Multi-device Authentication using Wearables and IoT
Jan Hajny, Petr Dzurenda and Lukas Malina
Brno University of Technology, Technicka 12, Brno, Czech Republic
Keywords:
Authentication, Cryptography, Constrained Devices, Wearables, Internet of Things.
Abstract:
The paper presents a novel cryptographic authentication scheme that makes use of the presence of electronic
devices around users. The scheme makes authentication more secure by involving devices that are usually
worn by users (such as smart-watches, fitness bracelets and smart-cards) or are in their proximity (such as
sensors, home appliances, etc.). In our scheme, the user private key is distributed over all personal devices
thus cannot be compromised by breaking into only a single device. Furthermore, involving wearables and
IoT devices makes it possible to use multiple authentication factors, such as user’s position, his behavior and
the state of the surrounding environment. We provide the full cryptographic specification of the protocol, its
formal security analysis and the implementation results in this paper.
1 INTRODUCTION
In modern society, people are surrounded by a huge
amount of so-called smart devices, such as smart-
phones, tablets, smart-cards, smart-watches, etc. Fur-
thermore, the amount of various sensors, smart-
meters and smart-home appliances increases signifi-
cantly. The current trend is to interconnect all these
devices into a single network, called the Internet
of Things (IoT). Although the aforementioned de-
vices have only small computational and memory re-
sources, they are programmable and can communi-
cate with one another.
Despite there are so many electronic devices
around us, we usually use only a single device to
access electronic services, either a PC, a tablet or a
smart-phone. However, if such a device gets compro-
mised by attackers, the security is gone and attack-
ers can access user’s assets. For example, if user’s
smart-phone gets stolen and the password for elec-
tronic banking is revealed (or stored in memory), the
attacker might get access to the user’s account.
We resolve this weakness by involving multiple
personal devices in the authentication process. These
devices can provide additional authentication data.
For example, if a user owns a smart-watch, it would
be natural to check its presence during the authenti-
cation. Or, it would be useful to check the presence
of a wireless home router in some applications where
we want to allow the access only from users from
a home location. For very sensitive applications, it
would make sense to check for multiple factors, such
as the password knowledge, the presence of a smart-
card and the presence of a Bluetooth Low Energy
(BLE) beacon device that certifies position.
In this paper, we provide the description of a cryp-
tographic protocol that allows such an involvement of
many constrained devices in the authentication pro-
cess. We propose a provably secure protocol that
distributes the user’s private key among multiple de-
vices. To get authenticated, the user must prove the
knowledge of all parts of his private key that corre-
sponds to his personal public key. Our protocol is
provably secure and easily implementable on all pro-
grammable constrained devices, such as smart-cards,
smart-watches, sensors and wearables in general.
1.1 Related Work and Contribution
The design of cryptographic protocols for user au-
thentication is the topic of countless scientific papers,
starting with the proposals of traditional authentica-
tion protocols (Neuman and Ts’ O, 1994; Lashkari
et al., 2009), provably secure authentication proto-
cols based on zero-knowledge proofs (Schnorr, 1991;
Guillou and Quisquater, 1988), to privacy-enhanced
authentication protocols (Camenisch and et Al., 2012;
Paquin, 2011) and light-weight protocols (Chien and
Huang, 2007). Since personal and wearable smart
devices have started to appear only very recently,
Hajny, J., Dzurenda, P. and Malina, L.
Multi-Device Authentication using Wearables and IoT.
DOI: 10.5220/0006000004830488
In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, pages 483-488
ISBN: 978-989-758-196-0
Copyright
c
2016 by SCITEPRESS Science and Technology Publications, Lda. All rights reserved
483
not many papers focusing on using the combina-
tion of many devices, i.e. the multi-device authen-
tication, exist. Xu (Xu, 2015) focuses on biomet-
ric authentication using wearables, namely on face
recognition using smart-glass and gait recognition us-
ing smart-watch. Cha et al. (Cha et al., 2015)
present a simple model for two device authentica-
tion for micro-payment systems using a mobile and
wearable devices. Nevertheless, their approach lacks
more details and concrete cryptographic functions.
To some extent, the concepts of continuous authen-
tication (Shepherd, 1995) and progressive authentica-
tion (Riva et al., 2012) are close to our approach as
they are also based on combining multiple sources
of authentication data. However, the schemes are
using mainly biometric authentication factors. The
most related work from 2015 (Gonzalez-Manzano
et al., 2015) presents an access control mechanism
for cloud-based storage service access by using a
set of devices. However, their scheme is based on
symmetric cryptography, thus does not provide non-
repudiation. Furthermore, there is no formal security
analysis provided in the paper.
