Event-driven implicit authentication for mobile access control




Journal Title

Journal ISSN


Volume Title





Peer reviewed


In order to protect user privacy on mobile devices, an event-driven implicit authentication scheme is proposed in this paper. Several methods of utilizing the scheme for recognizing legitimate user behavior are investigated. The investigated methods compute an aggregate score and a threshold in real-time to determine the trust level of the current user using real data derived from user interaction with the device. The proposed scheme is designed to: operate completely in the background, require minimal training period, enable high user recognition rate for implicit authentication, and prompt detection of abnormal activity that can be used to trigger explicitly authenticated access control. In this paper, we investigate threshold computation through standard deviation and EWMA (exponentially weighted moving average) based algorithms. The result of extensive experiments on user data collected over a period of several weeks from an Android phone indicates that our proposed approach is feasible and effective for lightweight real-time implicit authentication on mobile smartphones.


The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.


Authentication, Trust level, implicit authentication scheme, behaviour based authentication, EWMA, mobile security


Yao, F., Yerima, S. Y., Sezer, S., Kang, B. (2015) Event Driven Implicit Authentication For Mobile Access Control, In Proceedings of the 9th International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST), Cambridge, UK, September 2015.


Research Institute

Cyber Technology Institute (CTI)