This research is developing methods that leverage a multitude of sensors embedded in hand-held and wearable devices (e.g., smart watches, smart glasses and brain-computer interfaces) for strong user authentication to smart phones. The current point-of-entry solutions, largely based on weak static credentials, such as passwords or PINs for authentication to smart phones are not sufficient because once such credentials are compromised (which is very likely given the many vulnerabilities of passwords), the attacker may gain unfettered access to the smart phone. In this light, it becomes necessary to constantly protect the smart phone even after the attacker has already bypassed the point-of-entry authentication functionality. This research aims to address this problem by developing methods through which cues extracted from one or more wearable devices will be used in conjunction with cues extracted from the phone itself to continuously and unobtrusively verify the authenticity of the user. In addition to advancing knowledge on how wearable devices can help improve smart phone security, the research will have a number of other broader impacts including, mentoring of undergraduate students, outreach to high school and K-12 students and minority populations, and technology transfer by collaborating with manufacturers and industrial consortia.
The principal argument underlying this research is that, given the rise of sensor-equipped and wearable computing, a wide array of identifying cues might be available in many circumstances and can therefore be leveraged to build user-friendly and spoof-resistant smart phone authentication systems. The overarching approach is to not only capture explicit user interactions (based on touch screen sensors) when applicable, but also capture implicit user interactions based on a conglomeration of a multitude of smart phone on-board sensors as well as wearable device sensors. The on-board sensors are inertial (motion and orientation) sensors residing on the smart phone itself and measure users' implicit interactions with the phone, specifically, phone movements, tilts and orientations. The wearable sensors, in contrast, are inertial and neuro-physiological sensors residing on "collaborating" wearable devices, "paired" with the smart phone, and measure user's interactions with those devices, specifically, movement dynamics associated with different body parts, and neuro-physiological patterns. The project is studying how the use of such multi-faceted cues can yield a smart phone authentication system that is robust against accidental errors as well as deliberate spoofing attacks.