Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges

Recent developments in sensing and communication technologies have led to an explosion in the use of mobile devices such as smart phones and tablets. With the increase in the use of mobile devices, users must constantly worry about security and privacy, as the loss of a mobile device could compromise personal information. To deal with this problem, continuous authentication systems (also known as active authentication systems) have been proposed, in which users are continuously monitored after initial access to the mobile device. In this article, we provide an overview of different continuous authentication methods on mobile devices. We discuss the merits and drawbacks of the available approaches and identify promising avenues of research in this rapidly evolving field.

[1]  Tao Feng,et al.  Continuous mobile authentication using a novel Graphic Touch Gesture Feature , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[2]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[3]  Thang Hoang,et al.  Gait identification using accelerometer on mobile phone , 2012, 2012 International Conference on Control, Automation and Information Sciences (ICCAIS).

[4]  Maria Papadaki,et al.  Active authentication for mobile devices utilising behaviour profiling , 2014, International Journal of Information Security.

[5]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[6]  Matti Pietikäinen,et al.  Face and Eye Detection for Person Authentication in Mobile Phones , 2007, 2007 First ACM/IEEE International Conference on Distributed Smart Cameras.

[7]  Karen Renaud,et al.  Understanding user perceptions of transparent authentication on a mobile device , 2014, Journal of Trust Management.

[8]  Rama Chellappa,et al.  Touch Gesture-Based Active User Authentication Using Dictionaries , 2015, 2015 IEEE Winter Conference on Applications of Computer Vision.

[9]  Alex Pentland,et al.  Reality mining: sensing complex social systems , 2006, Personal and Ubiquitous Computing.

[10]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[11]  Sushil Jajodia,et al.  ICT Systems Security and Privacy Protection: 29th IFIP TC 11 International Conference, SEC 2014, Marrakech, Morocco, June 2-4, 2014, Proceedings , 2014 .

[12]  Rama Chellappa,et al.  Visual Domain Adaptation: A survey of recent advances , 2015, IEEE Signal Processing Magazine.

[13]  Michel Barbeau,et al.  Anomaly-based intrusion detection using mobility profiles of public transportation users , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[14]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[15]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[16]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[17]  Yu Zhong,et al.  Sensor orientation invariant mobile gait biometrics , 2014, IEEE International Joint Conference on Biometrics.

[18]  Ashish Jain,et al.  A new mobile biometric based upon usage context , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[19]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[20]  Zhigang Liu,et al.  The Jigsaw continuous sensing engine for mobile phone applications , 2010, SenSys '10.

[21]  Rama Chellappa,et al.  Cancelable Biometrics: A review , 2015, IEEE Signal Processing Magazine.

[22]  Yu Zhong,et al.  Pace independent mobile gait biometrics , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[23]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[24]  Tempestt J. Neal,et al.  Mobile device application, Bluetooth, and Wi-Fi usage data as behavioral biometric traits , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[25]  Rama Chellappa,et al.  Robust multimodal recognition via multitask multivariate low-rank representations , 2015, 2015 11th IEEE International Conference and Workshops on Automatic Face and Gesture Recognition (FG).

[26]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[27]  Christoph Busch,et al.  Using Hidden Markov Models for accelerometer-based biometric gait recognition , 2011, 2011 IEEE 7th International Colloquium on Signal Processing and its Applications.

[28]  Nathan L. Clarke Transparent User Authentication - Biometrics, RFID and Behavioural Profiling , 2011 .

[29]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[30]  Paolo Abeni,et al.  NIS03-4: Implementing Biometrics-Based Authentication for Mobile Devices , 2006, IEEE Globecom 2006.

[31]  Alex Park,et al.  The MIT Mobile Device Speaker Verification Corpus: Data Collection and Preliminary Experiments , 2006, 2006 IEEE Odyssey - The Speaker and Language Recognition Workshop.

[32]  Steven Furnell,et al.  Authentication of users on mobile telephones - A survey of attitudes and practices , 2005, Comput. Secur..

[33]  Kiran S. Balagani,et al.  Secure Outsourced Biometric Authentication With Performance Evaluation on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.

[34]  Rama Chellappa,et al.  Partial face detection for continuous authentication , 2016, 2016 IEEE International Conference on Image Processing (ICIP).

[35]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[36]  Konrad Rieck,et al.  Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior , 2014, Sicherheit.

[37]  Steven Furnell,et al.  Flexible and Transparent User Authentication for Mobile Devices , 2009, SEC.

[38]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[39]  Brian C. Lovell,et al.  Binary watermarks: a practical method to address face recognition replay attacks on consumer mobile devices , 2015, IEEE International Conference on Identity, Security and Behavior Analysis (ISBA 2015).

[40]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[41]  Rama Chellappa,et al.  Face-based Active Authentication on mobile devices , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[42]  Qing Yang,et al.  HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users , 2015, IEEE Transactions on Information Forensics and Security.

[43]  Steven Furnell,et al.  Text-Based Active Authentication for Mobile Devices , 2014, SEC.

[44]  PROCEssIng magazInE IEEE Signal Processing Magazine , 2004 .

[45]  Rama Chellappa,et al.  Attribute-based continuous user authentication on mobile devices , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[46]  Nathan Clarke,et al.  Behaviour profiling for transparent authentication for mobile devices , 2011, ECIW 2011 2011.

[47]  Ioannis A. Kakadiaris,et al.  Mobile User Authentication Using Statistical Touch Dynamics Images , 2014, IEEE Transactions on Information Forensics and Security.

[48]  Lynne Baillie,et al.  Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors , 2014, ArXiv.

[49]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[50]  Prasant Mohapatra,et al.  Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones , 2014, MobiSys.

[51]  Anil K. Jain,et al.  Continuous authentication of mobile user: Fusion of face image and inertial Measurement Unit data , 2015, 2015 International Conference on Biometrics (ICB).

[52]  Marios Savvides,et al.  Gait-ID on the move: Pace independent human identification using cell phone accelerometer dynamics , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[53]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[54]  Steven Furnell,et al.  SMS linguistic profiling authentication on mobile device , 2011, 2011 5th International Conference on Network and System Security.

[55]  Rama Chellappa,et al.  Deep feature-based face detection on mobile devices , 2016, 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA).

[56]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[57]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[58]  Richard P. Guidorizzi Security: Active Authentication , 2013, IT Prof..

[59]  Qing Yang,et al.  HMOG: A New Biometric Modality for Continuous Authentication of Smartphone Users , 2015, ArXiv.

[60]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[61]  Brian C. Lovell,et al.  Face Recognition on Consumer Devices: Reflections on Replay Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[62]  Matti Pietikäinen,et al.  Multiresolution Gray-Scale and Rotation Invariant Texture Classification with Local Binary Patterns , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[63]  Reihaneh Safavi-Naini,et al.  Privacy-Preserving Implicit Authentication , 2014, IACR Cryptol. ePrint Arch..

[64]  Ian Oakley,et al.  CASA: context-aware scalable authentication , 2013, SOUPS.

[65]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[66]  Matti Pietikäinen,et al.  Bi-Modal Person Recognition on a Mobile Phone: Using Mobile Phone Data , 2012, 2012 IEEE International Conference on Multimedia and Expo Workshops.

[67]  René Mayrhofer,et al.  An Analysis of Different Approaches to Gait Recognition Using Cell Phone Based Accelerometers , 2013, MoMM '13.

[68]  Hamed Ketabdar,et al.  Towards Implicit Enhancement of Security and User Authentication in Mobile Devices Based on Movement and Audio Analysis , 2011, ACHI 2011.

[69]  Arun Ross,et al.  Multimodal biometrics: An overview , 2004, 2004 12th European Signal Processing Conference.

[70]  Joos Vandewalle,et al.  Detection of Mobile Phone Fraud Using Supervised Neural Networks: A First Prototype , 1997, ICANN.

[71]  Rama Chellappa,et al.  Domain adaptive sparse representation-based classification , 2015, 2015 11th IEEE International Conference and Workshops on Automatic Face and Gesture Recognition (FG).

[72]  Shree K. Nayar,et al.  Ieee Transactions on Pattern Analysis and Machine Intelligence Describable Visual Attributes for Face Verification and Image Search , 2022 .

[73]  Paul A. Viola,et al.  Robust Real-Time Face Detection , 2001, International Journal of Computer Vision.

[74]  Daniel Vogel,et al.  Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying , 2015, SOUPS.