Based on the current state analysis, to our best
knowledge, we present the first cryptographic scheme
that 1) allows strong multi-device authentication, 2)
is provably secure, 3) provides non-repudiation and
allows private keys to never leave the user device, 4)
is easily implementable on personal and wearable de-
vices and 5) allows simple registration and deregis-
tration of personal devices. Using this authentication
scheme, the practical access control mechanisms can
get much more secure without any negative influence
on usability and user friendliness.
1.2 Paper Outline
We provide the preliminaries in Sec. 2, the security
model and description of protocols in Sec. 3, the se-
curity proof in Sec. 4 and the implementation results
in Sec. 5.
2 PRELIMINARIES
2.1 Notation
We describe Proof of Knowledge protocols (PK) us-
ing the efficient notation introduced by Camenisch
and Stadler (Camenisch and Stadler, 1997a). The pro-
tocol for proving the knowledge of a discrete loga-
rithm of an element c with respect to a generator g is
denoted as PK{α : c = g
α
}. The symbol “:” means
“such that”, | means “divides”, |x|” is the bitlength
of x and “x
R
{0, 1}
l
” is a randomly chosen bitstring
of maximum length l.
2.2 Used Primitives
Our scheme is based on Schnorr’s identification
scheme (Schnorr, 1991). That, in turn, makes use of
the protocols for the interactive proof of knowledge of
a discrete logarithm (Camenisch and Stadler, 1997b).
Using the cryptographic proofs of knowledge, it is
possible to prove the knowledge of a private value
of a discrete logarithm w with respect to public val-
ues c, g, p such that c g
w
(mod p) holds in modular
multiplicative group Z
p
where p is a large prime and
g is a group generator. The protocol can be denoted
as PK{w : c = g
w
}. We use the modification of this
protocol called the proof of representation, denoted
as PK{w
0
, w
1
, . . . , w
i
: c = g
w
0
0
g
w
1
1
. . . g
w
i
i
}. Further-
more, we use a signature scheme that can be obtained
by hashing the protocol challenge e with the message
using the Fiat-Shamir heuristics (Fiat and Shamir,
1987). The signature on message m is then denoted
as SPK{w
0
, w
1
, . . . , w
i
: c = g
w
0
0
g
w
1
1
. . . g
w
i
i
}(m).
3 MULTI-DEVICE
AUTHENTICATION
In multi-device authentication, there are three types
of entities (or roles) in the system:
Verifiers: usually service providers that need to
verify the identity of their users.
Users: customers that are represented by their
master devices (PCs, laptops, smart-phones,
tablets, . . . ). Users need to prove their identity.
Devices: constrained personal devices (smart-
cards, smart-watches, sensors, RFID tags, . . . ),
that are involved in the authentication process to
strengthen security.
These entities engage in the following protocols:
(spar, (sk
0
, . . . , sk
i
), pk
U
) Setup(k, d) protocol:
the protocol is run by a Verifier and a User to gen-
erate and share initial parameters. It inputs the
security parameter k, the maximum of user de-
vices d and outputs the system parameters spar
and User’s initial keypair (sk
0
, . . . , sk
i
), pk
U
.
(Accept/Reject) Authenticate(spar, (sk
0
, . . . ,
sk
i
), pk
U
) protocol: the protocol is run jointly
by a User, his devices and a Verifier to prove
the knowledge of User’s private keys. It inputs
the system parameters spar, the User’s public key
pk
U
, all corresponding private keys (sk
0
, . . . , sk
i
)
SECRYPT 2016 - International Conference on Security and Cryptography
484
and outputs Accept if the proof is valid and Reject
otherwise.
(pk
U
) Register(spar, (sk
0
, . . . , sk
i
), pk
U
, sk
i+1
)
protocol: the protocol is run jointly by a User, his
devices and a Verifier to register a new device in
the system. It inputs the system parameters spar,
new (i + 1)th device’s private key sk
i+1
, the
User’s keypair (sk
0
, . . . , sk
i
), pk
U
and outputs an
updated User’s public key pk
U
that corresponds
to sk
i+1
and all previous private keys of the user.
(pk
U
) Deregister(spar, (sk
0
, . . . , sk
i
), pk
U
,
sk
i+1
) protocol: the protocol is run jointly by
a User and the Verifier to deregister the public
key of his device, in case the device needs to
be revoked (due to loss, damage, theft, etc.).
It inputs the system parameters spar, existing
(i + 1)’th device’s private key sk
i+1
, the User’s
keypair (sk
0
, . . . , sk
i
), pk
U
and outputs an updated
User’s public key pk
U
that corresponds to all
previous private keys of the user except sk
i+1
.
In classical authentication, the Authenticate
protocol only proves User’s knowledge of a password
and keys stored in his master device to a Verifier. In
multi-device authentication, each device has its pri-
vate cryptographic key that corresponds to a general
public key stored by a Verifier. The Authenticate
protocol proves the knowledge of all private keys to
a Verifier without revealing them. Thus, authenti-
cation is successful only if the whole group of pre-
selected devices participate in the protocol. However,
this group can be changed jointly by Users and Veri-
fiers, using the Register and Deregister protocols.
3.1 Security Model
We use and prove properties for authentication pro-
tocol completeness, soundness and zero-knowledge
(Quisquater et al., 1989). The completeness property
states that honest Users are almost always accepted
by Verifiers, the soundness property states that dis-
honest Users are almost always rejected by Verifiers
and the zero-knowledge property states that the pro-
tocol leaks no information about Users’ private keys,
using the simulation paradigm (i.e., all the public pro-
tocol values can be efficiently generated without the
knowledge of private keys).
Definition 1. Authentication completeness. An hon-
est Verifier rejects an honest User (i.e., the one using
private keys that correspond to the public key) with
probability negligible in the length of the security pa-
rameter k.
Definition 2. Authentication soundness. An honest
Verifier accepts a dishonest User (i.e., the one using
private keys that do not correspond to the public key)
with probability negligible in the length of the security
parameter k.
Definition 3. Authentication zero-knowledge. There
exist a simulator S that is able to efficiently generate a
protocol transcript indistinguishable from a real pro-
tocol transcript without the knowledge of private keys.
3.2 Scheme Instantiation
In this section, we provide the concrete instantiation
of the protocols used in our scheme. All operations
are computed in Z
p
.
3.2.1 Setup Protocol
On the input of the security parameter k and device
number parameter d, a Verifier randomly selects a
group G = hgi of prime order q : |q| = k where DL
assumption holds, chooses d + 1 random elements
(α
0
, α
1
, . . . , α
d
)
R
Z
q
, computes g
l
= g
α
l
for all 0
l d and outputs (G, (g
0
, . . . , g
d
)) as public system
parameters spar to all Users and devices over a secure
channel
1
. A User selects his private key at random,
i.e., computes sk
0
R
Z
q
and computes his public key
as pk
0
= g
sk
0
0
. If some additional device is already
present, it also generates its private key, i.e. computes
sk
1
R
Z
q
, and computes its public key as pk
1
= g
sk
1
1
.
The same applies if more devices are present. We
note that the device private key never leaves the de-
vice, only the public key is revealed. Finally, the User
(represented by his master user device) computes the
user public key as pk
U
=
l
i=0
pk
i
for all l available
devices and distributes this public key to the Verifier
over a secure channel.
3.2.2 Authenticate Protocol
In the Authenticate protocol, the User must prove
that he knows all private keys sk
o
, . . . , sk
i
that were
used to construct the public key pk
U
. This can be re-
alized by the proof of discrete logarithm representa-
tion, a protocol denoted as PK{(sk
0
, . . . , sk
i
) : pk
U
=
g
sk
0
0
. . . g
sk
i
i
}. Since the User’s master device does not
know the private keys, except sk
0
, the proving proto-
col must be distributed among all devices, as depicted
in Fig. 1 in CS notation and in Fig. 2 in full notation.
3.2.3 Register Protocol
The Register protocol is used when a new device
needs to be added to the set of user devices. In that
1
These values can be pre-shared in software.
Multi-Device Authentication using Wearables and IoT
485
Master Device Verifier
PK{(sk
0
, . . . , sk
i
) : pk
U
= g
sk
0
0
. . . g
sk
i
i
}
PK{(sk
0
) : pk
0
= g
sk
0
0
}
Device 1
PK{(sk
1
) : pk
1
= g
sk
1
1
}
.
.
Device i
PK{(sk
i
) : pk
i
= g
sk
i
i
}
PK{(sk
0
, . . . , sk
i
) : pk
U
= g
sk
0
0
. . . g
sk
i
i
}
Verify PK
Accept/Reject
Figure 1: Authenticate protocol in CS notation.
