1 mPSAuth Privacy-Preserving and Scalable Authentication for Mobile Web Applications
2025-04-28
0
0
789.68KB
13 页
10玖币
侵权投诉
1
mPSAuth: Privacy-Preserving and Scalable
Authentication for Mobile Web Applications
David Monschein and Oliver P. Waldhorst, Member, IEEE
Abstract—As nowadays most web application requests originate from mobile devices, authentication of mobile users is essential in
terms of security considerations. To this end, recent approaches rely on machine learning techniques to analyze various aspects of
user behavior as a basis for authentication decisions. These approaches face two challenges: first, examining behavioral data raises
significant privacy concerns, and second, approaches must scale to support a large number of users. Existing approaches do not
address these challenges sufficiently. We propose mPSAuth, an approach for continuously tracking various data sources reflecting
user behavior (e.g., touchscreen interactions, sensor data) and estimating the likelihood of the current user being legitimate based on
machine learning techniques. With mPSAuth, both the authentication protocol and the machine learning models operate on
homomorphically encrypted data to ensure the users’ privacy. Furthermore, the number of machine learning models used by mPSAuth
is independent of the number of users, thus providing adequate scalability. In an extensive evaluation based on real-world data from a
mobile application, we illustrate that mPSAuth can provide high accuracy with low encryption and communication overhead, while the
effort for the inference is increased to a tolerable extent.
Index Terms—Authentication, Machine Learning, Mobile Systems, Privacy, Scalability
F
1 INTRODUCTION
INtoday’s world, services offered as web applications has
become an indispensable part of most people’s everyday
lives. These include shopping, social media, banking appli-
cations, and many more. Most of these applications can
be accessed with mobile devices, making them available
anytime and almost anywhere. In many cases, the use of
these services is closely linked to the digital identity of the
user, which must be checked by the provider using a robust
authentication process [1], [2]. The success of a particular
authentication process depends on many characteristics,
such as the level of security provided, the protection of
the user’s privacy, compliance with legal regulations, but
also usability and scalability aspects. For these reasons, an
advanced authentication process is indispensable for mobile
web applications. In the context of this work, we define the
term mobile web application as an application that meets
the following criteria: (1) It is organized as a client-server-
based system [3]. (2) Clients are mobile devices, such as
smartphones, whose physical location can change dynam-
ically. (3) Application usage is bound to user identities,
which the server must be able to verify.
Currently, the landscape of authentication methods used
in mobile web applications is highly diverse. In general,
traditional passwords are still the most commonly used
method. Unfortunately, the passwords can fall into the
hands of an attacker in many ways [4]. Starting from this
problem, multi-factor authentication (MFA) emerged, which
requires users to provide multiple pieces of evidence (fac-
•D. Monschein and Oliver P. Waldhorst are with the Data-centric Software
Systems (DSS) Research Group at the Institute of Applied Research (IAF),
Karlsruhe University of Applied Sciences, Karlsruhe, 76133 Germany
E-mail: {david.monschein,oliver.waldhorst}@h-ka.de
This work has been submitted to the IEEE for possible publication. Copyright
may be transferred without notice, after which this version may no longer be
accessible.
tors) to confirm their identity [5]. However, the main prob-
lem associated with MFA is that additional factors, such as
sending a message to the user’s mobile phone number or
mail address, can significantly decrease the application’s
usability [6], [7]. This problem is exacerbated when con-
sidering continuous authentication scenarios [8], [9], where
users are periodically re-authenticated while using the ap-
plication. One approach to tackle these challenges is risk-
based authentication (RBA), which can be seen as a special
case of MFA [10]. It involves the determination of a risk
profile based on information about the user’s behavior
and device. Depending on the risk profile, the application
provider can decide the amount and type of factors the
user has to comply with. These are selected to minimize
the impact on the application’s usability while ensuring an
appropriate level of security [11]. As it is common for mobile
web applications to have high numbers of users, the risk
estimation process must scale adequately (P1). Moreover,
behavioral data tends to be highly sensitive, which puts
users’ privacy at risk [12] (P2) and requires compliance with
data protection laws, such as the GDPR [13] (P3).
Several approaches attempt to mitigate these problems
in the context of mobile web applications. The most recent
and promising of these rely on machine learning (ML) tech-
niques to analyze user behavior and thereby provide a basis
for authentication decisions, e.g., using data arising on the
user’s mobile device (frontend) [14], [15], [16], [17] or the
application servers (backend) [18], [19]. Popular data sources
include sensor data or locations of the mobile device, as well
as network addresses and browser information. However,
these approaches either do not provide sufficient privacy
protection, suffer from scalability issues as the number
of ML models to be trained increases linearly with the
number of users, or their architecture is not suitable for
mobile web applications. Established authentication mecha-
arXiv:2210.04777v1 [cs.CR] 7 Oct 2022
2
nisms such as facial recognition or fingerprint recognition in
their traditional form are also inappropriate for continuous
authentication in mobile web applications. These require
special hardware and continuous scanning, which can harm
usability and privacy [2], [20].
As an approach that addresses these gaps, we intro-
duce mPSAuth: Privacy-Preserving and Scalable Authentication
for Mobile Web-Applications. It enables continuous RBA for
mobile web applications based on a novel authentication
protocol that puts user privacy first. The protocol uses ho-
momorphic encryption, which is applied to behavioral data
before it leaves the user’s device. As a result, strong security
guarantees can be given without degrading the accuracy of
the authentication. The data sources consulted for gathering
behavioral data are generic and can be customized depend-
ing on the use case. In addition, the models are reused across
all users, ensuring that the number of ML models to be
trained is constant concerning the user count. This provides
scalability for all types of modern applications.
The primary contributions of mPSAuth are as follows:
(C1) Protecting the users privacy by transferring and pro-
cessing behavioral data only in homomorphically en-
crypted form (P2). In this way, it is also much easier
to meet legal requirements, as the user’s personal data
does not have to be disclosed (P3).
(C2) Reasonable scalability characteristics due to a fixed
number of ML models that need to be trained, regard-
less of the number of users (P1).
(C3) Assurance of decent performance in terms of required
computational effort and network traffic involved in the
authentication protocol.
We constructed an extensive evaluation scenario using
data collected within a real-world mobile gaming appli-
cation called BrainRun [21]. We evaluated the accuracy of
the authentication, demonstrating that the architecture of
mPCAuth is suitable for continuous RBA of users in mo-
bile web applications. Subsequently, we investigated the
impact of the privacy-preserving authentication protocol
computational overhead and network traffic. It turned out
that homomorphic encryption causes the inferences to be
significantly more time-consuming and the network traffic
to increase. Nevertheless, the evaluation results showed that
mPSAuth can be applied in practical use cases and still
has considerable potential for improving performance in
the future, thanks to ongoing development in the field of
homomorphic encryption [22], [23], [24], [25].
The remainder of this paper is structured as follows.
Starting with Section 2, we describe the fundamental con-
cepts and approaches on which mPSAuth relies. Next, Sec-
tion 3 describes the threat model and related assumptions
that form the basis for security and privacy considerations.
Subsequently, Section 4 presents a detailed description of
the architecture of mPSAuth, the underlying authentication
protocol, and explains the functionality of the individual
building blocks. Section 5 outlines the structure of the eval-
uation, followed by Section 6, which shows and interprets
the evaluation results. Thereafter, Section 7 summarizes
related work and compares it to mPSAuth. Finally, Section 8
concludes the central findings and points out future work.
2 FOUNDATIONS AND BACKGROUND
In this section, we introduce concepts our work builds on.
2.1 Homomorphic Encryption
Homomorphic encryption [26] is practically an extension
of public-key cryptography that allows performing compu-
tations on encrypted data. There are various approaches
that differ in what operations can be performed on the
encrypted data. The schemes that support both additive
and multiplicative operations are called fully homomor-
phic encryption schemes [27]. These are of great interest
since arbitrary operations can be performed, making them
viable for many use cases. However, a challenge is the
performance of these systems because the operations on
the encrypted data are associated with high computational
effort [28]. This has prevented the widespread adoption
of homomorphic encryption. Nevertheless, homomorphic
encryption has regained popularity lately thanks to new
homomorphic encryption frameworks such as those offered
by IBM [29] and Microsoft [30]. These are still under active
development, which is promising for future improvements,
especially in terms of performance.
2.2 Privacy-Preserving Machine Learning
On top of fully homomorphic encryption schemes, several
approaches enable ML model inferences on encrypted data.
Typically, the ML model is trained on unencrypted data.
Then, the model is transformed to perform the computa-
tions on encrypted data, which is possible due to the prop-
erties of homomorphic encryption. The inference results are
encrypted and can only be decrypted by the entity which
possesses the private key. These properties are appealing for
use cases where the capabilities of an ML model are offered
as a service because the client does not have to fear that his
data will be misused. Both IBM [29], [31] and Microsoft [32]
offer tools with which ML model inferences can be realized
on homomorphically encrypted data. Depending on the
tool, neural networks, decision trees, and logistic regressions
are supported. However, there are considerable limitations.
For example, only specific layers are supported in neural
networks, and the complexity of the networks must be kept
relatively low to ensure a reasonable throughput.
3 THREAT MODEL AND ASSUMPTIONS
We consider three participating entities in the authentication
protocol of mPSAuth:
(i)) mobile device of user that should be authenticated and
which runs the application under observation
(ii) backend of the application under observation that
wants to authenticate users continuously
(iii) application server that manages the authentication
The backend (ii) can also coincide with the authentica-
tion server (iii), which is a common setting in practice.
Nevertheless, we separate the application backend and the
authentication server semantically. In this way, business
models such as authentication-as-a-service are supported.
Consequently, we expect that no trust relationships exist
between the mobile device (i), the backend (ii), and the
authentication server (iii).
3
Threats originate from internal adversaries who actively
participate in the authentication process as an entity, which
means that one or multiple of the three mentioned partic-
ipants have malicious intentions. All other adversaries are
external and are not considered further because they can be
handled by conventional network security practices [33].
An adversary’s goal can be twofold. On the one hand,
he can aim to manipulate the authentication mechanism to
impersonate a legitimate user (A1). However, this is only
reasonable from the point of view of the mobile device (i)
that wants to authenticate itself. Because the backend (ii), as
well as the authentication server (iii), intend to authenticate
users correctly. Here, we do not address takeover scenarios
of the authentication server and the backend, as the au-
thentication process could be changed at will. This would
allow an attacker to modify the authentication decision as
required. On the other hand, the goal of a curious entity may
be to obtain sensitive data by applying the authentication
protocol (A2). All participating entities may be curious. For
example, a curious backend (ii) or authentication server (iii)
may be interested in using sensitive information for user
profiling. Similarly, a mobile client device may be interested
in mining behavioral data of other users.
The capabilities we consider for adversaries to achieve
their respective goals are as follows. Both attacker types (A1,
A2) will eventually not conform to the specified protocol
(malicious adversary [34]). This means that they can behave
actively and modify, add, or remove protocol messages.
Logically, the attacker can change the application’s code
on his device to achieve his goal. Of course, both attacker
types can also behave passively by carrying out the protocol
honestly, with the goal to bypass the authentication (A1)
or to gather sensitive details from the exchanged messages
(A2). Moreover, we include attackers who take over a legit-
imate user’s application session, e.g., by session hijacking
or stealing a device. However, we assume that the attacker
does not have detailed information about the legitimate
user’s behavior before the takeover and does not obtain
such information as a result. Otherwise, A2 would already
be successful by implication, as he obtained behavioral
information from one or more users. For A1, we explicitly
exclude attacks that involve substantial knowledge about
the behavior of other users (e.g., replay attacks). Actu-
ally, other biometric authentication methods, including face
recognition and fingerprint recognition, are also vulnerable
to this kind of attack [35], [36].
We analyzed the characteristics of our approach in Sec-
tion 4.3 based on the threats and associated assumptions
described in this section to show that potential adversaries
can be mitigated effectively.
4 THE MPSAUTH APPROACH
In this section, we present the architecture of our approach,
with descriptions of the underlying components.
4.1 Approach Overview
The mPSAuth approach is intended to provide continuous
and risk-based authentication of users within mobile web
applications. For this purpose, the user’s behavior within
the application is regularly investigated. We analyze various
data sources that reflect user behavior either separately or
jointly using machine learning techniques. To this end, we
compare whether the currently observed behavior matches
the known behavior of the user. We then base our authenti-
cation decision on the result of this comparison.
Because our approach requires information about the
user’s previous behavior, an enrollment phase is necessary.
During this phase, conventional authentication factors such
as passwords combined with SMS verification must be used.
Following the enrollment phase, the ML-based analysis of
behavioral data can serve as a stand-alone authentication
factor. Sporadic addition of further authentication factors
(e.g., SMS verification) is intended to cover exceptional
cases. For example, in the case that a legitimate user is mis-
takenly rejected repeatedly due to a significantly changed
behavior. The duration of the enrollment phase depends on
the extent of the baseline to be collected (see Section 4.4).
A key feature of our approach is scalability, as mPSAuth
trains the required models so that they can be applied
for all users. Consequently, the effort needed to establish
the models is constant for an increasing number of users.
Since behavioral data contains highly sensitive information,
mPSAuth uses a privacy-preserving authentication protocol
built on fully homomorphic encryption. This implies that
the inference of the ML models used must be able to work
directly on homomorphically encrypted data.
Figure 1 visualizes the architecture of mPSAuth, includ-
ing the data flows between the key components. Starting
on the left-hand side, we consider the ecosystem of the
mobile web application in the context in which mPSAuth is
applied. We distinguish between the frontend that provides
the application to the user (mobile device) and the backend
that provides the required services (server). In order to
authenticate users according to their behavior, it is necessary
to collect appropriate data sources. The collection of the
behavioral data is realized by means of a monitoring that
is integrated into the parts of the application that run in
the frontend and backend. The data sources we consult are
introduced in Section 4.2.
Additionally, mPSAuth introduces the privacy encoder for
integration into the frontend and backend. It is the central
element that ensures the privacy of the collected data. This
is achieved by homomorphically encrypting the behavioral
data that leaves the respective domain. Thus, the authen-
tication server can perform calculations on it but cannot
draw any conclusions about the underlying sensitive data.
Section 4.3 presents details on how the data is encrypted
and can still be used for authentication.
Subsequently, the privacy encoders transmit the en-
crypted data to the connection manager, which resides on the
authentication server. The connection manager passes the
received behavioral data of the users to the database man-
ager, which is responsible for storing it in a well-structured
way. Furthermore, the database manager is accountable for
providing the data in a suitable format for the preprocessors.
Each of the preprocessors prepares the data necessary
to investigate one aspect of the user’s behavior. mPSAuth
executes the authentication at regular intervals and/or
when the user performs a specific action that should be
explicitly authenticated (e.g., purchase completion). When
摘要:
展开>>
收起<<
1mPSAuth:Privacy-PreservingandScalableAuthenticationforMobileWebApplicationsDavidMonscheinandOliverP.Waldhorst,Member,IEEEAbstractAsnowadaysmostwebapplicationrequestsoriginatefrommobiledevices,authenticationofmobileusersisessentialintermsofsecurityconsiderations.Tothisend,recentapproachesrelyonmach...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
【词汇变形总汇】2025高考词汇变形总汇 - 教师版VIP免费
2024-12-06 3 -
【超简37页】新课标高考英语考纲3500词汇VIP免费
2024-12-06 4 -
《高考英语3500词详解》(WORD版)VIP免费
2024-12-06 13 -
《高考英语3500词详解》VIP免费
2024-12-06 11 -
高中英语-[教师版]80天通关高考3500词汇VIP免费
2024-12-06 12 -
高中人教选修7课文逐句翻译VIP免费
2024-12-06 7 -
高中人教选修7课文原文及翻译VIP免费
2024-12-06 13 -
高中人教必修4课文逐句翻译VIP免费
2024-12-06 7 -
高中人教必修4课文原文及翻译VIP免费
2024-12-06 13 -
高考英语核心高频688词汇VIP免费
2024-12-06 10
分类:图书资源
价格:10玖币
属性:13 页
大小:789.68KB
格式:PDF
时间:2025-04-28
作者详情
相关内容
-
3-专题三 牛顿运动定律 2-教师专用试题
分类:中学教育
时间:2025-04-07
标签:无
格式:DOCX
价格:5.9 玖币
-
2-专题二 相互作用 2-教师专用试题
分类:中学教育
时间:2025-04-07
标签:无
格式:DOCX
价格:5.9 玖币
-
6-专题六 机械能 2-教师专用试题
分类:中学教育
时间:2025-04-07
标签:无
格式:DOCX
价格:5.9 玖币
-
4-专题四 曲线运动 2-教师专用试题
分类:中学教育
时间:2025-04-08
标签:无
格式:DOCX
价格:5.9 玖币
-
5-专题五 万有引力与航天 2-教师专用试题
分类:中学教育
时间:2025-04-08
标签:无
格式:DOCX
价格:5.9 玖币
渝公网安备50010702506394
