CASTRA: Seamless and Unobtrusive Authentication of Users to Diverse Mobile Services
This paper presents context-aware security technology for responsive and adaptive protection (CASTRA), an "always-on" context-aware authentication and access control framework that seamlessly and unobtrusively authenticate users to mobile applications of varying sensitivity levels. CASTRA...
Saved in:
| Published in | IEEE internet of things journal Vol. 5; no. 5; pp. 4042 - 4057 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
Piscataway
IEEE
01.10.2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | This paper presents context-aware security technology for responsive and adaptive protection (CASTRA), an "always-on" context-aware authentication and access control framework that seamlessly and unobtrusively authenticate users to mobile applications of varying sensitivity levels. CASTRA uses a continuous and multifaceted behavioral biometrics authentication that passively authenticates the user in the background while the device is being in contact with the user, and a context-aware risk assessment and access control that provides access to applications based on the perceived threat level around the device. The behavioral authentication module is constructed by exploiting a combination of supervised and unsupervised learning techniques on raw sensor and GPS data passively gathered from the mobile device. Multiple inferences about the user (or user behavioral traits ) such as frequently visited locations, location transition patterns, physical proximity of user with the device (e.g., device in the pocket or placed on the table), and walking patterns are automatically inferred and extracted. Analytical studies were conducted to derive optimal thresholds to fuse these multiple traits and an adaptive trust score is generated every user-defined time period to determine the degree to which the user is trustworthy to access the applications. CASTRA is implemented in a client-server mode, utilizing the Android and the Amazon Cloud computing platform. The novelty of CASTRA stems from the design and fusion of multiple behavioral biometric-based authentication factors and the development and deployment of a practical end-to-end architecture that enables real-time data acquisition, automatic training and learning of user behavioral patterns, and context-aware risk assessment and access control. The performance of CASTRA was evaluated under natural settings, on 15 subjects, using different variants of the Samsung devices. Multiple realistic attack scenarios (e.g., stolen, lost, and shared devices) targeting mobile devices were designed to prove the security and user-friendliness of the proposed scheme. We also present techniques to reduce energy and bandwidth consumption and ways to unobtrusively acquire data for supervised learning algorithms without requiring explicit user annotation. |
|---|---|
| AbstractList | This paper presents context-aware security technology for responsive and adaptive protection (CASTRA), an “always-on” context-aware authentication and access control framework that seamlessly and unobtrusively authenticate users to mobile applications of varying sensitivity levels. CASTRA uses a continuous and multifaceted behavioral biometrics authentication that passively authenticates the user in the background while the device is being in contact with the user, and a context-aware risk assessment and access control that provides access to applications based on the perceived threat level around the device. The behavioral authentication module is constructed by exploiting a combination of supervised and unsupervised learning techniques on raw sensor and GPS data passively gathered from the mobile device. Multiple inferences about the user (or user behavioral traits ) such as frequently visited locations, location transition patterns, physical proximity of user with the device (e.g., device in the pocket or placed on the table), and walking patterns are automatically