1

Leveraging Machine Learning for Wi-Fi-based

Environmental Continuous Two-Factor
Authentication
Ali Abdullah S. AlQahtani, Member, IEEE, Thamraa Alshayeb, Mahmoud Nabil, and Ahmad Patooghy, Senior
Member, IEEE

Abstract—The traditional two-factor authentication (2FA) meth- Google’s 2020 study indicates that 150 million people employ
ods primarily rely on the user manually entering a code or token 2FA to secure their accounts, the number is expected to rise as
during the authentication process. This can be burdensome and cybersecurity takes precedence among individuals and organi-
time-consuming, particularly for users who must be authenticated
frequently. To tackle this challenge, we present a novel 2FA ap- zations [2]. Microsoft’s research corroborates the effectiveness
proach replacing the user’s input with decisions made by Machine of 2FA, demonstrating that it can thwart 99.9% of automated
Learning (ML) that continuously verifies the user’s identity with cyberattacks [3]. As a result, 2FA has become an indispensable
zero effort. Our system exploits unique environmental features tool for protecting sensitive data. A survey by the Ponemon
associated with the user, such as beacon frame characteristics Institute further underscores its importance, showing that 56%
and Received Signal Strength Indicator (RSSI) values from Wi-
Fi Access Points (APs). These features are gathered and analyzed of U.S. organizations have implemented 2FA for at least a
in real-time by our ML algorithm to ascertain the user’s identity. portion of their workforce [4].
For enhanced security, our system mandates that the user’s two As 2FA necessitates two authentication factors from users to
devices (i.e., a login device and a mobile device) be situated augment the security beyond a mere password, the adoption
within a predetermined proximity before granting access. This of the second factor has become a research question and in-
precaution ensures that unauthorized users cannot access
sensitive information or systems, even with the correct login vestigated in [5]–[7]. Researchers have used a range of factors
credentials. Through experimentation, we have demonstrated our encompassing knowledge-based, possession-based, inherence-
system’s effectiveness in determining the location of the user’s based, location-based, behavioral-based, and ambient-based
devices based on beacon frame characteristics and RSSI values, factors [8]. Each approach aims to uniquely verify a user’s
achieving an accuracy of 92.4%. Additionally, we conducted identity while bolstering information security.
comprehensive security analysis experiments to evaluate the
proposed 2FA system’s resilience against various cyberattacks. However, existing 2FA techniques possess limitations, in-
Our findings indicate that the system exhibits robustness and cluding user inconvenience, susceptibility to human error,
reliability in the face of these threats. The scalability, flexibility, single-point authentication, restricted adaptability, scalability
and adaptability of our system render it a promising option challenges, and inflexibility. To tackle these issues, this paper
for organizations and users seeking a secure and convenient introduces a novel 2FA system that harnesses Wi-Fi radio
authentication system.
waves and Machine Learning (ML) to authenticate a user’s
Index Terms—two-factor authentication, machine learning, zero identity. The proposed system strives to deliver a seamless,
effort, continuous authentication, beacon frames, wireless access user-friendly 2FA experience that minimizes the need for
points, authentication module, Wi-Fi radio waves, RSSI values,
2FA, ML. users to supply additional authentication factors beyond their
primary login credentials. Furthermore, the proposed system
addresses the limitations of existing 2FA methods, enhancing
I. INTRODUCTION
scalability, adaptability, and flexibility.
S technology continues to advance at a rapid pace, the
A need for robust security measures to safeguard sensitive
information and data has become paramount. The Identity
This paper is an extension of our previously published paper
[9]. The new contributions with respect to the older version
are listed below:
Theft Resource Center (ITRC) report reveals that data breaches • We have incorporated four more ML models to develop
have surged by over 68% in 2020, with a total of 1,862 an ML-based 2FA system that leverages Wi-Fi access
incidents [1]. In response to these threats, the adoption of Two- point broadcast messages and RSSI values for reliable and
Factor Authentication (2FA) has seen a significant growth. secure user authentication. These models help eliminate
A. AlQahtani (the corresponding author) and A. Patooghy are with the the need for additional user input or action, reducing hu-
Department of Computer Systems Technology, North Carolina A&T State man error risks and improving the overall user experience.
University, Greensboro, NC, USA, 27411. • We have incorporated continuous authentication into our
E-mails: AlQahtani.aasa@gmail.com, apatooghy@ncat.edu
T. Alshayeb is with the Department of Physics & Astronomy, George Mason system, which enhances security by constantly verifying
University, Fairfax, VA, USA, 22030. the user’s identity while accessing protected resources,
E-mail: Alshayeb.t@gmail.com effectively thwarting unauthorized access.
M. Nabil is with the Department of Electrical & Computer Engineering,
North Carolina A&T State University, Greensboro, NC, USA, 27411. • We conducted a Feature Importance analysis, which pro-
E-mail: mnmahmoud@ncat.edu vides insights into the significance of each feature in the
 2

classifications made by the ML models in the proposed Area Networks (CANs) by exploiting physical layer features
system. and using reinforcement learning to choose the authentication
• We evaluated the computation overhead of the proposed mode and parameter [23]. The proposed scheme employs
system in implementing the second layer of authentica- a deep learning approach to further enhance authentication
tion using different ML models. efficiency.
• We have conducted a comprehensive security analysis In [24], Gabriele et al. investigate the use of AI-based
of our proposed system to evaluate its resilience against solutions for physical-layer authentication of Low-Earth Orbit
potential cyberattacks, including evasion attacks, model (LEO) satellites, a challenging scenario due to non-standard
extraction attacks, and radio frequency signal interference electronics and unique attenuation and fading characteristics.
attacks. The study uses Convolutional Neural Networks (CNN) and
The remainder of this paper structure is organized as fol- autoencoders to authenticate satellite transducers with high
lows: Section II discusses ML-based secure authentication and accuracy but highlights the potential limitations due to the
continuous 0E2FA methods for various applications. Section high number of I-Q samples required and the low bandwidth
III presents a detailed description of the network and threat of satellite links.
models for the proposed system. In Section IV, we present Various Zero-Effort Two-Factor Authentication (0E2FA)
the proposed system and how it uses beacon frames and RSSI mechanisms that aim to authenticate users without requir-
values to verify a user’s identity. Section V describes the exper- ing extra user interaction were published [25]–[29]. The
iments conducted to evaluate the proposed system, including paper, [30], leverages environmental Bluetooth Low En-
the dataset used, the performance metrics calculated, and the ergy (BLE) signal characteristics for co-location detection,
results obtained. In section VI, we discuss the security analysis while SoundAuth [31] uses ambient audio signals and
of the proposed 2FA system by examining its vulnerability ML techniques for authentication. The proposed system in
to various cyberattacks and evaluating its resilience against [32] captures gait patterns using a smartphone and smart-
them. Section VII discusses the proposed system’s features, watch/bracelet, and Vibe [33] uses vibration communication
including reliability, zero-effort authentication, continuous au- for user authentication.
thentication, adjustability, scalability, flexibility, and a one-
time login solution. Section VIII concludes and summarizes Another study [34] presents a smart hotel access system that
the key points and contributions of the proposed system. uses Near Field Communication (NFC) Host-Card Emula-
tion application for authentication. These mechanisms provide
more secure and reliable solutions for zero-effort authentica-
II. RELATED WORK tion while maintaining user-friendliness. They have been tested
Various secure authentication mechanisms utilizing ML have and evaluated for usability and security, and they demonstrate
been proposed for different applications [10]–[14]. For in- good resistance to attacks and high detection accuracy. The
stance, Gupta et al. [15] proposed a secure authentication vulnerability of touch-based continuous authentication systems
mechanism that uses ML and nonce-based systems for a (TCAS) to active adversarial attacks is investigated in [35].
telecare medical information system. Punithavathi et al. [16] The significant role of security incidents caused by insiders
introduced a cloud-based cancelable biometric authentication in attacks against organizations is addressed in [36], which
system for IoT devices. proposes a continuous authentication solution for large multi-
In [17], the authors propose a deep-learning-based active site enterprises based on Apache Spark, Apache Cassandra,
authentication method that utilizes sensors in consumer-grade Kafka, and a MySQL database.
smartphones to authenticate users. Furthermore, a mouse data
A novel authentication mechanism for smartphones that uti-
protection technology is introduced in [18] that generates
lizes gait patterns and keystroke dynamics as behavioral
random mouse positions to protect mouse data and uses ML
biometrics to establish a multimodal biometrics profile is
to verify its security. A novel technique for secure access to
proposed in [37]. The experimental results demonstrate the
smartphones utilizing piezoelectric touch sensing supported
robustness and security of the proposed method against differ-
keystroke dynamics to authenticate users was proposed [19].
ent types of attacks.
An IoT authentication system based on ML that uses human
impedance as a user identifier is also introduced in [20]. Finally, a behavioral biometrics approach for exoskeletons
Furthermore, the integration of ML techniques into a DevOps using wearable sensors to ensure the user’s identity and
ecosystem to develop a Risk Authentication/Assessment De- authority during operation is proposed in [38], which could
cision Engine (RADE) that estimates the risk level of each be useful for other wearables used in robot control.
authentication attempt is presented in paper [21]. Lastly, a new Recent advancements in adversarial attack methodologies pro-
two-factor authentication scheme based on real-time keystroke posed for DL-based wireless signal classifiers aimed at anti-
dynamics using the K-nearest neighbor classification algorithm eavesdropping have been highlighted in [39]. In contrast, our
is introduced in [22]. research primarily centers on developing two-factor authenti-
In the field of secure communication, two recent papers cation. By utilizing ML for continuous identity verification
propose novel methods for authentication using physical layer based on environmental features, we emphasize providing
features and deep learning algorithms. The first paper presents secure and convenient user authentication without directly
a framework for preventing spoofing attacks in Controller addressing adversarial attack techniques.
 3

III. NETWORK & THREAT MODELS a) A database that stores the selected beacon frame char-
This section provides a detailed description of the network acteristics i.e., SSID, BSSID (i.e., uses only in step
model used in the proposed 2FA system, as well as explores 4 in Figure 2), and Wi-Fi radio waves frequency)
the threat model of the system. and RSSI values collected from the user’s devices, as
well as the user’s login credentials and other necessary
information required for the authentication process. In
A. Network Model general, Wi-Fi beacon frames contain various charac-
In the proposed 2FA system, at least one Wi-Fi Access Point teristics that serve specific purposes in network oper-
(AP) must be present in the user’s environment. This AP will ations. However, not all of these characteristics have
transmit beacon frames containing unique characteristics. For a direct impact on device localization. By focusing on
system use, the user needs two Wi-Fi-enabled devices (e.g., the ones that directly affect device localization (i.e.,
a smartphone and a laptop). The laptop/PC acts as a login SSID, BSSID, Wi-Fi radio wave frequency) and RSSI
device, and the smartphone serves as a mobile device. Both - we can streamline the localization process, reduce
devices must contain applications that collect and transmit data computational complexity, and develop an effective
to the authentication entity. Below is a list of the required solution for real-world applications.
components, see Figure 1: b) An authentication module that utilizes an ML al-
gorithm analyzes the collected data from the user’s
devices and makes the final decision on whether to
grant the user access to the authentication entity.
During the registration phase, the users must activate and cre-
ate their account through the custom mobile application. Once
logged in, the application runs in the background, waiting
User’s Devices Wi-Fi APs for instructions from the authentication entity. Every time the
user wants to use the system, the application automatically
scans their environment and transmits the collected data to
the authentication entity. The process is seamless and does
not require the user to take any additional actions through the
mobile application.

Custom Applications Authentication Entity

B. Threat Model
Fig. 1: Required Components; icons from [40] The proposed system considers two primary categories of
potential attackers: internal and external. Individuals who
1) Device Requirements: the proposed system necessitates possess authorized access to the system, such as employees,
the utilization of two distinct devices for authentication contractors, or those with insider knowledge of the system’s
purposes: a login device and a mobile device. The login architecture, algorithms, and data, fall under the internal
device, such as a computer, allows the user to access the attackers category. Such attackers may exploit their access or
system, while the mobile device, typically a smartphone, knowledge to compromise the system’s security from within
is carried by the user to send and receive beacon frames. by manipulating input data or ML models to achieve their
2) APs: The system relies on APs to disseminate beacon objectives.
frames for user authentication. These APs can be any External attackers, on the other hand, are individuals or entities
wireless AP compatible with IEEE 802.11 standards, without authorized access to the system. These attackers
including Wi-Fi APs. typically exploit vulnerabilities in the system from outside
3) Custom Applications: To facilitate the authentication by intercepting communications, finding weaknesses in the
process, our system mandates the use of specialized algorithms, or compromising the infrastructure that supports
applications on both the login and mobile devices. These the system.
applications are responsible for the transmission and The proposed 2FA system, relying on radio waves and ML, is
reception of beacon frames and for communication with susceptible to a range of security threats that can undermine
the server and database. its performance and security. Attackers can exploit weaknesses
4) Authentication Entity: This component is in charge of in the ML models, manipulate input data, or obstruct commu-
storing user authentication data and orchestrating the nication channels, leading to the system’s compromise. The
authentication procedure. By receiving and processing considered threats in this work include evasion, wherein ma-
beacon frames and RSSI values from user devices (i.e., licious inputs are created to bypass the detection mechanisms,
a login device and a mobile device), it makes informed model extraction, which involves reverse-engineering the ML
authentication decisions based on the properties of these model to gain unauthorized access, and radio frequency signal
frames. The authentication entity consists of the following interference attacks that disrupt the communication channels
sub-components. by emitting conflicting signals, reducing the system’s ability to
 4

operate effectively. These threats are discussed and examined

in Section VI.
AP%
AP3
3- Server triggers devices to scan and
IV. THE PROPOSED SYSTEM collect then transmit it back
Database ML Module

This section provides a detailed description of the proposed Server

system. Specifically, we will discuss the authentication process 2- Validate the entered
credentials
and the features of the proposed system. Before utilizing the APn
4- Server Confirms the location
of user's devices
system, users must create a profile and download the required
1- User submit a Login 5- Server uses ML to check if
applications; discussed early in Subsection III-A. request via a PC/laptop Mobile device devices meet threshold
6- Server makes a decision
Login device

A. Authentication Phase
AP2 AP$
The proposed authentication follows a multi-layered approach
to access protected entities. The first layer requires users to Fig. 2: System Configuration & Authentication Process
enter a valid username and password for authentication. After
this, the second authentication layer requires users to satisfy
two criteria. The first criterion mandates that both the user’s
It is essential to note that while our authentication may seem to
devices (i.e., a login device and a mobile device) are present follow a binary decision framework (access granted or denied),
in a predefined number of overlapped Wi-Fi access points that
the underlying processes involve intricate analyses. The binary
are visible to both devices. The second criterion demands that
classification approach was chosen for its suitability in authen-
the devices are within a specific proximity threshold; more
tication scenarios. Here, a user is either authenticated or not,
details will be presented in Subsection IV-B3. making it inherently binary. However, the complexity arises
We assume that the determination of the number of over-
in making this binary decision, which involves multi-layered
lapping Wi-Fi APs and the proximity threshold is conducted
checks, continuous monitoring, and ML-based evaluations.
through an administrative process that considers the particular These intricacies go beyond mere binary results and are pivotal
security needs of the protected entity.
for ensuring robust and reliable authentication.
The proposed authentication process aims to balance conve-
nience and security by minimizing the user’s burden while
ensuring reliable authentication. To provide readers with a B. The Proposed System Features
clearer understanding of the system configuration and under-
lying processes, we further detail our algorithm and models. In this subsection, we will explain the features of our system
The subsequent sections will delve into the specifics. Figure 2 incentives. Then, we will compare these features against the
illustrates the system configuration and steps involved in the discussed related works in Subsection IV-C.
process: 1) Zero-effort: The proposed system has a ”zero-effort” fea-
1) The user attempts to access the authentication entity and ture or ”Noninteractive”, which significantly enhances the user
enters his/her login credentials (username and password). experience by automating the authentication process, eliminat-
2) The server validates the credentials by checking them ing the need for additional input or action. By employing ML
against the stored user profile. to analyze the selected beacon frame characteristics and RSSI
3) The server triggers the user’s devices (i.e., a login device values from users’ devices (i.e., a login device and a mobile
and a mobile device) to collect the selected beacon frame device) the system efficiently implements the second layer of
characteristics and measure RSSI values from the Wi-Fi authentication and verifies their identity; steps 4 and 5. This
APs in the user’s environment, and transmit them to the seamless approach not only boosts user satisfaction but also
server. bolsters security through the reduction of human error risks,
4) In order to confirm the location of the user’s devices, the ultimately resulting in a streamlined and secure authentication
server checks that both devices can detect a predefined experience.
number of overlapping Wi-Fi APs. This is done by 2) Continuous Authentication: The continuous authentication
comparing the unique identifiers (SSIDs and BSSIDs) of feature in the proposed system enhances security by constantly
the Wi-Fi APs. Both devices will scan and detect Wi-Fi verifying a user’s identity while they access protected re-
APs in his/her vicinity and create a list of the Wi-Fi APs sources; repeating step 5 in Figure 2. Utilizing ML technology,
that have matching SSIDs and BSSIDs. By identifying the system analyzes distinctive environmental characteristics
overlapping Wi-Fi APs, the server can confirm that the and signals to ensure that the user’s devices remain co-located.
user’s devices are in close proximity to one another. If the devices are no longer in the same location, the session
5) The server uses ML to analyze the collected data from the is promptly terminated. This approach not only improves
user’s devices (i.e., a login device and a mobile device) security by thwarting unauthorized access but also offers user
to determine if the devices are within the predefined convenience and alleviates the need to remember to log out,
threshold or not. resulting in a seamless and secure experience; this feature will
6) The final decision is made based on the joint success of be examined in the experiment presented in Section V-D and
steps 4 and 5. If both are successful, access is granted; achieved a 100% success rate in terminating the session when
if not, access is denied. the user’s devices were not co-located.
 5

