A Framework for BYOD Continuous Authentication: Case Study with Soft-Keyboard Metrics for Healthcare Environment | SpringerLink
Skip to main content
Springer Nature Link
Log in

A Framework for BYOD Continuous Authentication: Case Study with Soft-Keyboard Metrics for Healthcare Environment

  • Conference paper
  • First Online:
Applied Informatics (ICAI 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1277))

Included in the following conference series:

  • 867 Accesses

Abstract

Mobile authentication is a hot topic because organizations can adopt BYOD (bring your own device) policies that allow to use personal devices, rather than require the use of officially provided devices. However, this brings additional access control issues like intentional or unintentional unauthorized uses of devices (e.g., stealing a mobile phone) that may eventually result in access to sensitive information. Continuous authentication (CA) aims to mitigate and provide a solution to access control by monitoring user activity. CA can then be particularly useful in mobile BYOD environments. However, each CA solution has to be implemented and integrated ad-hoc and tailored for each particular information system that wants to use it. This paper presents a modular, extensible framework for CA that enables to integrate new agents and models to implement access control with mobile devices. The framework includes three main types of components: Endpoint Detection and Response (EDR) Agents that run on the mobile device to gather user metrics and evaluate user’s trust, APIs that collect information and return trustworthiness levels of users, and AI models that predict the trust of users. The framework also integrates authorized third parties that can ask for trust levels of individual users and are responsible for implementing the resulting security measures like raising alerts. The architecture is demonstrated in a healthcare environment which is part of the ProTego project. The proof-of-concept implements a mobile EDR agent and AI model based on the soft-keyboard input data collected on the mobile phone.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 11439
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 14299
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Miller, K.W., Voas, J., Hurlburt, G.F.: BYOD: security and privacy considerations. IT Prof. 14(5), 53–55 (2012)

    Article  Google Scholar 

  2. Sequeiros, J.B.F., Chimuco, F.T., Samaila, M.G., Freire, M.M., Inácio, P.R.M.: Attack and system modeling applied to IoT, cloud, and mobile ecosystems. ACM Comput. Surv. 53(2), 1–32 (2020)

    Article  Google Scholar 

  3. Shuwandy, Moceheb Lazam., Zaidan, B.B., Zaidan, A.A., Albahri, A.S.: Sensor-based mhealth authentication for real-time remote healthcare monitoring system: a multilayer systematic review. J. Med. Syst. 43(2), 1–30 (2019). https://doi.org/10.1007/s10916-018-1149-5

    Article  Google Scholar 

  4. Zhang, Y., Gravina, R., Lu, H., Villari, M., Fortino, G.: PEA: parallel electrocardiogram-based authentication for smart healthcare systems. J. Netw. Comput. Appl. 117, 10–16 (2018)

    Article  Google Scholar 

  5. Mondal, S., Bours, P.: Continuous authentication using mouse dynamics. In: 2013 International Conference of the BIOSIG Special Interest Group (BIOSIG) (2013)

    Google Scholar 

  6. Shepherd, S.J.: Continuous authentication by analysis of keyboard typing characteristics. In: European Convention on Security and Detection (1995)

    Google Scholar 

  7. Pisani, Paulo Henrique, Lorena, Ana Carolina: A systematic review on keystroke dynamics. J. Braz. Comput. Soc. 19(4), 573–587 (2013). https://doi.org/10.1007/s13173-013-0117-7

    Article  Google Scholar 

  8. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)

    Article  Google Scholar 

  9. Siirtola, P., Komulainen, J., Kellokumpu, V.: Effect of context in swipe gesture-based continuous authentication on smartphones. In: European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning, Bruges (Belgium). pp. 639–644 (2018)

    Google Scholar 

  10. Gascon, H., Uellenbeck, S., Wolf, C., Rieck, K.: Continuous authentication on mobile devices by analysis of typing motion behavior. In: Proceedings of GI Conference “Sicherheit” (Sicherheit, Schutz und Verlässlichkeit), Vienna (2014)

    Google Scholar 

  11. Sitová, Z., Šeděnka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., Balagani, K.S.: HMOG: new behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Inf. Forensics Secur. 11(5), 877–892 (2016)

    Article  Google Scholar 

  12. Basar, O.E., Alptekin, G., Volaka, H.C., Isbilen, M., Incel, O.D.: Resource usage analysis of a mobile banking application using sensor-and-touchscreen-based continuous authentication. Procedia Comput. Sci. 155, 185–192 (2019)

    Article  Google Scholar 

  13. Katevas, K., Haddadi, H., Tokarchuk, L.: SensingKit: a multi-platform mobile sensing framework for large-scale experiments. In: Proceedings of the 20th Annual International Conference on Mobile Computing and Networking, MobiCom 2014. Association for Computing Machinery, Maui Hawaii, pp. 375–378 (2014)

    Google Scholar 

  14. Bonastre, J.-F., Bimbot, F., Boe, L.-J., Magrin-Chagnolleau, I.: Person authentication by voice: a need for caution. In: 8th European Conference on Speech Communication and Technology, EUROSPEECH 2003 - INTERSPEECH 2003, Geneva, Switzerland (2003)

    Google Scholar 

  15. ProTego: Data-protection toolkit reducing risks in hospitals and care centers. ProTego project. https://protego-project.eu/. Accessed 10th June 2020

  16. Isolani, P.H., et al.: Airtime-based resource allocation modeling for network slicing in IEEE 802.11 RANs. IEEE Commun. Lett. 24(5), 1077–1080 (2020)

    Google Scholar 

  17. Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. Association for Computing Machinery: Chicago, Illinois, USA, pp. 113–124 (2011)

    Google Scholar 

Download references

Acknowledgments

This project has received funding from the European Union’s Horizon 2020 Research and innovation programme under grant agreement No. 826284.

Author information

Authors and Affiliations

  1. Departamento de Ciencias de la Computación, Universidad de Alcalá. Edificio Politécnico. Campus Universitario, Ctra. Madrid-Barcelona km, 33, 600, Alcalá de Henares. Madrid, Spain

    Luis de-Marcos, Carlos Cilleruelo, Javier Junquera-Sánchez & José-Javier Martínez-Herráiz

Authors
  1. Luis de-Marcos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carlos Cilleruelo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Javier Junquera-Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José-Javier Martínez-Herráiz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luis de-Marcos .

Editor information

Editors and Affiliations

  1. Universidad Distrital Francisco Jose de Caldas, Bogota, Colombia

    Hector Florez

  2. Covenant University, Ota, Nigeria

    Sanjay Misra

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

de-Marcos, L., Cilleruelo, C., Junquera-Sánchez, J., Martínez-Herráiz, JJ. (2020). A Framework for BYOD Continuous Authentication: Case Study with Soft-Keyboard Metrics for Healthcare Environment. In: Florez, H., Misra, S. (eds) Applied Informatics. ICAI 2020. Communications in Computer and Information Science, vol 1277. Springer, Cham. https://doi.org/10.1007/978-3-030-61702-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61702-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61701-1

  • Online ISBN: 978-3-030-61702-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation