Contributions to Behavioral Authentication Systems

dc.contributor.advisorSafavi-Naini, Reihaneh
dc.contributor.authorIslam, Md Morshedul
dc.contributor.committeememberFong, Philip W. L.
dc.contributor.committeememberJacobson, Michael John
dc.contributor.committeememberYanushkevich, Svetlana N.
dc.contributor.committeememberMannan, Mohammad
dc.description.abstractBehavioral Authentication (BA) systems authenticate users through their behavioral characteristics. BA systems construct behavioral profiles of users from their well-designed activities, and store profiles in a profile database on the system. For a verification request, a verification algorithm evaluates the request by comparing the provided verification data with the stored profile. In this thesis, we identify a number of shortcomings of these systems that are motivated by the application of these systems in practice. We study these shortcomings and propose solutions to address each. We designed, implemented and evaluated an activity-based BA system for mobile devices that is used to evaluate our proposed systems, experimentally. In more details, we proposed a challenge-response based BA system named DAC (Draw A Circle) and later extended it to eDAC (extended DAC) to improve its accuracy and usability. In both systems, behavioral data are from users’ response to drawing challenge circles. Through extensive analysis and experiments, we chose a set of features that are non-shareable and non-emulatable, and developed a verification algorithm that can successfully authenticate users with overwhelming probability. We studied the effect of database size on verification error, and that verification error increases with the database size. We introduced the notion of scalability of BA systems that requires the error probability of the system to remain (almost) the same as profile database grows; proposed personalization of verification to achieve scalability. To estimate information in BA systems, we used Biometric Information (BI), and Biometric System Entropy (BSE), two different but related approaches used for information measure in biometric-based systems. We studied the applicability of these measures for BA systems. For cryptographic applications, we proposed BAVault, a fuzzy vault based on the profiles in BA systems that can protect a secret key (message) of reasonable length. BAVault ensures profile privacy, even when the key is known. For profile privacy in profile databases and privacy-preserving verification, we proposed a non-cryptographic approach that uses an efficient profile transformation called random projection, projects a profile (verification data) into a lower dimension space and ensures their privacy. The verification is done in the transformed domain using a similar verification algorithm. Finally, we show an attack on BA systems when the verification algorithm uses the outputs of the classifier for verification decision. To impersonate a user of the BA systems, the attacker will utilize the information leakage of the verification algorithm about the output of the classifier. In all the above cases, we implemented our proposed approach and evaluated their performance.en_US
dc.identifier.citationIslam, M. M. (2021). Contributions to Behavioral Authentication Systems (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from
dc.publisher.institutionUniversity of Calgaryen
dc.rightsUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.en_US
dc.subjectComputer Securityen_US
dc.subjectBehavioral Biometricsen_US
dc.subject.classificationComputer Scienceen_US
dc.titleContributions to Behavioral Authentication Systemsen_US
dc.typedoctoral thesisen_US Scienceen_US of Calgaryen_US of Philosophy (PhD)en_US
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
17.66 MB
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
2.62 KB
Item-specific license agreed upon to submission