Who wants Continuous Authentication on Mobile Devices?

Continuous Authentication (CA) is the process of using biometrics to transparently authenticate the user. Since a CA system continuously checks for the presence of the logged in user it is more secure and facilitates schemes with multiple levels of security. CA is suitable for mobile platforms due to the ease of use, transparency and security it provides. We evaluate the usability of CA in a widespread manner by conducting a survey with roughly 500 respondents. This is the first paper to relate perceptions toward CA to the users security awareness.The perceptions of security towards biometrics based methods have improved over the last 20 years, compared to secret based methods. We show that now, biometrics are perceived to be more secure than other methods. We found that users see a requirement for multiple levels of security. Furthermore users are willing to adopt CA for mobile devices. We analyze factors like security awareness, gender and mobile device operating system, to draw statistically significant conclusions regarding their effect on users willingness to adopt CA and their perceptions about CA.The findings and major concerns highlighted in this paper should be considered when designing a CA system for mobile devices.

[1]  Doug Mahar,et al.  Perceived acceptability of biometric security systems , 1995, Comput. Secur..

[2]  Steven Furnell,et al.  Authentication of users on mobile telephones - A survey of attitudes and practices , 2005, Comput. Secur..

[3]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[4]  Sandeep Kumar,et al.  Continuous Verification Using Multimodal Biometrics , 2007, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Stuart E. Schechter,et al.  Can i borrow your phone?: understanding concerns when sharing mobile phones , 2009, CHI.

[6]  Steven Furnell,et al.  Flexible and Transparent User Authentication for Mobile Devices , 2009, SEC.

[7]  Sebastian Möller,et al.  Poster: User preferences for biometric authentication methods and graded security on mobile phones , 2010 .

[8]  Anil K. Jain,et al.  Soft Biometric Traits for Continuous User Authentication , 2010, IEEE Transactions on Information Forensics and Security.

[9]  Sebastian Möller,et al.  On the need for different security methods on mobile phones , 2011, Mobile HCI.

[10]  Patrick Bours Continuous keystroke dynamics: A different perspective towards biometric evaluation , 2012, Inf. Secur. Tech. Rep..

[11]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[12]  I. Woungang,et al.  Combining Mouse and Keystroke Dynamics Biometrics for Risk-Based Authentication in Web Environments , 2012, 2012 Fourth International Conference on Digital Home.

[13]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[14]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[15]  Zinaida Benenson,et al.  Android and iOS users' differences concerning security and privacy , 2013, CHI Extended Abstracts.

[16]  Daniel Vogel,et al.  Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying , 2015, SOUPS.

[17]  Lynne Baillie,et al.  Why aren't Users Using Protection? Investigating the Usability of Smartphone Locking , 2015, MobileHCI.

[18]  Prem Sewak Sudhish,et al.  Continuous multi-biometric user authentication fusion of face recognition and keystoke dynamics , 2016, 2016 IEEE Region 10 Humanitarian Technology Conference (R10-HTC).

[19]  Tara Matthews,et al.  "She'll just grab any device that's closer": A Study of Everyday Device & Account Sharing in Households , 2016, CHI.

[20]  Gonzalo Bailador,et al.  Comfort and Security Perception of Biometrics in Mobile Phones with Widespread Sensors , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW).

[21]  Rajesh Kumar,et al.  Continuous authentication of smartphone users by fusing typing, swiping, and phone movement patterns , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[22]  Song Han,et al.  Gait-Based Continuous Authentication Using Multimodal Learning , 2017, 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[23]  Akira Yamada,et al.  Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior , 2017, CHI.

[24]  Susmita Sur-Kolay,et al.  CABA: Continuous Authentication Based on BioAura , 2017, IEEE Transactions on Computers.