Spoofing analysis of mobile device data as behavioral biometric modalities

While mobile devices are no longer a new technology, using the data generated from the use of these devices for security purposes has just recently been explored. Current methods, such as passwords, are quickly becoming antiquated, lacking the robustness, accuracy, and convenience desired to serve as reliable security measures. Since, researchers have resorted to alternative techniques, such as measurements obtained from keyboard interactions and movement, and behavioral interactions, such as application usage. However, practical implementations require further evaluation of circumvention. Thus, this work thoroughly analyzes various threats against mobile devices which use mobile device usage data as behavioral biometrics for authentication. Experimental results indicate that an outsider with a certain level of knowledge regarding the behavior of the device's owner poses a great security threat. Possible countermeasures to prevent such attacks are also provided.

[1]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[2]  Jiawei Han,et al.  CPAR: Classification based on Predictive Association Rules , 2003, SDM.

[3]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[4]  Yi-Chung Hu,et al.  Mining fuzzy association rules for classification problems , 2002 .

[5]  Tempestt J. Neal,et al.  Surveying Biometric Authentication for Mobile Device Security , 2016 .

[6]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[7]  James Irvine,et al.  IEDs on the Road to Fingerprint Authentication: Biometrics have vulnerabilities that PINs and passwords don't , 2016, IEEE Consumer Electronics Magazine.

[8]  Kiran B. Raja,et al.  Smartphone based visible iris recognition using deep sparse filtering , 2015, Pattern Recognit. Lett..

[9]  Christian Borgelt,et al.  Simple Algorithms for Frequent Item Set Mining , 2010, Advances in Machine Learning II.

[10]  Ramachandra Raghavendra,et al.  Scaling-robust fingerprint verification with smartphone camera in real-life scenarios , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[11]  Lynne Baillie,et al.  Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors , 2014, ArXiv.

[12]  Sungzoon Cho,et al.  Keystroke dynamics-based authentication for mobile devices , 2009, Comput. Secur..

[13]  Wen Hu,et al.  Face recognition on smartphones via optimised Sparse Representation Classification , 2014, IPSN-14 Proceedings of the 13th International Symposium on Information Processing in Sensor Networks.

[14]  Bing Liu,et al.  Classification Using Association Rules: Weaknesses and Enhancements , 2001 .

[15]  Rajeev Motwani,et al.  Dynamic itemset counting and implication rules for market basket data , 1997, SIGMOD '97.

[16]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[17]  Stephen Marsh,et al.  Anomaly Detection for Mobile Device Comfort , 2014, IFIPTM.

[18]  B. Larson Meet the Overlapping Coefficient , 2014 .

[19]  Asaf Varol,et al.  Android based mobile application development for web login authentication using fingerprint recognition feature , 2015, 2015 23nd Signal Processing and Communications Applications Conference (SIU).

[20]  Kwang-Ting Cheng,et al.  Using mobile GPU for general-purpose computing – a case study of face recognition on smartphones , 2011, Proceedings of 2011 International Symposium on VLSI Design, Automation and Test.

[21]  Daniel Hunyadi,et al.  Performance comparison of apriori and FP-growth algorithms in generating association rules , 2011 .

[22]  Nick Cercone,et al.  Mining Association Rules from Market Basket Data using Share Measures and Characterized Itemsets , 1998, Int. J. Artif. Intell. Tools.

[23]  P. Bhattarakosol,et al.  Authenticating User Using Keystroke Dynamics and Finger Pressure , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[24]  Konstantin Beznosov,et al.  Know your enemy: the risk of unauthorized access in smartphones by insiders , 2013, MobileHCI '13.

[25]  Das Amrita,et al.  Mining Association Rules between Sets of Items in Large Databases , 2013 .

[26]  Andrew S Branscomb Behaviorally Identifying Smartphone Users. , 2013 .

[27]  Raul Sánchez-Reillo,et al.  Strengths, weaknesses and recommendations in implementing biometrics in mobile devices , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[28]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[29]  Kamal Ali,et al.  Partial Classification Using Association Rules , 1997, KDD.

[30]  Tempestt J. Neal,et al.  Mobile device application, Bluetooth, and Wi-Fi usage data as behavioral biometric traits , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).