This paper proposes a new privacy-enhancing, context-aware user authentication system, ConSec, which uses a transformation of general location-sensitive data, such as GPS location, barometric altitude and noise levels, collected from the user's device, into a representation based on locality-sensitive hashing (LSH). The resulting hashes provide a dimensionality reduction of the underlying data, which we leverage to model users' behaviour for authentication using machine learning. We present how ConSec supports learning from categorical and numerical data, while addressing a number of on-device and network-based threats. ConSec is implemented subsequently for the Android platform and evaluated using data collected from 35 users, which is followed by a security and privacy analysis. We demonstrate that LSH presents a useful approach for context authentication from location-sensitive data without directly utilising plain measurements.
翻译:本文提出一个新的增强隐私的、有背景意识的用户认证系统Consec,它使用从用户设备收集的一般地点敏感数据,如全球定位系统位置、气压高度和噪音水平,转换成基于对地点敏感的散列(LSH)的表示方式。由此产生的散列为基础数据提供了一个维度的减少,我们利用这些数据来模拟用户使用机器学习进行认证的行为。我们介绍了Consec如何支持从绝对数据和数字数据中学习,同时处理一些在装置和网络上的威胁。Consec随后为Android平台实施,并使用从35个用户收集的数据进行评估,随后进行安全和隐私分析。我们证明LSH为在不直接使用简单测量的情况下从对地点敏感数据进行背景认证提供了有用的方法。