Abstract
Conventional authentication is a temporal action that takes place at a specific point in time. During the period between this action and when the associated task(s) is (are) executed several events may occur that impact on the task(s), e.g., an authenticated user may take a short break without logging out. This is a vulnerability that may lead to exploits. For applications where such exploits are a concern, authentication should be dynamic with a continuous monitoring loop, where trust is updated while the tasks associated with the authentication are executed. Continuous user authentication addresses this issue by using biometric user traits to monitor user behavior. In this paper we extend this notion for applications where monitoring mobile objects has to be a continuous process, e.g., for liveness probing of unmanned aerial vehicles (UAVs), or to protect UAVs (with WiFi based UAVs an attacker may use a WiFi de-authentication attack to disconnect an authorized operator and then take control of the vehicle while the operator is trying to re-establish connectivity). We propose a lightweight stream authentication scheme for mobile objects that approximates continuous authentication. This only requires the user and object to share a loosely synchronized pseudo-random number generator, and is provably secure.
This material is partly based upon work supported in part by the National Science Foundation under Grants DUE 1241525, DGE 1565215, and by the NSA/DoD under Grants H98230-17-1-0419, H98230-17-1-0322.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
M. Abdalla, P.-A. Fouque, D. Pointcheval, Password-based authenticated key exchange in the three-party setting, in Public Key Cryptography—PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Proceedings (2005), pp. 65–84
B. Barak, S. Halevi, A model and architecture for pseudo-random generation with applications to/dev/random, in Proceedings of the 12th ACM Conference on Computer and Communications Security (ACM, 2005), pp. 203–212
M. Burmester, J. Munilla, Lightweight rfid authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 11 (2011)
M. Frank, R. Biedert, E. Ma, I. Martinovic, D. Song, Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)
H. Gascon, S. Uellenbeck, C. Wolf, K. Rieck, Continuous authentication on mobile devices by analysis of typing motion behavior. Sicherheit 2014, 1–12 (2014)
A.J. Klosterman, G.R Ganger, Secure continuous biometric-enhanced authentication. Technical Report, (Carnegie-Mellon University Pittsburgh, PA, Department of Computer Science, 2000)
J. Liu, Y. Dong, Y. Chen, Y. Wang, T. Zhao, Poster: leveraging breathing for continuous user authentication, in Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (ACM, 2018), pp. 786–788
R. Murmuria, A. Stavrou, D. Barbará, D. Fleck, Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users, in International Workshop on Recent Advances in Intrusion Detection (Springer, Cham, 2015), pp. 405–424
K. Niinuma, U. Park, A.K. Jain, Soft biometric traits for continuous user authentication. IEEE Trans. Inf. Forensics Secur. 5(4), 771–780 (2010)
Top OWASP, Top 10–2013: the ten most critical web application security risks. The Open Web Application Security Project (2010)
V.M. Patel, R. Chellappa, D. Chandra, B. Barbello, Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Signal Process. Mag. 33(4), 49–61 (2016)
A. Perrig, R. Canetti, J.D. Tygar, D. Song, Efficient authentication and signing of multicast streams over lossy channels, in Proceedings 2000 IEEE Symposium on Security and Privacy, 2000. S&P 2000 (IEEE, 2000), pp. 56–73
M. Saadeh, A. Sleit, K.E. Sabri, W. Almobaideen, Hierarchical architecture and protocol for mobile object authentication in the context of iot smart cities. J. Netw. Comput. Appl. 121, 1–19 (2018)
S.J. Shepherd, Continuous authentication by analysis of keyboard typing characteristics, in Proceedings, European Convention on Security and Detection, 1995 (IET, 1995), pp. 111–114
Z. Sitová, J. Šeděnka, Q. Yang, G. Peng, G. Zhou, P. Gasti, K.S. Balagani, Hmog: new behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Inf. Forensics Secur. 11(5), 877–892 (2016)
E. Al Solami, C. Boyd, A.J. Clark, A.K. Islam, Continuous biometric authentication: can it be more practical?, in 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC) (2010), pp. 647–652
I. Traore, Continuous Authentication Using Biometrics: Data, Models, and Metrics: Data, Models, and Metrics (IGI Global, 2011)
S. Ueda, Y. Shinzaki, H. Shigeno, K.-I. Okada, H. 264/avc stream authentication at the network abstraction layer, in Information Assurance and Security Workshop, 2007. IAW’07. IEEE SMC (IEEE, 2007), pp. 302–308
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Burmester, M., Munilla, J. (2021). Lightweight Stream Authentication for Mobile Objects. In: Tsihrintzis, G., Virvou, M. (eds) Advances in Core Computer Science-Based Technologies. Learning and Analytics in Intelligent Systems, vol 14. Springer, Cham. https://doi.org/10.1007/978-3-030-41196-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-41196-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41195-4
Online ISBN: 978-3-030-41196-1
eBook Packages: EngineeringEngineering (R0)