Smart devices, as the most widely used platforms for the mobile cyber–physical system (CPS) applications, such as smart home and health care systems, are becoming the prime targets of various attackers for users’ considerable private and confidential data in them. To fight against side channel attacks aiming to obtain credentials, e.g., passwords, during the process of user authentication, touch pattern based implicit authentication has been proposed. However, such a defensive technique fails to obtain an entire pattern of user operation by deriving user operation data via a touch-enabled screen. Considering that user operations, including on-screen and in-air finger movements, are performed in three-dimensional (3D) space, we propose a novel 3D magnetic finger motion pattern based implicit authentication technique, referred to as FingerAuth. To use FingerAuth, a user operates on her mobile device, e.g., texting a message and browsing websites, with a magnetic ring on the finger she uses. With the help of a built-in three-axis magnetometer on the mobile device, we can derive the 3D magnetic finger motion pattern as a human behavioral feature for implicitly authenticating the user. By using machine learning techniques, a robust 3D magnetic finger motion pattern detection model can be constructed. Two rounds of usability tests are conducted for the evaluation of FingerAuth. In the initial usability test targeting a given group of smart device users, we test the uniqueness of the proposed trait in typing scenario, achieving high average accuracy of 96.38%, low average false acceptance rate (FAR) of 4.06%, and false rejection rate (FRR) of 3.18%. In the second user usability test, we further evaluate the permanence of 3D finger motion pattern in multiple user–device interaction scenarios. There is an interim of two-week period between the training data collection phase and the testing data collection phase. The results of the high accuracy of over 80%, as well as the FAR and FRR of below 15%, indicate the applicability of FingerAuth.
Read full abstract