Publication: Impact of injection attacks on sensor-based continuous authentication for smartphones
Loading...
Identifiers
Publication date
2020-11-01
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Elsevier
Impact
Export
Abstract
Given the relevance of smartphones for accessing personalized services in smart cities, Continuous Authentication (CA) mechanisms are attracting attention to avoid impersonation attacks. Some of them leverage Data Stream Mining (DSM) techniques applied over sensorial information. Injection attacks can undermine the effectiveness of DSM-based CA by fabricating artificial sensorial readings. The goal of this paper is to study the impact of injection attacks in terms of accuracy and immediacy to illustrate the time the adversary remains unnoticed. Two well-known DSM techniques (K-Nearest Neighbours and Hoeffding Adaptive Trees) and three data sources (location, gyroscope and accelerometer) are considered due to their widespread usage Results show that even if the attacker does not previously know anything about the victim, a significant attack surface arises - 1.35 min are needed, in the best case, to detect the attack on gyroscope and accelerometer and 7.27 min on location data. Moreover, we show that the type of sensor at stake and configuration settings may have a dramatic effect on countering this threat.
Description
Keywords
continuous authentication (CA), data stream mining, injection attacks, smartphones
Bibliographic citation
González-Manzano, L., Mahbub, U., Fuentes, J.M., Chellapa, R. (2020). Impact of injection attacks on sensor-based continuous authentication for smartphones. Computer Communications, 163, pp. 150-161. https://doi.org/10.1016/j.comcom.2020.08.022