Skip to main content
SpringerLink
Log in

A Comparative Evaluation of Implicit Authentication Schemes

  • Conference paper
Book cover Research in Attacks, Intrusions and Defenses (RAID 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8688))

Included in the following conference series:

Abstract

Implicit authentication (IA) schemes use behavioural biometrics to continuously and transparently authenticate mobile device users. Several IA schemes have been proposed by researchers which employ different behavioural features and provide reasonable detection accuracy. While these schemes work in principle, it is difficult to comprehend from these individual efforts which schemes work best (in terms of detection accuracy, detection delay and processing complexity) under different operating conditions (in terms of attack scenarios and availability of training and classification data). Furthermore, it is critical to evaluate these schemes on unbiased, real-world datasets to determine their efficacy in realistic operating conditions. In this paper, we evaluate six diverse IA schemes on four independently collected datasets from over 300 participants. We first evaluate these schemes in terms of: accuracy; training time and delay on real-world datasets; detection delay; processing and memory complexity for feature extraction, training and classification operations; vulnerability to mimicry attacks; and deployment issues on mobile platforms. We also leverage our real-world device usage traces to determine the proportion of time these schemes are able to afford protection to device owners. Based on our evaluations, we identify: 1) promising IA schemes with high detection accuracy, low performance overhead, and near real-time detection delays, 2) common pitfalls in contemporary IA evaluation methodology, and 3) open challenges for IA research. Finally, we provide an open source implementation of the IA schemes evaluated in this work that can be used for performance benchmarking by future IA research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Android Authority: Android face unlock hacked (March 2014), http://androidauthority.com/android-jelly-bean-face-unlock-blink-hacking-105556/

  2. Arya, S., Mount, D.M., Netanyahu, N.S., Silverman, R., Wu, A.Y.: An optimal algorithm for approximate nearest neighbor searching fixed dimensions. Journal of the ACM (JACM) 45(6) (1998)

    Google Scholar 

  3. Berndt, D.J., Clifford, J.: Using dynamic time warping to find patterns in time series. In: KDD Workshop, vol. 10 (1994)

    Google Scholar 

  4. Bo, C., Zhang, L., Li, X.Y., Huang, Q., Wang, Y.: Silentsense: silent user identification via touch and movement behavioral biometrics. In: MobiCom. ACM (2013)

    Google Scholar 

  5. Chang, C.C., Lin, C.J.: Libsvm: A library for support vector machines. ACM TIST 2(3) (2011)

    Google Scholar 

  6. Chen, T., Kan, M.-Y.: Creating a live, public short message service corpus: The nus sms corpus. Language Resources and Evaluation 47(2), 299–335 (2013)

    Google Scholar 

  7. Clarke, N., Karatzouni, S., Furnell, S.: Flexible and transparent user authentication for mobile devices. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 1–12. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Clarke, N.L., Furnell, S.: Authenticating mobile phone users using keystroke analysis. International Journal of Information Security 6(1) (2007)

    Google Scholar 

  9. Crawford, H., Renaud, K., Storer, T.: A framework for continuous, transparent mobile device authentication. Elsevier Computers & Security 39 (2013)

    Google Scholar 

  10. De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: implicit authentication based on touch screen patterns. In: CHI. ACM (2012)

    Google Scholar 

  11. Feng, T., Liu, Z., Kwon, K.A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: HST. IEEE (2012)

    Google Scholar 

  12. Feng, T., Yang, J., Yan, Z., Tapia, E.M., Shi, W.: Tips: Context-aware implicit user identification using touch screen in uncontrolled environments. In: HotMobile. ACM (2014)

    Google Scholar 

  13. Feng, T., Zhao, X., Carbunar, B., Shi, W.: Continuous mobile authentication using virtual key typing biometrics. In: TrustCom. IEEE (2013)

    Google Scholar 

  14. Frank, J., Mannor, S., Precup, D.: Activity and gait recognition with time-delay embeddings. In: AAAI (2010)

    Google Scholar 

  15. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE TIFS 8(1) (2013)

    Google Scholar 

  16. Friedman, N., Geiger, D., Goldszmidt, M.: Bayesian network classifiers. Machine Learning 29(2-3) (1997)

    Google Scholar 

  17. Gafurov, D., Helkala, K., Søndrol, T.: Biometric gait authentication using accelerometer sensor. Journal of Computers 1(7) (2006)

    Google Scholar 

  18. Hayashi, E., Riva, O., Strauss, K., Brush, A., Schechter, S.: Goldilocks and the two mobile devices: Going beyond all-or-nothing access to a device’s applications. In: SOUPS. ACM (2012)

    Google Scholar 

  19. Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology 14(1) (2004)

    Google Scholar 

  20. Jolliffe, I.: Principal component analysis. Wiley Online Library (2005)

    Google Scholar 

  21. Kalamandeen, A., Scannell, A., de Lara, E., Sheth, A., LaMarca, A.: Ensemble: Cooperative proximity-based authentication. In: MobiSys. ACM (2010)

    Google Scholar 

  22. Khan, H., Hengartner, U.: Towards application-centric implicit authentication on smartphones. In: HotMobile. ACM (2014)

    Google Scholar 

  23. Klimt, B., Yang, Y.: Introducing the enron corpus. In: CEAS (2004)

    Google Scholar 

  24. Li, L., Zhao, X., Xue, G.: Unobservable reauthentication for smart phones. In: NDSS (2013)

    Google Scholar 

  25. Lookout Blog: Sprint-lookout mobile behavior survey (March 2014), http://blog.lookout.com/blog/2013/10/21

  26. Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke dynamics authentication for mobile phones. In: SAC. ACM (2011)

    Google Scholar 

  27. Mantyjarvi, J., Lindholm, M., Vildjiounaite, E., Makela, S.M., Ailisto, H.: Identifying users of portable devices from gait pattern with accelerometers. In: ICASSP 2005. IEEE (2005)

    Google Scholar 

  28. Muaaz, M., Mayrhofer, R.: An analysis of different approaches to gait recognition using cell phone based accelerometers. In: MoMM. ACM (2013)

    Google Scholar 

  29. Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: USENIX Security (2012)

    Google Scholar 

  30. Schneier on Security: Apple iphone fingerprint reader hacked (March 2014), http://schneier.com/blog/archives/2013/09/apples_iphone_f.html

  31. Serwadda, A., Phoha, V.V.: Examining a large keystroke biometrics dataset for statistical-attack openings. ACM TISSEC 16(2) (2013)

    Google Scholar 

  32. Serwadda, A., Phoha, V.V.: When kids’ toys breach mobile phone security. In: CCS. ACM (2013)

    Google Scholar 

  33. Serwadda, A., Phoha, V.V., Wang, Z.: Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms. In: BTAS. IEEE (2013)

    Google Scholar 

  34. Shahzad, M., Liu, A.X., Samuel, A.: Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it. In: MobiCom. ACM (2013)

    Google Scholar 

  35. Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  36. Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: Relay-resilient authentication using ambient multi-sensing. In: Financial Cryptography and Data Security (2014)

    Google Scholar 

  37. Striegel, A., Liu, S., Meng, L., Poellabauer, C., Hachen, D., Lizardo, O.: Lessons learned from the netsense smartphone study. In: HotPlanet. ACM (2013)

    Google Scholar 

  38. Studer, A., Perrig, A.: Mobile user location-specific encryption (mule): Using your office as your password. In: Wi’Sec. ACM (2010)

    Google Scholar 

  39. Tey, C.M., Gupta, P., Gao, D.: I can be you: Questioning the use of keystroke dynamics as biometrics. In: NDSS (2013)

    Google Scholar 

  40. Threatpost: Samsung android lockscreen bypass (March 2014), http://threatpost.com/lock-screen-bypass-flaw-found-samsung-androids-030413/77580

  41. Wright, S.: Symantec honey stick project. Symantec Corporation (March 2012)

    Google Scholar 

  42. Zhao, X., Feng, T., Shi, W.: Continuous mobile authentication using a novel graphic touch gesture feature. In: BTAS. IEEE (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada

    Hassan Khan, Aaron Atwater & Urs Hengartner

Authors
  1. Hassan Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aaron Atwater
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Urs Hengartner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Angelos Stavrou

  2. VU University Amsterdam, The Netherlands

    Herbert Bos

  3. Stevens Institute of Technology, NJ, USA

    Georgios Portokalidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Khan, H., Atwater, A., Hengartner, U. (2014). A Comparative Evaluation of Implicit Authentication Schemes. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11379-1_13

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11378-4

  • Online ISBN: 978-3-319-11379-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation