Project Title

NSF SaTC: Towards Energy-Efficient Privacy-Preserving Active Authentication of Smartphone Users

Project Description

Common smartphone authentication mechanisms, such as PINs, graphical passwords, and fingerprint scans, are not designed to offer security post-login. Continuous authentication addresses this issue by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction, hand and body movements, and phone location. However, these techniques raise significant privacy and security concerns. Because smartphones can easily fall into the hands of the adversary, it is paramount to protect sensitive behavioral information collected and processed on these devices.

One approach for securing behavioral data is to perform off-device authentication via privacy-preserving protocols. To provide meaningful security and privacy guarantees in the presence of realistic adversaries, protocols used for privacy-preserving authentication must be provably secure against malicious parties. This guarantees that no information beyond the authentication result is revealed to the parties, regardless of their behavior. However, our experiments show that the energy required to execute these protocols, implemented using state-of-the-art building blocks, is unsustainably high.

For this reason, the primary goal of our research is to investigate new techniques to significantly reduce the energy cost of privacy-preserving protocols for active authentication of smartphone users. Our research focus is in sharp contrast with existing techniques and protocols, which have been largely agnostic to energy consumption patterns and to the user’s possession of the smartphone post-authentication. The outcome of this project is a suite of new cryptographic techniques and possession-aware protocols that enable secure energy-efficient continuous authentication of smartphone users.

This research was in collaboration with NYIT

Personnel

1. Gang Zhou (faculty)
2. Ge Peng (woman Ph.D. student, graduated in May 2016, Ph.D. Thesis Title: Enhancing Energy Efficiency and Privacy Protection of Smart Devices, initial placement at Google)
3. Kyle Wallace (Ph.D. student, graduated in 2018, Ph.D. Thesis Title: Understanding and Enriching Randomness Within Resource-Constrained Devices)
4. Qing Yang (Ph.D. student, graduated in 2018, Ph.D. Thesis Title: Exploiting Power for Smartphone Security and Privacy, initial placement at Gemalto)
5. Hongyang Zhao (Ph.D. student)
6. Yongsen Ma (Ph.D. student)
7. Amanda Watson (woman Ph.D. student)
8. Shuangquan Wang (Ph.D. student)
9. Woosub Jung (Ph.D. student)
10. Benjamin Powell (undergraduate student, graduated in 2018 with “Honor”, his Honored Undergraduate Thesis title was “Turning Detection in Sandbar Sharks through Accelerometer Data”.)
11. Kelvin Kelvin Abrokwa-Johnson (minority undergraduate student, graduated in 2018)

Publications

1. IoT Botnet Detection via Power Consumption Modeling, Woosub Jung, Hongyang Zhao, Minglong Sun, Gang Zhou, ACM/IEEE Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), Washington D.C., 2019
2. MEG: Memory and Energy Efficient Garbled Circuit Evaluation on Smartphones, Qing Yang, Ge Peng, Paolo Gasti, Kiran Balagani, Yantao Li, Gang Zhou, IEEE Transactions on Information Forensics and Security, 2018
3. USB Side-channel Attack on Tor, Qing Yang, Paolo Gasti, Kiran Balagani, Yantao Li, Gang Zhou, Elsevier Computer Networks (COMNET), 2018
4. CADET: A Collaborative and Distributed Entropy Transfer Protocol, Kyle Wallace, Gang Zhou, Kun Sun, IEEE International Conference on Distributed Computing Systems (ICDCS), Austria, 2018
5. Using Data Augmentation in Continuous Authentication on Smartphones, Yantao Li, Hailong Hu, Gang Zhou, IEEE Internet of Things Journal, 2018
6. Sensor-based Continuous Authentication Using Cost-Effective Kernel Ridge Regression, Yantao Li, Hailong Hu, Gang Zhou, Shaojiang Deng, IEEE Access, 2018
7. On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-channel, Qing Yang, Paolo Gasti, Gang Zhou, Aydin Farajidavar, Kiran Balagani, IEEE Transactions on Information Forensics and Security, 2017
8. Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones, Paolo Gasti, Jaroslav Sedenka, Qing Yang, Gang Zhou, Kiran Balagani, IEEE Transactions on Information Forensics and Security, 2016