Annual Computer Security Applications Conference (ACSAC) 2023

Continuous Authentication Using Human-Induced Electric Potential

Most terminal devices authenticate users only once at the time of initial login, leaving the terminal unprotected during an active session when the original user leaves it unattended. To address this issue, continuous authentication has been proposed by automatically locking the terminal after a period of inactivity. However, it does not fully eliminate the risk of unauthorized access before the session expires. Recent research has also investigated the feasibility of using physiological and behavioral patterns as biometrics. This study presents a novel two-factor continuous authentication that explores a new form of signal called human-induced electric potential captured by wearables in contact with the user's body. By analyzing this signal, we can determine the time of user-terminal interactions and compare it with information recorded by the terminal's OS. If the original user remains on the same terminal, the two-source readings would match. Additionally, the proposed scheme includes an extra layer of protection by extracting terminal's physical fingerprints from the human-induced electric potential to defend against advanced mimicry attacks. To test the effectiveness of our design, a low-cost wearable prototype is developed. Through extensive experiments, it is found that the proposed scheme has a low error rate of 2.3%, with minimal computational and energy requirements.

Srinivasan Murali
The University of Texas at Arlington

Wenqiang Jin
Hunan University

Vighnesh Sivaraman
The University of Texas at Arlington

Huadi Zhu
The University of Texas at Arlington

Tianxi Ji
Texas Tech University

Pan Li
Case Western Reserve University

Ming Li
The University of Texas at Arlington

Paper (ACM DL)