Abstract
Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user's behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average.
Highlights
Authenticating a user on a mobile phone is an essential operation since users store critical information, such as personal photos, contact details, call histories, private messages, login details and application data
As a response to the last research question (What is the impact of performing real-time authentication in terms of resource usage on the phone?), we can say that in terms of resource usage, DAKOTA does not bring extra overhead in terms of power and memory usage compared to the original banking application
Together with two ensemble algorithms, are trained and tested and the results reveal that binary-Support Vector Machine (SVM) with Radial Basis Function (RBF) kernel is observed to reach the highest true positive recognition rate, 99%, and the lowest error scores, 3.5% equal error rate (EER)
Summary
Authenticating a user on a mobile phone is an essential operation since users store critical information, such as personal photos, contact details, call histories, private messages, login details and application data. Personal Identification Number (PIN), passwords, graphical patterns, physical biometrics (i.e., fingerprints) are the examples of active or explicit authentication. Active authentication approaches are often used when users launch the device and require the user’s active participation. Guessed PINs and passwords, making it very easy for the imposters to access the device contents [1]. A banking application requires a password at login; there are examples of banking applications, which use physical biometrics (i.e., iris or face recognition) as the authentication mechanism. These approaches often require one-time or point-of-entry authentication.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
