Continuous Authentication of Smartphones Based on Application Usage

An empirical investigation of active/continuous authentication for smartphones is presented by exploiting users’ unique application usage data, i.e., distinct patterns of use, modeled by a Markovian process. Specifically, variations of hidden Markov models (HMMs) are evaluated for continuous user verification, and challenges due to the sparsity of session-wise data, an explosion of states, and handling unforeseen events in the test data are tackled. Unlike traditional approaches, the proposed formulation utilizes the complete app-usage information to achieve low latency. Through experimentation, empirical assessment of the impact of unforeseen events, i.e., unknown applications and unforeseen observations, on user verification is done via a modified edit-distance algorithm for sequence matching. It is found that for enhanced verification performance, unforeseen events should be considered. For validation, extensive experiments on two distinct datasets, namely, UMDAA-02 and Securacy, are performed. Using the marginally smoothed HMM a low equal error rate (EER) of 16.16% is reached for the Securacy dataset and the same method is found to be able to detect an intrusion within ~2.5 min of application use.

[1]  Jorge Gonçalves,et al.  Revisitation analysis of smartphone app use , 2015, UbiComp.

[2]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[3]  Alex Fridman,et al.  Learning Human Identity from Motion Patterns , 2015, IEEE Access.

[4]  Rama Chellappa,et al.  Facial attributes for active authentication on mobile devices , 2017, Image Vis. Comput..

[5]  Andrew C. Simpson,et al.  Privacy‐preserving targeted mobile advertising: requirements, design and a prototype implementation , 2016, Softw. Pract. Exp..

[6]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[7]  Ye Xu,et al.  Preference, context and communities: a multi-faceted approach to predicting smartphone app usage patterns , 2013, ISWC '13.

[8]  Angelos Stavrou,et al.  Continuous Authentication on Mobile Devices Using Power Consumption, Touch Gestures and Physical Movement of Users , 2015, RAID.

[9]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[10]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[11]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[12]  Rama Chellappa,et al.  PATH: Person authentication using trace histories , 2016, 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[13]  Rama Chellappa,et al.  Robust multimodal recognition via multitask multivariate low-rank representations , 2015, 2015 11th IEEE International Conference and Workshops on Automatic Face and Gesture Recognition (FG).

[14]  Jorge Gonçalves,et al.  A Systematic Assessment of Smartphone Usage Gaps , 2016, CHI.

[15]  Jukka Komulainen,et al.  Effect of context in swipe gesture-based continuous authentication on smartphones , 2018, ESANN.

[16]  Sébastien Gambs,et al.  Show me how you move and I will tell you who you are , 2010, SPRINGL '10.

[17]  Timo Ojala,et al.  Testdroid: automated remote UI testing on Android , 2012, MUM.

[18]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[19]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[20]  Ana L. N. Fred,et al.  ECG-based biometrics: A real time classification approach , 2012, 2012 IEEE International Workshop on Machine Learning for Signal Processing.

[21]  Alexander Markowetz,et al.  Differentiating smartphone users by app usage , 2016, UbiComp.

[22]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[23]  Denzil Ferreira,et al.  Securacy: an empirical investigation of Android applications' network usage, privacy and security , 2015, WISEC.

[24]  Hongxia Jin,et al.  Secure Pick Up: Implicit Authentication When You Start Using the Smartphone , 2017, SACMAT.

[25]  Hong Cao,et al.  Mining smartphone data for app usage prediction and recommendations: A survey , 2017, Pervasive Mob. Comput..

[26]  David J. Kriegman,et al.  Eigenfaces vs. Fisherfaces: Recognition Using Class Specific Linear Projection , 1996, ECCV.

[27]  Matti Pietikäinen,et al.  Face and Eye Detection for Person Authentication in Mobile Phones , 2007, 2007 First ACM/IEEE International Conference on Distributed Smart Cameras.

[28]  Rama Chellappa,et al.  Active user authentication for smartphones: A challenge data set and benchmark results , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[29]  Mubarak Shah,et al.  Face Recognition in Movie Trailers via Mean Sequence Sparse Representation-Based Classification , 2013, 2013 IEEE Conference on Computer Vision and Pattern Recognition.

[30]  Daniel E. Acuña,et al.  Show Me Your App Usage and I Will Tell Who Your Close Friends Are: Predicting User's Context from Simple Cellphone Activity , 2017, CHI Extended Abstracts.

[31]  Dawn Xiaodong Song,et al.  Understanding Mobile App Usage Patterns Using In-App Advertisements , 2013, PAM.

[32]  Urs Hengartner,et al.  Towards application-centric implicit authentication on smartphones , 2014, HotMobile.

[33]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[34]  Qiang Xu,et al.  Identifying diverse usage behaviors of smartphone apps , 2011, IMC '11.

[35]  Soumik Mondal,et al.  Does Context Matter for the Performance of Continuous Authentication Biometric Systems? An Empirical Study on Mobile Device , 2015, 2015 International Conference of the Biometrics Special Interest Group (BIOSIG).

[36]  Ahmed Sharaf Eldin,et al.  A Survey on Behavioral Biometric Authentication on Smartphones , 2017, J. Inf. Secur. Appl..

[37]  Deborah Estrin,et al.  Diversity in smartphone usage , 2010, MobiSys '10.

[38]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[39]  Denzil Ferreira,et al.  Revisiting human-battery interaction with an interactive battery interface , 2013, UbiComp.

[40]  Rama Chellappa,et al.  Touch Gesture-Based Active User Authentication Using Dictionaries , 2015, 2015 IEEE Winter Conference on Applications of Computer Vision.

[41]  Jorge Gonçalves,et al.  Modelling smartphone usage: a markov state transition model , 2016, UbiComp.

[42]  Bruno Crispo,et al.  Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access , 2018, Mob. Inf. Syst..

[43]  Rama Chellappa,et al.  Face-based Active Authentication on mobile devices , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[44]  Xuanzhe Liu,et al.  Predicting Smartphone Battery Life based on Comprehensive and Real-time Usage Data , 2018, ArXiv.

[45]  Denzil Ferreira,et al.  Understanding the Challenges of Mobile Phone Usage Data , 2015, MobileHCI.

[46]  Saeed Moghaddam,et al.  MobileMiner: mining your frequent patterns on your phone , 2014, UbiComp.

[47]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[48]  Allen Y. Yang,et al.  Robust Face Recognition via Sparse Representation , 2009, IEEE Transactions on Pattern Analysis and Machine Intelligence.