NSF Award
1619023
Common smartphone authentication mechanisms such as PINs, graphical passwords, and fingerprint scans offer limited security. They are relatively easy to guess or spoof, and are ineffective when the smartphone is captured after the user has logged in. Multi-modal active authentication addresses these challenges by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction, hand movements, gait, voice, and phone location. However, these techniques raise significant privacy and security concerns because the behavioral signals used for authentication represents personal identifiable data, and often expose private information such as user activity, health, and location. Because smartphones can be easily lost or stolen, it is paramount to protect all sensitive behavioral information collected and processed on these devices. One approach for securing behavioral data is to perform off-device authentication via privacy-preserving protocols. However, our experiments show that the energy required to execute these protocols, implemented using state-of-the-art techniques, is unsustainably high, and leads to very quick depletion of the smartphone's battery. <br/><br/>This research advances the state of the art of privacy-preserving active authentication by devising new techniques that significantly reduce the energy cost of cryptographic authentication protocols on smartphones. Further, this research takes into account signals that indicate that the user has lost possession of the smartphone, in order to trigger user authentication only when necessary. The focus of this project is in sharp contrast with existing techniques and protocols, which have been largely agnostic to energy consumption patterns and to the user1s possession of the smartphone post-authentication. The outcome of this project is a suite of new cryptographic techniques and possession-aware protocols that enable secure energy-efficient active authentication of smartphone users. These cryptographic techniques advance the state of the art of privacy-preserving active authentication by re-shaping individual protocol components to take into account complex energy tradeoffs and network heterogeneity, integral to modern smartphones. Finally, this project will focus on novel techniques to securely offload computation related to active authentication from the smartphone to a (possibly untrusted) cloud, further reducing the energy footprint of authentication. The proposed research will thus make privacy-preserving active authentication practical on smartphones, from both an energy and performance perspective.
