Autenticación continua en dispositivos móviles basada en inteligencia artificial

  1. Espín López, Juan Manuel
Dirixida por:
  1. Javier Gómez Marín-Blázquez Director
  2. Francisco Esquembre Director
  3. Alberto Huertas Celdrán Director

Universidade de defensa: Universidad de Murcia

Fecha de defensa: 02 de maio de 2024

Tribunal:
  1. José María de Fuentes García-Romero de Tejada Presidente/a
  2. Mercedes Valdés Vela Secretaria
  3. María Cristina Alcaraz Tello Vogal

Tipo: Tese

Resumo

The information stored on mobile devices, such as smartphones, tablets, or laptops, has been growing over the years. Access to these devices and the information contained inside them by an attacker can pose a severe risk to the privacy of the user's data and environment. The vast majority of mobile devices have access protection mechanisms to unlock the device; however, these mechanisms do not re-verify the user's identity after initial access. This fact makes it necessary to use authentication techniques that allow the user's identity to be verified during the entire time the device is in use, i.e., continuous authentication systems. With this goal of continuous user authentication, this research focuses on exploring different data sources and machine learning or artificial intelligence algorithms, the suitability of the approach followed, and the protection of user data privacy through the application of federated learning techniques. The initiation of this research and the literature review conducted in the field of continuous authentication on mobile devices raised some key research questions that have been answered throughout the thesis. These questions inquire about the suitability as continuous authentication vectors of the different information sources available on a mobile device, the best way to combine them, and the different machine learning and artificial intelligence algorithms. The differences between supervised and unsupervised approaches are also evaluated, along with the improvement in performance and robustness to unknown users that supervised approaches provide. Finally, questions related to user data privacy arise, such as the accuracy cost of increasing user data privacy using federated learning techniques, the system's resilience to adversarial attacks such as data injection and data perturbation, and the existence and effectiveness of countermeasures to these attacks. The methodology employed in this research begins with a detailed review of the state of the art of continuous user authentication, the analysis of the approaches followed in different works, and the application of federated learning techniques in the field of user authentication. By analyzing the sources of information available on mobile devices, as studied in the literature, sensor information, usage statistics, and voice are selected. Once these sources have been selected, a primary part of the methodology is developing a database containing data from these sources. This database is available to the scientific community. The methodology proceeds with experimentation, which addresses the aforementioned research questions, and finally concludes by presenting results and conclusions. The main result of this research has been the demonstration of continuous authentication as a highly promising solution for improving security, providing solid evidence of effectiveness in protecting the user while maintaining data integrity and privacy. Other interesting partial results are the validation of supervised approaches, which significantly improve the accuracy of the systems and prove robust to new users not seen during training. It has also been demonstrated that the cost of enhancing data privacy is affordable in terms of performance. Finally, the need to develop effective countermeasures for ensuring security in attack situations has been identified. Overall, these systems are viable in industrial environments, suggesting that they could be deployed in real industrial environments in the near future.