Behaviour-Based Authentication in IoT Environments

This work is done in collaboration with the Joint Research Centre of the European Commission in Ispra, Italy

EC logo

Project team:


Human behaviour is dynamic, activities are performed in different environments, and there is often a lot of multitasking involved. Nevertheless, the methods we use for authentication, such as passwords, are not conceptually different from centuries-old key-based access.

In this work we aim to redesign the authentication so that it harnesses the plethora of sensing-enabled Internet of Things (IoT) devices that surround us. In collaboration with The European Commission’s Joint Research Center (JRC) at Ispra, Italy, we develop machine learning models that are capable of learning how an individual’s behaviour gets reflected in the sensor data, so that later authentication can be performed purely from the unobtrusive sensor data.

At two premises in two different countries we have constructed testbeds for sensor data collection. In total over 70 users conducted different tasks in these testbeds. A part of the data we have collected is publicly available.

IoT testbed

We have developed machine learning pipelines that enable:

In future, we plan to expand our work with the consideration of internal factors, such as a user’s cognitive load, that might affect a person’s behaviour and the way this behaviour is reflected in the sensor data.


Code and data: