Privacy-Preserving Continuous Authentication for Mobile and IoT Systems Using Warmup-Based Federated Learning

Abstract

Continuous authentication for mobile devices acknowledges users by studying their behavioural interactions with their devices. It provides an extended protection mechanism that supplies an additional layer of security for smartphones and Internet of Things (IoT) devices and locks out intruders in cases of stolen credentials or hijacked sessions. Most of the continuous authentication efforts in the literature consist of collecting behavioural, sensory data from users and extracting statistical patterns through adopting various Machine Learning (ML) techniques. The main drawback of these approaches is their heavy reliance on acquiring the users' personal data, which exposes the latter's privacy. To address this limitation, we introduce a novel Federated Learning (FL) based continuous authentication mechanism for mobile and IoT devices. Our approach preserves the users' privacy by allowing each individual to locally train an ML model that captures his/her behaviour and then shares the model weights with the server for global aggregation. An extended scheme with a warmup FL approach for continuous authentication is proposed. Performance evaluation is done with a unique non-IID dataset built from three well-known datasets MNIST, CIFAR-10 and FEMNIST. The extensive experimental results show a major accuracy increase in user authentication.