• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.8
• /
• pp.4076-4092
• /
• 2019

Nowadays, most users access internet through mobile applications. The common way to authenticate users through websites forms is using passwords; while they are efficient procedures, they are subject to guessed or forgotten and many other problems. Additional multi modal authentication procedures are needed to improve the security. Behavioral authentication is a way to authenticate people based on their typing behavior. It is used as a second factor authentication technique beside the passwords that will strength the authentication effectively. Keystroke dynamic rhythm is one of these behavioral authentication methods. Keystroke dynamics relies on a combination of features that are extracted and processed from typing behavior of users on the touched screen and smart mobile users. This Research presents a novel analysis in the keystroke dynamic authentication field using two features categories: timing and no timing combined features. The proposed model achieved lower error rate of false acceptance rate with 0.1%, false rejection rate with 0.8%, and equal error rate with 0.45%. A comparison in the performance measures is also given for multiple datasets collected in purpose to this research.

• Journal of Korea Multimedia Society
• /
• v.17 no.8
• /
• pp.968-976
• /
• 2014

Authentication methods on smartphone are demanded to be implicit to users with minimum users' interaction. Existing authentication methods (e.g. PINs, passwords, visual patterns, etc.) are not effectively considering remembrance and privacy issues. Behavioral biometrics such as keystroke dynamics and gait biometrics can be acquired easily and implicitly by using integrated sensors on smartphone. We propose a biometric model involving keystroke dynamics for implicit authentication on smartphone. We first design a feature extraction method for keystroke dynamics. And then, we build a fusion model of keystroke dynamics and gait to improve the authentication performance of single behavioral biometric on smartphone. We operate the fusion at both feature extraction level and matching score level. Experiment using linear Support Vector Machines (SVM) classifier reveals that the best results are achieved with score fusion: a recognition rate approximately 97.86% under identification mode and an error rate approximately 1.11% under authentication mode.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.127-137
• /
• 2019

The growth in smartphone service has given rise to an increase in frequency and importance of authentication. Existing smartphone authentication mechanisms such as passwords, pattern lock and fingerprint recognition require a high level of awareness and authenticate users temporarily with a point-of-entry techniques. To overcome these disadvantages, there have been active researches in behavior-based authentication. However, previous studies focused on enhancing the accuracy of the authentication. Since authentication is directly used by people, it is necessary to reflect actual users' perception. This paper proposes user perception on behavior-based authentication with feature analysis. We conduct user survey to empirically understand user perception regarding behavioral authentication with selected authentication features. Then, we analyze acceptance of the behavioral authentication to provide continuous authentication with minimal awareness while using the device.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2529-2549
• /
• 2023

For effectively lowering down the risk of cyber threating, the zero-trust architecture (ZTA) has been gradually deployed to the fields of smart city, Internet of Things, and cloud computing. The main concept of ZTA is to maintain a distrustful attitude towards all devices, identities, and communication requests, which only offering the minimum access and validity. Unfortunately, adopting the most secure and complex multifactor authentication has brought enterprise and employee a troublesome and unfriendly burden. Thus, authors aim to incorporate machine learning technology to build an employee behavior analysis ZTA. The new framework is characterized by the ability of adjusting the difficulty of identity verification through the user behavioral patterns and the risk degree of the resource. In particular, three key factors, including one-time password, face feature, and authorization code, have been applied to design the adaptive multifactor continuous authentication system. Simulations have demonstrated that the new work can eliminate the necessity of maintaining a heavy authentication and ensure an employee-friendly experience.

• Electronics and Telecommunications Trends
• /
• v.33 no.1
• /
• pp.57-67
• /
• 2018

Modern users are intensifying their use of online services every day. In addition, hackers are attempting to execute advanced attacks to steal personal information protected using existing authentication technologies. However, existing authentication methods require an explicit authentication procedure for the user, and do not conduct identity verification in the middle of the authentication session. In this paper, we introduce an implicit continuous authentication technology to overcome the limitations of existing authentication technology. Implicit continuous authentication is a technique for continuously authenticating users without explicit intervention by utilizing their behavioral and environmental information. This can improve the level of security by verifying the user's identity during the authentication session without the burden of an explicit authentication procedure. In addition, we briefly introduce the definition, key features, applicable algorithms, and recent research trends for various authentication technologies that can be used as an implicit continuous authentication technology.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.

• Journal of Information Technology Applications and Management
• /
• v.27 no.2
• /
• pp.1-21
• /
• 2020

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.11
• /
• pp.125-136
• /
• 2013

In this paper, we proposed SSL VPN-based network access control technology which can verify user authentication and integrity of user terminal. Using this technology, user can carry out a safety test to check security services such as security patch and virus vaccine for user authentication and user terminal, during the VPN-based access to an internal network. Moreover, this system protects a system from external security threats, by detecting malicious codes, based on behavioral patterns from user terminal's window API information, and comparing the similarity of sequential patterns to improve the reliability of detection.

• Journal of information and communication convergence engineering
• /
• v.18 no.2
• /
• pp.132-146
• /
• 2020

Biometric technologies have become widely available in many different fields. However, biometric technologies using existing physical features such as fingerprints, facial features, irises, and veins must consider forgery and alterations targeting them through fraudulent physical characteristics such as fake fingerprints. Thus, a trend toward next-generation biometric technologies using behavioral biometrics of a living person, such as bio-signals and walking characteristics, has emerged. Accordingly, in this study, we developed a bio-signal authentication algorithm using electrocardiogram (ECG) signals, which are the most uniquely identifiable form of bio-signal available. When using ECG signals with our system, the personal identification and authentication accuracy are approximately 90% during a state of rest. When using fingerprints alone, the equal error rate (EER) is 0.243%; however, when fusing the scores of both the ECG signal and fingerprints, the EER decreases to 0.113% on average. In addition, as a function of detecting a presentation attack on a mobile phone, a method for rejecting a transaction when a fake fingerprint is applied was successfully implemented.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.187-194
• /
• 2021

This paper presents a margin-based face liveness detection method with behavioral confirmation to prevent spoofing attacks using deep learning techniques. The proposed method provides a possibility to prevent biometric person authentication systems from replay and printed spoofing attacks. For this work, a set of real face images and fake face images was collected and a face liveness detection model is trained on the constructed dataset. Traditional face liveness detection methods exploit the face image covering only the face regions of the human head image. However, outside of this region of interest (ROI) might include useful features such as phone edges and fingers. The proposed face liveness detection method was experimentally tested on the author's own dataset. Collected databases are trained and experimental results show that the trained model distinguishes real face images and fake images correctly.