DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application

Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry aut...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2021, Vol.9, p.38943-38960
Hauptverfasser: Incel, Ozlem Durmaz, Gunay, Secil, Akan, Yasemin, Barlas, Yunus, Basar, Okan Engin, Alptekin, Gulfem Isiklar, Isbilen, Mustafa
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 38960
container_issue
container_start_page 38943
container_title IEEE access
container_volume 9
creator Incel, Ozlem Durmaz
Gunay, Secil
Akan, Yasemin
Barlas, Yunus
Basar, Okan Engin
Alptekin, Gulfem Isiklar
Isbilen, Mustafa
description Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user's behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average.
doi_str_mv 10.1109/ACCESS.2021.3063424
format Article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9367144</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9367144</ieee_id><doaj_id>oai_doaj_org_article_fb1d3ee8737e46ddb3a43a6069b9d895</doaj_id><sourcerecordid>2501945323</sourcerecordid><originalsourceid>FETCH-LOGICAL-c548t-2c2ddd6f938d8716d0acb6ab7a9cab52155411219cfe689866a7beb423e665353</originalsourceid><addsrcrecordid>eNpNUctu2zAQFIoUaJDkC3wh0LMcviX2pqhJGzRFDnbPBB8rR65LuqR0yN-XrowgxALcXc7MLjFVtSJ4TQhWt13f3282a4opWTMsGaf8Q3VJiVQ1E0xevMs_VTc573E5bWmJ5rLSX7sfz9vuC9pAyDEhEzzaxtm9oI1LAKG-Mxk86mOYxjDHOaNunl6gVM5MYwyohEE_ox0PgO5M-D2GHeqOx8P5_br6OJhDhpvzfVX9erjf9t_rp-dvj333VDvB26mmjnrv5aBY69uGSI-Ns9LYxihnrKBECE4IJcoNIFvVSmkaC5ZTBlKK8rWr6nHR9dHs9TGNf0x61dGM-n8jpp02qSx9AD1Y4hlA27AGuPTeMsOZkVgqq3yrTlqfF61jin9nyJPexzmFsr6mAhPFBaOsoNiCcinmnGB4m0qwPhmjF2P0yRh9NqawVgtrBIA3hmKyIZyzf_-QiGI</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2501945323</pqid></control><display><type>article</type><title>DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application</title><source>Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><source>IEEE Xplore Open Access Journals</source><creator>Incel, Ozlem Durmaz ; Gunay, Secil ; Akan, Yasemin ; Barlas, Yunus ; Basar, Okan Engin ; Alptekin, Gulfem Isiklar ; Isbilen, Mustafa</creator><creatorcontrib>Incel, Ozlem Durmaz ; Gunay, Secil ; Akan, Yasemin ; Barlas, Yunus ; Basar, Okan Engin ; Alptekin, Gulfem Isiklar ; Isbilen, Mustafa</creatorcontrib><description>Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user's behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3063424</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Authentication ; Banking ; Behavioral biometrics ; Biological system modeling ; Biometrics ; continuous authentication ; Data models ; Interactive computer systems ; mobile applications ; Mobile commerce ; mobile sensing ; Motion sensors ; Online banking ; Passwords ; sensor-based authentication ; smartphone authentication ; Touch screens ; Touch sensitive screens</subject><ispartof>IEEE access, 2021, Vol.9, p.38943-38960</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c548t-2c2ddd6f938d8716d0acb6ab7a9cab52155411219cfe689866a7beb423e665353</citedby><cites>FETCH-LOGICAL-c548t-2c2ddd6f938d8716d0acb6ab7a9cab52155411219cfe689866a7beb423e665353</cites><orcidid>0000-0001-9393-0781 ; 0000-0002-0612-7593 ; 0000-0002-6229-7343 ; 0000-0003-2666-8562</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9367144$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Incel, Ozlem Durmaz</creatorcontrib><creatorcontrib>Gunay, Secil</creatorcontrib><creatorcontrib>Akan, Yasemin</creatorcontrib><creatorcontrib>Barlas, Yunus</creatorcontrib><creatorcontrib>Basar, Okan Engin</creatorcontrib><creatorcontrib>Alptekin, Gulfem Isiklar</creatorcontrib><creatorcontrib>Isbilen, Mustafa</creatorcontrib><title>DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application</title><title>IEEE access</title><addtitle>Access</addtitle><description>Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user's behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average.</description><subject>Algorithms</subject><subject>Authentication</subject><subject>Banking</subject><subject>Behavioral biometrics</subject><subject>Biological system modeling</subject><subject>Biometrics</subject><subject>continuous authentication</subject><subject>Data models</subject><subject>Interactive computer systems</subject><subject>mobile applications</subject><subject>Mobile commerce</subject><subject>mobile sensing</subject><subject>Motion sensors</subject><subject>Online banking</subject><subject>Passwords</subject><subject>sensor-based authentication</subject><subject>smartphone authentication</subject><subject>Touch screens</subject><subject>Touch sensitive screens</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUctu2zAQFIoUaJDkC3wh0LMcviX2pqhJGzRFDnbPBB8rR65LuqR0yN-XrowgxALcXc7MLjFVtSJ4TQhWt13f3282a4opWTMsGaf8Q3VJiVQ1E0xevMs_VTc573E5bWmJ5rLSX7sfz9vuC9pAyDEhEzzaxtm9oI1LAKG-Mxk86mOYxjDHOaNunl6gVM5MYwyohEE_ox0PgO5M-D2GHeqOx8P5_br6OJhDhpvzfVX9erjf9t_rp-dvj333VDvB26mmjnrv5aBY69uGSI-Ns9LYxihnrKBECE4IJcoNIFvVSmkaC5ZTBlKK8rWr6nHR9dHs9TGNf0x61dGM-n8jpp02qSx9AD1Y4hlA27AGuPTeMsOZkVgqq3yrTlqfF61jin9nyJPexzmFsr6mAhPFBaOsoNiCcinmnGB4m0qwPhmjF2P0yRh9NqawVgtrBIA3hmKyIZyzf_-QiGI</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Incel, Ozlem Durmaz</creator><creator>Gunay, Secil</creator><creator>Akan, Yasemin</creator><creator>Barlas, Yunus</creator><creator>Basar, Okan Engin</creator><creator>Alptekin, Gulfem Isiklar</creator><creator>Isbilen, Mustafa</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0001-9393-0781</orcidid><orcidid>https://orcid.org/0000-0002-0612-7593</orcidid><orcidid>https://orcid.org/0000-0002-6229-7343</orcidid><orcidid>https://orcid.org/0000-0003-2666-8562</orcidid></search><sort><creationdate>2021</creationdate><title>DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application</title><author>Incel, Ozlem Durmaz ; Gunay, Secil ; Akan, Yasemin ; Barlas, Yunus ; Basar, Okan Engin ; Alptekin, Gulfem Isiklar ; Isbilen, Mustafa</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c548t-2c2ddd6f938d8716d0acb6ab7a9cab52155411219cfe689866a7beb423e665353</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Authentication</topic><topic>Banking</topic><topic>Behavioral biometrics</topic><topic>Biological system modeling</topic><topic>Biometrics</topic><topic>continuous authentication</topic><topic>Data models</topic><topic>Interactive computer systems</topic><topic>mobile applications</topic><topic>Mobile commerce</topic><topic>mobile sensing</topic><topic>Motion sensors</topic><topic>Online banking</topic><topic>Passwords</topic><topic>sensor-based authentication</topic><topic>smartphone authentication</topic><topic>Touch screens</topic><topic>Touch sensitive screens</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Incel, Ozlem Durmaz</creatorcontrib><creatorcontrib>Gunay, Secil</creatorcontrib><creatorcontrib>Akan, Yasemin</creatorcontrib><creatorcontrib>Barlas, Yunus</creatorcontrib><creatorcontrib>Basar, Okan Engin</creatorcontrib><creatorcontrib>Alptekin, Gulfem Isiklar</creatorcontrib><creatorcontrib>Isbilen, Mustafa</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Incel, Ozlem Durmaz</au><au>Gunay, Secil</au><au>Akan, Yasemin</au><au>Barlas, Yunus</au><au>Basar, Okan Engin</au><au>Alptekin, Gulfem Isiklar</au><au>Isbilen, Mustafa</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>38943</spage><epage>38960</epage><pages>38943-38960</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Authenticating a user in the right way is essential to IT systems, where the risks are becoming more and more complex. Especially in the mobile world, banking applications are among the most delicate systems requiring strict rules and regulations. Existing approaches often require point-of-entry authentication accompanied by a one-time password as a second-factor authentication. However, this requires active participation of the user and there is continuous authentication during a session. In this paper, we investigate whether it is possible to continuously authenticate users via behavioral biometrics with a certain performance on a mobile banking application. A currently used mobile banking application in Turkey is chosen as the case, and we developed a continuous authentication scheme, named DAKOTA, on top of this application. The DAKOTA system records data from the touch screen and the motion sensors on the phone to monitor and model the user's behavioral patterns. Forty-five participants completed the predefined banking transactions. This data is used to train seven different classification algorithms. The results reveal that binary-SVM with RBF kernel reaches the lowest error scores, 3.5% equal error rate (EER). Using the end-to-end DAKOTA system, we investigate the performance in real-time, both in terms of authentication accuracy and resource usage. We show that it does not bring extra overhead in terms of power and memory usage compared to the original banking application and we can achieve a 90% true positive recognition rate, on average.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3063424</doi><tpages>18</tpages><orcidid>https://orcid.org/0000-0001-9393-0781</orcidid><orcidid>https://orcid.org/0000-0002-0612-7593</orcidid><orcidid>https://orcid.org/0000-0002-6229-7343</orcidid><orcidid>https://orcid.org/0000-0003-2666-8562</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2021, Vol.9, p.38943-38960
issn 2169-3536
2169-3536
language eng
recordid cdi_ieee_primary_9367144
source Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals; IEEE Xplore Open Access Journals
subjects Algorithms
Authentication
Banking
Behavioral biometrics
Biological system modeling
Biometrics
continuous authentication
Data models
Interactive computer systems
mobile applications
Mobile commerce
mobile sensing
Motion sensors
Online banking
Passwords
sensor-based authentication
smartphone authentication
Touch screens
Touch sensitive screens
title DAKOTA: Sensor and Touch Screen-Based Continuous Authentication on a Mobile Banking Application
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T06%3A55%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DAKOTA:%20Sensor%20and%20Touch%20Screen-Based%20Continuous%20Authentication%20on%20a%20Mobile%20Banking%20Application&rft.jtitle=IEEE%20access&rft.au=Incel,%20Ozlem%20Durmaz&rft.date=2021&rft.volume=9&rft.spage=38943&rft.epage=38960&rft.pages=38943-38960&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3063424&rft_dat=%3Cproquest_ieee_%3E2501945323%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2501945323&rft_id=info:pmid/&rft_ieee_id=9367144&rft_doaj_id=oai_doaj_org_article_fb1d3ee8737e46ddb3a43a6069b9d895&rfr_iscdi=true