Two-Dimensional Dynamic Fusion for Continuous Authentication Nuttapong Attrapadung*, Goichiro Hanaoka*, Haochen M. Kotoi-Xie†, Takahiro Matsuda*, Takumi Moriyama†, Takao Murakami‡, Hidenori Nakamura†, Jacob C. N. Schuldt*, Masaaki Tokuyama†, Jing Zhang† Institute of Advanced Industrial Science and Technology (AIST), Japan { n.attrapadung, hanaoka-goichiro, t-matsuda, jacob.schuldt }@aist.go.jp † { kotoi, moriyama, nakamura, tokuyama, j-zhang }@anchorz.co.jp ‡ Institute of Statistical Mathematics (ISM), Japan [email protected] Abstract Continuous authentication has been widely studied to provide high security and usability for mobile devices by continuously monitoring and authenticating users. Recent studies adopt multibiometric fusion for continuous authentication to provide high accuracy even when some of captured biometric data are of a low quality. However, existing continuous fusion approaches are resource-heavy as they rely on all classifiers being activated all the time and may not be suitable for mobile devices. In this paper, we propose a new approach to multibiometric continuous authentication: two-dimensional dynamic fusion. Our key insight is that multibiometric continuous authentication calculates two-dimensional matching scores over classifiers and over time. Based on this, we dynamically select a set of classifiers based on the context in which authentication is taking place, and fuse matching scores by multi-classifier fusion and multi-sample fusion. Through experimental evaluation, we show that our approach provides a better balance between resource usage and accuracy than the existing fusion methods. In particular, we show that our approach provides higher accuracy than the existing methods with the same number of score calculations by adopting multi-sample fusion. Copyright © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. 1. Introduction Mobile devices such as smartphones are ubiquitous in today’s society, and with their increased use, these devices store a large amount of sensitive user data, including photos, passwords, purchase history, banking, and even payment information [1]. While banking and payment information must be protected for obvious reasons, the exposure of other types of personal information can likewise have serious consequences; an IDG Research survey [3] estimated that in the past, a significant fraction of smartphone thefts led to identity theft. This has made malicious smartphone access a significant security risk. However, at the same time, secure user authentication remains a challenging task; the average smartphone user checks his smartphone 96 times a day [2], which makes it impractical to enter highentropy passwords or use a different device for two-factor authentication. Thus, any smartphone authentication mechanism must be efficient and unobtrusive. Moreover, smartphone users frequently unlock their phones in potentially malicious environments, and might leave the smartphone unguarded, e.g., on a table or in a bag from which the phone can easily be stolen. Thus, an authentication model developed for desktop users (i.e., unlock once at the beginning of a session, and lock once the session is done) leaves smartphones vulnerable to attacks while in an unlocked state. Continuous authentication [11] is based on a fundamentally different authentication model in which the user is continuously authenticated via physical and behavioral traits, including direct biometric authentication mechanisms such as facial and voice recognition, but also soft biometrics such as touch patterns, gait, motion, and location information. Modern smartphones feature a wide range of sensors that allow the capture of such input a

more become sufficiently powerful to process this input. This raises the prospect of restructuring user authentication on smartphones based on continuous authentication, potentially bringing both usability and security advantages. The ideal continuous authentication system seamlessly and automatically authenticates the user once he starts using the device, but immediately locks the device once a different user attempts to interact with this. However, realizing a system coming close to this is a challenging task. When the user is not explicitly engaging with an authentication mechanism, the captured...

with the same number of score calculations. Related Works. Continuous authentication [6, 8, 9, 10, 14, 15] has been recently studied to continuously authenticate users based on biometric data. Some of the previous works adopt multibiometric fusion [12] for continuous authentication. For example, Crouse et al. [6] correct the uprightness of face images using a gyroscope, accelerometer, and magnetometer data. Then they fuse the uprightness-corrected face images in a session. Kumar et al. [9] combine typing patterns, swiping gestures, and phone movement patterns for smartphones. Smith-Creasey and...

pin code, fingerprint scan, etc.). In the following subsections, the details of the framework will be described. 2.2. Context-Aware Classifier Scheduling The classifier scheduling algorithm will decide upon the best possible set of classifiers to activate based on an a priori probability estimate for successful authentication (true acceptance rate) for each classifier in a given context (e.g., the performance of facial recognition in different levels of light), and is parameterized by a probability threshold thp . Furthermore, the algorithm is assumed to have access to the resource cost of activating...

AuthWindow(c) Given context c, this algorithm returns an authentication window duration ∆twindow . The fusion algorithm is then implemented by deriving an overall confidence score β of the user being present from all individual authentication results obtained within ∆twindow . We will let H = {Hcid }cid∈S denote the history of all classifier scores, where Hcid = {(α, t)} denotes the list of scores α obtained at time t for each classifier cid ∈ S, and let Hcid [t > t′ ] denote scores obtained at time t′ or later (i.e., Hcid [t > t′ ] = {(α, t) ∈ Hcid : t > t′ }). As illustrated in Figure 2, the...