Programming language support for continuous user authentication

Abstract

The implementation of continuous user authentication (CUA) in applications provides end-users with enhanced experiences by continuously verifying their authenticity using behavior characteristics of a user with in a current user session. Explicit user authentication methods such as use of passwords, unlock patterns, and finger prints, provide a high level of security but are associated with a lot of pitfalls, including difficult to use, are intrusive in nature, are easily forgotten by the user, and are subjected to brute force attacks. However developing effective CUA applications using the current programming languages is a daunting task mainly because of lack of abstraction methods that support CUA. This thesis investigates new language features that support the development of applications enabled with continuous user authentication. Using these new language features, software applications can be developed enriched with continuous user authentication that can authenticate users on various smart devices. We observe that current state of the art programming languages lack these important features that apply to the continuous user authentication process. We proposed and developed a continuous user authentication language extension that adds recording of user bio-metrics, extracting of user patterns and modeling of a user authentication profile in authentication applications on smart devices. On modeling user authentication profile, extracted user patterns are subjected to machine learning algorithms for training and later deployed to validate the authenticity of a user on smart devices. This language model ensures that CUA applications can be configured to run silently in the background on any smart device while leveraging the available sensors on the hosting device. We modeled a language extension in python which comprised of reusable methods that aid in recording of user bio-metrics from existing sensors, extraction of user patterns from the collected data and building of a valid user profile for authentication. CUA in plascua works in a way by listening and recording user bio-metric events from the sensor, extracting of user patterns from the fetched events and authenticating of a user. All these tasks are handled silently in the background without interrupting the functioning of the hosting device. Keywords — continuous user authentication (CUA), explicit user authentication (EUA), abstractions, machine learning