Newswise — Commonly accepted ways to authenticate, or verify, a smartphone user’s identity, like PINs, passwords, and fingerprint scans, offer limited security. They are often easy to guess or capture, and are essentially ineffective if users are separated from their device post-login, such as through loss or theft. More secure ways to authenticate user identity raise security and privacy concerns as they can expose personal identifiable data. Managing those concerns to protect privacy requires a great deal of power, quickly depleting the smartphone’s battery. To find a solution to these challenges, Paolo Gasti, Ph.D., assistant professor of Computer Science at NYIT, and a team of researchers has been awarded nearly $300,000 from the National Science Foundation (NSF) for the research project: “Towards Energy-Efficient Privacy-Preserving Active Authentication of Smartphone Users.” Gasti is a principal investigator for this project, along with Kiran Balagani, Ph.D., assistant professor of Computer Science at NYIT; Gang Zhou, Ph.D., associate professor of Computer Science, The College of William & Mary; and graduate and undergraduate students from NYIT’s School of Engineering and Computing Sciences. “The primary goal of our research is to investigate new techniques to significantly reduce the energy cost of privacy-preserving protocols for active, or continuous, authentication of smartphone users,” said Gasti. “Our research focus is in sharp contrast with existing techniques and protocols, which have been largely agnostic to energy consumption patterns and to the user’s possession of the smartphone post-authentication. The outcome of this project is a suite of new techniques and protocols that enable secure energy-efficient continuous authentication of smartphone users.”

"This project is another proof of NYIT's leadership in the area of cybersecurity. The scientific merit is in the authentication of smartphones through the collection of behavioral biometric information in a sustainable, energy-efficient manner. The research will also have numerous applications, especially in the design of medical devices and body sensor networks," said Nada Marie Anid, Ph.D., dean, NYIT School of Engineering and Computing Sciences.

Secure ways to verify the identity of smartphone users include behaviors and traits unique to the user, such as touchscreen interaction, hand movements, gait, voice, and phone location. However, these techniques can raise significant privacy and security concerns as such behaviors represent personal identifiable data and can expose information such as user activity, health, and location. And, because smartphones can easily be lost or stolen, all sensitive behavioral information collected and processed on them needs to be protected.

As such, the research project also will focus on novel techniques for securely offloading data related to active authentication from the smartphone to the cloud or other outsourcing party, further reducing the energy burden on the battery. According to Gasti, the ultimate goal of the proposed research is to make privacy-preserving active authentication practical on smartphones, from both energy and device performance perspectives. This research project is expected to pave the way for widespread adoption of active authentication technologies by making them secure and private, as well as energy efficient. Healthcare-oriented body sensor networks are currently smartphone-centered, so the research on active authentication performed in this project is expected to provide tangible benefits to the healthcare community. For example, current research prototypes of body sensor networks rely on smartphones to aggregate data from various body sensors, including heart rate sensors and step sensors, and possibly to control medical devices such as an insulin pump. “Guarantees on security and privacy of the authentication pipeline will allow end-users to trust and use active authentication technologies,” Gasti added.

To help disseminate the research results following the project’s conclusion in September 2018, the principal investigators will develop a new graduate course at NYIT, and integrate research outcomes into existing graduate courses at both NYIT and William & Mary.