Kiran Balagani, New York Institute of Technology – Biometrics and Mobile Device Security

On New York Institute of Technology Week: Increased security for smartphones is hard to come by without consequences for users.

Kiran Balagani, associate professor of computer science at the New York Institute of Technology, describes these challenges.

Kiran Balagani co-directs the cybersecurity laboratory in NYIT’s School of Engineering and Computing Sciences, and conducts research in behavioral biometrics, biometric security, privacy, anomaly detection, and applied machine learning. His research has appeared in several leading peer-reviewed journals and conferences. He has three U.S. patents related to network-centric attack detection.

In addition, Balagani teaches graduate and undergraduate courses such as Computer Networks, Artificial Intelligence, and Network and Perimeter Security. He also created the new graduate course on Biometrics.

Prior to NYIT, Balagani was a Research Assistant Professor at the Center for Secure Cyberspace, Louisiana Tech University. He received his Ph.D. in computational analysis and modeling, his M.S. in mathematics and computer science from Louisiana Tech University, and his B.S. in computer science and engineering from Bangalore University.

Biometrics and Mobile Device Security


Securing mobile devices poses specific challenges: security interruptions are annoying, privacy is vulnerable because devices can easily be stolen, and power use is an issue. Current smartphone authentication mechanisms such as graphical passwords, PINs, and fingerprint scans do not offer security after initial login. Behavioral biometrics can improve security by determining who is using the phone based on keystroke dynamics and other user behaviors.

However, behavioral biometrics comes at a price in terms of privacy, communication, and energy. My colleagues and I are researching how best to balance these competing factors to create a system to authenticate users as needed without using too much battery life or compromising users’ privacy.

We are investigating people’s interactions with their devices, how long they last, and what makes them unique, especially at key moments. To protect users’ personal identifying descriptors, we have designed a way to perform authentication in the cloud via fast protocols that also preserve privacy.

Limiting power use is another big challenge. Authentication is only needed at critical moments, such as when the phone changes hands or when it is picked up after lying idle. Identifying and making use of each of these critical moments is a part of our challenge.

Finding the right balance among security, privacy, power, and communication will render an ultimate solution invisible to users that will significantly enhance device security.