WACA: Wearable-Assisted Continuous Authentication

Abstract

One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with one-way classifiers. With this, WACA continuously ensures that the current user is the user who logged in initially. We implemented the WACA framework and evaluated its performance on real devices with real users. The empirical evaluation of WACA reveals that WACA is feasible and its error rate is as low as 1% with 30 seconds of processing time and 2 - 3% for 20 seconds. The computational overhead is minimal. Furthermore, WACA is capable of identifying insider threats with very high accuracy (99.2%).

Publication
IEEE Security and Privacy Workshops (SPW)
Abbas Acar
Abbas Acar
Senior Research Scientist

I completed my PhD in the Cyber-Physical Systems Security (CSL) lab under the supervision of Professor Selcuk Uluagac in 2020 at Florida International University (FIU), USA. Before that, I received my BSc from Electrical and Electronics Engineering at Middle East Technical University, Turkey in 2015 with a minor in Mathematics. My research interests include alternative authentication methods (e.g., continuous authentication), IoT security and privacy, and privacy-preserving technologies (e.g., homomorphic encryption).