A Usable and Robust Continuous Authentication Framework using Wearables

Abstract

One-time login process in conventional authentication systems does not guarantee that the identified user is the actual user throughout the session. However, it is necessary to re-verify the user identity periodically throughout a login session, which is lacking in existing one-time login systems. Continuous authentication, which re-verifies the user identity without breaking the continuity of the session, can address this issue. However, existing methods for Continuous Authentication are either not reliable or not usable. In this paper, we introduce a usable and reliable Wearable-Assisted Continuous Authentication (WACA), which relies on the sensor-based keystroke dynamics and the authentication data is acquired through the built-in sensors of a wearable (e.g., smartwatch) while the user is typing. The acquired data is periodically and transparently compared with the registered profile of the initially logged-in user with one-way classifiers. With this, WACA continuously ensures that the current user is the user who logged-in initially. We implemented the WACA framework and evaluated its performance extensively on real devices with real users. The empirical evaluation of WACA reveals that WACA is feasible, and its error rate is as low as 1 percent with 30 seconds of processing time and 2-3 percent for 20 seconds. The computational overhead is minimal. Furthermore, WACA is capable of identifying insider threats with very high accuracy (99.2 percent) and also robust against powerful adversaries such as imitation and statistical attackers. We believe that this work has practical and far-reaching implications for the future of the usable authentication field.