Among the research topics of the Security Group, we are investigating the use of behavioral biometrics for user authentication on new-generation devices. Existing authentication schemes, e.g., PIN/passwords, face and iris recognition, etc., have shown to be less secure and less usable and users are reluctant to enable them on their devices. Consequently, the research has been diverted to find usable alternatives.
Human biological data, due to its permanence and uniqueness, can be used as a means of identification, authentication and access control. The use of biological data for the purpose of identity management is termed as biometric recognition or simply biometrics. Physical (based on the physical characteristics) and behavioral (based on behaviors) biometrics are the most popular types. Physical characteristics include fingerprints, hand geometry, iris or retina scans, etc., and behavioral characteristics include keystrokes, gait, signature, voice, etc. Other biometrics use chemical features (based on events that happen in a person's body, measured by e.g., odor or temperature) and cognitive features (based on brain responses to specific stimuli, e.g. odor or sound).
Biometrics has got all the potential to completely replace PINs and passwords because they can be stolen, forgotten, and shared. Biometric authentication has been studied for a long time. Large-scale commercial deployments already exist, such as the fingerprint sensors on laptops and smartphones. However, these deployments are based on physical biometrics, which essentially requires explicit user action, hence result in annoying users. As a result, most of the research about transparent, implicit and unobservable authentication for smartphone's security and access control is based on behavioral biometrics.
Behavioral biometrics offer many advantages over physiological traits. One of the main advantages is that the behavioral patterns can be collected transparently or sometimes even without the user's knowledge. More importantly, data collection does not require any special dedicated hardware. However, most of the behaviors are not unique enough to provide accurate user identification but have shown promising results in user verification. Various behavior-based authentication solutions have been tested and evaluated but are yet to be deployed at large scale. One reason is that the performance of many of these schemes is not yet at the same level as physical biometrics. Another reason is that not much attention has been paid to the performance of biometrics under differing or difficult circumstances. For example, gait authentication is typically evaluated by having subjects walk along flat surfaces of corridors in buildings.
We have been developing behavioral-biometric-based solutions that authenticate the users with either minimal or no cooperation from the users. We are designing, prototyping and testing the proposed authentication based on our identified behaviors, i.e., how a person holds her phone, moves her phone, or interacts with its touchscreen. We are also performing the comparative evaluation, based on accuracy, performance, and usability, with the state-of-the-art behavioral-biometric-based solutions. All of our solutions exploit the existing hardware (avoiding additional hardware requirements) and hence can be implemented on most of the smartphones available in the market today.
Themes
Within the mainstream project we covered a number of themes.
Authentication for Smartphones, tablets, and smartwatches.
Securing the behavioral-biometric-template (ongoing)
Risk-based adaptive/continuous user authentication schemes(ongoing).
People
Projects
This activity was supported by a number of projects
Datasets
Instructions to access to our datasets
-
Send an email to security(AT)disi(DOT)unitn(DOT)it, as follows:
Subject: [DATABASE download: DISI Security Lab Datasets]
Body: Your name, e-mail, telephone number, organization, postal mail, the purpose for which you will use the database, time and date at which you sent the email with the signed license agreement.
Once the email (preferred you to use your company/institute/university email id) along with the license agreement has been received, we will send the requested database.
Datasets Available
41 users micro hand-movements dataset (21263 observations) collected in the wild using smartphone.
95 users touch and hold-movements data (smartphones)
86 users swipe, pickup, and voice data (smartphones)
40 users hold and digital signature data (tablets)
40 users hand-movements data for Smarthandle
Solutions
Talks and Tutorials
-
-
Attaullah Buriro.
Mobile Biometrics: Towards A Comprehensive Evaluation Methodology. Madrid, Spain. October 2017.
Slides Attaullah Buriro.
Hold & Sign: A Novel Behavioral Biometrics for Smartphone User Authentication. DistriNET KULeuven, LEuven, Belgium. December 2016.
Slides Attaullah Buriro, Bruno Crispo.
Behavioral Biometrics for Smartphone User Authentication. Milan Expo, Milan, Italy. September 2015.
