CORMORANT: Ubiquitous Risk-Aware Multi-Modal Biometric Authentication Across Mobile Devices. Hintze, D., Füller, M., Scholz, S., Findling, R., Muaaz, M., Kapfer, P., & Mayrhofer, E. K. R. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), September, 2019.
doi  abstract   bibtex   
People own and carry an increasing number of ubiquitous mobile devices, such as smartphones, tablets, and notebooks. Being small and mobile, those devices have a high propensity to become lost or stolen. Since mobile devices provide access to their owners’ digital lives, strong authentication is vital to protect sensitive information and services against unauthorized access. However, at least one in three devices is unprotected, with inconvenience of traditional authentication being the paramount reason. We present the concept of CORMORANT , an approach to significantly reduce the manual burden of mobile user verification through risk-aware, multi-modal biometric, cross-device authentication. Transparent behavioral and physiological biometrics like gait, voice, face, and keystroke dynamics are used to continuously evaluate the user’s identity without explicit interaction. The required level of confidence in the user’s identity is dynamically adjusted based on the risk of unauthorized access derived from signals like location, time of day and nearby devices. Authentication results are shared securely with trusted devices to facilitate cross-device authentication for co-located devices. Conducting a large-scale agent-based simulation of 4 000 users based on more than 720 000 days of real-world device usage traces and 6.7 million simulated robberies and thefts sourced from police reports, we found the proposed approach is able to reduce the frequency of password entries required on smartphones by 97.82% whilst simultaneously reducing the risk of unauthorized access in the event of a crime by 97.72%, compared to conventional knowledge-based authentication.
@article{Hintze_2019_Ubicomp,
  author = {Daniel Hintze and Matthias F\"uller and Sebastian Scholz and Rainhard Findling and Muhammad Muaaz and Philipp Kapfer and Eckhard Kochand Ren\'{e} Mayrhofer},
  journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT)},
  title = {CORMORANT: Ubiquitous Risk-Aware Multi-Modal Biometric Authentication Across Mobile Devices},
  year = {2019},
  month = sep,
  abstract = {People own and carry an increasing number of ubiquitous mobile devices, such as smartphones, tablets, and notebooks. Being
small and mobile, those devices have a high propensity to become lost or stolen. Since mobile devices provide access to their
owners’ digital lives, strong authentication is vital to protect sensitive information and services against unauthorized access.
However, at least one in three devices is unprotected, with inconvenience of traditional authentication being the paramount
reason. We present the concept of CORMORANT , an approach to significantly reduce the manual burden of mobile user
verification through risk-aware, multi-modal biometric, cross-device authentication. Transparent behavioral and physiological
biometrics like gait, voice, face, and keystroke dynamics are used to continuously evaluate the user’s identity without explicit
interaction. The required level of confidence in the user’s identity is dynamically adjusted based on the risk of unauthorized
access derived from signals like location, time of day and nearby devices. Authentication results are shared securely with
trusted devices to facilitate cross-device authentication for co-located devices. Conducting a large-scale agent-based simulation
of 4 000 users based on more than 720 000 days of real-world device usage traces and 6.7 million simulated robberies and thefts
sourced from police reports, we found the proposed approach is able to reduce the frequency of password entries required on
smartphones by 97.82% whilst simultaneously reducing the risk of unauthorized access in the event of a crime by 97.72%,
compared to conventional knowledge-based authentication.
},
doi={10.1145/2800835.2800906},
group = {ambience}}

Downloads: 0