Seminar: Continuous Authentication and its Application in Personal Health Record Systems
Supervisor: Dr. Saeed Samet
Continuous Authentication and its Application in Personal Health Record Systems
Department of Computer Science
Friday, May 5, 2017, 11:00 a.m., Room EN 2022
Authenticating users in commercial smartphones is currently a very naive process putting the smartphone owner in security risks in events such as unauthorized device sharing, device loss or theft, and session hijacking. With the recent interest of governmental and health organizations to provide their users with applications that can be run on their smartphones, securing these devices with measures above the current solutions is imperative. In this research, we propose a continuous authentication module for a Personal Health Record system that monitors its users for authenticity over time via their touch biometrics and denies access to those who can not satisfy authentication criteria.
The proposed solution can be used in any smartphone application that is highly sensitive in terms of privacy and security which needs continuous authentication while running. We will also propose a notification module that helps to build transparency for the user about how their shared personal information is used in the system, so they will be more willing to trust our application. The proposed continuous authentication was implemented in an actual Personal HealthRecord system for Android enabled smartphones to make it more secure and practical to use. The results show an average performance of above 95% in detecting whether a user is the legit owner of a smartphone or not. Finally, we composed an open-source dataset for touch biometrics and made it available to the public. This is the first publicly available dataset related to touch biometrics.