Biometric-Based Wearable User Authentication During Sedentary and Non-sedentary Periods

TL;DR

This paper proposes an implicit biometric authentication method for wearable devices using behavioral, physiological, and hybrid data, achieving around 90% accuracy in two-year Fitbit user analysis, addressing limitations of traditional explicit methods.

Contribution

It introduces a novel implicit authentication approach combining coarse-grained biometrics, validated on a large dataset, improving security without user burden during different activity states.

Findings

Behavioral biometrics are less effective during sedentary periods.

Hybrid biometrics outperform other biometric types.

Achieved approximately 92% and 88% authentication accuracy during sedentary and non-sedentary periods.

Abstract

The Internet of Things (IoT) is increasingly empowering people with an interconnected world of physical objects ranging from smart buildings to portable smart devices such as wearables. With the recent advances in mobile sensing, wearables have become a rich collection of portable sensors and are able to provide various types of services including health and fitness tracking, financial transactions, and unlocking smart locks and vehicles. Existing explicit authentication approaches (i.e., PINs or pattern locks) suffer from several limitations including limited display size, shoulder surfing, and recall burden. Oftentimes, users completely disable security features out of convenience. Therefore, there is a need for a burden-free (implicit) authentication mechanism for wearable device users based on easily obtainable biometric data. In this paper, we present an implicit wearable device user authentication mechanism using combinations of three types of coarse-grained minute-level biometrics: behavioral (step counts), physiological (heart rate), and hybrid (calorie burn and metabolic equivalent of task). From our analysis of 421 Fitbit users from a two-year long health study, we are able to authenticate subjects with average accuracy values of around 92% and 88% during sedentary and non-sedentary periods, respectively. Our findings also show that (a) behavioral biometrics do not work well during sedentary periods and (b) hybrid biometrics typically perform better than other biometrics.