Design and evaluation of a user authentication model for IoT networks based on app event patterns

Abstract

Access to a variety of Internet of Things networks can be achieved through end-user devices such as smartphones or tablets. However, these devices are susceptible to theft, loss or unauthorized access. Although end-user devices are equipped with different means of authentication such as fingerprint readers, these methods are only employed at the time of access. Hence, an effective authentication mechanism that continuously authenticates users in the background is required in order to detect unauthorized access. A rich set of information can be extracted from end-user devices and utilized in the background to continuously authenticate users without requiring further intervention. As an example, the ability to continuously retrieve application usage profiles and sensor data on such devices strengthens the argument for employing behavioral-based mechanisms for continuous user authentication. This paper, which discusses behavioral-based authentication mechanisms with regard to security and usability, presents a user authentication model based on app access and network generated traffic patterns while accessing apps, utilizing a small amount of information. To validate our model, we use a public real-world dataset collected, in an uncontrolled manner, from real users over a long time period. The presented model can authenticate users with a minimum F-measure of 98%, utilizing both access time patterns and network traffic patterns. Overall, the results are promising, and the achieved high degree of accuracy proves the effectiveness and usability of the proposed model.