3) Adjustability: The adjustability of the proposed system 1) Wi-Fi APs: A total of ten APs were detected by the
plays a crucial role in providing a high level of security, as system utilizing publicly available Wi-Fi APs in a North
it facilitates the customization of the access policy process Carolina A&T research laboratory on a typical school day
according to the distinct needs of each protected entity. By to simulate a busy building setting. It is noteworthy that
modifying key factors, such as the number of Wi-Fi APs in- the detection of radio waves from the APs did not require
volved in users’ identity verification and the distance threshold any connection to them.
(i.e., used in the authentication process, steps number 4 and 2) User devices: Raspberry Pi 3 Model B boards were
5 in Figure 2), the system can be fine-tuned to address the employed to mimic the users’ two devices, namely, the
security requirements of a wide range of systems and data mobile device and the login device.
types. This adaptability enables a tailored security solution 3) Server: A desktop computer with Ubuntu 16.04 LTS (64-
that effectively accommodates varying levels of protection, bit) as the operating system was utilized to run the
ensuring that each entity’s unique demands are met without computer and host the ML module. Additionally,
compromising the overall performance and reliability of the PhPmyadmin was used to create and execute the database.
system.
4) Flexibility: The proposed system’s use of broadcast mes-
B. Data Collocation Phase
sages is a crucial element of its flexibility. By relying on
broadcast messages (i.e., used in the authentication process, The purpose of the data collocation phase was to gather
step number 3), the system can easily adapt to different settings sufficient data to train the proposed system’s ML module
without significant modifications. This allows the system to be to determine the location of the user’s devices based on the
deployed in various environments without requiring extensive chosen beacon frame characteristics and RSSI values from Wi-
customization, reducing the time and cost associated with Fi APs. To collect the data, a maximum threshold distance of
implementation. The use of ML further enhances the system’s 7 feet between the user’s devices was established.
flexibility by enabling it to adjust to the unique characteristics Two datasets were then collected: an ”authentic” dataset with
of each user’s environment. This means that the system can data collected when the two Raspberry Pis were within 7
accurately identify users, regardless of their location or device. feet of each other, and an ”unauthorized” dataset with data
As a result, the proposed system is a highly versatile solution collected when the distance between the Pis was greater than
that can be applied to a wide range of environments, providing 7 feet (a minimum distance of 7.5 feet). To diversify the data
an adaptable and robust security solution. samples, the Pis were repeatedly placed at varying distances
for both datasets.
This approach helped identify the ”gray area” between the
C. Comparison with the Discussed Related Works acceptable threshold distance and the distance at which access
Although several 2FA methods have been proposed and disuc- should be denied. A total of 4,825 data samples were collected
sieed in Section II, we believe that the community needs to put from two Raspberry Pis for the two datasets, with 2,442
some efforts to progress the field. Reviewing the related works samples in the ”authentic” dataset and 2,383 samples in the
show that almost each and every of the proposed methods ”unauthorized” dataset. This near-equal distribution helps in
suffer from at least one of the desired criteria for 2FA e.g., preventing biases in the ML model towards either category.
interactability, continuum, adjustability, and flexibility. Table These samples were collected from 10 different Wi-Fi access
I summarizes this claim and compares our proposed method points located in various positions within the experimental
against methods of the literature. Later on, we will discuss areas and at different times.
how each of these criterion is supported in our method in The resulting datasets consisted of six columns: ”RPi”,
their respective subsections. ”SSID,”, ”Frequency (Hz)”, ”RSSI (dBm)”, ”Location”, and
”Label.” In our datasets, the independent variables include
TABLE I: Comparison with The Discussed Works, Where ✓: ”RPi” (which Raspberry Pi collected the data), ”SSID” (name
Feature Supported, and ✗: Not Supported of the Wi-Fi AP), ”Frequency (Hz)” (frequency of the Wi-
Study Noninteractive Continuum Adjustability Flexibility Fi AP), and ”RSSI (dBm)” (RSSI value in dBm). These
[10]–[24] ✗ ✗ ✗ ✗ variables represent the factors that we manipulated or observed
[25]–[38] ✓ ✓ ✗ ✗ to see their effect on the dependent variable. The dependent
Ours ✓ ✓ ✓ ✓
variable in our study is ”Label,” a binary variable indicating
whether the sample is ”authentic” (1) or ”unauthorized” (0).
This dependent variable reflects the outcome we are interested
V. EXPERIMENT in predicting based on the independent variables.
In this section, we describe the experimental setup utilized to The datasets were curated to ensure a balance between the
evaluate the proposed authentication system. ”authentic” and ”unauthorized” samples.
For empirical evaluation, we employed the N-fold cross-
validation technique. Specifically, we utilized 5-fold cross-
A. System Configuration validation in our analysis. This involved dividing the dataset
The system configuration consisted of the following compo- into five parts, using four parts for training and one part for
nents. testing iteratively.
 6

TABLE III: Feature Importance Results

Model RPi SSID Frequency (Hz) RSSI (dBm) Location
DT 0.18% 7.82% 17.42% 70.79% 3.79%
KNN 0.34% 0.18% 19.75% 30.10% 4.80%
RF 1.13% 7.28% 27.70% 54.56% 9.32%
Fig. 3: Dataset Visualization SVM 0.01% 65.20% 13.04% 21.75% 0.01%
LR 0.61% 55.20% 1.19% 37.09% 5.91%

In the evaluation phase, we partitioned our labeled data into

RSSI (dBm) remains the most crucial feature, contributing
a training set (80%) and a testing set (20%). Six different
30.10%, while Frequency (Hz) accounts for 19.75%. In the
ML models were employed to evaluate the proposed system,
RF model, RSSI (dBm) again holds the highest importance at
namely Decision Tree (DT), K-Nearest Neighbors (K-NN),
54.56%, with Frequency (Hz) coming in second at 27.70%.
Random Forest (RF), Support Vector Machine (SVM), Naive
Intriguingly, the SVM model identifies SSID as the most
Bayes (NB), and Logistic Regression (LR). The selection
important feature with a 65.20% score, and RSSI (dBm)
of these models was based on their effectiveness in similar
follows at 21.75%.
classification tasks. We computed the confusion matrix for
From Table III, it is evident that RSSI (dBm) is the most
each model and used the five standard evaluation metrics for
classification tasks in ML: accuracy, sensitivity, specificity, F1 significant feature for DT, KNN, and RF models, while the
SVM and LR model prioritizes SSID. Other features, such as
Score, and precision. The confusion matrices for the DT, KNN,
RPi, Frequency (Hz), and Location, exhibit varying levels of
RF, SVM, NB, and LR models are presented in Figure 4.
importance across different models.
TABLE II: Evaluation Results
Model Accuracy Sensitivity Specificity F1 Score Precision D. Continuous Authentication
DT 0.924 0.918 0.932 0.926 0.934
KNN 0.923 0.911 0.936 0.924 0.938
To simulate continuous authentication using the proposed
RF 0.922 0.92 0.925 0.924 0.929 system, an algorithm was developed and translated to Python
SVM 0.903 0.895 0.91 0.904 0.914 code that both mimics the system and continuously monitors
NB 0.885 0.849 0.923 0.884 0.921 the user’s environment. The continuous authentication process,
LR 0.881 0.891 0.87 0.885 0.879
outlined in Figure 5, involves monitoring the location of the
As can be seen from Table II, the DT and KNN models per- user’s devices (i.e., a login device and a mobile device) and
form the best overall, with DT achieving the highest accuracy terminating the session if they are no longer in the same
and F1 Score, and KNN obtaining the highest specificity and location.
precision. RF also performs well with the highest sensitivity. The continuous authentication feature collects new Wi-Fi
characteristics data from the user’s APs using a loop, with
each iteration processing the collected data using previously
C. Feature Importance
trained ML models, including DT, KNN, RF, SVM, NB, and
The Feature Importance analysis was conducted to understand LR. The loop identifies the label for the new data using each
the significance of each feature in the classifications made by model in the list. If any of the models classifies a negative
the ML models within the proposed system. This information label, indicating that the user’s devices (i.e., a login device
is instrumental in identifying the key features that drive the and a mobile device) are no longer co-located, the session
model’s accuracy. We determined the feature importance for terminates, and the loop exits. If the label is positive, the loop
DT, RF, KNN, SVM, and LR. However, this metric is not waits for a specified interval of 30 seconds, which is most
applicable to the NB model. Since NB is a probabilistic model, commonly supported by devices for scanning at intervals of
it assumes conditional independence among features given the 30 seconds or longer, before conducting another check.
target class and does not account for feature interactions or This process repeats continuously until the session is ter-
correlations when classifying. minated by a negative label classification or a user ends
Identifying feature importance enables us to pinpoint the session. In the experiment, the system was tested by
the most crucial factors in generating accurate pre- increasing the distance between two Raspberry Pis beyond
dictions. In our Python implementation, we used the the threshold of 7 feet after access was granted. Once the
feature importances attribute to directly obtain the im- proposed system detected that the user’s devices (i.e., a login
portance of each feature for DT and RF models. For KNN, device and a mobile device) were no longer in range (after the
we employed the mutual info classif function from the predetermined interval of 30 seconds), the session terminated
sklearn.feature selection module to compute the mutual immediately. Ten trials were conducted, and the proposed
information between each feature and the target variable. system achieved a 100% success rate in terminating the session
Lastly, we determined feature importance for SVM and LR when the user’s devices were not co-located.
models by utilizing the absolute value of the coefficients,
accessed through the coef attribute.
Table III presents our results. In the DT model, the most E. Computation overhead
important feature is RSSI (dBm), with a 70.79% score, fol- The presented experiment measures the time required for the
lowed by Frequency (Hz) at 17.42%. For the KNN model, proposed authentication system to make decisions using six
 7

