DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application
Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry aut...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9367144/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846128653085179904 |
|---|---|
| author | Ozlem Durmaz Incel Secil Gunay Yasemin Akan Yunus Barlas Okan Engin Basar Gulfem Isiklar Alptekin Mustafa Isbilen |
| author_facet | Ozlem Durmaz Incel Secil Gunay Yasemin Akan Yunus Barlas Okan Engin Basar Gulfem Isiklar Alptekin Mustafa Isbilen |
| author_sort | Ozlem Durmaz Incel |
| collection | DOAJ |
| description | Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user’s behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average. |
| format | Article |
| id | doaj-art-fb1d3ee8737e46ddb3a43a6069b9d895 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2021-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-fb1d3ee8737e46ddb3a43a6069b9d8952024-12-11T00:02:12ZengIEEEIEEE Access2169-35362021-01-019389433896010.1109/ACCESS.2021.30634249367144DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking ApplicationOzlem Durmaz Incel0https://orcid.org/0000-0002-6229-7343Secil Gunay1https://orcid.org/0000-0002-0612-7593Yasemin Akan2Yunus Barlas3Okan Engin Basar4https://orcid.org/0000-0001-9393-0781Gulfem Isiklar Alptekin5Mustafa Isbilen6https://orcid.org/0000-0003-2666-8562Department of Computer Engineering, Galatasaray University, Istanbul, TurkeyDepartment of Computer Engineering, Galatasaray University, Istanbul, TurkeyDepartment of Computer Engineering, Galatasaray University, Istanbul, TurkeyYapı Kredi Teknoloji Istanbul, Istanbul, TurkeyDepartment of Computer Engineering, Galatasaray University, Istanbul, TurkeyDepartment of Computer Engineering, Galatasaray University, Istanbul, TurkeyYapı Kredi Teknoloji Istanbul, Istanbul, TurkeyAuthenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user’s behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average.https://ieeexplore.ieee.org/document/9367144/Behavioral biometricscontinuous authenticationmobile applicationsmobile sensingsensor-based authenticationsmartphone authentication |
| spellingShingle | Ozlem Durmaz Incel Secil Gunay Yasemin Akan Yunus Barlas Okan Engin Basar Gulfem Isiklar Alptekin Mustafa Isbilen DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application IEEE Access Behavioral biometrics continuous authentication mobile applications mobile sensing sensor-based authentication smartphone authentication |
| title | DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application |
| title_full | DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application |
| title_fullStr | DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application |
| title_full_unstemmed | DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application |
| title_short | DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application |
| title_sort | dakota sensor and touch screen based continuous authentication on a mobile banking application |
| topic | Behavioral biometrics continuous authentication mobile applications mobile sensing sensor-based authentication smartphone authentication |
| url | https://ieeexplore.ieee.org/document/9367144/ |
| work_keys_str_mv | AT ozlemdurmazincel dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication AT secilgunay dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication AT yaseminakan dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication AT yunusbarlas dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication AT okanenginbasar dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication AT gulfemisiklaralptekin dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication AT mustafaisbilen dakotasensorandtouchscreenbasedcontinuousauthenticationonamobilebankingapplication |