Abstract
Continuous authentication has been proposed as a possible approach for passive and seamless user authentication, using sensor data comprising biometric, behavioral, and context-oriented characteristics. Since these are personal data being transmitted and are outside the control of the user, this approach causes privacy issues. Continuous authentication has security challenges concerning poor matching rates and susceptibility of replay attacks. The security issues are mainly poor matching rates and the problems of replay attacks. In this survey, we present an overview of continuous authentication and comprehensively discusses its different modes, and issues that these modes have related to security, privacy, and usability. A comparison of privacy-preserving approaches dealing with the privacy issues is provided, and lastly recommendations for secure, privacy-preserving, and user-friendly continuous authentication.
Highlights
Sensors 2021, 21, 5967. https://We are dependent on computing technology to store and process our personal data.We interact with devices in the form of smart-phones, cars, sensors, Internet of Things (IoT), and other devices
Regarding Question 3 in Section 1, and by considering the international standard organization (ISO) standard for biometric information protection ISO/international electrotechnical commission (IEC) 24745 [170], the security and privacy issues for continuous authentication can be mitigated by utilizing cryptographic techniques, such as homomorphic encryption with secure two-party computation and Zero-Knowledge Proofs (ZKP)
Continuous authentication modes suffer from significant security and privacy challenges; the utilization of homomorphic encryption combined with bloom filters can solve both security and privacy challenges
Summary
We are dependent on computing technology to store and process our personal data. We interact with devices in the form of smart-phones, cars, sensors, Internet of Things (IoT), and other devices. A potential problem about session-oriented approaches is that if the user leaves the computer or the device for some time, a malicious user accessing the device in the meantime is not prevented from using it or any services that the user is logged onto This issue could be mitigated by security mechanisms that continuously re-authenticate the user during the session. Since continuous authentication mechanisms collect personal data, such as physiological, behavioral, and context-aware user data, this causes privacy concerns. This survey presents an overview of continuous authentication modes with performance comparison. The conclusion of the survey is stated in the last section
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have