450 450

400 400

436 32 350 438 30 350

0

0
300 300
Actual

Actual
250 250

200 200

150 150
41 456 44 453
1

1
100 100

50 50

0 1 0 1
Predi cti on Predi cti on

Decision Tree Confusion Matrix K-nearest Neighbors Confusion Matrix

450

400
400

434 34 430 38 350

350
0

0
300
300
Actual

Actual
250 250

200 200

150 150
40 457 54 443
1

1
100 100

50 50

0 1 0 1
Predi cti on Predi cti on

Random Forest Confusion Matrix Support Vector Machine Confusion Matrix

400
400

350
432 36 407 61 350
0

300
300
Actual

Actual

250
250

200
200

150
75 422 54 443 150
1

100
100

50

0 1 0 1
Predi cti on Predi cti on

Naive Bayes Confusion Matrix Logistic Regression Confusion Matrix

Fig. 4: Confusion matrices for various classifiers

different ML models: DT, KNN, RF, SVM, NB, and LR. The F. Quantitative Comparison With The Discussed Related
processing time for each ML model is reported in seconds in Works
Table IV.
The quantitative comparative analysis presented in Table V
Based on the results, the proposed authentication system underscores a notable trend in the extant literature: a predom-
demonstrates efficiency in implementing the second layer of inant focus on accuracy, often at the expense of addressing
authentication, with the maximum time taken by any ML efficiency. While many studies have achieved commendable
model being 0.263 s, indicating satisfactory overhead for the accuracy rates, the conspicuous absence of efficiency metrics
processing time. suggests a potential oversight in holistic model evaluation.
Our research endeavors to bridge this gap. By not only achiev-
TABLE IV: Time Consumption ing a competitive accuracy rate of 92.4% but also emphasizing
Model DT KNN RF SVM NB LR the model’s efficiency, clocking in between 0.001s to 0.263s,
Time 0.002 s 0.009 s 0.1 s 0.263 s 0.001 s 0.007 s we present a more comprehensive evaluation framework. This
 8

A. Evasion Attacks
Start In the context of the proposed 2FA system, an evasion attack
could occur if an attacker attempts to manipulate the RSSI
values to deceive the system. Continuous authentication is a
Initialization
key feature of the proposed system that can mitigate evasion
attacks. By continuously monitoring the user’s environment,
Collect New Data the system can detect anomalies in the RSSI values that may
indicate an attack attempt. The system can then take appropri-
ate actions, such as requesting additional authentication from
Validate Location
the user, or even blocking access to the account.
To evaluate the system’s resilience against such attacks, we
assess the system’s performance when an attacker manipulates
the RSSI values to deceive the system. We simulate an evasion
Label positive?
attack by adding random noise to the RSSI feature of the test
Yes data and evaluating the system’s performance on the modified
test data. To this end, we fit each ML model to the training data
and then test the system’s performance on the noisy test data,
No see Figure 6. As shown in Figure 9a, the system’s performance
remains relatively stable for most of the classifiers even when
Session Termination
random noise is added to the RSSI feature of the test data,
Fig. 5: Continuous Authentication Fluxogram indicating that the system is not significantly affected by an
attack attempt. This result suggests that the proposed system
is robust against evasion attacks.
balanced approach underscores our model’s applicability in B. Model Extraction Attack
diverse real-world scenarios, catering to both the need for
correct classifications and timely outputs. Such a dual-focused Model Extraction attack involves an adversary attempting
evaluation approach is pivotal in advancing the field, ensuring to extract the parameters or structure of a ML model by
that future models are not only accurate but also pragmatically training a separate ”shadow model” based on the outputs of
efficient. the original model. Once the shadow model is trained, the
One of the standout features of our research is the deploy- adversary can use it to make predictions about new data and
ment of a three-factor authentication system, highlighted in compare these predictions to the outputs of the original model
the ”Number of Factor” column. While many conventional to learn more about the structure and parameters of the original
methods lean on 1-2 factors, typically passwords or biometrics, model. To mitigate the Model Extraction attack, we use model
our approach presents a distinctive triad. ensembling, which involves training multiple models on the
same dataset and combining their outputs to make a prediction.
First, there is the Explicit Authentication, where users are
This makes it more challenging for attackers to extract the
prompted to input a valid username and password. Following
parameters of any single model, since they would need to
that, we introduce two continuous, non-interactive, or ”zero-
extract the parameters of all of the models to gain a complete
effort” phases: Proximity and Device Presence and Zero-Effort
understanding of the system.
Authentication. In the former, authentication is contingent
We loaded a dataset and trained a RandomForest (RF) model
upon both user devices (i.e., a login device and a mobile
on it. To simulate a Model Extraction attack, we created
device) being present within overlapping Wi-Fi access points
adversarial examples by significantly altering the RSSI (dBm)
and staying within a designated proximity threshold. The latter
values in the dataset. Using these adversarial examples and the
employs ML to effortlessly authenticate users based on beacon
predictions from our original RF model, we trained a shadow
frame characteristics and RSSI values from their devices,
RF model. We then evaluated the shadow model’s performance
without requiring any further interaction from them.
on the original test data to gauge its ability to approximate the
TABLE V: Quantitative Comparison with The Discussed original RF model’s behavior. This entire process is detailed
Works, where NM: Not Mentioned in Figure 7.
Figure 9b shows the performance of the attack model, in-
Study Number of Factor Accuracy Time Consumption
dicating that the targeted model (RF) was affected by this
[10]–[24] 1-2 87% - 98.5% NM
[25]–[38] 1-2 90% - 99.11% NM type of attack, while the rest were not affected. These results
Ours 3 92.4% 0.001s - 0.263s demonstrate the effectiveness of our proposed system’s model
ensembling approach in mitigating the Model Extraction at-
tack.
VI. SECURITY ANALYSIS C. Radio Frequency Signal Interference Attack
In this section, we examine the security of the proposed 2FA Radio Frequency Signal Interference Attack is a cyberattack
system and assess its resilience against various cyberattacks. that disrupts wireless communication between two devices
 9

