{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:37:42Z","timestamp":1760143062322,"version":"build-2065373602"},"reference-count":30,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2024,1,24]],"date-time":"2024-01-24T00:00:00Z","timestamp":1706054400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Privacy Matters (PriMa) project","award":["860315"],"award-info":[{"award-number":["860315"]}]},{"name":"European Union\u2019s Horizon 2020 research and innovation programme under the Marie Sk\u0142odowska-Curie","award":["860315"],"award-info":[{"award-number":["860315"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Continuous authentication enhances security by re-verifying a user\u2019s validity during the active session. It utilizes data about users\u2019 behavioral actions and contextual information to authenticate them continuously. Such data contain information about user-sensitive attributes such as gender, age, contextual information, and may also provide information about the user\u2019s emotional states. The collection and processing of sensitive data cause privacy concerns. In this paper, we propose two efficient protocols that enable privacy-preserving continuous authentication. The contribution is to prevent the disclosure of user-sensitive attributes using partial homomorphic cryptographic primitives and reveal only the aggregated result without the explicit use of decryption. The protocols complete an authentication decision in a single unidirectional transmission and have very low communication and computation costs with no degradation in biometric performance.<\/jats:p>","DOI":"10.3390\/cryptography8010003","type":"journal-article","created":{"date-parts":[[2024,1,24]],"date-time":"2024-01-24T04:35:40Z","timestamp":1706070940000},"page":"3","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Novel and Efficient Privacy-Preserving Continuous Authentication"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6017-0237","authenticated-orcid":false,"given":"Ahmed Fraz","family":"Baig","sequence":"first","affiliation":[{"name":"Norwegian Computing Center, 0314 Oslo, Norway"},{"name":"Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"}]},{"given":"Sigurd","family":"Eskeland","sequence":"additional","affiliation":[{"name":"Norwegian Computing Center, 0314 Oslo, Norway"}]},{"given":"Bian","family":"Yang","sequence":"additional","affiliation":[{"name":"Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2024,1,24]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Baig, A.F., and Eskeland, S. (2021). Security, Privacy, and Usability in Continuous Authentication: A Survey. Sensors, 21.","DOI":"10.3390\/s21175967"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Atanassov, N., and Chowdhury, M.M. (2021, January 14\u201315). Mobile device threat: Malware. Proceedings of the 2021 IEEE International Conference on Electro Information Technology (EIT), Mt. Pleasant, MI, USA.","DOI":"10.1109\/EIT51626.2021.9491845"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Weichbroth, P., and \u0141ysik, \u0141. (2020). Mobile security: Threats and best practices. Mob. Inf. Syst., 2020.","DOI":"10.1155\/2020\/8828078"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1016\/j.patrec.2015.01.011","article-title":"Information revealed from scrolling interactions on mobile devices","volume":"56","author":"Antal","year":"2015","journal-title":"Pattern Recognit. Lett."},{"key":"ref_5","unstructured":"GDPR (2023, March 03). Processing of Special Categories of Personal Data. Available online: https:\/\/gdpr-info.eu\/art-9-gdpr\/."},{"key":"ref_6","unstructured":"(2024, January 14). On the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95\/46\/EC (General Data Protection Regulation). Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A02016R0679-20160504."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Govindarajan, S., Gasti, P., and Balagani, K.S. (October, January 29). Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data. Proceedings of the 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS), Arlington, VA, USA.","DOI":"10.1109\/BTAS.2013.6712742"},{"key":"ref_8","first-page":"877","article-title":"HMOG: New behavioral biometric features for continuous authentication of smartphone users","volume":"11","author":"Yang","year":"2015","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Eskeland, S., and Baig, A.F. (2022, January 11\u201313). Cryptanalysis of a Privacy-preserving Behavior-oriented Authentication Scheme. Proceedings of the 19th International Conference on Security and Cryptography\u2014SECRYPT 2022, Lisbon, Portugal.","DOI":"10.5220\/0011140300003283"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Safa, N.A., Safavi-Naini, R., and Shahandashti, S.F. (2014, January 2\u20134). Privacy-preserving implicit authentication. Proceedings of the IFIP International Information Security Conference, Marrakech, Morocco.","DOI":"10.1007\/978-3-642-55415-5_40"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Domingo-Ferrer, J., Wu, Q., and Blanco-Justicia, A. (2015, January 26\u201328). Flexible and robust privacy-preserving implicit authentication. Proceedings of the IFIP International Information Security and Privacy Conference, Hamburg, Germany.","DOI":"10.1007\/978-3-319-18467-8_2"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Juels, A., and Wattenberg, M. (1999, January 1\u20134). A fuzzy commitment scheme. Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore.","DOI":"10.1145\/319709.319714"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1109\/MSP.2012.2230218","article-title":"Privacy-preserving biometric identification using secure multiparty computation: An overview and recent trends","volume":"30","author":"Bringer","year":"2013","journal-title":"IEEE Signal Process. Mag."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"543","DOI":"10.3233\/JCS-171017","article-title":"The impact of application context on privacy and performance of keystroke authentication systems","volume":"26","author":"Balagani","year":"2018","journal-title":"J. Comput. Secur."},{"key":"ref_15","unstructured":"Damg\u00e5rd, I., Geisler, M., and Kr\u00f8igaard, M. (2007, January 2\u20134). Efficient and secure comparison for on-line auctions. Proceedings of the Australasian Conference on Information Security and Privacy, Townsville, Australia."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"323","DOI":"10.1504\/IJACT.2009.028031","article-title":"A correction to \u2018Efficient and secure comparison for on-line auctions\u2019","volume":"1","author":"Geisler","year":"2009","journal-title":"Int. J. Appl. Cryptogr."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Acar, A., Liu, W., Beyah, R., Akkaya, K., and Uluagac, A.S. (2019). A privacy-preserving multifactor authentication system. Secur. Priv., 2.","DOI":"10.1002\/spy2.94"},{"key":"ref_18","unstructured":"Gentry, C. (2009). A Fully Homomorphic Encryption Scheme, Stanford University."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/j.diin.2006.06.015","article-title":"Identifying almost identical files using context triggered piecewise hashing","volume":"3","author":"Kornblum","year":"2006","journal-title":"Digit. Investig."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"5599","DOI":"10.1109\/JIOT.2020.3031486","article-title":"Privacy-Preserving Implicit Authentication Protocol Using Cosine Similarity for Internet of Things","volume":"8","author":"Wei","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Loya, J., and Bana, T. (2021, January 28\u201330). Privacy-Preserving Keystroke Analysis using Fully Homomorphic Encryption & Differential Privacy. Proceedings of the 2021 International Conference on Cyberworlds (CW), Caen, France.","DOI":"10.1109\/CW52790.2021.00055"},{"key":"ref_22","unstructured":"Cheon, J.H., Kim, A., Kim, M., and Song, Y. (2017). Advances in Cryptology\u2013ASIACRYPT 2017, Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, 3\u20137 December 2017, Springer. Proceedings, Part I 23."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Baig, A.F., and Eskeland, S. (2022, January 11\u201313). A Generic Privacy-Preserving Protocol For Keystroke Dynamics-Based Continuous Authentication. Proceedings of the 19th International Conference on Security and Cryptography\u2014SECRYPT 2022, Lisbon, Portugal.","DOI":"10.5220\/0011141400003283"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1016\/j.istr.2012.02.001","article-title":"Continuous keystroke dynamics: A different perspective towards biometric evaluation","volume":"17","author":"Bours","year":"2012","journal-title":"Inf. Secur. Tech. Rep."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1833","DOI":"10.1007\/s10207-023-00721-y","article-title":"Privacy-preserving continuous authentication using behavioral biometrics","volume":"22","author":"Baig","year":"2023","journal-title":"Int. J. Inf. Secur."},{"key":"ref_26","unstructured":"Paillier, P. (1999, January 2\u20136). Public-key cryptosystems based on composite degree residuosity classes. Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Prague, Czech Republic."},{"key":"ref_27","unstructured":"Damg\u00e5rd, I., and Jurik, M. (2001). Public Key Cryptography, Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2001, Cheju Island, Republic of Korea, 13\u201315 February 2001, Springer. Proceedings 4."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"833","DOI":"10.1109\/TIFS.2012.2184092","article-title":"A framework for analyzing template security and privacy in biometric authentication systems","volume":"7","author":"Simoens","year":"2012","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., and Toft, T. (2009, January 5\u20137). Privacy-preserving face recognition. Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium, Seattle, WA, USA.","DOI":"10.1007\/978-3-642-03168-7_14"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.cose.2015.05.009","article-title":"Reconciling user privacy and implicit authentication for mobile devices","volume":"53","author":"Shahandashti","year":"2015","journal-title":"Comput. Secur."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/1\/3\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T13:48:13Z","timestamp":1760104093000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/1\/3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,24]]},"references-count":30,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["cryptography8010003"],"URL":"https:\/\/doi.org\/10.3390\/cryptography8010003","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2024,1,24]]}}}