A Systematic Literature Review of Behavioural Profiling for Smartphone Security: Challenges and Open Problems

Smartphones contain different types of data and applications, such as images, text messages, emails, and mobile banking applications, and may also hold personal and health information. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after the user has initially accessed the mobile phone. Consequently, there is a security benefit if authentication could be applied continuously and transparently (i.e., without obstructing the user’s activities) to authenticate legitimate users and be maintained beyond the point of entry. Behavioural profiling is an example of behavioural biometric authentication. The main aim of this research study is to conduct a systematic review of the current research literature regarding behavioural profiling for smartphone security. The paper demonstrates that there is a lack of investigation into behavioural profiling for mobile devices. The study also examines possible challenges in behavioural profiling authentication and points to some of the open problems which need to be tackled.

[1]  Steven Furnell,et al.  Flexible and Transparent User Authentication for Mobile Devices , 2009, SEC.

[2]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[3]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[4]  Karin Strauss,et al.  Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications , 2012, SOUPS.

[5]  Helen M. Wood,et al.  The use of passwords for controlling access to remote computer systems and services , 1899, AFIPS '77.

[6]  Nathan L. Clarke Transparent User Authentication - Biometrics, RFID and Behavioural Profiling , 2011 .

[7]  N. Asokan,et al.  Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[8]  Steven Furnell,et al.  Multi-modal Behavioural Biometric Authentication for Mobile Devices , 2012, SEC.

[9]  Maria Papadaki,et al.  Misuse Detection for Mobile Devices Using Behaviour Profiling , 2011, Int. J. Cyber Warf. Terror..

[10]  Zheng Qin,et al.  T2FA: Transparent Two-Factor Authentication , 2018, IEEE Access.

[11]  Georgy L. Shevlyakov,et al.  A New Measure of Outlier Detection Performance , 2014, MLDM.

[12]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[13]  Steven Furnell,et al.  A Novel Taxonomy for Mobile Applications Data , 2016 .

[14]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[15]  Ahmed Sharaf Eldin,et al.  A Survey on Behavioral Biometric Authentication on Smartphones , 2017, J. Inf. Secur. Appl..

[16]  Steven Furnell,et al.  MORI: An Innovative Mobile Applications Data Risk Assessment Model , 2016 .

[17]  Ashish Jain,et al.  A new mobile biometric based upon usage context , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[18]  Steven Furnell,et al.  Transparent authentication systems for mobile device security: A review , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[19]  Steven Furnell,et al.  Text-Based Active Authentication for Mobile Devices , 2014, SEC.

[20]  Mario Baum,et al.  Handbook Of Biometrics , 2016 .

[21]  W. Marsden I and J , 2012 .

[22]  Jugal K. Kalita,et al.  Authentication of Smartphone Users Using Behavioral Biometrics , 2016, IEEE Communications Surveys & Tutorials.

[23]  Issa Traoré,et al.  The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review , 2011, ISA.

[24]  Maria Papadaki,et al.  Active authentication for mobile devices utilising behaviour profiling , 2014, International Journal of Information Security.

[25]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[26]  Lynne Baillie,et al.  Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors , 2014, ArXiv.

[27]  Steven Furnell,et al.  Surveying the Development of Biometric User Authentication on Mobile Phones , 2015, IEEE Communications Surveys & Tutorials.

[28]  Tempestt J. Neal,et al.  Surveying Biometric Authentication for Mobile Device Security , 2016 .

[29]  Steven Furnell,et al.  Continuous and transparent multimodal authentication: reviewing the state of the art , 2015, Cluster Computing.

[30]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[31]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.