inferred and extracted. Analytical studies were conducted to derive optimal thresholds to fuse these multiple traits and an adaptive trust score is generated every user-defined time period to determine the degree to which the user is trustworthy to access the applications. CASTRA is implemented in a client-server mode, utilizing the Android and the Amazon Cloud computing platform. The novelty of CASTRA stems from the design and fusion of multiple behavioral biometric-based authentication factors and the development and deployment of a practical end-to-end architecture that enables real-time data acquisition, automatic training and learning of user behavioral patterns, and context-aware risk assessment and access control. The performance of CASTRA was evaluated under natural settings, on 15 subjects, using different variants of the Samsung devices. Multiple realistic attack scenarios (e.g., stolen, lost, and shared devices) targeting mobile devices were designed to prove the security and user-friendliness of the proposed scheme. We also present techniques to reduce energy and bandwidth consumption and ways to unobtrusively acquire data for supervised learning algorithms without requiring explicit user annotation. |
| Author | Srivastava, Kunal Shila, Devu Manikantan |
| Author_xml | – sequence: 1 givenname: Devu Manikantan orcidid: 0000-0001-9882-147X surname: Shila fullname: Shila, Devu Manikantan email: manikad@utrc.utc.com organization: System Dynamics and Optimization Group, United Technologies Research Center, Hartford, CT, USA – sequence: 2 givenname: Kunal surname: Srivastava fullname: Srivastava, Kunal email: srivask@utrc.utc.com organization: System Dynamics and Optimization Group, United Technologies Research Center, Hartford, CT, USA |
| BookMark | eNp9kEtLAzEUhYNUsNb-AHETcN2aTOaRuBvqm0rBtushk9zBlOmkJpmC_94ZW0RcuLoXzvnO5Z5zNGhsAwhdUjKllIibl-fFahoRyqcRT2hC6AkaRizKJnGaRoNf-xkae78hhHRYQkU6RMtZvly95bd4CXJbg_dYNhqvG1sG13qzB5y34R2aYJQMxjbYVnjtwXkcLL7rdOcBv9rS1NBFuL1R4C_QaSVrD-PjHKH1w_1q9jSZLx6fZ_l8oiLBwkTQUjPBaaoqLnRMgVWcZIIlWaxLrqTUaSmBxIlOSVapKuKCCal5olVGSBmzEbo-5O6c_WjBh2JjW9d0J4uIMpbFPElp58oOLuWs9w6qQpnw_Utw0tQFJUVfYtGXWPQlFscSO5L-IXfObKX7_Je5OjAGAH78nAnRq19cen4s |
| CODEN | IITJAU |
| CitedBy_id | crossref_primary_10_1109_ACCESS_2021_3061589 crossref_primary_10_1007_s11036_020_01706_0 crossref_primary_10_1109_TMC_2024_3353209 crossref_primary_10_1186_s40537_023_00807_3 crossref_primary_10_3390_rs11091026 crossref_primary_10_1109_ACCESS_2023_3286376 crossref_primary_10_1109_JIOT_2019_2922979 crossref_primary_10_1109_ACCESS_2022_3148537 crossref_primary_10_1007_s11265_021_01654_2 crossref_primary_10_1109_ACCESS_2024_3411783 crossref_primary_10_1007_s11042_022_13245_9 |
| Cites_doi | 10.1109/TIFS.2012.2225048 10.1145/3052973.3053032 10.1109/UEMCON.2016.7777911 10.1145/2501604.2501607 10.1145/1653662.1653691 10.1145/1755688.1755732 10.1145/2857705.2857748 10.1109/SAHCN.2013.6644973 10.1145/2590296.2590337 10.14722/ndss.2017.23130 10.1109/WiMOB.2011.6085412 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/JIOT.2018.2851501 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library (IEL) (UW System Shared) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2327-4662 |
| EndPage | 4057 |
| ExternalDocumentID | 10_1109_JIOT_2018_2851501 8399501 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: U.S. Department of Homeland Security grantid: D15PC00155 funderid: 10.13039/100000180 |
| GroupedDBID | 0R~ 4.4 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABJNI ABQJQ ABVLG AGQYO AGSQL AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ EBS EJD IFIPE IPLJI JAVBF M43 OCL PQQKQ RIA RIE AAYXX CITATION RIG 7SC 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c293t-91bd39816cf89d41e3f80793574db8caad6bae045d607fcf28939ad85dc700b43 |
| IEDL.DBID | RIE |
| ISSN | 2327-4662 |
| IngestDate | Mon Jun 30 05:23:02 EDT 2025 Tue Jul 01 04:07:56 EDT 2025 Thu Apr 24 23:03:08 EDT 2025 Wed Aug 27 03:02:50 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Issue | 5 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c293t-91bd39816cf89d41e3f80793574db8caad6bae045d607fcf28939ad85dc700b43 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-9882-147X |
| PQID | 2133748561 |
| PQPubID | 2040421 |
| PageCount | 16 |
| ParticipantIDs | proquest_journals_2133748561 crossref_primary_10_1109_JIOT_2018_2851501 ieee_primary_8399501 crossref_citationtrail_10_1109_JIOT_2018_2851501 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2018-10-01 |
| PublicationDateYYYYMMDD | 2018-10-01 |
| PublicationDate_xml | – month: 10 year: 2018 text: 2018-10-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Piscataway |
| PublicationPlace_xml | – name: Piscataway |
| PublicationTitle | IEEE internet of things journal |
| PublicationTitleAbbrev | JIoT |
| PublicationYear | 2018 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ye (ref14) 2017 bo (ref5) 2013 bhagavatula (ref4) 2014 fridman (ref12) 2015 giuffrida (ref23) 2014 ref31 clarke (ref9) 2007; 6 ref10 hastie (ref13) 2011 riva (ref1) 2012 shila (ref16) 2016 ref18 (ref21) 2016 (ref2) 2016 yang (ref27) 0 ref24 conti (ref15) 2011 ref26 ref25 attaullah (ref30) 2015 jakobsson (ref11) 2017 ref28 (ref20) 2016 conti (ref7) 2010 ref29 ref8 (ref17) 2017 (ref3) 2016 ref6 ross (ref22) 2003 shila (ref19) 2017 (ref32) 2017 |
| References_xml | – start-page: 15 year: 2012 ident: ref1 article-title: Progressive authentication: Deciding when to authenticate on mobile phones publication-title: Proc 21st USENIX Conf Secur Symp (Security) – year: 0 ident: ref27 article-title: PersonalA: A lightweight implicit authentication system based on customized user behavior selection publication-title: IEEE Trans Depend Secure Comput – ident: ref10 doi: 10.1109/TIFS.2012.2225048 – year: 2016 ident: ref20 publication-title: Your Phone's Biggest Vulnerability is Your Fingerprint – ident: ref29 doi: 10.1145/3052973.3053032 – start-page: 249 year: 2011 ident: ref15 article-title: Mind how you answer me: Transparently authenticating the user of a smartphone when answering or placing a call publication-title: Proc ASIACCS – year: 2016 ident: ref21 publication-title: Owasp mobile security project – year: 2003 ident: ref22 publication-title: Introduction to Probability Models – ident: ref26 doi: 10.1109/UEMCON.2016.7777911 – ident: ref25 doi: 10.1145/2501604.2501607 – start-page: 1 year: 2014 ident: ref4 article-title: Usability analysis of biometric authentication systems on mobile phones publication-title: Proc SOUPS – year: 2011 ident: ref13 publication-title: The Elements of Statistical Learning Data Mining Inference and Prediction – ident: ref8 doi: 10.1145/1653662.1653691 – start-page: 1 year: 2015 ident: ref12 article-title: Active authentication on mobile devices via stylometry, application usage, Web browsing, and GPS location publication-title: arXiv preprint arXiv 150308479 – ident: ref6 doi: 10.1145/1755688.1755732 – year: 2016 ident: ref3 publication-title: 67 Percent of Consumers Don't Have Password Protection on Their Mobile Phones – year: 2017 ident: ref17 publication-title: Smart Lock – volume: 6 start-page: 1 year: 2007 ident: ref9 article-title: Authenticating mobile phone users using keystroke analysis publication-title: Int J Inf Security – ident: ref24 doi: 10.1145/2857705.2857748 – year: 2016 ident: ref2 publication-title: One in every six users suffer loss or theft of mobile devices – year: 2017 ident: ref11 publication-title: Implicit authentication for mobile devices HotSec – start-page: 1 year: 2016 ident: ref16 article-title: A multi-faceted approach to user authentication for mobile devices-Using human movement, usage, and location patterns publication-title: Proc IEEE HST – ident: ref18 doi: 10.1109/SAHCN.2013.6644973 – ident: ref28 doi: 10.1145/2590296.2590337 – start-page: 45 year: 2015 ident: ref30 article-title: ITSME: Multi-modal and unobtrusive behavioural user authentication for smartphones publication-title: Proc 9th Int Conf Technol Pract Passwords (PASSWORDS) – year: 2017 ident: ref19 publication-title: System and method of mobile based user authentication for an access controlled environment – start-page: 331 year: 2010 ident: ref7 article-title: CRePE: Context-related policy enforcement for Android publication-title: Proc ISCAS – year: 2017 ident: ref14 article-title: Cracking Android pattern lock in five attempts publication-title: Proc Network and Distributed System Security Symp (NDSS) doi: 10.14722/ndss.2017.23130 – start-page: 1 year: 2014 ident: ref23 article-title: I sensed it was you: Authenticating mobile users with sensor-enhanced keystroke dynamics publication-title: Proc 11th Conf DIMVA – year: 2017 ident: ref32 publication-title: Google activity recognition api – ident: ref31 doi: 10.1109/WiMOB.2011.6085412 – start-page: 187 year: 2013 ident: ref5 article-title: SilentSense: Silent user identification via touch and movement behavioral biometrics publication-title: Proc Mobicom |
| SSID | ssj0001105196 |
| Score | 2.1927373 |
| Snippet | This paper presents context-aware security technology for responsive and adaptive protection (CASTRA), an "always-on" context-aware authentication and access... This paper presents context-aware security technology for responsive and adaptive protection (CASTRA), an “always-on” context-aware authentication and access... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 4042 |
| SubjectTerms | Access control Adaptive control Ambient intelligence Android Annotations Applications programs Authentication Biometrics Biometrics (access control) Cloud computing context-aware services Cybersecurity Electronic devices Internet of Things internet of Things (IoT) Legged locomotion Machine learning Mobile communication systems Mobile computing Mobile handsets Performance evaluation Risk assessment Risk management Trustworthiness |
| Title | CASTRA: Seamless and Unobtrusive Authentication of Users to Diverse Mobile Services |
| URI | https://ieeexplore.ieee.org/document/8399501 https://www.proquest.com/docview/2133748561 |
| Volume | 5 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV09T8MwELVKJxYKFEShIA9MiLRJ4zgJW1WoSqXC0FbqFvlzoSRItAu_nrvEKRIgxJbBjqw7-_zufHePkOvAch4D7Pf0QA08ZuGki8hXHkD9JNVcBLJsuzh74pMlm66iVYPc7mphjDFl8pnp4Wf5lq8LtcVQWT_BOkws1toDx62q1fqKpwQIRrh7uAz8tD99fF5g7lbSGwCsiBztS331lFwqPwxweauMW2RWr6dKJnnpbTeypz6-tWr874IPyYGDl3RY7Ycj0jD5MWnV1A3UneQ2mY-GyJZ8R-dGvK7B2lGRa7rMC4lFGGABKcbOMJOoCunRwtIlFmbSTUHvy1wOQ2eFBJtCa3NzQpbjh8Vo4jl-BU_BJb8BOyd1mCYBVxb0wgIT2gT75UUx0zJRQmguhQHMp7kfW2XBNwtToZNIq9j3JQtPSTMvcnNGaBCHXBprFIsYY1aJ1FQ0wABAlQnDDvFr0WfKNR9HDox1VjohfpqhtjLUVua01SE3uylvVeeNvwa3Ufq7gU7wHdKt9Zu5s_meDcAtj1kCwPH891kXZB__XaXsdUkTBG8uAXps5FW55z4B9eTVIg |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8QwDLYQDLDwRhzPDEyIHn2kacuGeOh4HAzcSWxVngvQInEs_HrsNj0kQIitQ6JGcWx_cWx_AAeREyJD2B-YWMcBd6jpMg11gFA_L4yQkWraLg7vxGDMrx_Txxk4mtbCWGub5DPbp8_mLd_U-p1CZcc51WFSsdYc-v00bqu1viIqEcER4Z8uo7A4vr66H1H2Vt6PEViknvilcz4Nm8oPE9z4lcslGHYratNJnvrvE9XXH9-aNf53ycuw6AEmO21PxArM2GoVljryBuZ1eQ0ezk6JL_mEPVj58oz2jsnKsHFVKyrDQBvIKHpGuURtUI_Vjo2pNJNNanbeZHNYNqwVWhXWGZx1GF9ejM4GgWdYCDS6-QlaOmWSIo-EdigZHtnE5dQxL824UbmW0gglLaI-I8LMaYe3s6SQJk-NzsJQ8WQDZqu6spvAoiwRyjqreco5d1oWtiUCRgiqbZL0IOy2vtS-_TixYDyXzTUkLEqSVknSKr20enA4nfLa9t74a_Aa7f50oN_4Hux08i29dr6VMV7MM54jdNz6fdY-zA9Gw9vy9uruZhsW6D9tAt8OzKIQ7C4CkYnaa87fJ0AP2Gw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=CASTRA%3A+Seamless+and+Unobtrusive+Authentication+of+Users+to+Diverse+Mobile+Services&rft.jtitle=IEEE+internet+of+things+journal&rft.au=Shila%2C+Devu+Manikantan&rft.au=Srivastava%2C+Kunal&rft.date=2018-10-01&rft.issn=2327-4662&rft.eissn=2327-4662&rft.volume=5&rft.issue=5&rft.spage=4042&rft.epage=4057&rft_id=info:doi/10.1109%2FJIOT.2018.2851501&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_JIOT_2018_2851501 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2327-4662&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2327-4662&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2327-4662&client=summon |