Sensor-Based Implicit Authentication of Smartphone Users

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the smartphone user based on behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We propose novel context-based authentication models to differentiate the legitimate smartphone owner versus other users. We systematically show how to achieve high authentication accuracy with different design alternatives in sensor and feature selection, machine learning techniques, context detection and multiple devices. Our system can achieve excellent authentication performance with 98.1% accuracy with negligible system overhead and less than 2.4% battery consumption.

[1]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[2]  F. Okumura,et al.  A Study on Biometric Authentication based on Arm Sweep Action with Acceleration Sensor , 2006, 2006 International Symposium on Intelligent Signal Processing and Communications.

[3]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[4]  Junfeng Yang,et al.  Towards Making Systems Forget with Machine Unlearning , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Anil K. Jain,et al.  Integrating Faces and Fingerprints for Personal Identification , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[6]  Ruby B. Lee,et al.  Implicit Sensor-based Authentication of Smartphone Users with Smartwatch , 2016, HASP 2016.

[7]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[8]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[9]  Jiankun Hu,et al.  Mobile device access control: an improved correlation based face authentication scheme and its Java ME application , 2012, Concurr. Comput. Pract. Exp..

[10]  Boualem Boashash,et al.  Time Frequency Analysis , 2003 .

[11]  Svetha Venkatesh,et al.  Face Recognition Using Kernel Ridge Regression , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[12]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[13]  Tae Hwan Oh,et al.  Analyzing User Awareness of Privacy Data Leak in Mobile Applications , 2015, Mob. Inf. Syst..

[14]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[15]  Lynne Baillie,et al.  Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors , 2014, ArXiv.

[16]  Xiao Wang,et al.  SenSec: Mobile security through passive sensing , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[17]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[18]  Hongxia Jin,et al.  Secure Pick Up: Implicit Authentication When You Start Using the Smartphone , 2017, SACMAT.

[19]  Christoph Busch,et al.  Authentication of Smartphone Users Based on the Way They Walk Using k-NN Algorithm , 2012, 2012 Eighth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[20]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[21]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[22]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[23]  Lenin Ravindranath,et al.  Designing a Context-Sensitive Context Detection Service for Mobile Devices , 2015 .

[24]  Jun Kong,et al.  User-Specific Iris Authentication Based on Feature Selection , 2008, 2008 International Conference on Computer Science and Software Engineering.

[25]  Albrecht Schmidt,et al.  Multi-sensor Activity Context Detection for Wearable Computing , 2003, EUSAI.

[26]  David Kotz,et al.  ZEBRA: Zero-Effort Bilateral Recurring Authentication , 2014, IEEE Symposium on Security and Privacy.

[27]  Jiang Zhu,et al.  MobiSens: A Versatile Mobile Sensing Platform for Real-World Applications , 2013, Mob. Networks Appl..

[28]  Vincent Roca,et al.  Mobilitics: Analyzing Privacy Leaks in Smartphones , 2013, ERCIM News.

[29]  Lei Yang,et al.  Unlocking Smart Phone through Handwaving Biometrics , 2015, IEEE Transactions on Mobile Computing.

[30]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[31]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[32]  Anil K. Jain,et al.  Soft Biometric Traits for Continuous User Authentication , 2010, IEEE Transactions on Information Forensics and Security.

[33]  Matthias Trojahn,et al.  Toward Mobile Authentication with Keystroke Dynamics on Mobile Phones and Tablets , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[34]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[35]  W. W. Daniel,et al.  Applied Nonparametric Statistics , 1978 .

[36]  Vir V. Phoha,et al.  When kids' toys breach mobile phone security , 2013, CCS.

[37]  Ruby B. Lee,et al.  Multi-sensor authentication to improve smartphone security , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[38]  Ruby B. Lee,et al.  Implicit Authentication for Smartphone Security , 2015, ICISSP.

[39]  Ying Zhang,et al.  n-Gram Geo-trace Modeling , 2011, Pervasive.