Device 1 Master Device Verifier
sk
1
sk
0
pk
U
r
1
R
Z
q
¯c
1
= g
r
1
1
mod p
¯c
1
r
0
R
Z
q
¯c = ¯c
1
g
r
0
0
mod p
¯c
e
R
Z
q
e
z
0
= r
0
esk
0
e
z
1
= r
1
esk
1
z
1
z
0
, z
1
¯c
?
= pk
e
U
g
z
0
0
g
z
1
1
Accept/Reject
Figure 2: Authenticate protocol for 1 master device and
1 additional device in full notation.
case, the new device generates its private key, i.e.,
computes sk
i+1
R
Z
q
, and computes its public key as
pk
i+1
= g
sk
i+1
i+1
. The new public key must be delivered
to the master device using a secure channel. Then,
the master device may authenticate itself to the Ver-
ifier (using the Authenticate protocol) and provide
the new public key pk
i+1
. The Verifier then updates
the main User’s public key pk
U
= pk
U
pk
i+1
. After
this update, the new (i + 1)’th device must be always
used in the Authentication protocol. The Register
protocol is depicted in Fig. 3.
3.2.4 Deregister Protocol
In case some of devices gets lost, stolen or stops
working, a User can use the Deregister protocol
to remove it from the set of registered devices. The
User first sends the public key of the invalid device,
e.g. pk
i+1
, to the Verifier. The Verifier temporarily
Device i+1 Master Device Verifier
sk
i+1
R
Z
q
pk
i+1
= g
sk
i+1
i+1
pk
i+1
SPK{(sk
0
, . . . , sk
i
) : pk
U
= g
sk
0
0
. . . g
sk
i
i
}(pk
i+1
)
Verify SPK
Accept/Reject
pk
U
= pk
U
pk
i+1
pk
U
= pk
U
pk
i+1
Figure 3: Register protocol.
Master Device Verifier
pk
i+1
Check that pk
i+1
is a valid key.
pk
temp
= pk
U
pk
1
i+1
SPK{(sk
0
, . . . , sk
i
) : pk
temp
= g
sk
0
0
. . . g
sk
i
i
}(pk
i+1
)
SPK{(sk
0
) : pk
0
= g
sk
0
0
}(pk
i+1
)
Device 1
SPK{(sk
1
) : pk
1
= g
sk
1
1
}(pk
i+1
)
.
.
Device i
SPK{(sk
i
) : pk
i
= g
sk
i
i
}(pk
i+1
)
SPK{(sk
0
, . . . , sk
i
) : pk
temp
= g
sk
0
0
. . . g
sk
i
i
}(pk
i+1
)
Verify SPK
pk
U
= pk
temp
Accept/Reject
pk
U
= pk
temp
Figure 4: Deregister protocol.
removes the device and computes the temporal public
key pk
temp
= pk
U
pk
1
i+1
. Then, the Verifier asks the
User to authenticate with respect to the pk
temp
. If the
User is able to successfully finish the authentication
protocol, the Verifier sets the temporal public key as
permanent, i.e. sets pk
U
= pk
temp
. The protocol is
depicted in Fig. 4.
4 SECURITY PROOF
We prove the completeness, soundness and zero-
knowledge in this section.
Theorem 1. Authentication protocol is complete as
defined in Def. 1.
Proof. We prove the authentication protocol’s com-
pleteness using the verification equation used in the
authentication protocol depicted in Fig. 2.
SECRYPT 2016 - International Conference on Security and Cryptography
486
Table 1: Performance results for 1280 bit keys (|p| = 1280, |q| = 160).
Type Product ModExp RNG ModMul Sub Total [ms]
Smart-watch Sony SmartWatch 3 SWR50 2.3 1.4 < 0.1 < 0.01 3.7
Smart-phone Nexus 5 LG 1.9 7.4 < 0.1 < 0.01 9.3
Micro-computer Raspberry Pi 1 model B 59.3 0.8 < 0.6 < 0.1 60.1
Smart-card MULTOS ML4-P17 227 49 188 48 512
Smart-card MULTOS ML3-80KR1 403 45 195 44 687
Smart-card MULTOS MC4-P16 333 68 255 56 712
Smart-card SmartCafe 4.x 356 47 1159 79 1641
Smart-card SmartCafe 3.2 59 31 1737 94 1921
Smart-card J3A081 75 31 2510 179 2795
Secure element CertGate microSD 78 34 2694 168 2974
Table 2: Performance results for 2048 bit keys (|p| = 2048, |q| = 256).
