InTech.Google Scholar
- Arihito Endo, Takeo Shibata, and Hiroshi Tanaka. 2008. Comparison of seven algorithms to predict breast cancer survival. Int. J. Biomed. Soft Comput. Hum. Sci.: Official J. Biomed. Fuzzy Syst. Assoc. 13, 2 (2008), 11--16.Google Scholar
- Martin Ester, Hans-Peter Kriegel, Jörg Sander, Xiaowei Xu, et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD’96), Vol. 96. 226--231.Google Scholar
- Tom Fawcett. 2006. An introduction to ROC analysis. Pattern Recogn. Lett. 27, 8 (2006), 861--874. Google ScholarDigital Library
- Huan Feng, Kassem Fawaz, and Kang G Shin. 2017. Continuous authentication for voice assistants. arXiv preprint arXiv:1701.04507.Google Scholar
- Tao Feng, Ziyi Liu, Kyeong-An Kwon, Weidong Shi, Bogdan Carbunar, Yifei Jiang, and Nhung Nguyen. 2012. Continuous mobile authentication using touchscreen gestures. In Proceedings of the IEEE Conference on Technologies for Homeland Security (HST’12). IEEE, 451--456.Google ScholarCross Ref
- Tao Feng, Xi Zhao, Bogdan Carbunar, and Weidong Shi. 2013. Continuous mobile authentication using virtual key typing biometrics. In Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’13). IEEE, 1547--1552.Google ScholarDigital Library
- Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Info. Forensics Secur. 8, 1 (2013), 136--148.Google ScholarDigital Library
- Yoav Freund, Robert E. Schapire et al. 1996. Experiments with a new boosting algorithm. In Icml, Vol. 96. 148--156. Google ScholarDigital Library
- Lex Fridman, Steven Weber, Rachel Greenstadt, and Moshe Kam. 2016. Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location. IEEE Syst. J. 11, 2 (2016), 513--521.Google ScholarCross Ref
- Nir Friedman, Dan Geiger, and Moises Goldszmidt. 1997. Bayesian network classifiers. Mach. Learn. 29, 2--3 (1997), 131--163. Google ScholarDigital Library
- fusionpipe. {n.d.}. Optiimize end user convenience without copromising security. Retrieved from https://fusionpipe.com/quikid.Google Scholar
- Futurae. {n.d.}. Authentication Suite. Retrieved from https://futurae.com/product/.Google Scholar
- Hugo Gascon, Sebastian Uellenbeck, Christopher Wolf, and Konrad Rieck. 2014. Continuous authentication on mobile devices by analysis of typing motion behavior. In Proceedings of the Graphics Interface Conference “Sicherheit” (GI’14). 1--12.Google Scholar
- Ammar Gharaibeh, Mohammad A Salahuddin, Sayed Jahed Hussini, Abdallah Khreishah, Issa Khalil, Mohsen Guizani, and Ala Al-Fuqaha. 2017. Smart cities: A survey on data management, security, and enabling technologies. IEEE Commun. Surveys Tutor. 19, 4 (2017), 2456--2501.Google ScholarCross Ref
- IDEE GmbH. {n.d.}. There is only one you. Retrieved from https://getidee.com/.Google Scholar
- Cyril Goutte and Eric Gaussier. 2005. A probabilistic interpretation of precision, recall and F-score, with implication for evaluation. In Proceedings of the European Conference on Information Retrieval (ECIR’05), Vol. 5. Springer, 345--359.Google ScholarDigital Library
- Sathya Govindarajan, Paolo Gasti, and Kiran S Balagani. 2013. Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data. In Proceedings of the IEEE 6th International Conference on Biometrics: Theory, Applications and Systems (BTAS’13). IEEE, 1--8.Google ScholarCross Ref
- Jorge Granjal, Edmundo Monteiro, and Jorge Sá Silva. 2015. Security for the internet of things: A survey of existing protocols and open research issues. IEEE Commun. Surveys Tutor. 17, 3 (2015), 1294--1312.Google ScholarDigital Library
- Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gen. Comput. Syst. 29, 7 (2013), 1645--1660. Google ScholarDigital Library
- Mouhcine Guennoun, Najoua Abbad, Jonas Talom, Sk Md Mizanur Rahman, and Khalil El-Khatib. 2009. Continuous authentication by electrocardiogram data. In Proceedings of the IEEE Toronto International Conference on Science and Technology for Humanity (TIC-STH’09). IEEE, 40--42.Google ScholarCross Ref
- Kashif Habib, Arild Torjusen, and Wolfgang Leister. 2014. A novel authentication framework based on bio-metric and radio fingerprinting for the IoT in eHealth. In Proceedings of International Conference on Smart Systems, Devices and Technologies (SMART’14). 32--37.Google Scholar
- Christian Holz and Marius Knaust. 2015. Biometric touch sensing: Seamlessly augmenting each touch with continuous authentication. In Proceedings of the 28th Annual ACM Symposium on User Interface Software 8 Technology. ACM, 303--312.Google ScholarDigital Library
- Md Mahmud Hossain, Maziar Fotouhi, and Ragib Hasan. 2015. Towards an analysis of security issues, challenges, and open problems in the internet of things. In Proceedings of the IEEE World Congress on Services (SERVICES’15). IEEE, 21--28.Google ScholarDigital Library
- Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone et al. 2013. Guide to attribute-based access control (ABAC) definition and considerations (draft). NIST Spec. Publicat. 800, 162 (2013).Google Scholar
- Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43--58.Google Scholar
- Peter J. Huber. 1967. The behavior of maximum likelihood estimates under nonstandard conditions. In Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, vol. 1. Berkeley, CA, 221--233.Google Scholar
- SCB Intelligence. 2008. Six technologies with potential impacts on U.S. interests out to 2025. Technical report, National Intelligence Council.Google Scholar
- InterDigital. {n.d.}. idNSure. Retrieved from http://www.interdigital.com/solution/idnsure.Google Scholar
- Lijun Jiang and Weizhi Meng. 2017. Smartphone user authentication using touch dynamics in the big data era: Challenges and opportunities. In Biometric Security and Privacy. Springer, 163--178.Google Scholar
- Biing-Hwang Juang, Wu Hou, and Chin-Hui Lee. 1997. Minimum classification error rate methods for speech recognition. IEEE Trans. Speech Audio Process. 5, 3 (1997), 257--265.Google ScholarCross Ref
- Eugenijus Kaniusas. 2012. Fundamentals of biosignals. In Biomedical Signals and Sensors I. Springer, 1--26.Google Scholar
- Sevasti Karatzouni. 2013. Non-intrusive continuous user authentication for mobile devices. PhD Thesis. University of Plymouth.Google Scholar
- Apostolos Katidiotis, Kostas Tsagkaris, and Panagiotis Demestichas. 2010. Performance evaluation of artificial neural network-based learning schemes for cognitive radio systems. Comput. Electric. Engineer. 36, 3 (2010), 518--535. Google ScholarDigital Library
- James M. Keller, Michael R. Gray, and James A. Givens. 1985. A fuzzy k-nearest neighbor algorithm. IEEE Trans. Syst. Man Cybernet. 4 (1985), 580--585.Google ScholarCross Ref
- KeyLemon. {n.d.}. Oasis Faces. Mobile banking. Retrieved from https://www.keylemon.com/.Google Scholar
- Rafiullah Khan, Sarmad Ullah Khan, Rifaqat Zaheer, and Shahid Khan. 2012. Future internet: The internet of things architecture, possible applications and key challenges. In Proceedings of the 10th International Conference on Frontiers of Information Technology (FIT’12). IEEE, 257--260.Google ScholarDigital Library
- Kalevi Kilkki, Martti Mäntylä, Kimmo Karhu, Heikki Hämmäinen, and Heikki Ailisto. 2018. A disruption framework. Technol. Forecast. Soc. Change 129 (2018), 275--284.Google ScholarCross Ref
- Jaeho Kim and Jang-Won Lee. 2014. OpenIoT: An open service framework for the Internet of Things. In Proceedings of the IEEE World Forum on Internet of Things (WF-IoT’14). IEEE, 89--93.Google ScholarCross Ref
- Carl Kingsford and Steven L. Salzberg. 2008. What are decision trees?Nature Biotechnol. 26, 9 (2008), 1011--1013.Google Scholar
- Andrew J. Klosterman and Gregory R. Ganger. 2000. Secure Continuous Biometric-Enhanced Authentication. Technical report, Department of Computer Science, Carnegie-Mellon University, Pittsburgh, PA.Google Scholar
- kryptowire. {n.d.}. Continuous Authentication. Retrieved from https://www.kryptowire.com/continuous-authentication.php.Google Scholar
- Rajesh Kumar, Vir V. Phoha, and Abdul Serwadda. 2016. Continuous authentication of smartphone users by fusing typing, swiping, and phone movement patterns. In Proceedings of the IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS’16). IEEE, 1--8.Google ScholarDigital Library
- Ruggero Donida Labati, Roberto Sassi, and Fabio Scotti. 2013. ECG biometric recognition: Permanence analysis of QRS signals for 24 hours continuous authentication. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’13). IEEE, 31--36.Google ScholarCross Ref
- Wei-Han Lee and Ruby B. Lee. 2017. Implicit smartphone user authentication with sensors and contextual machine learning. In Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’17). IEEE, 297--308.Google Scholar
- K. Ming Leung. 2007. Naive Bayesian classifier. Technical report, Department of Computer Science/Finance and Risk Engineering, Polytechnic University.Google Scholar
- Fudong Li, Nathan Clarke, Maria Papadaki, and Paul Dowland. 2011. Behaviour profiling for transparent authentication for mobile devices. In Proceedings of the European Conference on Cyber Warfare and Security. Academic Conferences International Limited, 307.Google Scholar
- Shancang Li and Li Da Xu. 2017. Securing the Internet of Things. Syngress.Google Scholar
- Shancang Li, Li Da Xu, and Shanshan Zhao. 2018. 5G internet of things: A survey. J. Industr. Info. Integration 10 (2018), 1--9.Google ScholarCross Ref
- Yantao Li, Hailong Hu, and Gang Zhou. 2019. Using data augmentation in continuous authentication on smartphones. IEEE Internet Things J. 6, 1 (2019), 628--640.Google ScholarCross Ref
- Yantao Li, Hailong Hu, Gang Zhou, and Shaojiang Deng. 2018. Sensor-based continuous authentication using cost-effective kernel ridge regression. IEEE Access 6 (2018), 32554--35565.Google ScholarCross Ref
- Fei Liu, Chee-Wee Tan, Eric TK Lim, and Ben Choi. 2017. Traversing knowledge networks: An algorithmic historiography of extant literature on the Internet of Things (IoT). J. Manage. Analyt. 4, 1 (2017), 3--34.Google ScholarCross Ref
- Wael Louis, Majid Komeili, and Dimitrios Hatzinakos. 2016. Continuous authentication using one-dimensional multi-resolution local binary patterns (1DMRLBP) in ECG biometrics. IEEE Trans. Info. Forensics Secur. 11, 12 (2016), 2818--2832. Google ScholarDigital Library
- David MacKay. 2003. An example inference task: Clustering. Info. Theory, Infer. Learn. Algor. 20 (2003), 284--292.Google Scholar
- Upal Mahbub, Vishal M. Patel, Deepak Chandra, Brandon Barbello, and Rama Chellappa. 2016. Partial face detection for continuous authentication. In Proceedings of the IEEE International Conference on Image Processing (ICIP’16). IEEE, 2991--2995.Google ScholarCross Ref
- Yasuo Matsuyama, Michitaro Shozawa, and Ryota Yokote. 2015. Brain signal’s low-frequency fits the continuous authentication. Neurocomputing 164 (2015), 137--143. Google ScholarDigital Library
- Carlo Maria Medaglia and Alexandru Serbanati. 2010. An overview of privacy and security issues in the internet of things. In The Internet of Things. Springer, 389--395.Google Scholar
- Diego M. Mendez, Ioannis Papapanagiotou, and Baijian Yang. 2017. Internet of things: Survey on security and privacy. arXiv preprint arXiv:1707.01879.Google Scholar
- Michael Miller. 2015. The Internet of Things: How Smart TVs, Smart Cars, Smart Homes, and Smart Cities are Changing the World. Pearson Education.Google Scholar
- Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini, and Imrich Chlamtac. 2012. Internet of things: Vision, applications and research challenges. Ad Hoc Netw. 10, 7 (2012), 1497--1516. Google ScholarDigital Library
- Soumik Mondal and Patrick Bours. 2015. Continuous authentication and identification for mobile devices: Combining security and forensics. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’15). IEEE, 1--6.Google ScholarCross Ref
- Arsalan Mosenia, Susmita Sur-Kolay, Anand Raghunathan, and Niraj K. Jha. 2017. CABA: Continuous authentication based on BioAura. IEEE Trans. Comput. 66, 5 (2017), 759--772. Google ScholarDigital Library
