Behavioral Authentication System

Inspiration

Traditional authentication systems rely heavily on passwords or OTPs, which are vulnerable to phishing, brute-force attacks, and user fatigue. We were inspired by how human behavior—like typing patterns, swipe gestures, and usage rhythm—can uniquely identify individuals. Our goal was to explore a privacy-conscious, frictionless authentication method powered by a multi-agent AI system that learns and adapts to behavioral patterns in real time.

What it does

Our system performs real-time user authentication based on behavioral data (e.g., typing speed, interaction sequences) using a Multi-Agent Architecture:

• Each agent analyzes a specific behavior trait (e.g., motion, input speed, device usage).
• A shared Siamese GRU model compares current behavior with historical patterns.
• Agents communicate via Pub/Sub, coordinate responses, and make a collective authentication decision.
• The frontend (built with Flutter) allows users to log in seamlessly without passwords—just by being themselves.

How we built it

• Model: Siamese GRU trained on user behavior sequences.
• Backend Agents: Lightweight Python agents running on GCP Compute Engine (f1-micro) to stay within free tier limits.
• Communication: Google Cloud Pub/Sub used for agent coordination.
• Storage: Firestore for user profiles and state; Cloud Storage for models.
• API Layer: Cloud Functions for authentication endpoints.
• Frontend: Flutter app with Firebase hosting, showcasing live behavioral authentication.
• Analytics: BigQuery for behavioral trend analysis.

Challenges we ran into

• Resource limits: Designing around GCP’s free tier (memory, compute, storage).
• Model sharing: Ensuring shared use of a single GRU model across multiple agents efficiently.
• Latency: Keeping inference and communication under 500ms for a smooth user experience.
• Data privacy: Designing a system that doesn’t store raw input data but still learns behavior patterns.
• Concurrency: Synchronizing agent decisions without overwhelming Firestore or Pub/Sub quotas.

Accomplishments that we're proud of

• Successfully deployed a real-time AI-based authentication system on GCP's free tier.
• Designed a fully modular and scalable multi-agent system.
• Delivered a working Flutter app demonstrating passwordless login via behavioral data.
• Kept the entire infrastructure cost at zero, ideal for startups or research prototypes.
• Built an analytics dashboard using BigQuery to visualize behavioral trends.

What we learned

• How to design microservices with shared state and models efficiently.
• Real-world application of Pub/Sub-based event-driven architectures.
• Importance of free tier optimization for startups and prototypes.
• Strengths and limitations of behavioral biometrics in authentication.
• How multi-agent systems can improve scalability and fault tolerance.

What's next for behavioral authentication system

• Expand behavioral inputs: Integrate additional modalities like mouse dynamics or gyroscope data.
• Federated learning: Implement client-side training for enhanced privacy.
• Risk-based authentication: Adjust thresholds dynamically based on location, time, and device.
• Cross-platform support: Extend to iOS, desktop, and browser plugins.
• Developer SDK: Allow third-party developers to plug behavioral auth into their apps easily.
• Security hardening: Introduce anomaly detection to prevent spoofing or mimicry attacks.

Built With

• built
• cloud
• compute
• engine
• firebase
• firestore
• flask
• flutter
• functions
• gcp)
• google
• hosting
• platform
• pub/sub
• python
• tensorflow
• with