ABSTRACT
Mobile devices, such as smartphones and tablets, have become prevalent given their ample functionality brought by a variety of applications. Unfortunately, these devices face security and privacy threats due to unauthorized access. Ordinary protection mechanisms such as passcode and fingerprint verification are widely employed to mitigate the threats. To achieve strong security without sacrificing usability, extensive research efforts have been devoted to continuous authentication through passive sensing and behavior modeling. Nowadays, more and more users own multiple devices. This trend presents opportunities for further optimization of authentication across devices. In this paper, we conduct an empirical study on how a behavioral model created on one device can be transferred to other devices to bootstrap continuous authentication. To pursue this goal, we collect 160 sets of usage data on multiple mobile devices and perform a proof-of-concept experiment. The results demonstrate that we can leverage the similarity between user behaviors on different devices to enable cross-device authentication and anomaly detection.
- Tom Rosenstiel Amy Mitchell and Leah Christian. 2014. Mobile Devices and News Consumption: Some Good Signs for Journalism. (2014).Google Scholar
- Adam J Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M Smith. 2010. Smudge Attacks on Smartphone Touch Screens. WOOT 10 (2010), 1--7. Google ScholarDigital Library
- Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner. 2012. Measuring user confidence in smartphone security and privacy. In the Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 1. Google ScholarDigital Library
- Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch me once and i know it's you!: implicit authentication based on touch screen patterns. In the Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 987--996. Google ScholarDigital Library
- Sanorita Dey, Nirupam Roy, Wenyuan Xu, Romit Roy Choudhury and Srihari Nelakuditi. 2014. Accelprint: Imperfections of accelerometers make smartphones trackable. In the Proceedings of the Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
- Benjamin Draffin, Jiang Zhu, and Joy Zhang. 2014. Keysens: passive user authentication through micro-behavior modeling of soft keyboard interaction. In the Mobile Computing, Applications, and Services. Springer, 184--201.Google Scholar
- Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2017. Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics. In the Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 386--399. Google ScholarDigital Library
- Tao Feng, Ziyi Liu, Kyeong-An Kwon, Weidong Shi, Bogdan Carbunar, Yifei Jiang, and Ngac Ky Nguyen. 2012. Continuous mobile authentication using touchscreen gestures. In the IEEE Conference on Technologies for Homeland Security (HST). IEEE, 451--456.Google ScholarCross Ref
- Michael Frank, Ralf Biedert, En-Di Ma, Ivan Martinovic, and Dong Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. the IEEE Transactions on Information Forensics and Security 8, 1 (2013), 136--148. Google ScholarDigital Library
- Jay Prakash Gupta, Nishant Singh, Pushkar Dixit, Vijay Bhaskar Semwal, and Shiv Ram Dubey. 2013. Human activity recognition using gait pattern. the International Journal of Computer Vision and Image Processing (IJCVIP) 3, 3 (2013), 31--53. Google ScholarDigital Library
- Ankita Jain and Vivek Kanhangad. 2015. Exploring orientation and accelerometer sensor data for personal authentication in smartphones using touchscreen gestures. the Pattern Recognition Letters (2015). Google ScholarDigital Library
- Amy K Karlson, Brian R Meyers, Andy Jacobs, Paul Johns, and Shaun K Kane. 2009. Working overtime: Patterns of smartphone and PC usage in the day of an information worker. In The Pervasive Computing. Springer, 398--405. Google ScholarDigital Library
- Lingjun Li, Xinxin Zhao, and Guoliang Xue. 2013. Unobservable Re-authentication for Smartphones.. In the Network Distributed System Security.Google Scholar
- Lin Liao, Dieter Fox, and Henry Kautz. 2006. Location-based activity recognition. the Advances in Neural Information Processing Systems 18 (2006), 787.Google Scholar
- Wenchao Meng, Duncan Wong, Steven Furnell, and Jianying Zhou. 2015. Surveying the Development of Biometric User Authentication on Mobile Phones. (2015).Google Scholar
- Yuxin Meng, Duncan S Wong, and others. 2014. Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones. In the Proceedings of the 29th Annual ACM Symposium on Applied Computing. ACM, 1680--1687. Google ScholarDigital Library