- Tamalika Mukherjee. 2017. An Approach to Software Development for Continuous Authentication of Smart Wearable Device Users. Ph.D. Dissertation. Arizona State University.Google Scholar
- Rahul Murmuria, Angelos Stavrou, Daniel Barbará, and Dan Fleck. 2015. Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 405--424. Google ScholarDigital Library
- Isao Nakanishi, Sadanao Baba, Koutaro Ozaki, and Shigang Li. 2013. Using brain waves as transparent biometrics for on-demand driver authentication. Int. J. Biometr. 5, 3--4 (2013), 288--305.Google ScholarCross Ref
- Tempestt J. Neal, Damon L. Woodard, and Aaron D. Striegel. 2015. Mobile device application, Bluetooth, and Wi-Fi usage data as behavioral biometric traits. In Proceedings of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS’15). IEEE, 1--6.Google Scholar
- OLEA Sensor Networks. {n.d.}. Olea HeartSignature. Retrieved from http://www.oleasys.com/heartsignature.Google Scholar
- B. Clifford Neuman and Theodore Ts’o. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. Mag. 32, 9 (1994), 33--38. Google ScholarDigital Library
- NoPassword. {n.d.}. Authentication. Retrieved from https://www2.nopassword.com/authentication/.Google Scholar
- Symantec Norton. {n.d.}. What is The Internet of Things (IoT)? Retrieved from https://us.norton.com/internetsecurity-iot.html.Google Scholar
- nymi. {n.d.}. The nymi ecosystem. Retrieved from https://downloads.nymi.com/sdkDoc/doc-v3.1.5.326-326_5df03a4/index.html#introduction.Google Scholar
- Mahamed G. H. Omran, Andries P. Engelbrecht, and Ayed Salman. 2007. An overview of clustering methods. Intell. Data Anal. 11, 6 (2007), 583--605. Google ScholarCross Ref
- Mahesh Pal. 2005. Random forest classifier for remote sensing classification. Int. J. Remote Sens. 26, 1 (2005), 217--222.Google ScholarCross Ref
- Krupal S. Parikh and Trupti P. Shah. 2016. Support vector machine—A large margin classifier to diagnose skin illnesses. Procedia Technol. 23 (2016), 369--375.Google ScholarCross Ref
- Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. 2016. Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal Process. Mag. 33, 4 (2016), 49--61.Google ScholarCross Ref
- Eleven Paths. {n.d.}. Centralized Access Control Solution. Retrieved from https://www.elevenpaths.com/solutions/smart-web-access/index.html.Google Scholar
- Ge Peng, Gang Zhou, David T Nguyen, Xin Qi, Qing Yang, and Shuangquan Wang. 2017. Continuous authentication with touch behavioral biometrics and voice on wearable glasses. IEEE Trans. Hum.-Mach. Syst. 47, 3 (2017), 404--416.Google ScholarCross Ref
- Duong-Tien Phan, Nhan Nguyen-Trong Dam, Minh-Phuc Nguyen, Minh-Triet Tran, and Toan-Thinh Truong. 2015. Smart kiosk with gait-based continuous authentication. In Proceedings of the International Conference on Distributed, Ambient, and Pervasive Interactions. Springer, 188--200. Google ScholarDigital Library
- Plurilock. {n.d.}. Continuous proof of presence. Retrieved from https://www.plurilock.com/.Google Scholar
- David Martin Powers. 2011. Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation. Journal of Machine Learning Technologies 2, 1 (2011), 37--63.Google ScholarCross Ref
- Uthpala Subodhani Premarathne. 2015. Reliable context-aware multi-attribute continuous authentication framework for secure energy utilization management in smart homes. Energy 93 (2015), 1210--1221.Google ScholarCross Ref
- Davy Preuveneers and Wouter Joosen. 2015. SmartAuth: Dynamic context fingerprinting for continuous user authentication. In Proceedings of the 30th Annual ACM Symposium on Applied Computing. ACM, 2185--2191. Google ScholarDigital Library
- Davy Preuveneers, Wouter Joosen et al. 2017. Improving resilience of behaviometric-based continuous authentication with multiple accelerometers. In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 473--485.Google Scholar
- Seventh Framework Programme (FP7). Collaborative project 2008--2011. {n.d.}. Unobtrusive authentication using activity related and soft biometrics (ACTIBIO). Retrieved from http://cordis.europa.eu/project/rcn/85410_en.html.Google Scholar
- Qualcomm. {n.d.}. Security and privacy vision. Retrieved from https://www.qualcomm.com/invention/cognitive-technologies/security-privacy-vision.Google Scholar
- Carl Edward Rasmussen. 2000. The infinite Gaussian mixture model. In Advances in Neural Information Processing Systems. MIT Press, 554--560. Google ScholarDigital Library
- Andreas Riener. 2012. Sitting postures and electrocardiograms: A method for continuous and non-disruptive driver authentication. In Continuous Authentication Using Biometrics: Data, Models, and Metrics. IGI Global, 137--168.Google Scholar
- Rosslin John Robles and Tai-hoon Kim. 2010. Applications, systems and methods in smart home technology: A. Int. J. Adv. Sci. Technol. 15 (2010).Google Scholar
- Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266--2279.Google ScholarDigital Library
- Aditi Roy, Tzipora Halevi, and Nasir Memon. 2015. An HMM-based multi-sensor approach for continuous mobile authentication. In Proceedings of the Military Communications Conference (MILCOM’15). IEEE, 1311--1316.Google ScholarCross Ref
- Ahmad-Reza Sadeghi, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). IEEE, 1--6.Google ScholarDigital Library
- Hataichanok Saevanee, Nathan Clarke, Steven Furnell, and Valerio Biscione. 2014. Text-based active authentication for mobile devices. In Proceedings of the IFIP International Information Security Conference. Springer, 99--112.Google ScholarCross Ref
- Pouya Samangouei, Vishal M. Patel, and Rama Chellappa. 2015. Attribute-based continuous user authentication on mobile devices. In Proceedings of the IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS’15). IEEE, 1--8.Google ScholarCross Ref
- Kim B. Schaffer. 2015. Expanding continuous authentication with mobile devices. Computer 48, 11 (2015), 92--95. Google ScholarDigital Library
- Robert E. Schapire. 2013. Explaining adaboost. In Empirical Inference. Springer, 37--52.Google Scholar
- Bernhard Schölkopf. 2001. The kernel trick for distances. In Advances in Neural Information Processing Systems. MIT Press, 301--307.Google Scholar
- Secureauth. {n.d.}. Go Beyond Two-Factor Authentication. Retrieved from https://www.secureauth.com/.Google Scholar
- securedtouch. {n.d.}. Behevioral biometrics. Retrieved from https://securedtouch.com/behavioral-biometrics/.Google Scholar
- IBM security. 2018. Future of identity study. https://www.ibm.com/downloads/cas/QRBY08NO.Google Scholar
- SensibleVision. {n.d.}. Innovation for real-world users. Retrieved from http://www.sensiblevision.com/en-us/about/aboutus.aspx.Google Scholar
- Hossein Shafagh, Anwar Hithnawi, and Simon Duquennoy. 2017. Towards blockchain-based auditable storage and sharing of IoT data. arXiv preprint arXiv:1705.08230.Google Scholar
- Muhammad Shahzad and Munindar P. Singh. 2017. Continuous authentication and authorization for the Internet of Things. IEEE Internet Comput. 21, 2 (2017), 86--90. Google ScholarDigital Library
- Chao Shen, Yong Zhang, Zhongmin Cai, Tianwen Yu, and Xiaohong Guan. 2015. Touch-interaction behavior for continuous user authentication on smartphones. In Proceedings of the International Conference on Biometrics (ICB’15). IEEE, 157--162.Google ScholarCross Ref
- S. J. Shepherd. 1995. Continuous authentication by analysis of keyboard typing characteristics. In Proceedings of Conference European Convention on Security and Detection. 111--114.Google ScholarCross Ref
- Weidong Shi, Jun Yang, Yifei Jiang, Feng Yang, and Yingen Xiong. 2011. Senguard: Passive user identification on smartphones using multiple sensors. In Proceedings of the IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob’11). IEEE, 141--148.Google ScholarDigital Library
- Terence Sim, Sheng Zhang, Rajkumar Janakiraman, and Sandeep Kumar. 2007. Continuous verification using multimodal biometrics. IEEE Trans. Pattern Anal. Mach. Intell. 29, 4 (2007), 687--700. Google ScholarDigital Library
- Zdeňka Sitová, Jaroslav Šeděnka, Qing Yang, Ge Peng, Gang Zhou, Paolo Gasti, and Kiran S. Balagani. 2016. HMOG: New behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Info. Forensics Secur. 11, 5 (2016), 877--892.Google ScholarDigital Library
- softserve. {n.d.}. Meet biolock: smart biometrics for tomorrow. Retrieved from https://www.softserveinc.com/en-us/tech/blogs/biolock-smart-identity-authentication/.Google Scholar
- Agusti Solanas, Constantinos Patsakis, Mauro Conti, Ioannis S. Vlachos, Victoria Ramos, Francisco Falcone, Octavian Postolache, Pablo A. Pérez-Martínez, Roberto Di Pietro, Despina N. Perrea et al. 2014. Smart health: A context-aware health paradigm within smart cities. IEEE Commun. Mag. 52, 8 (2014), 74--81.Google ScholarCross Ref
- Chen Song, Feng Lin, Yan Zhuang, Wenyao Xu, Changzhi Li, and Kui Ren. 2017. Cardiac scan: A non-contact and continuous heart-based user authentication system. In Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking. ACM, 315--328. Google ScholarDigital Library
- Ioannis C. Stylios, Olga Thanou, Iosif Androulidakis, and Elena Zaitseva. 2016. A review of continuous authentication using behavioral biometrics. In Proceedings of the SouthEast European Design Automation, Computer Engineering, Computer Networks and Social Media Conference. ACM, 72--79. Google ScholarDigital Library
- Hui Suo, Jiafu Wan, Caifeng Zou, and Jianqi Liu. 2012. Security in the internet of things: A review. In Proceedings of the International Conference on Computer Science and Electronics Engineering (ICCSEE’12), vol. 3. IEEE, 648--651.Google ScholarDigital Library
- Symantec. {n.d.}. Consumer Multi-Factor Authentication Solutions. Retrieved from https://www.symantec.com/theme/multi-factor-authentication-solutions.Google Scholar
- Pang-Ning Tan, Michael Steinbach, Vipin Kumar et al. 2006. Cluster analysis: Basic concepts and algorithms. Intro. Data Min. 8 (2006), 487--568.Google Scholar
- Pin Shen Teh, Ning Zhang, Andrew Beng Jin Teoh, and Ke Chen. 2016. A survey on touch dynamics authentication in mobile devices. Comput. Secur. 59 (2016), 210--235. Google ScholarDigital Library
- TeleSign. {n.d.}. TeleSign targets account takeover fraud with behavioral biometrics technology. Retrieved from https://www.telesign.com/blog/post/telesign-targets-account-takeover-fraud-with-behavioral-biometrics-technology/.Google Scholar
- Marlies Temper, Simon Tjoa, and Manfred Kaiser. 2015. Touch to authenticate—Continuous biometric authentication on mobile devices. In Proceedings of the International Conference on Software Security and Assurance (ICSSA’15). IEEE, 30--35.Google ScholarCross Ref
- ThisData. {n.d.}. Use our security APIs to make risk-based decisions in your applications. Retrieved from https://thisdata.com/.Google Scholar
- Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. 2017. WALNUT: Waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS8P’17). IEEE, 3--18.Google ScholarCross Ref
- typingdna. {n.d.}. Typing biometrics authentication API based on keystroke dynamics. Retrieved from https://www.typingdna.com/authentication-api.html.Google Scholar
- ISO/IEC 24761 (under review). 2009. Security techniques—Authentication context for biometrics. Retrieved from https://www.iso.org/standard/41531.html.Google Scholar
- UnifyID. {n.d.}. Join our team. Retrieved from https://unify.id/desginer-application.html.Google Scholar
- vasco. {n.d.}. Behevioral biometrics. Retrieved from https://www.vasco.com/products/application-security/behavioral-authentication.html.Google Scholar
- Veridium. {n.d.}. Behavioral Biometrics: Continuous Authentication. Retrieved from https://www.veridiumid.com/blog/behavioral-biometrics-continuous-authentication/.Google Scholar
- Ovidiu Vermesan, Markus Eisenhauer, H. Sunmaeker, Patrick Guillemin, Martin Serrano, Elias Z. Tragos, Javier Valino, A. van der Wees, A. Gluhak, and R. Bahr. 2017. Internet of Things cognitive transformation technology research trends and applications. Cognitive Hyperconnected Digital Transformation, O. Vermesan and J. Bacquet (Eds.). River Publishers, 17--95.Google Scholar
- Yuji Watanabe, Tsutomu Fujita et al. 2013. Toward introduction of immunity-based model to continuous behavior-based user authentication on smart phone. Procedia Comput. Sci. 22 (2013), 1319--1327.Google ScholarCross Ref
- Ian H. Witten, Eibe Frank, Mark A. Hall, and Christopher J. Pal. 2016. Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann. Google ScholarDigital Library
- Jain-Shing Wu, Wan-Ching Lin, Chih-Ta Lin, and Te-En Wei. 2015. Smartphone continuous authentication based on keystroke and gesture profiling. In Proceedings of the International Carnahan Conference on Security Technology (ICCST’15). IEEE, 191--197.Google ScholarCross Ref
- Miao Wu, Ting-Jie Lu, Fei-Yang Ling, Jing Sun, and Hui-Ying Du. 2010. Research on the architecture of Internet of things. In Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE’10), vol. 5. IEEE, V5--484.Google Scholar
- Boyi Xu, Lida Xu, Hongming Cai, Lihong Jiang, Yang Luo, and Yizhi Gu. 2017. The design of an m-Health monitoring system based on a cloud computing platform. Enterprise Info. Syst. 11, 1 (2017), 17--36. Google ScholarDigital Library
- Hui Xu, Yangfan Zhou, and Michael R. Lyu. 2014. Towards continuous and passive authentication via touch biometrics: An experimental study on smartphones. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’14), vol. 14. 187--198.Google Scholar
- Zheng Yan, Peng Zhang, and Athanasios V. Vasilakos. 2014. A survey on trust management for Internet of Things. J. Netw. Comput. Appl. 42 (2014), 120--134.Google ScholarCross Ref
- Kuo-Hui Yeh, Chunhua Su, Wayne Chiu, and Lu Zhou. 2018. I walk, therefore i am: Continuous user authentication with plantar biometrics. IEEE Commun. Mag. 56, 2 (2018), 150--157. Google ScholarDigital Library
- Yunze Zeng, Amit Pande, Jindan Zhu, and Prasant Mohapatra. 2017. WearIA: Wearable device implicit authentication based on activity information. In IEEE 18th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM’17). IEEE, 1--9.Google ScholarCross Ref
- Cha Zhang and Yunqian Ma. 2012. Ensemble Machine Learning: Methods and Applications. Springer.Google Scholar
- Kai Zhao and Lina Ge. 2013. A survey on the internet of things security. In Proceedings of the 9th International Conference on Computational Intelligence and Security (CIS’13). IEEE, 663--667.Google ScholarDigital Library
- Xi Zhao, Tao Feng, and Weidong Shi. 2013. Continuous mobile authentication using a novel graphic touch gesture feature. In Proceedings of the IEEE 6th International Conference on Biometrics: Theory, Applications and Systems (BTAS’13). IEEE, 1--6.Google ScholarCross Ref
- zighra. {n.d.}. Smart identity defense. Retrieved from https://zighra.com/.Google Scholar
Index Terms
- Leveraging User-related Internet of Things for Continuous Authentication: A Survey
Recommendations
Internet of Things (IoT): From awareness to continued use
AbstractThis paper proposes a research model with five constructs, i.e., IoT awareness, users’ IoT privacy knowledge, users’ IoT security knowledge, users’ IoT Trust, and continued intention to use IoT to bring clarity to the growing yet ...
Highlights- Clarifying how variables linked from IoT awareness to IoT continued use.
- IoT ...
Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework
ICC '16: Proceedings of the International Conference on Internet of things and Cloud ComputingThe Internet of things (IoT) refers to every object, which is connected over a network with the ability to transfer data. Users perceive this interaction and connection as useful in their daily life. However any improperly designed and configured ...
Adaptive Internet of Things and Web of Things convergence platform for Internet of reality services
Recently, Internet of things (IoT) and Web of Things (WoT) lead us to the excellent era of connected everything device. However, the devices hardly show the property of the autonomous connectivity and the self-cooperation for applying in real-world ...
Comments