Event-driven implicit authentication for mobile access control

Date

2015-09

Advisors

Journal Title

Journal ISSN

ISSN

Volume Title

Publisher

IEEE

Type

Conference

Peer reviewed

Abstract

In order to protect user privacy on mobile devices, an event-driven implicit authentication scheme is proposed in this paper. Several methods of utilizing the scheme for recognizing legitimate user behavior are investigated. The investigated methods compute an aggregate score and a threshold in real-time to determine the trust level of the current user using real data derived from user interaction with the device. The proposed scheme is designed to: operate completely in the background, require minimal training period, enable high user recognition rate for implicit authentication, and prompt detection of abnormal activity that can be used to trigger explicitly authenticated access control. In this paper, we investigate threshold computation through standard deviation and EWMA (exponentially weighted moving average) based algorithms. The result of extensive experiments on user data collected over a period of several weeks from an Android phone indicates that our proposed approach is feasible and effective for lightweight real-time implicit authentication on mobile smartphones.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.

Keywords

Authentication, Trust level, implicit authentication scheme, behaviour based authentication, EWMA, mobile security

Citation

Yao, F., Yerima, S. Y., Sezer, S., Kang, B. (2015) Event Driven Implicit Authentication For Mobile Access Control, In Proceedings of the 9th International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST), Cambridge, UK, September 2015.

Rights

Research Institute

Cyber Technology Institute (CTI)