- Yuxin Meng, Duncan S Wong, Roman Schlegel, and others. 2013. Touch gestures based biometric authentication scheme for touchscreen mobile phones. In the Information Security and Cryptology. Springer, 331--350.Google Scholar
- George D Montañez, Ryen W White, and Xiao Huang. 2014. Cross-device search. In the Proceedings of the 23rd ACM International Conference on Conference on Information and Knowledge Management. ACM, 1669--1678. Google ScholarDigital Library
- YC Hacker News. 2017. (2017). https://news.ycombinator.com/.Google Scholar
- OFCOM. 2012. (2012). http://media.ofcom.org.uk/news/2012/uk-is-now-texting-more-than-talking/.Google Scholar
- Alexander P Pons and Peter Polak. 2008. Understanding user perspectives on biometric technology. the Communications of the ACM 51, 9 (2008), 115--118. Google ScholarDigital Library
- HackerNews Reader. 2017. (2017). https://play.google.com/store/apps/details?id=com.xw.hackernews&hl=en.Google Scholar
- Napa Sae-Bae, Nasir Memon, Katherine Isbister, and Khandakar Ahmed. 2014. Multitouch gesture-based authentication. the IEEE Transactions on Information Forensics and Security 9, 4 (2014), 568--582. Google ScholarDigital Library
- Chao Shen, Zhongmin Cai, and Xiaohong Guan. 2012. Continuous authentication for mouse dynamics: A pattern-growth approach. In the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 1--12. Google ScholarDigital Library
- Emmanuel Munguia Tapia, Stephen S Intille, and Kent Larson. 2004. Activity recognition in the home using simple and ubiquitous sensors. In the International Conference on Pervasive Computing. Springer, 158--175.Google ScholarCross Ref
- Dirk Van Bruggen, Shu Liu, Mitch Kajzer, Aaron Striegel, Charles R Crowell, and John D'Arcy. 2013. Modifying smartphone user locking behavior. In the Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM, 10. Google ScholarDigital Library
- Tam Vu, Ashwin Ashok, Akash Baid, Marco Gruteser, Richard Howard, Janne Lindqvist, Predrag Spasojevic, and Jeffrey Walling. 2012. Demo: user identification and authentication with capacitive touch communication. In the Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 483--484. Google ScholarDigital Library
- Yu Wang, Xiao Huang, and Ryen W White. 2013. Characterizing and supporting cross-device search tasks. In the Proceedings of the Sixth ACM International Conference on Web Search and Data Mining. ACM, 707--716. Google ScholarDigital Library
- Hui Xu, Yangfan Zhou, and Michael R Lyu. 2014. Towards continuous and passive authentication via touch biometrics: An experimental study on smartphones. In the Symposium On Usable Privacy and Security, Vol. 14. 187--198.Google Scholar
- Tong Yu, Yong Zhuang, Ole. Mengshoel, and Osman. Yagan. 2016. Hybridizing Personal and Impersonal Machine Learning Models for Activity Recognition on Mobile Devices. In the Proceedings of the 8th International Conference on Mobile Computing, Applications and Services (MobiCASE-16). Cambridge, Great Britain. Google ScholarDigital Library
- Ming Zeng, Xiao Wang, Le Nguyen, Pang Wu, Ole. Mengshoel, and Joy. Zhang. 2014. Adaptive activity recognition with dynamic heterogeneous sensor fusion. In the Proceedings of the 6th International Conference on Mobile Computing, Applications and Services (MobiCASE-14). Austin, TX, 189--196.Google ScholarCross Ref
- Jiang Zhu, Pang Wu, Xiao Wang, and Juyong Zhang. 2013. Sensec: Mobile security through passive sensing. In the International Conference on Computing, Networking and Communications (ICNC). IEEE, 1128--1133. Google ScholarDigital Library
Recommendations
User authentication on mobile devices: Approaches, threats and trends
AbstractMobile devices have brought a great convenience to us these years, which allow the users to enjoy the anytime and anywhere various applications such as the online shopping, Internet banking, navigation and mobile media. While the users ...
Touch-based continuous mobile device authentication: State-of-the-art, challenges and opportunities
AbstractThe advancement in the computational capability and storage size of a modern mobile device has evolved it into a multi-purpose smart device for individual and business needs. The increasing usage of this device has led to the need for ...
Keystroke dynamics-based authentication for mobile devices
Recently, mobile devices are used in financial applications such as banking and stock trading. However, unlike desktops and notebook computers, a 4-digit personal identification number (PIN) is often adopted as the only security mechanism for mobile ...
Comments