skip to main content
10.1145/2660267.2662373acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

POSTER: When and How to Implicitly Authenticate Smartphone Users

Published: 03 November 2014 Publication History

Abstract

Possession of modern smartphones is becoming increasingly ubiquitous, and with this rise in usage comes a rise in the amount of sensitive data being stored on them. Despite this, the high-frequency, low-duration nature of the average smartphone session makes passwords or PIN-locks even less usable than in the desktop context. To combat these issues, implicit authentication (IA) schemes can be developed and deployed to smartphones. IA schemes continuously authenticate users by profiling their behaviour using the variety of sensors prevalent on the phones, such as touchscreens and accelerometers. When a non-owner acquires the device and attempts to access sensitive data on it, the IA scheme recognizes the difference in behaviour and automatically ejects the attacker from the system. In particularly sensitive contexts, IA schemes can also be deployed as a secondary defence mechanism on top of explicit authentication, providing layered security in the event of, for example, a shoulder-surfing attack compromising the device's PIN or an operating system vulnerability allowing its bypass. In this work, we evaluate existing proposals for IA schemes using different behavioural feature sets, and evaluate them against real-world data to show when they are (and are not) useful. We have implemented them in an easily extensible open source framework for the Android operating system called Itus, which allows other researchers to iteratively improve on the existing mechanisms for performing IA. Itus performs IA at the app level, which we have shown allows app developers to selectively protect sensitive data while decreasing the impact on battery life and device performance, and at the same time obtaining better detection accuracy for the IA scheme being invoked.

References

[1]
N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, and S. Möller. On the need for different security methods on mobile phones. In Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services, pages 465--473. ACM, 2011.
[2]
C. Bo, L. Zhang, X.-Y. Li, Q. Huang, and Y. Wang. Silentsense: silent user identification via touch and movement behavioral biometrics. In Proceedings of the 19th Annual International Conference on Mobile Computing & Networking, pages 187--190. ACM, 2013.
[3]
N. L. Clarke and S. Furnell. Authenticating mobile phone users using keystroke analysis. International Journal of Information Security, 6(1), 2007.
[4]
A. De Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann. Touch me once and i know it's you!: implicit authentication based on touch screen patterns. In Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems, pages 987--996. ACM, 2012.
[5]
T. Feng, Z. Liu, K.-A. Kwon, W. Shi, B. Carbunar, Y. Jiang, and N. Nguyen. Continuous mobile authentication using touchscreen gestures. In HST. IEEE, 2012.
[6]
T. Feng, J. Yang, Z. Yan, E. M. Tapia, and W. Shi. Tips: Context-aware implicit user identification using touch screen in uncontrolled environments. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. ACM, 2014.
[7]
T. Feng, X. Zhao, B. Carbunar, and W. Shi. Continuous mobile authentication using virtual key typing biometrics. In 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pages 1547--1552. IEEE, 2013.
[8]
J. Frank, S. Mannor, and D. Precup. Activity and gait recognition with time-delay embeddings. In AAAI Conference on Artificial Intelligence, 2010.
[9]
M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous auth. IEEE Transactions on Information Forensics and Security, 8(1):136--148, 2013.
[10]
E. Hayashi, O. Riva, K. Strauss, A. Brush, and S. Schechter. Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications. In Proceedings of the Eighth Symposium on Usable Privacy and Security, page 2. ACM, 2012.
[11]
H. Khan and U. Hengartner. Towards application-centric implicit authentication on smartphones. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. ACM, 2014.
[12]
L. Li, X. Zhao, and G. Xue. Unobservable reauthentication for smart phones. In Proceedings of the 20th Network and Distributed System Security Symposium, volume 13, 2013.
[13]
Lookout Blog. Sprint and lookout consumer mobile behavior survey. http://blog.lookout.com/blog/2013/10/21/sprint-and-lookout-survey/, Mar. 2014.
[14]
E. Maiorana, P. Campisi, N. González-Carballo, and A. Neri. Keystroke dynamics authentication for mobile phones. In Proceedings of the 2011 ACM Symposium on Applied Computing, pages 21--26. ACM, 2011.
[15]
E. Shi, Y. Niu, M. Jakobsson, and R. Chow. Implicit authentication through learning user behavior. In Information Security, pages 99--113. Springer, 2011.
[16]
X. Zhao, T. Feng, and W. Shi. Continuous mobile authentication using a novel graphic touch gesture feature. In BTAS. IEEE, 2013.

Cited By

View all
  • (2019)Design and Development of a Mobile EEG Data Analytics Framework2019 IEEE Fifth International Conference on Big Data Computing Service and Applications (BigDataService)10.1109/BigDataService.2019.00059(333-339)Online publication date: Apr-2019
  • (2019)Context-Aware Implicit Authentication of Smartphone Users Based on Multi-Sensor BehaviorIEEE Access10.1109/ACCESS.2019.29360347(119654-119667)Online publication date: 2019
  • (2017)A Secure Authentication Method of Intelligent Terminals Based on Jensen-Shannon Divergence2017 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA.2017.25(158-163)Online publication date: Oct-2017
  • Show More Cited By

Index Terms

  1. POSTER: When and How to Implicitly Authenticate Smartphone Users

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
      November 2014
      1592 pages
      ISBN:9781450329576
      DOI:10.1145/2660267
      Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 03 November 2014

      Check for updates

      Author Tags

      1. behavioural biometrics
      2. implicit authentication
      3. security

      Qualifiers

      • Poster

      Funding Sources

      Conference

      CCS'14
      Sponsor:

      Acceptance Rates

      CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;
      Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)3
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 14 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2019)Design and Development of a Mobile EEG Data Analytics Framework2019 IEEE Fifth International Conference on Big Data Computing Service and Applications (BigDataService)10.1109/BigDataService.2019.00059(333-339)Online publication date: Apr-2019
      • (2019)Context-Aware Implicit Authentication of Smartphone Users Based on Multi-Sensor BehaviorIEEE Access10.1109/ACCESS.2019.29360347(119654-119667)Online publication date: 2019
      • (2017)A Secure Authentication Method of Intelligent Terminals Based on Jensen-Shannon Divergence2017 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA.2017.25(158-163)Online publication date: Oct-2017
      • (2016)An enhanced user authentication solution for mobile payment systems using wearablesSecurity and Communication Networks10.1002/sec.16549:17(4639-4649)Online publication date: 25-Nov-2016

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media