An Evaluation of Behavioural Profiling on Mobile Devices
With more than 6.3 billion subscribers around the world, mobile de-vices play a significant role in people’s daily life. People rely upon them to carry out a wide variety of tasks, such as accessing emails, shopping online, micro-payments and e-banking. It is therefore essential to protect the sensitive information that is stored on the device against misuse. The majority of these mobile devices are still dependent upon passwords and Personal Identification Numbers (PIN) as a form of user authentication. However, the weakness of these point-of-entry techniques is well documented. Furthermore, current point-of-entry authentication will only serve to provide a one-off authentication decision with the time between an authentication and access control decision effectively becoming independent. Through transparent authentication, identity verification can be performed continuously; thereby more closely associating the authentication and access control decisions. The challenge is in providing an effective solution to the trade-off between effective security and usability.
With the purpose of providing enhanced security, this paper describes a behavioural profiling framework, which utilizes application or service usage to verify individuals in a continuous manner. In order to examine the effectiveness a series of simulations were conducted by utilising real users’ mobile applications usage. The dataset contains 76 users’ application activities over a four-week period, including 30,428 log entries for 103 unique applications (e.g. telephone, text message and web surfing). The simulations results show that the framework achieved a False Rejection Rate (FRR) of 12.91% and a False Acceptant Rate (FAR) of 4.17%. In contrast with point of entry approaches, the behavioural profiling technique provides a significant improvement in both device security and user convenience. An end-user trial was undertaken to assist in investigating the perceptions surrounding the concept of behavioural profiling technique – an approach that is conceptually associated with privacy concerns. The survey revealed that participants were strongly in favour (71%) of using the behavioural approach as a supplement of the point-of-entry technique to protect their devices. The results also provided an interesting insight into the perceived privacy issues with the approach, with 38% of the participants stating they do not care about their personal information being recorded.
Keywordsbehavioural profiling authentication non-intrusive transparent
Unable to display preview. Download preview PDF.
- 1.Apple Inc., iPhone 5s: Using the touch ID kb/HT5883 (2014), http://support.apple.com/ (accessed: January 09, 2014)
- 2.Checkpoint, The impact of mobile devices on information security (2013), http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf (accessed: January 05, 2014)
- 6.Clarke, N.L., Furnell, S.M.: Authenticating Mobile Phone Users Using Keystroke Analysis. International Journal of Information Security, 1–14 (2006) ISSN:1615-5262Google Scholar
- 7.DARPA, Active Authentication, DARPA (2011), http://www.darpa.mil/OurWork/I2O/Programs/Ac-tiveAuthentication.aspx (accessed: January 17, 2014)
- 8.Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition. In: Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (2010)Google Scholar
- 10.FaceLock (2014), http://www.facelock.mobi/ (date accessed: January 08, 2014)
- 11.Gartner, Gartner Says Mobile App Stores Will See Annual Downloads Reach 102 Billion in 2013 (2013), http://www.gartner.com/newsroom/id/2592315 (accessed: October 10, 2014)
- 12.Huth, A., Orlando, M., Pesante, L.: Password Security, Protection, and Management (2012), https://www.uscert.gov/sites/default/files/publications/PasswordMgmt2012.pdf (accessed: January 09, 2014)
- 13.IDC, Android Pushes Past 80% Market Share While Windows Phone Shipments Leap 156.0% Year Over Year in the Third Quarter (2013), http://www.idc.com/getdoc.jsp?con-tainerId=prUS24442013 (accessed: January 23, 2014)
- 14.ITU, Global ICT developments (2014), http://www.itu.int/en/ITUD/Statistics/Pages/stat/default.aspx (accessed: January 06, 2014)
- 15.Kurkovsky, S., Syta, E.: Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. In: Proceedings of the IEEE International Symposium on Technology and Society (ISTAS), pp. 441–449 (2010)Google Scholar
- 16.Lazou, A., Weir, G.: Perceived risk and sensitive data on mobile devices. Cyberforensics. University of Strathclyde, Glasgow, pp. 183–196 (2011) ISBN 9780947649784Google Scholar
- 17.Li, F., Clarke, N.L., Papadaki, M., Dowland, P.S.: Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security (2013), doi:10.1007/s10207-013-0209-6Google Scholar
- 18.Portioresearch, Fast growth of apps user base in booming Asia Pacific market (2013), http://www.portioresearch.com/en/blog/2013/fast-growth-of-apps-user-base-in-booming-asia-pacific-market.aspx (accessed January 10, 2014)
- 20.Weinstein, E., Ho, P., Heisele, B., Poggio, T., Steele, K., Agarwal, A.: Handheld face identification technology in a pervasive computing environment. In: Pervasive 2002, Zurich, Switzerland, pp. 48–54 (2002)Google Scholar
- 21.Woo, R., Park, A., Hazen, T.: The MIT Mobile Device Speaker Verification Corpus: Data collection and preliminary experiments. In: Proceeding of Odyssey, The Speaker & Language Recognition Workshop, San Juan, Puerto Rico (June 2006)Google Scholar