Skip to content
/ bio-auth Public

Demonstrating behavioral biometric authentication for securing Ethereum accounts.

License

AGPL-3.0 license
9 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xKoda/bio-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
lib
lib
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
foundry.toml
foundry.toml
 
 
remappings.txt
remappings.txt
 
 

Repository files navigation

Behavioral Biometric Auth - Abstract Accounts

Details

2022 was a landmark year for cybercriminals, with total funds lost to cybercrime topping in at an approximate $8.4 Trillion. This number is expected to increase to $23.84 Trillion by 2027 showing no signs of slowing.

It has become clear as the internet evolves that typical methods of authentication in the modern age (SMS Multi-factor Auth, password managers, authentication applications etc.) are simply not good enough. While institutions need adequate assurance and security, so to do users of web3 ecosystems and retail DeFi investors alike.

Behavioral biometrics is a developing technology that allows users to secure and authenticate accounts based on patterns of their behaviors. In so doing, account actions can be scrutinized for evidence of theft or unusual behavior.

Unlike traditional authentication methods, which only validate when interaction is initiated, a behavioral biometric authentication method would authenticate continuously in real time.

A recent effort for improving Ethereum account security is the adoption of Account Abstraction. Coupled with behavioral biometric authentication, leveraging a continuous method of authentication would harmoniously increase account security by several orders of magnitude.

Use

This is a POC illustrating the potential use of behavioral biometric authentication to secure abstracted Ethereum accounts in continuous form. This is not fit for production use, but demonstrates how a model could work in future.

For now, accounts are initiated using an array of bytes32 signatures. These signatures are to be produced off chain, but for the purposes of this POC they remain generic. Storage of the signatures are currently in a mapping, but would be best suited leveraging a privacy model like a Merle tree.

Abstract accounts send through an authentication request to the main contract via the authenticate function, which then authenticates the interaction and returns a boolean result, allowing the abstract account to either proceed or cancel it's proposed execution.

Development

Setup

forge install

Building

forge build

Testing

forge test

License

AGPL-3.0-only

About

Demonstrating behavioral biometric authentication for securing Ethereum accounts.

Topics

poc security-tools ethereum-security

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

9 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages