Mobile devices have become an indispensable component in modern society. Many of these devices rely on personal identification numbers (PIN) as a form of user authentication. One of the main concerns in the use of mobile devices is the possibility of a breach in security and privacy if the device is seized by an outside party. Threats can possibly come from friends as well as strangers. Smart devices can be easily lost due to their small size, thereby exposing details of users’ private lives. User behavior authentication is designed to overcome this problem by utilizing user behavioral techniques to continuously assess user identity. This study proposed a behavioral data profiling technique that utilizes data collected from the user behavior application to verify the identity of the user in a continuous manner. By utilizing a combination of analytical hierarchy process and correlation coefficient method, the best experimental results were obtained by verifying the identity of six types of user behaviors to determine the different behaviors. Based on the results, this study proposes a new authentication technique that enables verification of a user’s identity through their application usage in a transparent manner. Behavioral data profiling is designed in a modular manner that will not reject user access based on a single application activity but on several consecutive abnormal application usages to balance the trade-off between security and usability. The proposed framework is evaluated using a PIN-based technique and achieved an overall 95% confidence level. Behavioral data profiling provides a significant improvement in the security afforded to the device and user convenience.
[1]
Jiang Zhu,et al.
KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction
,
2013,
MobiCASE.
[2]
Tom Martin,et al.
Mobile phones as computing devices: the viruses are coming!
,
2004,
IEEE Pervasive Computing.
[3]
Neal Leavitt.
Will WAP Deliver the Wireless Internet?
,
2000,
Computer.
[4]
Qing Li,et al.
Mobile Security: A Look Ahead
,
2013,
IEEE Security & Privacy.
[5]
Daniele Sgandurra,et al.
A Survey on Security for Mobile Devices
,
2013,
IEEE Communications Surveys & Tutorials.
[6]
Neal Leavitt.
Malicious Code Moves to Mobile Devices
,
2000,
Computer.
[7]
Helen J. Wang,et al.
Smart-Phone Attacks and Defenses
,
2004
.
[8]
Thomas L. Saaty,et al.
Hierarchical analysis of behavior in competition: Prediction in chess
,
1980
.
[9]
Steven Furnell,et al.
Flexible and Transparent User Authentication for Mobile Devices
,
2009,
SEC.
[10]
Thomas L. Saaty,et al.
The Analytic Hierarchy and Analytic Network Processes for the Measurement of Intangible Criteria and for Decision-Making
,
2016
.