A novel transparent user authentication approach for mobile applications

ABSTRACT With the rapid growth of smartphones and tablets in our daily lives, securing the sensitive data stored upon them makes authentication of paramount importance. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after accessing a mobile phone. Accordingly, there is a security benefit if authentication can be applied continually and transparently (i.e., without obstructing the user’s activities) to authenticate legitimate users, which is maintained beyond the point of entry. To this end, this paper suggests a novel transparent user authentication method for mobile applications by applying biometric authentication on each service within a single application in a secure and usable manner based on the risk level. A study involving data collected from 76 users over a one-month period using 12 mobile applications was undertaken to examine the proposed approach. The experimental results show that this approach achieved desirable outcomes for applying a transparent authentication system at an intra-process level, with an average of 6% intrusive authentication requests. Interestingly, when the participants were divided into three levels of usage (high, medium and low), the average intrusive authentication request was 3% which indicates a clear enhancement and suggests that the system would add a further level of security without imposing significant inconvenience upon the user.

[1]  Timothy F. Cootes,et al.  Mobile Biometrics (MoBio): Joint Face and Voice Verification for a Mobile Platform , 2012 .

[2]  Steven Furnell,et al.  MORI: An Innovative Mobile Applications Data Risk Assessment Model , 2016 .

[3]  Steven Furnell,et al.  Multi-modal Behavioural Biometric Authentication for Mobile Devices , 2012, SEC.

[4]  Zheng Qin,et al.  T2FA: Transparent Two-Factor Authentication , 2018, IEEE Access.

[5]  Steven Furnell,et al.  Continuous and transparent multimodal authentication: reviewing the state of the art , 2015, Cluster Computing.

[6]  Lavinia Mihaela Dinca,et al.  The Fall of One, the Rise of Many A Survey on Multi-Biometric Fusion Methods , 2017 .

[7]  Steven Furnell,et al.  Surveying the Development of Biometric User Authentication on Mobile Phones , 2015, IEEE Communications Surveys & Tutorials.

[8]  Abdulwahid Al Abdulwahid Federated authentication using the Cloud (Cloud Aura) , 2017 .

[9]  Raymond N. J. Veldhuis,et al.  Biometric Authentication System on Mobile Personal Devices , 2010, IEEE Transactions on Instrumentation and Measurement.

[10]  Muddassar Farooq,et al.  Keystroke-Based User Identification on Smart Phones , 2009, RAID.

[11]  Alex Park,et al.  The MIT Mobile Device Speaker Verification Corpus: Data Collection and Preliminary Experiments , 2006, 2006 IEEE Odyssey - The Speaker and Language Recognition Workshop.

[12]  Michele Nappi,et al.  FIRME: Face and Iris Recognition for Mobile Engagement , 2014, Image Vis. Comput..

[13]  Ramachandra Raghavendra,et al.  Scaling-robust fingerprint verification with smartphone camera in real-life scenarios , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[14]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[15]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[16]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[17]  Steven Furnell,et al.  Keystroke dynamics on a mobile handset: a feasibility study , 2003, Inf. Manag. Comput. Secur..

[18]  Tao Feng,et al.  Multi resolution touch panel with built-in fingerprint sensing support , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[19]  Ahmed Bouridane,et al.  Improving Biometric Identification Performance Using PCANet Deep Learning and Multispectral Palmprint , 2017 .

[20]  Steven Furnell,et al.  A Novel Taxonomy for Mobile Applications Data , 2016 .

[21]  Nathan L. Clarke,et al.  Risk Assessment for Mobile Devices , 2011, TrustBus.

[22]  Urs Hengartner,et al.  Towards application-centric implicit authentication on smartphones , 2014, HotMobile.

[23]  Nai-Wei Lo,et al.  A Lightweight Continuous Authentication Protocol for the Internet of Things , 2018, Sensors.

[24]  Michele Nappi,et al.  Mobile Iris Challenge Evaluation (MICHE)-I, biometric iris dataset and protocols , 2015, Pattern Recognit. Lett..

[25]  Christophe Rosenberger,et al.  Privacy Preserving Transparent Mobile Authentication , 2017, ICISSP.

[26]  Nathan L. Clarke Transparent User Authentication - Biometrics, RFID and Behavioural Profiling , 2011 .

[27]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[28]  Sheikh Iqbal Ahamed,et al.  Your Phone Knows You: Almost Transparent Authentication for Smartphones , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[29]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[30]  Rui Chen,et al.  Liveness detection for iris recognition using multispectral images , 2012, Pattern Recognit. Lett..

[31]  Steven Furnell,et al.  Flexible and Transparent User Authentication for Mobile Devices , 2009, SEC.

[32]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[33]  Maria Papadaki,et al.  Misuse Detection for Mobile Devices Using Behaviour Profiling , 2011, Int. J. Cyber Warf. Terror..

[34]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[35]  Karin Strauss,et al.  Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications , 2012, SOUPS.

[36]  Steven Furnell,et al.  Transparent authentication systems for mobile device security: A review , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[37]  Steven Furnell,et al.  Text-Based Active Authentication for Mobile Devices , 2014, SEC.