Given the relevance of smartphones for accessing personalized services in smart cities, Continuous Authentication (CA) mechanisms are attracting attention to avoid impersonation attacks. Some of them leverage Data Stream Mining (DSM) techniques applied over sensorial information. Injection attacks can undermine the effectiveness of DSM-based CA by fabricating artificial sensorial readings.The goal of this paper is to study the impact of injection attacks in terms of accuracy and immediacy to illustrate the time the adversary remains unnoticed. Two well-known DSM techniques (K-Nearest Neighbours and Hoeffding Adaptive Trees) and three data sources (location, gyroscope and accelerometer) are considered due to their widespread usage Results show that even if the attacker does not previously know anything about the victim, a significant attack surface arises – 1.35 min are needed, in the best case, to detect the attack on gyroscope and accelerometer and 7.27 min on location data. Moreover, we show that the type of sensor at stake and configuration settings may have a dramatic effect on countering this threat.

考虑到智能手机在智能城市中访问个性化服务的重要性，持续身份验证（CA）机制正引起人们的注意，以避免模拟攻击。其中一些利用了应用于感官信息的数据流挖掘（DSM）技术。注入攻击可以通过伪造人工感官读数来破坏基于DSM的CA的有效性。本文的目的是从准确性和即时性方面研究注入攻击的影响，以说明对手未被察觉的时间。由于其广泛使用，因此考虑了两种众所周知的DSM技术（K最近邻和Hoeffding自适应树）和三种数据源（位置，陀螺仪和加速度计）。结果表明，即使攻击者以前不了解受害者，会出现明显的攻击面–在最佳情况下，需要1.35分钟才能检测出对陀螺仪和加速度计的攻击，而对于位置数据则需要7.27分钟。此外，我们表明，危急关头的传感器类型和配置设置可能会对应对这种威胁产生巨大影响。