Browsing by Subject "Continuous authentication"

Now showing 1 - 3 of 3
  • Thumbnail Image
    Publication
    Open Access
    CGAPP: A continuous group authentication privacy-preserving platform for industrial scene
    (Elsevier ltd., 2023-10-09) Espín López, Juan Manuel; Huertas Celdrán, Alberto; Esquembre, Francisco; Martínez Pérez, Gregorio; Marín-Blázquez, Javier G.; Matemáticas
    In Industry 4.0, security begins with the workers’ authentication, which can be done individually or in groups. Recently, group authentication is gaining momentum, allowing users to authenticate as group members without the need to specify the particular individual. Continuous authentication and federated learning are promising techniques that might help group authentication by providing privacy, by its own design, and extra security compared to traditional methods based on passwords, tokens, or biometrics. However, these techniques have not previously been combined or evaluated for authenticating workers in Industry 4.0. Thus, this paper proposes a novel continuous group authentication privacy-preserving (CGAPP)platform that is suitable for the industry. The CGAPP platform incorporates statistical data from workers’ smartphones and employs federated learning-based outlier detection for group worker authentication while ensuring the privacy of personal data vectors. A series of experiments were performed to measure the framework’s suitability and address the following research questions: (i) What is the cost of using FL compared to full data access in industrial scenarios? (ii) How robust is federated learning against adversarial attacks, specifically, how much malicious data is required to deceive the model? and (iii) How much noise is required to disrupt the authentication system? The results demonstrate the effectiveness of the CGAPP platform in the industry since it provides factory safety while preserving privacy. This platform achieves an accuracy of 92%, comparable to the 96% obtained by traditional approaches in the literature that do not address privacy concerns. The platform’s robustness is tested against attacks in the second and third experiments, and various countermeasures are evaluated. While the CGAPP platform exhibits certain vulnerabilities to data injection attacks, straightforward countermeasures can alleviate them. Nevertheless, the system’s performance experiences a notable impact in the event of a data perturbation attack, and the countermeasures investigated are ineffective in addressing this issue.
  • Repository logo
    Publication
    Restricted
    S3 Dataset
    (2021-04-13) Espín López, Juan Manuel; Huertas Celdrán, Alberto; Marín-Blázquez, Javier G.; Esquembre, Francisco; Martínez Pérez, Gregorio; Matemáticas
    The S3 dataset contains the behavior (sensors, statistics of applications, and voice) of 21 volunteers interacting with their smartphones for more than 60 days. The type of users is diverse, males and females in the age range from 18 until 70 have been considered in the dataset generation. The wide range of age is a key aspect, due to the impact of age in terms of smartphone usage. To generate the dataset the volunteers installed a prototype of the smartphone application in on their Android mobile phones. All attributes of the different kinds of data are writed in a vector. The dataset contains the fellow vectors: Sensors: This type of vector contains data belonging to smartphone sensors (accelerometer and gyroscope) that has been acquired in a given windows of time. Each vector is obtained every 20 seconds, and the monitored features are: - Average of accelerometer and gyroscope values. - Maximum and minimum of accelerometer and gyroscope values. - Variance of accelerometer and gyroscope values. - Peak-to-peak (max-min) of X, Y, Z coordinates. - Magnitude for gyroscope and accelerometer. Statistics: These vectors contain data about the different applications used by the user recently. Each vector of statistics is calculated every 60 seconds and contains : - Foreground application counters (number of different and total apps) for the last minute and the last day. - Most common app ID and the number of usages in the last minute and the last day. - ID of the currently active app. - ID of the last active app prior to the current one. - ID of the application most frequently utilized prior to the current application. - Bytes transmitted and received through the network interfaces. Voice: This kind of vector is generated when the microphone is active in a call o voice note. The speaker vector is an embedding, extracted from the audio, and it contains information about the user's identity. This vector, is usually named "x-vector" in the Speaker Recognition field, and it is calculated following the steps detailed in "egs/sitw/v2" for the Kaldi library, with the models available for the extraction of the embedding. A summary of the details of the collected database. - Users: 21 - Sensors vectors: 417.128 - Statistics app's usage vectors: 151.034 - Speaker vectors: 2.720 - Call recordings: 629 - Voice messages: 2.091
  • Thumbnail Image
    Publication
    Open Access
    S3: An AI-Enabled User Continuous Authentication for Smartphones Based on Sensors, Statistics and Speaker Information
    (MDPI, 2021-05-28) Espín López, Juan Manuel; Huertas Celdrán, Alberto; Marín-Blázquez, Javier G.; Esquembre, Francisco; Martínez Pérez, Gregorio; Matemáticas
    Continuous authentication systems have been proposed as a promising solution to au- thenticate users in smartphones in a non-intrusive way. However, current systems have important weaknesses related to the amount of data or time needed to build precise user profiles, together with high rates of false alerts. Voice is a powerful dimension for identifying subjects but its suitability and importance have not been deeply analyzed regarding its inclusion in continuous authentication systems. This work presents the S3 platform, an artificial intelligence-enabled continuous authen- tication system that combines data from sensors, applications statistics and voice to authenticate users in smartphones. Experiments have tested the relevance of each kind of data, explored different strategies to combine them, and determined how many days of training are needed to obtain good enough profiles. Results showed that voice is much more relevant than sensors and applications statistics when building a precise authenticating system, and the combination of individual models was the best strategy. Finally, the S3 platform reached a good performance with only five days of use available for training the users’ profiles. As an additional contribution, a dataset with 21 volun- teers interacting freely with their smartphones for more than sixty days has been created and made available to the community.