TWC: Small: Collaborative: Spoof-Resistant Smartphone Authentication using Cooperating Wearables

TWC：小型：协作：使用协作可穿戴设备进行防欺骗智能手机身份验证

• 批准号: 1526524
• 负责人: Nitesh Saxena
• 金额: $ 20.8万
• 依托单位: University of Alabama at Birmingham
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1526524&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Spoof; Resistant

This research is developing methods that leverage a multitude of sensors embedded in hand-held and wearable devices (e.g., smart watches, smart glasses and brain-computer interfaces) for strong user authentication to smart phones. The current point-of-entry solutions, largely based on weak static credentials, such as passwords or PINs for authentication to smart phones are not sufficient because once such credentials are compromised (which is very likely given the many vulnerabilities of passwords), the attacker may gain unfettered access to the smart phone. In this light, it becomes necessary to constantly protect the smart phone even after the attacker has already bypassed the point-of-entry authentication functionality. This research aims to address this problem by developing methods through which cues extracted from one or more wearable devices will be used in conjunction with cues extracted from the phone itself to continuously and unobtrusively verify the authenticity of the user. In addition to advancing knowledge on how wearable devices can help improve smart phone security, the research will have a number of other broader impacts including, mentoring of undergraduate students, outreach to high school and K-12 students and minority populations, and technology transfer by collaborating with manufacturers and industrial consortia.The principal argument underlying this research is that, given the rise of sensor-equipped and wearable computing, a wide array of identifying cues might be available in many circumstances and can therefore be leveraged to build user-friendly and spoof-resistant smart phone authentication systems. The overarching approach is to not only capture explicit user interactions (based on touch screen sensors) when applicable, but also capture implicit user interactions based on a conglomeration of a multitude of smart phone on-board sensors as well as wearable device sensors. The on-board sensors are inertial (motion and orientation) sensors residing on the smart phone itself and measure users' implicit interactions with the phone, specifically, phone movements, tilts and orientations. The wearable sensors, in contrast, are inertial and neuro-physiological sensors residing on "collaborating" wearable devices, "paired" with the smart phone, and measure user's interactions with those devices, specifically, movement dynamics associated with different body parts, and neuro-physiological patterns. The project is studying how the use of such multi-faceted cues can yield a smart phone authentication system that is robust against accidental errors as well as deliberate spoofing attacks.

这项研究正在开发利用嵌入在手持和可穿戴设备（例如，智能手表、智能眼镜和脑机接口），用于对智能手机进行强用户认证。当前的入口点解决方案主要基于弱静态凭证，诸如用于对智能电话进行认证的密码或PIN，这是不够的，因为一旦这样的凭证被泄露（鉴于密码的许多漏洞，这是非常可能的），攻击者可以获得对智能电话的不受约束的访问。在这种情况下，即使在攻击者已经绕过入口点认证功能之后，也有必要不断保护智能手机。这项研究旨在通过开发方法来解决这个问题，通过这些方法，从一个或多个可穿戴设备中提取的线索将与从手机本身提取的线索结合使用，以连续和不引人注目地验证用户的真实性。除了推进可穿戴设备如何帮助提高智能手机安全性的知识之外，这项研究还将产生许多其他更广泛的影响，包括指导本科生，推广到高中和K-12学生和少数群体，以及通过与制造商和工业联盟合作进行技术转让。这项研究的主要论点是，鉴于配备传感器和可穿戴计算的兴起，在许多情况下可能有各种各样的识别线索，因此可以利用这些线索来构建用户友好和防欺骗的智能电话认证系统。总体方法是不仅在适用时捕获显式用户交互（基于触摸屏传感器），而且还基于众多智能电话机载传感器以及可穿戴设备传感器的聚集来捕获隐式用户交互。板载传感器是驻留在智能手机本身上的惯性（运动和方向）传感器，并测量用户与手机的隐式交互，具体地，手机移动、倾斜和方向。相比之下，可穿戴传感器是驻留在“协作”可穿戴设备上的惯性和神经生理传感器，与智能手机“配对”，并测量用户与这些设备的交互，特别是与不同身体部位相关联的运动动态和神经生理模式。该项目正在研究如何使用这种多方面的线索可以产生一个智能手机认证系统，该系统对意外错误以及故意欺骗攻击具有鲁棒性。