In Industry 4.0, security begins with the workers’ authentication, which can be done individually or in groups. Recently, group authentication is gaining momentum, allowing users to authenticate as group members without the need to specify the particular individual. Continuous authentication and federated learning are promising techniques that might help group authentication by providing privacy, by its own design, and extra security compared to traditional methods based on passwords, tokens, or biometrics. However, these techniques have not previously been combined or evaluated for authenticating workers in Industry 4.0. Thus, this paper proposes a novel continuous group authentication privacy-preserving (CGAPP)platform that is suitable for the industry. The CGAPP platform incorporates statistical data from workers’ smartphones and employs federated learning-based outlier detection for group worker authentication while ensuring the privacy of personal data vectors. A series of experiments were performed to measure the framework’s suitability and address the following research questions: (i) What is the cost of using FL compared to full data access in industrial scenarios? (ii) How robust is federated learning against adversarial attacks, specifically, how much malicious data is required to deceive the model? and (iii) How much noise is required to disrupt the authentication system? The results demonstrate the effectiveness of the CGAPP platform in the industry since it provides factory safety while preserving privacy. This platform achieves an accuracy of 92%, comparable to the 96% obtained by traditional approaches in the literature that do not address privacy concerns. The platform’s robustness is tested against attacks in the second and third experiments, and various countermeasures are evaluated. While the CGAPP platform exhibits certain vulnerabilities to data injection attacks, straightforward countermeasures can alleviate them. Nevertheless, the system’s performance experiences a notable impact in the event of a data perturbation attack, and the countermeasures investigated are ineffective in addressing this issue.
Read full abstract