6th International Conference on Mobile Computing, Applications and Services

Research Article

Secure Session on Mobile: An Exploration on Combining Biometric, TrustZone, and User Behavior

Download745 downloads
  • @INPROCEEDINGS{10.4108/icst.mobicase.2014.257767,
        author={Tao Feng and Nicholas DeSalvo and Lei Xu and Xi Zhao and Xi Wang and Weidong Shi},
        title={Secure Session on Mobile: An Exploration on Combining Biometric, TrustZone, and User Behavior},
        proceedings={6th International Conference on Mobile Computing, Applications and Services},
        publisher={IEEE},
        proceedings_a={MOBICASE},
        year={2014},
        month={11},
        keywords={trustzone secure session biometric sensor fusion user behavior},
        doi={10.4108/icst.mobicase.2014.257767}
    }
    
  • Tao Feng
    Nicholas DeSalvo
    Lei Xu
    Xi Zhao
    Xi Wang
    Weidong Shi
    Year: 2014
    Secure Session on Mobile: An Exploration on Combining Biometric, TrustZone, and User Behavior
    MOBICASE
    IEEE
    DOI: 10.4108/icst.mobicase.2014.257767
Tao Feng1,*, Nicholas DeSalvo1, Lei Xu1, Xi Zhao1, Xi Wang1, Weidong Shi1
  • 1: University of Houston
*Contact email: tfeng3@cs.uh.edu

Abstract

With the rise of Internet connected mobile devices, applications have migrated from PCs to mobile computing platforms. An important aspect, payment processing, faces new security challenges from these developments. Inasmuch, these advancements demand efforts from researchers and industry to meet in- creasing security needs. Threats can ensue from data loss, theft from lost, stolen, or decommissioned devices, information-stealing malware, and password peep- ing. We propose a secure framework for sensitive session driven applications which combines biometric-based continuous and implicit tracking of user iden- tities, and TrustZone. This framework is accomplished through monitoring fin- gerprint authentication logs as well as detecting events when the phone has left the user’s hands, all while in TrustZone, a platform for secure computation and storage on mobile devices. This solution leverages multiple onboard sensors as well as the ARM architecture to accomplish these feats. We conducted two user- studies acquiring smartphone users’ usage statistics to investigate security and usability needs of our identity-tracking solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of this framework as a secure session-based payment system.