Reconstruction Attacks Against Mobile-Based Continuous Authentication Systems in the Cloud
Continuous authentication for mobile devices using behavioral biometrics is being suggested to complement initial authentication for securing mobile devices, and the cloud services accessed through them. This area has been studied over the past few years, and low error rates were achieved; however,...
Saved in:
| Published in | IEEE transactions on information forensics and security Vol. 11; no. 12; pp. 2648 - 2663 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
New York
IEEE
01.12.2016
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Continuous authentication for mobile devices using behavioral biometrics is being suggested to complement initial authentication for securing mobile devices, and the cloud services accessed through them. This area has been studied over the past few years, and low error rates were achieved; however, it was based on training and testing using support vector machine (SVM) and other non-privacy-preserving machine learning algorithms. To stress the importance of carefully designed privacy-preserving systems, we investigate the possibility of reconstructing gestures raw data from users' authentication profiles or synthesized samples' testing results. We propose two types of reconstruction attacks based on whether actual user samples are available to the adversary (as in SVM profiles) or not. We also propose two algorithms to reconstruct raw data: a numerical-based algorithm that is specific to one compromised system, and a randomization-based algorithm that can work against almost any compromised system. For our experiments, we selected one compromised and four attacked gesture-based continuous authentication systems from the recent literature. The experiments, performed using a public data set, showed that the attacks were feasible, with a median ranging from 80% to 100% against one attacked system using all types of attacks and algorithms, and a median ranging from 73% to 100% against all attacked systems using the randomization-based algorithm and the negative support vector attack. Finally, we analyze the results, and provide recommendations for building active authentication systems that could resist reconstruction attacks. |
|---|---|
| AbstractList | Continuous authentication for mobile devices using behavioral biometrics is being suggested to complement initial authentication for securing mobile devices, and the cloud services accessed through them. This area has been studied over the past few years, and low error rates were achieved; however, it was based on training and testing using support vector machine (SVM) and other non-privacy-preserving machine learning algorithms. To stress the importance of carefully designed privacy-preserving systems, we investigate the possibility of reconstructing gestures raw data from users' authentication profiles or synthesized samples' testing results. We propose two types of reconstruction attacks based on whether actual user samples are available to the adversary (as in SVM profiles) or not. We also propose two algorithms to reconstruct raw data: a numerical-based algorithm that is specific to one compromised system, and a randomization-based algorithm that can work against almost any compromised system. For our experiments, we selected one compromised and four attacked gesture-based continuous authentication systems from the recent literature. The experiments, performed using a public data set, showed that the attacks were feasible, with a median ranging from 80% to 100% against one attacked system using all types of attacks and algorithms, and a median ranging from 73% to 100% against all attacked systems using the randomization-based algorithm and the negative support vector attack. Finally, we analyze the results, and provide recommendations for building active authentication systems that could resist reconstruction attacks. |
