Silent and Continuous Authentication in Mobile Environment

Gerardo Canfora, Paolo di Notte, Francesco Mercaldo, Corrado Aaron Visaggio

2016

Abstract

Due to the increasing pervasiveness of mobile technologies, sensitive user information is often stored on mobile devices. Nowadays, mobile devices do not continuously verify the identity of the user while sensitive activities are performed. This enables attackers full access to sensitive data and applications on the device, if they obtain the password or grab the device after login. In order to mitigate this risk, we propose a continuous and silent monitoring process based on a set of features: orientation, touch and cell tower. The underlying assumption is that the features are representative of smartphone owner behaviour and this is the reason why the features can be useful to discriminate the owner by an impostor. Results show that our system, modeling the user behavior of 21 volunteer participants, obtains encouraging results, since we measured a precision in distinguishing an impostor from the owner between 99% and 100%.

References

  1. Ahmed, A. A. E. and Traore, I. (2005). Anomaly intrusion detection based on biometrics. In Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC, pages 452-453. IEEE.
  2. Akula, S. and Devisetty, V. (2004). Image based registration and authentication system. In Proceedings of Midwest Instruction and Computing Symposium, volume 4.
  3. Bailey, K. O., Okolica, J. S., and Peterson, G. L. (2014). User identification and authentication using multimodal behavioral biometrics. Computers & Security, 43:77-89.
  4. Bhattacharyya, D., Ranjan, R., Farkhod Alisherov, A., and Choi, M. (2009). Biometric authentication: A review. International Journal of u-and e-Service, Science and Technology, 2(3):13-28.
  5. Bo, C., Zhang, L., Jung, T., Han, J., Li, X.-Y., and Wang, Y. (2014). Continuous user identification via touch and movement behavioral biometrics. In Performance Computing and Communications Conference (IPCCC), 2014 IEEE International, pages 1-8. IEEE.
  6. Brocardo, M. L. and Traore, I. (2014). Continuous authentication using micro-messages. In Privacy, Security and Trust (PST), 2014, pages 179-188. IEEE.
  7. Brown, M. and Rogers, S. J. (1993). User identification via keystroke characteristics of typed names using neural networks. International Journal of Man-Machine Studies, 39(6):999-1014.
  8. Clarke, N. and Mekala, A. (2006). Transparent handwriting verification for mobile devices. InProceedings of the Sixth International Network Conference (INC 2006), Plymouth, UK, pages 11-14. Citeseer.
  9. Davis, D., Monrose, F., and Reiter, M. K. (2004). On user choice in graphical password schemes. In USENIX Security Symposium, volume 13, pages 11-11.
  10. De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. (2012). Touch me once and i know it's you!: implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI, pages 987-996. ACM.
  11. Dhamija, R. and Perrig, A. (2000). D ej a vu: A user study using images for authentication.
  12. Dunphy, P., Heiner, A. P., and Asokan, N. (2010). A closer look at recognition-based graphical passwords on mobile devices. In Proceedings of the Sixth Symposium on Usable Privacy and Security, page 3. ACM.
  13. Frank, M., Biedert, R., Ma, E.-D., Martinovic, I., and Song, D. (2013). Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. Information Forensics and Security, IEEE Transactions on, 8(1):136-148.
  14. Gamboa, H. and Fred, A. (2004). A behavioral biometric system based on human-computer interaction. In Defense and Security, pages 381-392. International Society for Optics and Photonics.
  15. Gascon, H., Uellenbeck, S., Wolf, C., and Rieck, K. (2014). Continuous authentication on mobile devices by analysis of typing motion behavior. In Sicherheit, pages 1-12.
  16. Joyce, R. and Gupta, G. (1990). Identity authentication based on keystroke latencies. Communications of the ACM, 33(2):168-176.
