2015 IPFW Student Research and Creative Endeavor Symposium



Download Full Text (529 KB)

Faculty Sponsor

Dr. Anyi Liu


Department of Computer Science

University Affiliation

Indiana University – Purdue University Fort Wayne


User authentication is a crucial and vital part of modern computer systems and a fundamental issue of information security. For decades, most user authentication schemes used traditional username/password-based authentication, which demonstrates more disadvantages than advantages. Its drawbacks are obvious: weak passwords make the authentication system vulnerable to brute-force attacks and dictionary attacks, in which adversaries either randomly or systematically guess user’s password; and improperly stored passwords are prone to theft or tampering. Although mobile devices such as smartphones and wearables have become a recent trend, little change has been made to the traditional authentication technique. A more efficient, reliable, and user-friendly authentication scheme is needed to authenticate the identity of users. In this project, we present a new user-behavior-based authentication scheme (UBAS), which completely removes password authentication. Our scheme can determine if it is appropriate to grant a user access as the user navigates to a predefined geographical location on a digital map by using standard zooming, rotating and panning operations. The key technology behind our scheme is that it constructs the user’s behavior profile by modeling user’s fingers movement. Access will be granted to the legitimate user who not only knows the secret location, but also uses application in his or her unique and personal way. To do that, we have proposed a metric that is capable of detecting abnormal behaviors of intruders. The metric utilizes machine learning algorithms to create a profile for each legitimate user based on their behaviors.

The metric has the following advantages: 1) the probability of detecting normal user, as well as intruders who attempt to fool the authentication scheme are high; 2) the probability of mistakenly grant access to intruders is extremely low. Our experiments show that both the storage overhead that saves the user’s profile and the computational overhead that validate user’s identity are extremely low. It holds great promise for current mobile applications and wearable devices, where a user’s behavior data is considered as an important metric to discovery knowledge and hidden information.


Computer Sciences | Physical Sciences and Mathematics

A Novel Behavior-Based User Authentication Scheme