Type Product ModExp RNG ModMul Sub Total [ms]
Smart-watch Sony SmartWatch 3 SWR50 7.5 2 < 0.1 < 0.01 9.5
Smart-phone Nexus 5 LG 5.2 9.2 < 0.1 < 0.01 14.4
Micro-computer Raspberry Pi 1 model B 216.2 1.2 < 0.7 < 0.1 217.4
Smart-card MULTOS ML4-P17 346 62 190 48 646
Smart-card MULTOS ML3-80KR1 530 56 194 44 824
Smart-card MULTOS MC4-P16 484 84 256 56 880
Smart-card SmartCafe 4.x 617 47 1536 79 2279
Smart-card SmartCafe 3.2 188 31 2532 94 2845
Smart-card J3A081 258 47 3962 179 4446
Secure element CertGate microSD 263 48 4153 168 4632
¯c = pk
e
U
g
z
0
0
g
z
1
1
= (g
sk
0
0
g
sk
1
1
)
e
g
r
0
esk
0
0
g
r
1
esk
1
1
= g
r
0
0
g
r
1
1
= ¯c
Theorem 2. Authentication protocol is sound as de-
fined in Def. 2.
Proof. Suppose that a user does not know the pri-
vate keys and is ready to correctly respond to at least
two Verifier’s challenges (denoted as e, e
0
) by send-
ing (z
0
, z
1
) and (z
0
0
, z
0
1
). Then, the following equations
must hold for the User to be accepted.
¯c = pk
e
U
g
z
0
0
g
z
1
1
¯c = pk
e
0
U
g
z
0
0
0
g
z
0
1
1
By dividing we get:
1 = pk
ee
0
U
g
z
0
z
0
0
0
g
z
1
z
0
1
1
And finally we get:
pk
U
= g
z
0
z
0
0
e
0
e
0
g
z
1
z
0
1
e
0
e
1
And we reached the contradiction because the user
knows the private keys sk
0
=
z
0
z
0
0
e
0
e
and sk
1
=
z
1
z
0
1
e
0
e
.
Theorem 3. Authentication protocol is zero-
knowledge as defined in Def. 3.
Proof. We prove the zero-knowledge property by
constructing the zero-knowledge simulator S. The
simulator works in the following steps.
1. Randomly selects the responses ˆz
0
, ˆz
1
R
Z
q
.
2. Randomly selects the challenge ˆe
R
Z
q
.
3. Computes the commitment
ˆ
¯c = pk
ˆe
U
g
ˆz
0
0
g
ˆz
1
1
.
The simulator’s output is computationally indis-
tinguishable from the real protocol transcript, i.e.
(
ˆ
¯c, ˆe, ( ˆz
0
, ˆz
1
))
=
c
( ¯c, e, (z
0
, z
1
)), because all pairs are
selected randomly and uniformly from the same sets.
5 IMPLEMENTATION ASPECTS
In this section, we prove that our scheme is effi-
cient and easy to implement even on constrained
devices. We implemented all required operations
of the authentication protocol
2
on a set of devices
that have very limited resources. We used devices
that can be expected around modern users, namely
a smart-watch, smart-cards, a smart-phone, a secure
element with tamper-resistant hardware and a micro-
computer. The results for individual operations and
2
ModExp - modular exponentiation, RNG - random number
generation, ModMul - modular multiplication and Sub -
subtraction.
Multi-Device Authentication using Wearables and IoT
487
the total time of the authentication protocol are shown
in Tab. 1 for 1280-bit keysize and in Tab. 2 for 2048-
bit keysize.
Based on the implementation results, we state
that the authentication protocol can be easily imple-
mented on smart-phones and smart-watches with run-
ning times around 10 ms, on micro-computers with
running times under 100 ms for the standard vari-
ant and around 200 ms for the more secure vari-
ant. The protocol can be also implemented on pro-
grammable smart-cards using the Multos smart-card
platform with running times under 1 s for all variants.
The worst results were obtained using a microSD se-
cure element, a device that is used for storing sensi-
tive cryptographic information on mobile phones. Us-
ing this device, the authentication protocol would take
around 3 seconds.
6 CONCLUSION
In this paper, we proposed a novel multi-device au-
thentication scheme. By using the inputs from per-
sonal and wearable devices, the authentication pro-
cess gets more secure and reliable as it is possible to
verify not only user’s knowledge of a password, but
the presence of his wearables, tags and smart-devices
at his location. The scheme does not require any ad-
ditional actions from a user, allows easy registration
of new personal devices and deregistration of invalid
devices. The full security analysis is provided and im-
plementation aspects are described in this paper. As
the next step, we focus on adding privacy-enhancing
features to this scheme.
ACKNOWLEDGMENT
Research was sponsored by the Czech Science Foun-
dation project nr. 14-25298P Research into crypto-
graphic primitives for secure authentication and digi-
tal identity protection”, the Technology Agency of the
Czech Republic project TA04010476 ”Secure Sys-
tems for Electronic Services User Verification” and
the National Sustainability Program LO1401. For the
research, infrastructure of the SIX Center was used.
REFERENCES
Camenisch, J. and et Al. (2012). Specification of the iden-
tity mixer cryptographic library. Technical report,
IBM Research - Zurich.
Camenisch, J. and Stadler, M. (1997a). Efficient group sig-
nature schemes for large groups. In Advances in Cryp-
tology - CRYPTO ’97, volume 1294 of LNCS, pages
410–424. Springer Berlin / Heidelberg.
Camenisch, J. and Stadler, M. (1997b). Proof systems for
general statements about discrete logarithms. Techni-
cal report, IBM.
Cha, B.-R., Lee, S.-H., Park, S.-B., and Ji, G.-K. L. Y.-K.
(2015). Design of micro-payment to strengthen secu-
rity by 2 factor authentication with mobile & wearable
devices.
Chien, H.-Y. and Huang, C.-W. (2007). Security of ultra-
lightweight rfid authentication protocols and its im-
provements. SIGOPS Oper. Syst. Rev., 41(4):83–86.
Fiat, A. and Shamir, A. (1987). How to prove your-
self: Practical solutions to identification and signature
problems. In Advances in Cryptology - CRYPTO 86,
volume 263 of LNCS, pages 186–194. Springer Berlin
/ Heidelberg.
Gonzalez-Manzano, L., de Fuentes, J., and Orfila, A.
(2015). Access control for the cloud based on multi-
device authentication. In Trustcom/BigDataSE/ISPA,
2015 IEEE, volume 1, pages 856–863. IEEE.
Guillou, L. C. and Quisquater, J.-J. (1988). EURO-
CRYPT ’88: Workshop on the Theory and Applica-
tion of Cryptographic Techniques, chapter A Practical
Zero-Knowledge Protocol Fitted to Security Micro-
processor Minimizing Both Transmission and Mem-
ory, pages 123–128. Springer Berlin Heidelberg,
Berlin, Heidelberg.
Lashkari, A. H., Danesh, M. M. S., and Samadi, B. (2009).
A survey on wireless security protocols (wep, wpa and
wpa2/802.11 i). In Computer Science and Information
Technology, 2009. ICCSIT 2009. 2nd IEEE Interna-
tional Conference on, pages 48–52. IEEE.
Neuman, B. C. and Ts’ O, T. (1994). Kerberos: An authen-
tication service for computer networks. Communica-
tions Magazine, IEEE, 32(9):33–38.
Paquin, C. (2011). U-prove cryptographic specification
v1.1. Technical report, Microsoft Corporation.
Quisquater, J.-J., Guillou, L., Annick, M., and Berson, T.
(1989). How to explain zero-knowledge protocols to
your children. In Proceedings on Advances in cryp-
tology, CRYPTO ’89, pages 628–631, New York, NY,
USA. Springer-Verlag New York, Inc.
Riva, O., Qin, C., Strauss, K., and Lymberopoulos, D.
(2012). Progressive authentication: Deciding when to
authenticate on mobile phones. In Presented as part
of the 21st USENIX Security Symposium (USENIX Se-
curity 12), pages 301–316, Bellevue, WA. USENIX.
Schnorr, C. P. (1991). Efficient signature generation by
smart cards. Journal of Cryptology, 4:161–174.
Shepherd, S. J. (1995). Continuous authentication by analy-
sis of keyboard typing characteristics. In Security and
Detection, pages 111–114.
Xu, W. (2015). Mobile applications based on smart wear-
able devices. In Proceedings of the 13th ACM Confer-
ence on Embedded Networked Sensor Systems, pages
505–506. ACM.
SECRYPT 2016 - International Conference on Security and Cryptography
488