iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft

Mobile device losses and thefts are skyrocketing. The sensitive data hosted on a lost/stolen device are fully exposed to the adversary. Although password-based authentication mechanisms are available on mobile devices, many users reportedly do not use them, and a device may be lost/stolen while in the unlocked mode. This paper presents the design and evaluation of iLock, a secure and usable defense against data theft on a lost/stolen mobile device. iLock automatically, quickly, and accurately recognizes the user's physical separation from his/her device by detecting and analyzing the changes in wireless signals. Once significant physical separation is detected, the device is immediately locked to prevent data theft. iLock relies on acoustic signals and requires at least one speaker and one microphone that are available on most COTS (commodity-off-the-shelf) mobile devices. Extensive experiments on Samsung Galaxy S5 show that iLock can lock the device with negligible false positives and negatives.

[1]  Rui Zhang,et al.  TouchIn: Sightless two-factor authentication on multi-touch mobile devices , 2014, 2014 IEEE Conference on Communications and Network Security.

[2]  Urs Hengartner,et al.  Itus: an implicit authentication framework for android , 2014, MobiCom.

[3]  Marco Gruteser,et al.  Distinguishing users with capacitive touch communication , 2012, Mobicom '12.

[4]  Xiaolin Li,et al.  Guoguo: enabling fine-grained indoor localization via smartphone , 2013, MobiSys '13.

[5]  Kirsi Helkala,et al.  Biometric Gait Authentication Using Accelerometer Sensor , 2006, J. Comput..

[6]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[7]  Rui Zhang,et al.  Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[8]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[9]  David Kotz,et al.  ZEBRA: Zero-Effort Bilateral Recurring Authentication , 2014, IEEE Symposium on Security and Privacy.

[10]  Kang G. Shin,et al.  EchoTag: Accurate Infrastructure-Free Indoor Location Tagging with Smartphones , 2015, MobiCom.

[11]  Gary M. Weiss,et al.  Cell phone-based biometric identification , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[12]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[14]  Rob Miller,et al.  3D Tracking via Body Radio Reflections , 2014, NSDI.

[15]  Shyamnath Gollakota,et al.  Contactless Sleep Apnea Detection on Smartphones , 2015, GetMobile Mob. Comput. Commun..

[16]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[17]  N. Asokan,et al.  Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks , 2015, NDSS.

[18]  Bassem Mahafza,et al.  Radar Systems Analysis and Design Using MATLAB , 2000 .

[19]  Fadel Adib,et al.  Multi-Person Localization via RF Body Reflections , 2015, NSDI.

[20]  Guobin Shen,et al.  BeepBeep: a high accuracy acoustic ranging system using COTS mobile devices , 2007, SenSys '07.

[21]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[22]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[23]  Desney S. Tan,et al.  FingerIO: Using Active Sonar for Fine-Grained Finger Tracking , 2016, CHI.

[24]  Venkata N. Padmanabhan,et al.  Centaur: locating devices in an office environment , 2012, Mobicom '12.

[25]  Mo Li,et al.  Use it free: instantly knowing your phone attitude , 2014, MobiCom.

[26]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.