Multi-sensor Authentication to Improve Smartphone Security

Wei-Han Lee, Ruby B. Lee

2015

Abstract

The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim's smartphone, the attacker can launch impersonation attacks, which threaten the security of the victim and other users in the network. Our threat model includes the attacker taking over the phone after the user has logged on with his password or pin. Our goal is to design a mechanism for smartphones to better authenticate the current user, continuously and implicitly, and raise alerts when necessary. In this paper, we propose a multi-sensors-based system to achieve continuous and implicit authentication for smartphone users. The system continuously learns the owner's behavior patterns and environment characteristics, and then authenticates the current user without interrupting user-smartphone interactions. Our method can adaptively update a user's model considering the temporal change of user's patterns. Experimental results show that our method is efficient, requiring less than 10 seconds to train the model and 20 seconds to detect the abnormal user, while achieving high accuracy (more than 90%). Also the combination of more sensors provide better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.

References

  1. Anguita, D., Ghio, A., Oneto, L., Parra, X., and ReyesOrtiz, J. L. (2012). Human activity recognition on smartphones using a multiclass hardware-friendly support vector machine. In Ambient assisted living and home care, pages 216-223. Springer.
  2. Buthpitiya, S., Zhang, Y., Dey, A. K., and Griss, M. (2011). n-gram geo-trace modeling. In Pervasive Computing.
  3. Chang, C.-C. and Lin, C.-J. (2011). LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2:27:1-27:27.
  4. Gentile, C. and Warmuth, M. K. (1998). Linear hinge loss and average margin. In Conference and Workshop on Neural Information Processing Systems, volume 11, pages 225-231.
  5. Kayacik, H. G., Just, M., Baillie, L., Aspinall, D., and Micallef, N. (2014). Data driven authentication: On the effectiveness of user behaviour modelling with mobile device sensors. Mobile Security Technologies.
  6. Li, L., Zhao, X., and Xue, G. (2013). Unobservable reauthentication for smartphones. In Network and Distributed System Security Symposium.
  7. Marquardt, P., Verma, A., Carter, H., and Traynor, P. (2011). (sp) iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In ACM Conference on Computer and Communications Security.
  8. Michalevsky, Y., Boneth, D., and Nakibly, G. (2014). Gyrophone: Recognizing speech from gyroscope signals. In USENIX Security.
  9. Nickel, C., Wirtl, T., and Busch, C. (2012). Authentication of smartphone users based on the way they walk using k-nn algorithm. In Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2012 Eighth International Conference on.
  10. Trojahn, M. and Ortmeier, F. (2013). Toward mobile authentication with keystroke dynamics on mobile phones and tablets. In Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on.
  11. Vapnik, V. N. and Vapnik, V. (1998). Statistical learning theory, volume 2. Wiley New York.
  12. Wu, P., Zhu, J., and Zhang, J. Y. (2013). Mobisens: A versatile mobile sensing platform for real-world applications. Mobile Networks and Applications, 18(1):60- 80.
  13. Xu, Z., Bai, K., and Zhu, S. (2012). Taplogger: Inferring user inputs on smartphone touchscreens using onboard motion sensors. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks.
  14. Zhu, J., Wu, P., Wang, X., and Zhang, J. (2013). Sensec: Mobile security through passive sensing. In International Conference on Computing, Networking and Communications.
Download


Paper Citation


in Harvard Style

Lee W. and B. Lee R. (2015). Multi-sensor Authentication to Improve Smartphone Security . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 270-280. DOI: 10.5220/0005239802700280


in Bibtex Style

@conference{icissp15,
author={Wei-Han Lee and Ruby B. Lee},
title={Multi-sensor Authentication to Improve Smartphone Security},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={270-280},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005239802700280},
isbn={978-989-758-081-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Multi-sensor Authentication to Improve Smartphone Security
SN - 978-989-758-081-9
AU - Lee W.
AU - B. Lee R.
PY - 2015
SP - 270
EP - 280
DO - 10.5220/0005239802700280