Advertisement

An Evaluation of Behavioural Profiling on Mobile Devices

  • Fudong Li
  • Ross Wheeler
  • Nathan Clarke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

With more than 6.3 billion subscribers around the world, mobile de-vices play a significant role in people’s daily life. People rely upon them to carry out a wide variety of tasks, such as accessing emails, shopping online, micro-payments and e-banking. It is therefore essential to protect the sensitive information that is stored on the device against misuse. The majority of these mobile devices are still dependent upon passwords and Personal Identification Numbers (PIN) as a form of user authentication. However, the weakness of these point-of-entry techniques is well documented. Furthermore, current point-of-entry authentication will only serve to provide a one-off authentication decision with the time between an authentication and access control decision effectively becoming independent. Through transparent authentication, identity verification can be performed continuously; thereby more closely associating the authentication and access control decisions. The challenge is in providing an effective solution to the trade-off between effective security and usability.

With the purpose of providing enhanced security, this paper describes a behavioural profiling framework, which utilizes application or service usage to verify individuals in a continuous manner. In order to examine the effectiveness a series of simulations were conducted by utilising real users’ mobile applications usage. The dataset contains 76 users’ application activities over a four-week period, including 30,428 log entries for 103 unique applications (e.g. telephone, text message and web surfing). The simulations results show that the framework achieved a False Rejection Rate (FRR) of 12.91% and a False Acceptant Rate (FAR) of 4.17%. In contrast with point of entry approaches, the behavioural profiling technique provides a significant improvement in both device security and user convenience. An end-user trial was undertaken to assist in investigating the perceptions surrounding the concept of behavioural profiling technique – an approach that is conceptually associated with privacy concerns. The survey revealed that participants were strongly in favour (71%) of using the behavioural approach as a supplement of the point-of-entry technique to protect their devices. The results also provided an interesting insight into the perceived privacy issues with the approach, with 38% of the participants stating they do not care about their personal information being recorded.

Keywords

behavioural profiling authentication non-intrusive transparent 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Apple Inc., iPhone 5s: Using the touch ID kb/HT5883 (2014), http://support.apple.com/ (accessed: January 09, 2014)
  2. 2.
    Checkpoint, The impact of mobile devices on information security (2013), http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf (accessed: January 05, 2014)
  3. 3.
    Clarke, N.: Transparent User Authentication. Springer, Berlin (2011)CrossRefGoogle Scholar
  4. 4.
    Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones—a survey of attitudes and practices. Computer Security 24(7), 519–527 (2005)CrossRefGoogle Scholar
  5. 5.
    Clarke, N.L., Mekala, A.R.: The application of signature recognition to trans-parent handwriting verification for mobile devices. Information Management & Computer Security 15(3), 214–225 (2007)CrossRefGoogle Scholar
  6. 6.
    Clarke, N.L., Furnell, S.M.: Authenticating Mobile Phone Users Using Keystroke Analysis. International Journal of Information Security, 1–14 (2006) ISSN:1615-5262Google Scholar
  7. 7.
    DARPA, Active Authentication, DARPA (2011), http://www.darpa.mil/OurWork/I2O/Programs/Ac-tiveAuthentication.aspx (accessed: January 17, 2014)
  8. 8.
    Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition. In: Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (2010)Google Scholar
  9. 9.
    Eagle, N., Pentland, A., Lazer, D.: Inferring social network structure using mobile phone data. Proceedings of the National Academy of Sciences (PNAS) 106, 15274–15278 (2009)CrossRefGoogle Scholar
  10. 10.
    FaceLock (2014), http://www.facelock.mobi/ (date accessed: January 08, 2014)
  11. 11.
    Gartner, Gartner Says Mobile App Stores Will See Annual Downloads Reach 102 Billion in 2013 (2013), http://www.gartner.com/newsroom/id/2592315 (accessed: October 10, 2014)
  12. 12.
    Huth, A., Orlando, M., Pesante, L.: Password Security, Protection, and Management (2012), https://www.uscert.gov/sites/default/files/publications/PasswordMgmt2012.pdf (accessed: January 09, 2014)
  13. 13.
    IDC, Android Pushes Past 80% Market Share While Windows Phone Shipments Leap 156.0% Year Over Year in the Third Quarter (2013), http://www.idc.com/getdoc.jsp?con-tainerId=prUS24442013 (accessed: January 23, 2014)
  14. 14.
    ITU, Global ICT developments (2014), http://www.itu.int/en/ITUD/Statistics/Pages/stat/default.aspx (accessed: January 06, 2014)
  15. 15.
    Kurkovsky, S., Syta, E.: Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. In: Proceedings of the IEEE International Symposium on Technology and Society (ISTAS), pp. 441–449 (2010)Google Scholar
  16. 16.
    Lazou, A., Weir, G.: Perceived risk and sensitive data on mobile devices. Cyberforensics. University of Strathclyde, Glasgow, pp. 183–196 (2011) ISBN 9780947649784Google Scholar
  17. 17.
    Li, F., Clarke, N.L., Papadaki, M., Dowland, P.S.: Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security (2013), doi:10.1007/s10207-013-0209-6Google Scholar
  18. 18.
    Portioresearch, Fast growth of apps user base in booming Asia Pacific market (2013), http://www.portioresearch.com/en/blog/2013/fast-growth-of-apps-user-base-in-booming-asia-pacific-market.aspx (accessed January 10, 2014)
  19. 19.
    Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Security & Privacy 1(2), 33–42 (2003)CrossRefGoogle Scholar
  20. 20.
    Weinstein, E., Ho, P., Heisele, B., Poggio, T., Steele, K., Agarwal, A.: Handheld face identification technology in a pervasive computing environment. In: Pervasive 2002, Zurich, Switzerland, pp. 48–54 (2002)Google Scholar
  21. 21.
    Woo, R., Park, A., Hazen, T.: The MIT Mobile Device Speaker Verification Corpus: Data collection and preliminary experiments. In: Proceeding of Odyssey, The Speaker & Language Recognition Workshop, San Juan, Puerto Rico (June 2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Fudong Li
    • 1
  • Ross Wheeler
    • 1
  • Nathan Clarke
    • 1
    • 2
  1. 1.Centre for Security, Communications and Network Research (CSCAN)Plymouth UniversityPlymouthUK
  2. 2.Security Research InstituteEdith Cowan UniversityPerthAustralia

Personalised recommendations