| Author | Chang, J. Morris Al-Rubaie, Mohammad |
| Author_xml | – sequence: 1 givenname: Mohammad surname: Al-Rubaie fullname: Al-Rubaie, Mohammad email: mti@iastate.edu organization: Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA – sequence: 2 givenname: J. Morris surname: Chang fullname: Chang, J. Morris email: morris@iastate.edu organization: Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA |
| BookMark | eNp9kLtOwzAUhi0EEm3hARBLJOYUX2InHktEoVIREi0Li-W4J-CSxiV2hr49SVt1YGA61-9c_iE6r10NCN0QPCYEy_vlbLoYU0zEmHKZEEbP0IBwLmKBKTk_-YRdoqH3a4yThIhsgD7ewLjah6Y1wbo6moSgzbePJp_adunoxRW2gvhBe1hFuauDrVvXdvU2fEEXGb3HFjsfYOMjW0ddPsor166u0EWpKw_XRztC79PHZf4cz1-fZvlkHhsqWYgzk2DNuAENosQFE0ABtAReFqUksj-UFKwEXaQpFbTAlEN3viwxMCi5YCN0d5i7bdxPCz6otWubulupSMawFIxmvOsihy7TOO8bKNW2sRvd7BTBqpdQ9RKqXkJ1lLBj0j-MsWH_cGi0rf4lbw-kBYDTppRTllDMfgEs8oGB |
| CODEN | ITIFA6 |
| CitedBy_id | crossref_primary_10_1109_TETCI_2023_3296502 crossref_primary_10_1109_TPAMI_2023_3332428 crossref_primary_10_1109_TIFS_2022_3196270 crossref_primary_10_1016_j_jisa_2025_103992 crossref_primary_10_1109_JIOT_2023_3267782 crossref_primary_10_1109_TCSS_2022_3184818 crossref_primary_10_1016_j_cose_2024_104285 crossref_primary_10_1145_3591362 crossref_primary_10_1016_j_sysarc_2020_101940 crossref_primary_10_1109_OJCS_2021_3099108 crossref_primary_10_1007_s11277_020_07387_y crossref_primary_10_3390_network4010005 crossref_primary_10_1109_COMST_2019_2922584 crossref_primary_10_3390_s21175967 crossref_primary_10_1109_TIFS_2020_2968188 crossref_primary_10_1016_j_csi_2023_103765 crossref_primary_10_1109_COMST_2020_3011561 crossref_primary_10_1016_j_ins_2024_120167 crossref_primary_10_1109_TIFS_2022_3140687 crossref_primary_10_1016_j_jnca_2021_103162 crossref_primary_10_1049_cmu2_12722 crossref_primary_10_1109_MSEC_2018_2888775 crossref_primary_10_1002_spe_3206 |
| Cites_doi | 10.1137/1.9780898717952 10.1109/THS.2012.6459891 10.1117/12.847886 10.1145/2810103.2813677 10.1109/BTAS.2013.6712758 10.1145/2897845.2897908 10.1109/TPAMI.2007.1087 10.1109/TrustCom.2013.272 10.5772/51319 10.1145/2592235.2592252 10.1109/TIFS.2014.2350916 10.1109/TPAMI.2010.77 10.1016/j.patrec.2015.01.011 10.1109/ICASSP.2014.6854310 10.1145/2565585.2565590 10.1109/TPAMI.2007.1018 10.1145/2508859.2516659 10.1109/WACV.2015.35 10.1109/ICSE.2013.6606553 10.1109/BTAS.2013.6712747 10.1007/3-540-45344-X_32 10.1007/978-3-642-38519-3_21 10.1109/TIFS.2014.2375571 10.1007/978-3-319-17533-1_19 10.1109/TIFS.2012.2225048 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2016 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2016 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 7TB 8FD FR3 JQ2 KR7 L7M L~C L~D |
| DOI | 10.1109/TIFS.2016.2594132 |
| DatabaseName | IEEE Xplore (IEEE) IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Mechanical & Transportation Engineering Abstracts Technology Research Database Engineering Research Database ProQuest Computer Science Collection Civil Engineering Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Civil Engineering Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Mechanical & Transportation Engineering Abstracts Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Engineering Research Database Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Civil Engineering Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISSN | 1556-6021 |
| EndPage | 2663 |
| ExternalDocumentID | 4223680661 10_1109_TIFS_2016_2594132 7523420 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Brandeis Program grantid: FA8750-12-2-0200; N66001-15-C-4068 funderid: 10.13039/100000185 – fundername: DARPA Active Authentication Program |
