Lightweight Stream Authentication for Mobile Objects

  • Mike BurmesterEmail author
  • Jorge Munilla
Part of the Learning and Analytics in Intelligent Systems book series (LAIS, volume 14)


Conventional authentication is a temporal action that takes place at a specific point in time. During the period between this action and when the associated task(s) is (are) executed several events may occur that impact on the task(s), e.g., an authenticated user may take a short break without logging out. This is a vulnerability that may lead to exploits. For applications where such exploits are a concern, authentication should be dynamic with a continuous monitoring loop, where trust is updated while the tasks associated with the authentication are executed. Continuous user authentication addresses this issue by using biometric user traits to monitor user behavior. In this paper we extend this notion for applications where monitoring mobile objects has to be a continuous process, e.g., for liveness probing of unmanned aerial vehicles (UAVs), or to protect UAVs (with WiFi based UAVs an attacker may use a WiFi de-authentication attack to disconnect an authorized operator and then take control of the vehicle while the operator is trying to re-establish connectivity). We propose a lightweight stream authentication scheme for mobile objects that approximates continuous authentication. This only requires the user and object to share a loosely synchronized pseudo-random number generator, and is provably secure.


Stream authentication Continuous authentication Pseudo-random number generators Forward and backward security 


  1. 1.
    M. Abdalla, P.-A. Fouque, D. Pointcheval, Password-based authenticated key exchange in the three-party setting, in Public Key Cryptography—PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Proceedings (2005), pp. 65–84Google Scholar
  2. 2.
    B. Barak, S. Halevi, A model and architecture for pseudo-random generation with applications to/dev/random, in Proceedings of the 12th ACM Conference on Computer and Communications Security (ACM, 2005), pp. 203–212Google Scholar
  3. 3.
    M. Burmester, J. Munilla, Lightweight rfid authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 11 (2011)CrossRefGoogle Scholar
  4. 4.
    M. Frank, R. Biedert, E. Ma, I. Martinovic, D. Song, Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRefGoogle Scholar
  5. 5.
    H. Gascon, S. Uellenbeck, C. Wolf, K. Rieck, Continuous authentication on mobile devices by analysis of typing motion behavior. Sicherheit 2014, 1–12 (2014)CrossRefGoogle Scholar
  6. 6.
    A.J. Klosterman, G.R Ganger, Secure continuous biometric-enhanced authentication. Technical Report, (Carnegie-Mellon University Pittsburgh, PA, Department of Computer Science, 2000)Google Scholar
  7. 7.
    J. Liu, Y. Dong, Y. Chen, Y. Wang, T. Zhao, Poster: leveraging breathing for continuous user authentication, in Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (ACM, 2018), pp. 786–788Google Scholar
  8. 8.
    R. Murmuria, A. Stavrou, D. Barbará, D. Fleck, Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users, in International Workshop on Recent Advances in Intrusion Detection (Springer, Cham, 2015), pp. 405–424Google Scholar
  9. 9.
    K. Niinuma, U. Park, A.K. Jain, Soft biometric traits for continuous user authentication. IEEE Trans. Inf. Forensics Secur. 5(4), 771–780 (2010)Google Scholar
  10. 10.
    Top OWASP, Top 10–2013: the ten most critical web application security risks. The Open Web Application Security Project (2010)Google Scholar
  11. 11.
    V.M. Patel, R. Chellappa, D. Chandra, B. Barbello, Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Signal Process. Mag. 33(4), 49–61 (2016)Google Scholar
  12. 12.
    A. Perrig, R. Canetti, J.D. Tygar, D. Song, Efficient authentication and signing of multicast streams over lossy channels, in Proceedings 2000 IEEE Symposium on Security and Privacy, 2000. S&P 2000 (IEEE, 2000), pp. 56–73Google Scholar
  13. 13.
    M. Saadeh, A. Sleit, K.E. Sabri, W. Almobaideen, Hierarchical architecture and protocol for mobile object authentication in the context of iot smart cities. J. Netw. Comput. Appl. 121, 1–19 (2018)Google Scholar
  14. 14.
    S.J. Shepherd, Continuous authentication by analysis of keyboard typing characteristics, in Proceedings, European Convention on Security and Detection, 1995 (IET, 1995), pp. 111–114Google Scholar
  15. 15.
    Z. Sitová, J. Šeděnka, Q. Yang, G. Peng, G. Zhou, P. Gasti, K.S. Balagani, Hmog: new behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Inf. Forensics Secur. 11(5), 877–892 (2016)Google Scholar
  16. 16.
    E. Al Solami, C. Boyd, A.J. Clark, A.K. Islam, Continuous biometric authentication: can it be more practical?, in 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC) (2010), pp. 647–652Google Scholar
  17. 17.
    I. Traore, Continuous Authentication Using Biometrics: Data, Models, and Metrics: Data, Models, and Metrics (IGI Global, 2011)Google Scholar
  18. 18.
    S. Ueda, Y. Shinzaki, H. Shigeno, K.-I. Okada, H. 264/avc stream authentication at the network abstraction layer, in Information Assurance and Security Workshop, 2007. IAW’07. IEEE SMC (IEEE, 2007), pp. 302–308Google Scholar

Copyright information

© Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.Department of Computer ScienceFlorida State UniversityTallahasseeUSA
  2. 2.Department of Communication EngineeringUniversidad de MálagaMálagaSpain

Personalised recommendations