Slides
Publications
2020
Sandeep Gupta, Attaullah Buriro and Bruno Crispo: A chimerical dataset combining physiological and behavioral biometric traits for reliable user authentication on smart devices and ecosystems; Data In Brief (DIB), Elsevier.
2019
Sandeep Gupta, Attaullah Buriro and Bruno Crispo: A Risk-driven Model to Minimize the Effects of Human Factors on Smart Devices; ETAA, 2019.
Sandeep Gupta, and Bruno Crispo: A perspective study towards biometric-based rider authentication schemes for driverless taxis, International Conference On Innovation And Intelligence For Informatics, Computing, And Technologies (3ICT), 2019.
Sandeep Gupta, Attaullah Buriro, and Bruno Crispo: SmartHandle: A Novel Behavioral Biometric-based Authentication Scheme for Smart Lock Systems, 3rd International Conference on Biometric Engineering and Applications (ICBEA 2019), 2019.
Sandeep Gupta, Attaullah Buriro, and Bruno Crispo: DriverAuth: A Risk-based Multi-modal Biometric-based Driver Authentication Scheme for Ride-sharing Platforms, Computers & Security, 2019.
Sandeep Gupta, Attaullah Buriro, and Bruno Crispo: DriverAuth: Behavioral Biometric-based Driver Authentication Mechanism for On-demand Ride and Ridesharing Infrastructure, Information & Communications Technology Express, ICT Express Journals, 2019.
2018:
Attaullah Buriro, Bruno Crispo, Mojtaba Eskandri, Sandeep Gupta, Athar Mahboob, Rutger Van Acker; SnapAuth: A Gesture-Based Unobtrusive Smartwatch User Authentication Scheme, International Workshop on Emerging Technologies for Authorization and Authentication, 2018.
Attaullah Buriro, Sandeep Gupta, Bruno Crispo, and Filippo Del Frari: DIALERAUTH: A Motion-assisted Touch-based Smartphone User Authentication Scheme, 8th ACM Conference on Data and Application Security and Privacy, Tempe, AZ, USA, March 2018.
Sandeep Gupta, Attaullah Buriro, and Bruno Crispo: Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access, Mobile Information Systems (Special Issue), Hindawi Journals, 2018.
2017:
Attaullah Buriro, Zahid Akhtar, Bruno Crispo, and Sandeep Gupta: Mobile Biometrics: Towards A Comprehensive Evaluation Methodology. In
Proceedings of The 51st International Carnahan Conference on Security Technology (ICCST-2017), Madrid, Spain.
PDF Zahid Akhtar, Attaullah Buriro, Bruno Crispo and Tiago Falk: Multimodal Smartphone User Authentication using Touchstroke, Phone-Movement and Face Patterns. In
IEEE Global Conference on Signal and Information Processing (GlobalSIP-2017), Montreal, Canada.
PDF Attaullah Buriro, Sandeep Gupta and Bruno Crispo: Evaluation of Motion-based Touch-typing Biometrics for online Banking. In
Proceedings of The International Conference of the Biometrics Special Interest Group (BIOSIG-2017), Darmstadt, Germany.
PDF Attaullah Buriro, Bruno Crispo and Yury Zhauniarovich: Please hold on: Unobtrusive user authentication using smartphone's built-in sensors. In
Proceedings of The IEEE International Conference on Identity, Security and Behavior Analysis (ISBA-2017), Delhi, India.
PDF
2016:
Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Konrad Wrona: Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication. In
Proceedings of The Security and Privacy Workshops (SPW-2016), San Jose, CA, USA.
PDF Attaullah Buriro, Zahid Akhtar, Bruno Crispo, Filippo Del Frari: Age, Gender and Operating-hand Estimation on Smart Mobile Devices. In
International Conference of the Biometrics Special Interest Group (BIOSIG), Darmstadt, Germany.
PDF
2015:
Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Jeffrey Klardie, Konrad Wrona: Itsme: Multi-modal and unobtrusive behavioural user authentication for smartphones. In
International Conference on Passwords (PASSWORDS-2015), Cambridge, UK.
PDF Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Konrad Wrona: Touchstroke: smartphone user authentication based on touch-typing biometrics. In
International Conference on Image Analysis and Processing (ICIAP-2015), Genova, Italy.
PDF