This is an old revision of the document!
Among the research topics of the Security Group, we are investigating the use of behavioral biometrics for user authentication on new generation devices. Existing authentication schemes, e.g., PIN/passwords, face and iris recognition, etc., have shown to be less secure and less usable and users are reluctant to enable them on their devices. Consequently, the research has been diverted to find their usable alternatives.
Human biological data, due to its permanence and uniqueness, can be used as a means of identification, authentication and access control. The use of biological data for the purpose of identity management is termed as biometric recognition or simply biometrics. Physical (based on the physical characteristics) and behavioral (based on behaviors) biometrics are the most popular types. Physical characteristics include fingerprints, hand geometry, iris or retina scans, etc., and behavioral characteristics include keystrokes, gait, signature, voice, etc. Other biometrics use chemical features (based on events that happen in a person's body, measured by e.g., odor or temperature) and cognitive features (based on brain responses to specific stimuli, e.g. odor or sound).
Biometrics has got all the potential to completely replace PINs and passwords because they can be stolen, forgotten, and shared. Biometric authentication has been studied for a long time. Large-scale commercial deployments already exist, such as the fingerprint sensors on laptops and smartphones. However, these deployments are based on physical biometrics, which essentially require explicit user action, hence result in annoying the users. As a results, most of the research about transparent, implicit and unobservable authentication for smartphone's security and access control is based on behavioral biometrics.
Behavioral biometrics offer many advantages over physiological traits. One of the main advantages is that the behavioral patterns can be collected transparently or sometimes even without user's knowledge. More importantly, data collection does not require any special dedicated hardware. However, most of the behaviors are not unique enough to provide accurate user identification but have shown promising results in user verification. Various behavior-based authentication solutions have been tested and evaluated but are yet to be deployed at large scale. One reason is that the performance of many of these schemes is not yet at the same level as physical biometrics. Another reason is that not much attention has been paid to the performance of biometrics under differing or difficult circumstances. For example, gait authentication is typically evaluated by having subjects walk along flat surfaces of corridors in buildings.
We have been developing behavioral-biometric-based solutions that authenticate the users with either minimal or no cooperation from the users. We are designing, prototyping and testing the proposed authentication based on our identified behaviors, i.e., how a person holds her phone, moves her phone, or interact with its touchscreen. We are also performing the comparative evaluation, based on accuracy, performance, and usability, with the state-of-the-art behavioral-biometric-based solutions. All of our solutions exploit the existing hardware (avoiding additional hardware requirement) and hence can be implemented on most of the smartphones available in the market today.
Within the main stream project we covered a number of themes.
The following is a list of involved people.
we are reachable via email @ name.surname@unitn.it
This activity was supported by a number of projects
2017:
2016:
2015: