Continuous Authentication Using Human-Induced Electric Potential
Most terminal devices authenticate users only once at the time of initial login, leaving the terminal unprotected during an active session when the original user leaves it unattended. To address this issue, continuous authentication has been proposed by automatically locking the terminal after a period of inactivity. However, it does not fully eliminate the risk of unauthorized access before the session expires. Recent research has also investigated the feasibility of using physiological and behavioral patterns as biometrics. This study presents a novel two-factor continuous authentication that explores a new form of signal called human-induced electric potential captured by wearables in contact with the user's body. By analyzing this signal, we can determine the time of user-terminal interactions and compare it with information recorded by the terminal's OS. If the original user remains on the same terminal, the two-source readings would match. Additionally, the proposed scheme includes an extra layer of protection by extracting terminal's physical fingerprints from the human-induced electric potential to defend against advanced mimicry attacks. To test the effectiveness of our design, a low-cost wearable prototype is developed. Through extensive experiments, it is found that the proposed scheme has a low error rate of 2.3%, with minimal computational and energy requirements.