  17. Killourhy, K. S. and Maxion, R. A. (2009). Comparing anomaly-detection algorithms for keystroke dynamics. In Dependable Systems & Networks, 2009. DSN'09. IEEE/IFIP International Conference on, pages 125-134. IEEE.
  18. Koreman, J., Morris, A., Wu, D., Jassim, S., Sellahewa, H., Ehlers, J., Chollet, G., Aversano, G., Bredin, H., Garcia-Salicetti, S., et al. (2006). Multi-modal biometric authentication on the securephone pda. In Proceedings of the MMUA workshop on Multimodal User Authentication.
  19. Kotropoulos, C. and Samaras, S. (2014). Mobile phone identification using recorded speech signals. InDigital Signal Processing (DSP), 2014 19th International Conference on, pages 586-591. IEEE.
  20. Kwapisz, J. R., Weiss, G. M., and Moore, S. A. (2010). Cell phone-based biometric identification. InBiometrics: Theory Applications and Systems (BTAS), 2010 Fourth IEEE International Conference on, pages 1-7. IEEE.
  21. Monrose, F. and Rubin, A. (1997). Authentication via keystroke dynamics. In Proceedings of the 4th ACM conference on Computer and communications security, pages 48-56. ACM.
  22. Murmuria, R., Stavrou, A., Barbará, D., and Fleck, D. (2015). Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users. In Research in Attacks, Intrusions, and Defenses, pages 405-424. Springer.
  23. Nicholson, A. J., Corner, M. D., and Noble, B. D. (2006). Mobile device security using transient authentication. Mobile Computing, IEEE Transactions on, 5(11):1489-1502.
  24. Piuri, V. and Scotti, F. (2008). Fingerprint biometrics via low-cost sensors and webcams. In Biometrics: Theory, Applications and Systems, 2008. BTAS 2008. 2nd IEEE International Conference on, pages 1-6. IEEE.
  25. Riva, O., Qin, C., Strauss, K., and Lymberopoulos, D. (2012). Progressive authentication: deciding when to authenticate on mobile phones. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pages 301-316.
  26. Sae-Bae, N. and Memon, N. (2013). A simple and effective method for online signature verification. In BIOSIG, pages 1-12. IEEE.
  27. Seo, H., Kim, E., and Kim, H. K. (2012). A novel biometric identification based on a users input pattern analysis for intelligent mobile devices. International Journal of Advanced Robotic Systems, 9:1-10.
  28. Shen, C., Cai, Z., Guan, X., and Cai, J. (2010). A hypooptimum feature selection strategy for mouse dynamics in continuous identity authentication and monitoring. In Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on, pages 349-353. IEEE.
  29. Shepherd, S. (1995). Continuous authentication by analysis of keyboard typing characteristics. In Security and Detection, 1995., European Convention on, pages 111-114. IET.
  30. Wu, J.-S., Lin, W.-C., Lin, C.-T., and Wei, T.-E. (2015). Smartphone continuous authentication based on keystroke and gesture profiling. In Security Technology (ICCST), 2015 International Carnahan Conference on, pages 191-197. IEEE.
  31. Zheng, N., Bai, K., Huang, H., and Wang, H. (2014). You are how you touch: User verification on smartphones via tapping behaviors. In ICNP, pages 221- 232. IEEE.
Download


Paper Citation


in Harvard Style

Canfora G., di Notte P., Mercaldo F. and Visaggio C. (2016). Silent and Continuous Authentication in Mobile Environment . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 97-108. DOI: 10.5220/0005965500970108


in Bibtex Style

@conference{secrypt16,
author={Gerardo Canfora and Paolo di Notte and Francesco Mercaldo and Corrado Aaron Visaggio},
title={Silent and Continuous Authentication in Mobile Environment},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={97-108},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005965500970108},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Silent and Continuous Authentication in Mobile Environment
SN - 978-989-758-196-0
AU - Canfora G.
AU - di Notte P.
AU - Mercaldo F.
AU - Visaggio C.
PY - 2016
SP - 97
EP - 108
DO - 10.5220/0005965500970108