DriverAuth: A Risk-based Multi-modal Biometric-based Driver Authentication Scheme for Ride-sharing Platforms

Author (ESR): 
Sandeep Gupta (Universita Degli Studi Di Trento)
Authors: 
A Buriro
Bruno Crispo

On-demand ride and ride-sharing services have revolutionized the point-to-point transportation market and they are rapidly gaining acceptance among customers worldwide. Alone, Uber and Lyft are providing over 11 million rides per day. These services are provided using a client-server infrastructure. The client is a smartphone-based application used for: i) registering riders and drivers, ii) connecting drivers with riders, iii) car-sharing to share the expenses, minimize traffic congestion and saving traveling time, iv) allowing customers to book their rides. The server typically, run by multinational companies such as Uber, Ola, Lyft, BlaBlaCar, manages drivers and customers registrations, allocates ride-assignments, sets tariffs, guarantees payments, ensures safety and security of riders, etc. However, the reliability of drivers have emerged as a critical problem, and as a consequence, issues related to riders safety and security have started surfacing. The lack of robust driver verification mechanisms has opened a room to an increasing number of misconducts (i.e., drivers subcontracting ride-assignments to an unauthorized person, registered drivers sharing their registration with other people whose eligibility to drive is not justified, etc.). This paper proposes DriverAuth-a novel risk-based multi-modal biometric-based authentication solution, to make the on-demand ride and ride-sharing services safer and more secure for riders. DriverAuth utilizes three biometric modalities, i.e., swipe, text-independent voice, and face, in a multi-modal fashion to verify the identity of registered drivers. We evaluated DriverAuth on a dataset of 10, 320 samples collected from 86 users and achieved a True Acceptance Rate (TAR) of 96.48% at False Acceptance Rate (FAR) of 0.02% using Ensemble Bagged Tree (EBT) classifier. Furthermore, the architecture used to design DriverAuth enables easy integration with most of the existing on-demand ride and ride-sharing systems.

Venue: 
Computers & Security Journal (COSE), Elsevier
Date: 
Wednesday, January 23, 2019