Start
Start

Load Data
Load Dataset

Preprocess Data
Shuffle and Split Data

Define Models
Train Target Model

Query Target with Test Data

Yes For each Model

Generate Adversarial Data

Train Model
Train Shadow Model

Copy Test Set

Evaluate Shadow Model

Add Noise
Display Results
No
Identify Labels
End

Calculate Metrics Fig. 7: Model Extraction Attack Simulation Fluxogram

Store Results Reset Test Set

Start
Display Results

Load Dataset
End

Define Features and Target

Fig. 6: Evasion Attack Simulation Fluxogram

Add Interference to Data

(i.e., a login device and a mobile device) by transmitting radio
signals. The attacker injects unauthorized radio signals into
Split Data into Train and Test
the wireless network, causing signal degradation, packet loss,
and potentially unauthorized access to sensitive information.
Continuous authentication can also help mitigate the effects Define ML Models
of this attack by constantly monitoring the user’s environment
and comparing it with the data collected during the initial
Train Models on Training Data
login. If there is a significant deviation from the original data,
the system can assume that an attack is underway and either
deny access or request additional authentication measures. Classify on Test Data
We simulated RF signal interference attack by adding random
noise to the feature data using NumPy’s ’random.normal()’
Evaluate classifications
function; see Figure 8. The Interference variable is generated
using this function with a normal distribution having a mean
of zero and a standard deviation of 2. The noise is added to Display Results
the feature data ’x’ by adding Interference to it, creating a new
array ’x noisy’.
End
The results of our experiment indicate that the proposed
system demonstrated a high level of resilience to this type of Fig. 8: Radio Frequency Signal Interference Attack Simulation
attack, even when subjected to significant interference. Figure Fluxogram
9c provides a visual representation of the results obtained.
 10

Accuracy Sensitivity Specificity F1 Score Precision

0.944
0.938
0.936

0.935

0.935
0.934

0.934
0.932

0.929

0.928

0.929
0.929
0.925
0.924

0.926

0.924

0.925
0.924
0.923

0.922

0.923

0.921
0.918

0.917

0.917
0.916

0.914

0.915
0.912

0.914
0.911
1.0

0.903

0.903

0.904
0.903
0.899

0.901
0.895
0.92

0.92

0.891
0.885

0.885
0.91

0.91

0.884

0.881

0.879
0.873

0.867

0.858
0.852
0.849

0.848
0.9

0.845

0.87

0.835
0.833
0.751
0.8

0.6

0.4

0.2

DT DT' KNN KNN' RF RF' SVM SVM' NB NB' LR LR'

(a) Simulate Evasion Attack Result Visualization

Accuracy Sensitivity Specificity F1 Score Precision

0.965

0.942
0.938

0.938
0.936

0.936
0.934

0.934
0.932

0.932

0.929
0.926

0.926

0.924

0.924
0.924

0.924

0.923

0.923

0.925
0.924

0.923

0.923
0.922

0.921

0.921
0.918

0.918

0.914

0.914
0.911

0.911

0.904

0.904
1.0

0.903

0.903
0.895

0.895
0.92

0.891

0.891
0.885

0.884

0.885

0.884

0.885

0.885
0.91

0.91

0.881

0.881
0.879

0.879
0.849

0.849

0.87

0.87
0.78

0.726
0.8

0.59

0.6

0.4

0.2

DT DT' KNN KNN' RF RF' SVM SVM' NB NB' LR LR'

(b) Simulate Model Extraction Attack Result Visualization

Accuracy Sensitivity Specificity F1 Score Precision

0.938
0.936
0.934
0.932

0.929

0.927
0.924

0.926

0.924

0.925
0.924

0.923

0.925
0.923

0.922

0.921
0.918

0.914

0.914
0.911

0.911

0.912

0.912
0.908

1.0
0.904
0.903
0.898
0.896

0.895
0.92

0.893

0.894

0.893
0.892

0.891
0.885

0.885

0.885
0.91

0.884

0.884
0.91

0.882

0.881

0.879
0.875

0.875

0.869
0.849

0.843

0.87

0.841

0.831
0.85
0.812
0.809
0.803
0.797
0.794
0.785

0.8

0.6

0.4

0.2

DT DT' KNN KNN' RF RF' SVM SVM' NB NB' LR LR'

(c) Simulate RF Signal Interference Attack Result Visualization

Fig. 9: Combined Attack Result Visualizations; Modal’s Name with Apostrophe Indicates Result After Attack

VII. SYSTEM ANALYSIS adaptive capability of ML minimizes the necessity for frequent
maintenance or updates, rendering the system cost-efficient.
In this section, we discuss the proposed system features, each
one in its own subsection. Our proposed scheme demonstrates outstanding reliability,
as evidenced by a 92.4% success rate in implementing the
second layer of authentication in our experimental results,
A. Reliability as presented in Table II. Before implementing the second
ML is employed in our authentication system to bolster layer of authentication, the system must achieve a 100%
reliability and precision, circumventing the limitations of success rate in authentication steps number 1, 2, and 4 in
traditional two-factor methods that often necessitate manual Figure 2. We further evaluated its robustness under adversarial
input of codes or tokens. By analyzing the user’s environment, conditions by introducing various attack scenarios in Section
ML eradicates the need for user input and mitigates human VI. Even in these challenging circumstances, the highest time
errors, thereby enhancing the system’s dependability. The self- for a successful login using ML remained at a swift 0.263
 11

seconds as can be seen from Table IV. Collectively, these The system also uses a ”zero-effort” approach, automating the
factors contribute to the system’s robust performance, instilling authentication process and reducing the risk of human error
confidence in its practical, real-world applications. while enhancing user experience and security. Moreover, the
continuous authentication feature verifies the user’s identity
B. Scalability constantly and terminates the session if the devices (i.e., a
login device and a mobile device) are no longer in the same
The proposed system that utilizes broadcast messages from
location, further improving security and user convenience.
Wi-Fi APs to authenticate users relies heavily on the scalability
of the system to handle an increasing number of users and Future research might include a thorough evaluation of the
devices smoothly. Smart devices, like mobile phones, laptops, system’s performance under various practical scenarios, such
as public places, hospitals, offices, and government buildings,
and tablets, can detect signals from various radio frequency
sources in their vicinity, and as they move between networks, to better understand the system’s capabilities and limitations.
they receive broadcast messages from APs containing useful Investigation into how to integrate the proposed system with
existing systems, such as access control systems, and how to
information.
make the system more scalable and efficient would also be
This allows for high scalability, as any Wi-Fi-enabled device
within range can receive and process the messages, regardless useful for practical implementation and cost optimization.
of its connection to a particular network (i.e., used in the
authentication process, step number 3 in Figure 2). The ability REFERENCES
of the proposed system to scale effortlessly enables it to [1] ITRC, “Identity Theft Resource Center’s 2021 Annual Data
Breach Report Sets New Record for Number of Compromises —
handle a large number of users and devices simultaneously idtheftcenter.org,” https://www.idtheftcenter.org/post/identity-theft-
without any significant impact on the system’s performance. resource-center-2021-annual-data-breach-report-sets-new-record-for-
This feature makes the proposed system an excellent choice number-of-compromises/, 2022.
[2] A. G. Jason Cipriani, “Google signs up 150 million people for two-
for organizations that require a scalable security system to factor authentication: What it is, how it works — cnet.com,”
manage their growing user base without compromising the https://www.cnet.com/tech/services-and-software/google-signs-up-150-
system’s reliability or performance. million-people-for-two-factor-authentication-what-it-is-how-it-works/,
2020.
[3] M. Maynes, “One simple action you can take to prevent
C. Limitation and Contingency 99.9 percent of attacks on your accounts — microsoft.com,”
https://www.microsoft.com/en-us/security/blog/2019/08/20/one-simple-
In situations where a user cannot access his/her mobile device action-you-can-take-to-prevent-99-9-percent-of-account-attacks/,
or there are no APs in their vicinity, the proposed system 2019.
offers a one-time login solution. This solution requires the user [4] C. PALO ALTO and S.-B. WIRE)-Yubico, “Yubico and
Ponemon Institute Release the 2020 State of Password and
to provide his/her username and answer a security question. Authentication Security Behaviors Report — businesswire.com,”
Upon successful completion, a one-time Password (OTP) is https://www.businesswire.com/news/home/20200219005336/en/Yubico-
and-Ponemon-Institute-Release-the-2020-State-of-Password-and-
sent to the user’s registered email address, which they can use Authentication-Security-Behaviors-Report, 2020.
to access resources granted through the authentication entity. [5] J. Zhang, X. Tan, X. Wang, A. Yan, and Z. Qin, “T2fa: Transparent two-
Although this solution goes against the proposed system’s factor authentication,” IEEE Access, vol. 6, pp. 32 677–32 686, 2018.
[6] Y. Oren and D. Arad, “Toward usable and accessible two-factor authen-
fundamental requirement of not requiring user interaction, it tication based on the piezo-gyro channel,” IEEE Access, vol. 10, pp.
is intended to be used only in rare cases when the user does 19 551–19 557, 2022.
not have access to his/her mobile device. In typical settings, [7] E. Hong, S. Lee, M.-K. Oh, and S.-H. Seo, “Two-factor device dna-based
this should not be a common occurrence. Hence, the one-time fuzzy vault for industrial iot device security,” IEEE Access, vol. 9, pp.
99 009–99 023, 2021.
login solution serves as a backup mechanism for cases where [8] A. A. S. AlQahtani, Z. El-Awadi, and M. Min, “A survey on user au-
the user cannot access his/her mobile device. thentication factors,” in 2021 IEEE 12th Annual Information Technology,
Electronics and Mobile Communication Conference (IEMCON), 2021,
The one-time login solution ensures that users can access pp. 0323–0328.
resources even when they are not near an AP or do not have [9] A. A. S. AlQahtani and T. Alshayeb, “Zero-effort two-factor authen-
access to his/her mobile device. As a result, it enhances the tication using wi-fi radio wave transmission and machine learning,” in
2023 IEEE 13th Annual Computing and Communication Workshop and
user experience by reducing potential downtime and frustration Conference (CCWC), 2023, pp. 0313–0318.
caused by technical limitations. [10] S.-K. Kim, C. Y. Yeun, E. Damiani, and N.-W. Lo, “A machine learning
framework for biometric authentication using electrocardiogram,” IEEE
VIII. CONCLUSION Access, vol. 7, pp. 94 858–94 868, 2019.
[11] H. Aksu, A. S. Uluagac, and E. S. Bentley, “Identification of wearable
This paper introduces a Two-factor Authentication (2FA) sys- devices with bluetooth,” IEEE Transactions on Sustainable Computing,
tem that leverages radio waves and Machine Learning (ML) vol. 6, no. 2, pp. 221–230, 2021.
[12] S. Mondal and P. Bours, “Person identification by keystroke dynam-
to create an efficient and reliable user authentication process. ics using pairwise user coupling,” IEEE Transactions on Information
The proposed system can adapt to different environments and Forensics and Security, vol. 12, no. 6, pp. 1319–1329, 2017.
locations and can be customized to meet the specific security [13] J. Zhang and Q. Zhang, “Comment on “secure and lightweight condi-
tional privacy-preserving authentication for securing traffic emergency
needs of a protected entity. The system’s parameters, such as messages in vanets”,” IEEE Transactions on Information Forensics and
the number of Wi-Fi Access Points (APs) and distance thresh- Security, vol. 18, pp. 1037–1038, 2023.
old, can be adjusted to fit the desired level of security. The [14] W.-H. Lee and R. B. Lee, “Implicit smartphone user authentication with
sensors and contextual machine learning,” in 2017 47th Annual IEEE/I-
proposed system does not require any specialized hardware or FIP International Conference on Dependable Systems and Networks
infrastructure, making it cost-effective and easy to maintain. (DSN). IEEE, 2017, pp. 297–308.
 12

[15] B. Gupta, V. Prajapati, N. Nedjah, P. Vijayakumar, A. A. A. El-Latif, [27] T. Zhao, Y. Wang, J. Liu, Y. Chen, J. Cheng, and J. Yu, “Trueheart:
and X. Chang, “Machine learning and smart card based two-factor Continuous authentication on wrist-worn wearables using ppg-based
authentication scheme for preserving anonymity in telecare medical biometrics,” in IEEE INFOCOM 2020-IEEE Conference on Computer
information system (tmis),” Neural Computing and Applications, pp. 1– Communications. IEEE, 2020, pp. 30–39.
26, 2021. [28] P. Lyu, W. Cai, and Y. Wang, “Continuous authentication against
[16] P. Punithavathi, S. Geetha, M. Karuppiah, S. H. Islam, M. M. Hassan, collusion attacks,” Sensors, vol. 22, no. 13, p. 4711, 2022.
and K.-K. R. Choo, “A lightweight machine learning-based authentica- [29] T. Zhao, Y. Wang, J. Liu, J. Cheng, Y. Chen, and J. Yu, “Robust
tion framework for smart iot devices,” Information Sciences, vol. 484, continuous authentication using cardiac biometrics from wrist-worn
pp. 255–268, 2019. wearables,” IEEE Internet of Things Journal, vol. 9, no. 12, pp. 9542–
[17] M. Abuhamad, T. Abuhmed, D. Mohaisen, and D. Nyang, “Autosen: 9556, 2021.
Deep-learning-based implicit continuous authentication using smart- [30] Y. He, W. Wang, Y. Teng, Q. Wang, M. Wang, and J. Lin, “Able: Zero-
phone sensors,” IEEE Internet of Things Journal, vol. 7, no. 6, pp. effort two-factor authentication exploiting ble co-location,” in 2022 IEEE
5008–5020, 2020. Wireless Communications and Networking Conference (WCNC), 2022,
[18] K. Lee, C. Esposito, and S.-Y. Lee, “Vulnerability analysis challenges pp. 992–997.
of the mouse data based on machine learning for image-based user [31] M. Wang, W.-T. Zhu, S. Yan, and Q. Wang, “Soundauth: Secure zero-
authentication,” IEEE Access, vol. 7, pp. 177 241–177 253, 2019. effort two-factor authentication based on audio signals,” in 2018 IEEE
[19] C. Tang, Z. Cui, M. Chu, Y. Lu, F. Zhou, and S. Gao, “Piezoelectric Conference on Communications and Network Security (CNS), 2018, pp.
and machine learning based keystroke dynamics for highly secure user 1–9.
authentication,” IEEE Sensors Journal, pp. 1–1, 2022. [32] B. Shrestha, M. Mohamed, and N. Saxena, “Zemfa: Zero-effort multi-
[20] R. Nadia, B. A. Tama, and J. Song, “Seamless human impedance-based factor authentication based on multi-modal gait biometrics,” in 2019 17th
iot authentication with machine learning techniques,” in 2020 Inter- International Conference on Privacy, Security and Trust (PST), 2019,
national Conference on Information and Communication Technology pp. 1–10.
Convergence (ICTC), 2020, pp. 339–343. [33] E. Husa and R. Tourani, “Vibe: An implicit two-factor authentication
[21] N. Djosic, B. Nokovic, and S. Sharieh, “Machine learning in action: using vibration signals,” in 2021 IEEE Conference on Communications
securing iam api by risk authentication decision engine,” in 2020 IEEE and Network Security (CNS), 2021, pp. 236–244.
Conference on Communications and Network Security (CNS). IEEE, [34] Z. Atallah, P. JosephNg, and K. Phan, “Jomnfc: Zero effort intelligent
2020, pp. 1–4. access system,” in 2021 Innovations in Power and Advanced Computing
[22] P. Bhattacharya, C. Trivedi, M. S. Obaidat, K. Patel, S. Tanwar, and K.- Technologies (i-PACT), 2021, pp. 1–6.
F. Hsiao, “Behauth: A knn-based classification scheme for behavior- [35] M. Agrawal, P. Mehrotra, R. Kumar, and R. R. Shah, “Gantouch:
based authentication in web 3.0,” in 2022 International Conference on An attack-resilient framework for touch-based continuous authentica-
Communications, Computing, Cybersecurity, and Informatics (CCCI). tion system,” IEEE Transactions on Biometrics, Behavior, and Identity
IEEE, 2022, pp. 1–5. Science, vol. 4, no. 4, pp. 533–543, 2022.
[23] L. Xiao, X. Lu, T. Xu, W. Zhuang, and H. Dai, “Reinforcement learning- [36] L. Déncs-Fazakas, E. Kail, and R. Fleiner, “Two-factor, continuous
based physical-layer authentication for controller area networks,” IEEE authentication framework for multi-site large enterprises,” in 2020
Transactions on Information Forensics and Security, vol. 16, pp. 2535– IEEE 20th International Symposium on Computational Intelligence and
2547, 2021. Informatics (CINTI), 2020, pp. 173–178.
[24] G. Oligeri, S. Sciancalepore, S. Raponi, and R. D. Pietro, “Past-ai: [37] I. Lamiche, G. Bin, Y. Jing, Z. Yu, and A. Hadid, “A continuous
Physical-layer authentication of satellite transmitters via deep learning,” smartphone authentication method based on gait patterns and keystroke
IEEE Transactions on Information Forensics and Security, vol. 18, pp. dynamics,” Journal of Ambient Intelligence and Humanized Computing,
274–289, 2023. vol. 10, pp. 4417–4430, 2019.
[25] M. Agrawal, P. Mehrotra, R. Kumar, and R. R. Shah, “Defending touch- [38] S. Almohamade, J. Clark, and J. Law, “Continuous user authentication
based continuous authentication systems from active adversaries using for human-robot collaboration,” in Proceedings of the 16th International
generative adversarial networks,” in 2021 IEEE International Joint Conference on Availability, Reliability and Security, 2021, pp. 1–9.
Conference on Biometrics (IJCB). IEEE, 2021, pp. 1–8. [39] R. Li, H. Liao, J. An, C. Yuen, and L. Gan, “Intra-class universal
[26] A. Acar, H. Aksu, A. S. Uluagac, and K. Akkaya, “A usable and adversarial attacks on deep learning-based modulation classifiers,” IEEE
robust continuous authentication framework using wearables,” IEEE Communications Letters, vol. 27, no. 5, pp. 1297–1301, 2023.
Transactions on Mobile Computing, vol. 20, no. 6, pp. 2140–2153, 2020. [40] Flaticon, “Flaticon: Free vector icons,” 2023. [Online]. Available:
https://www.flaticon.com