| GroupedDBID | 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABQJQ ABVLG ACGFS ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ IFIPE IPLJI JAVBF LAI M43 O9- OCL P2P PQQKQ RIA RIE RNS AAYXX CITATION RIG 7SC 7SP 7TB 8FD FR3 JQ2 KR7 L7M L~C L~D |
| ID | FETCH-LOGICAL-c293t-8c40a35ceae6f0b36e2eea9e5fbf91904411b3feab77262b025e0049f0e3ef563 |
| IEDL.DBID | RIE |
| ISSN | 1556-6013 |
| IngestDate | Sun Jun 29 16:18:48 EDT 2025 Tue Jul 01 02:34:11 EDT 2025 Thu Apr 24 23:01:22 EDT 2025 Tue Aug 26 16:40:14 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 12 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c293t-8c40a35ceae6f0b36e2eea9e5fbf91904411b3feab77262b025e0049f0e3ef563 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0002-5975-868X |
| PQID | 1830963285 |
| PQPubID | 85506 |
| PageCount | 16 |
| ParticipantIDs | ieee_primary_7523420 crossref_primary_10_1109_TIFS_2016_2594132 proquest_journals_1830963285 crossref_citationtrail_10_1109_TIFS_2016_2594132 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2016-12-01 |
| PublicationDateYYYYMMDD | 2016-12-01 |
| PublicationDate_xml | – month: 12 year: 2016 text: 2016-12-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on information forensics and security |
| PublicationTitleAbbrev | TIFS |
| PublicationYear | 2016 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref34 ref12 ref15 ref36 ref14 ref31 xu (ref10) 2014; 14 ref33 seo (ref25) 2012; 9 ref17 ref16 ref19 ref18 rasmussen (ref32) 2014 bonneau (ref27) 2014 zetter (ref26) 2014 ref24 ref23 ref20 vapnik (ref30) 1998; 1 ref22 ref21 (ref35) 2016 ref28 ref29 (ref2) 2014 ref8 šed?nka (ref11) 2015; 10 ref7 zhu (ref9) 2013 li (ref6) 2013 ref4 ref5 rose (ref3) 2014 lella (ref1) 2014 mangasarian (ref37) 2008 |
| References_xml | – ident: ref36 doi: 10.1137/1.9780898717952 – ident: ref23 doi: 10.1109/THS.2012.6459891 – year: 2016 ident: ref35 publication-title: Android APK Decompiler – ident: ref31 doi: 10.1117/12.847886 – ident: ref28 doi: 10.1145/2810103.2813677 – ident: ref4 doi: 10.1109/BTAS.2013.6712758 – ident: ref12 doi: 10.1145/2897845.2897908 – start-page: 1 year: 2013 ident: ref6 article-title: Unobservable re-authentication for smartphones publication-title: Proc NDSS – ident: ref15 doi: 10.1109/TPAMI.2007.1087 – ident: ref8 doi: 10.1109/TrustCom.2013.272 – volume: 9 start-page: 1 year: 2012 ident: ref25 article-title: A novel biometric identification based on a users input pattern analysis for intelligent mobile devices publication-title: Int J Adv Robot Syst doi: 10.5772/51319 – volume: 1 year: 1998 ident: ref30 publication-title: Statistical Learning Theory – ident: ref24 doi: 10.1145/2592235.2592252 – start-page: 473 year: 2008 ident: ref37 article-title: Privacy-preserving classification of horizontally partitioned data via random kernels publication-title: Proc DMIN – volume: 14 start-page: 187 year: 2014 ident: ref10 article-title: Towards continuous and passive authentication via touch biometrics: An experimental study on smartphones publication-title: Proc Symp Usable Privacy and Security (SOUPS ' 08 – ident: ref17 doi: 10.1109/TIFS.2014.2350916 – ident: ref13 doi: 10.1109/TPAMI.2010.77 – year: 2014 ident: ref3 article-title: Think iCloud's two-factor authentication protects your privacy? It doesn't – ident: ref5 doi: 10.1016/j.patrec.2015.01.011 – ident: ref18 doi: 10.1109/ICASSP.2014.6854310 – start-page: 1128 year: 2013 ident: ref9 article-title: SenSec: Mobile security through passive sensing publication-title: Proc IEEE Int Conf Comput Netw Commun (ICNC) – start-page: 1 year: 2014 ident: ref27 article-title: Privacy concerns of implicit secondary factors for Web authentication publication-title: Proc Symp Usable Privacy Security (SOUPS) Workshop Who Are You – ident: ref22 doi: 10.1145/2565585.2565590 – ident: ref14 doi: 10.1109/TPAMI.2007.1018 – year: 2014 ident: ref1 article-title: The U.S. mobile app report – ident: ref29 doi: 10.1145/2508859.2516659 – ident: ref21 doi: 10.1109/WACV.2015.35 – ident: ref34 doi: 10.1109/ICSE.2013.6606553 – ident: ref16 doi: 10.1109/BTAS.2013.6712747 – ident: ref33 doi: 10.1007/3-540-45344-X_32 – ident: ref20 doi: 10.1007/978-3-642-38519-3_21 – volume: 10 start-page: 384 year: 2015 ident: ref11 article-title: Secure outsourced biometric authentication with performance evaluation on smartphones publication-title: IEEE Trans Inf Forensics Security doi: 10.1109/TIFS.2014.2375571 – ident: ref19 doi: 10.1007/978-3-319-17533-1_19 – start-page: 1 year: 2014 ident: ref32 article-title: Authentication using pulse-response biometrics publication-title: Proc NDSS – ident: ref7 doi: 10.1109/TIFS.2012.2225048 – year: 2014 ident: ref26 – year: 2014 ident: ref2 publication-title: Update to Celebrity Photo Investigation Apple Media Advisory |
| SSID | ssj0044168 |
| Score | 2.3842874 |
| Snippet | Continuous authentication for mobile devices using behavioral biometrics is being suggested to complement initial authentication for securing mobile devices,... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 2648 |
| SubjectTerms | Algorithm design and analysis Algorithms Authentication Biometrics (access control) continuous authentication gestures Image reconstruction machine learning Mobile devices Mobile handsets privacy reconstruction attacks Support vector machines Testing |
| Title | Reconstruction Attacks Against Mobile-Based Continuous Authentication Systems in the Cloud |
| URI | https://ieeexplore.ieee.org/document/7523420 https://www.proquest.com/docview/1830963285 |
| Volume | 11 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT9wwEB0Bp3KAAkXdliIfOKF6ceLY2RwX1BUgbS-AhLhEtjOuVkUJUpNLf33HibOltKq4RY4dWXn2zBt7PgBO0M5cZrKMC8wlz2i7cWNlwg3OEu2I47se6eVXfXmXXd-r-w34vI6FQcTe-Qyn4bG_y68a14WjsrOcrKYsJQN9kwy3IVZrlLqk1YewN6U0JyNDxhvMRBRnt1eLm-DEpafE9Ulop3_ooL6oyl-SuFcvi11YjhMbvEq-T7vWTt3PFzkbXzvzt7ATeSabDwtjDzaw3ofdsYYDi1t6H7afJSQ8gIdgjf7OKcvmbRti8Nn8m1lRM1s2lqQIPyfVV7GQ2GpVd01H74OffN3G8z8W06CzVc2onV08Nl31Du4WX24vLnmsvsAdUYCWE4bCSOXQoPbCSo0poilQeesLohH0xxMrPRpLBF2nlsgTBnvDC5TolZaHsFU3Nb4HZvK0IuKZeC2qzCthdV4pIwrnidrb3E5AjHiULqYmDxUyHsveRBFFGSAsA4RlhHACp-shT0Nejv91PgiQrDtGNCZwNIJexp37oyQRR1adTGfqw79HfYQ34duDS8sRbBEk-ImISWuP-xX5C5Gb30U |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9QwEB5V5QAcKLQgtg_wgRPCWyeOnc1xqVhtodsLW6niEtnOGK2oEiSSS399x4mzQEGIW-TYipXPnvnGngfAG7Qzl5ks4wJzyTPabtxYmXCDs0Q74viuR3p1qZdX2cdrdb0D77axMIjYO5_hNDz2d_lV47pwVHaak9WUpWSgPyC9r5IhWmuUu6TXh8A3pTQnM0PGO8xEFKfr88Xn4Malp8T2SWynv2mhvqzKH7K4VzCLPViNUxv8Sr5Nu9ZO3e29rI3_O_en8CQyTTYflsYz2MF6H_bGKg4sbup9ePxLSsID-BLs0Z9ZZdm8bUMUPpt_NRtqZqvGkhzh70n5VSykttrUXdPR--ApX7fxBJDFROhsUzNqZ2c3TVc9h6vFh_XZksf6C9wRCWg5oSiMVA4Nai-s1JgimgKVt74gIkF_PLHSo7FE0XVqiT5hsDi8QIleafkCduumxpfATJ5WRD0Tr0WVeSWszitlROE8kXub2wmIEY_SxeTkoUbGTdkbKaIoA4RlgLCMEE7g7XbI9yEzx786HwRIth0jGhM4HkEv4979UZKQI7tOpjN1-PdRr-Hhcr26KC_OLz8dwaPwncHB5Rh2CR48IZrS2lf96rwDXpXijg |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Reconstruction+Attacks+Against+Mobile-Based+Continuous+Authentication+Systems+in+the+Cloud&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=Al-Rubaie%2C+Mohammad&rft.au=Chang%2C+J.+Morris&rft.date=2016-12-01&rft.issn=1556-6013&rft.eissn=1556-6021&rft.volume=11&rft.issue=12&rft.spage=2648&rft.epage=2663&rft_id=info:doi/10.1109%2FTIFS.2016.2594132&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TIFS_2016_2594132 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon |