Abstract
With more than 6.3 billion subscribers around the world, mobile de-vices play a significant role in people’s daily life. People rely upon them to carry out a wide variety of tasks, such as accessing emails, shopping online, micro-payments and e-banking. It is therefore essential to protect the sensitive information that is stored on the device against misuse. The majority of these mobile devices are still dependent upon passwords and Personal Identification Numbers (PIN) as a form of user authentication. However, the weakness of these point-of-entry techniques is well documented. Furthermore, current point-of-entry authentication will only serve to provide a one-off authentication decision with the time between an authentication and access control decision effectively becoming independent. Through transparent authentication, identity verification can be performed continuously; thereby more closely associating the authentication and access control decisions. The challenge is in providing an effective solution to the trade-off between effective security and usability.
With the purpose of providing enhanced security, this paper describes a behavioural profiling framework, which utilizes application or service usage to verify individuals in a continuous manner. In order to examine the effectiveness a series of simulations were conducted by utilising real users’ mobile applications usage. The dataset contains 76 users’ application activities over a four-week period, including 30,428 log entries for 103 unique applications (e.g. telephone, text message and web surfing). The simulations results show that the framework achieved a False Rejection Rate (FRR) of 12.91% and a False Acceptant Rate (FAR) of 4.17%. In contrast with point of entry approaches, the behavioural profiling technique provides a significant improvement in both device security and user convenience. An end-user trial was undertaken to assist in investigating the perceptions surrounding the concept of behavioural profiling technique – an approach that is conceptually associated with privacy concerns. The survey revealed that participants were strongly in favour (71%) of using the behavioural approach as a supplement of the point-of-entry technique to protect their devices. The results also provided an interesting insight into the perceived privacy issues with the approach, with 38% of the participants stating they do not care about their personal information being recorded.
Chapter PDF
Similar content being viewed by others
References
Apple Inc., iPhone 5s: Using the touch ID kb/HT5883 (2014), http://support.apple.com/ (accessed: January 09, 2014)
Checkpoint, The impact of mobile devices on information security (2013), http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf (accessed: January 05, 2014)
Clarke, N.: Transparent User Authentication. Springer, Berlin (2011)
Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones—a survey of attitudes and practices. Computer Security 24(7), 519–527 (2005)
Clarke, N.L., Mekala, A.R.: The application of signature recognition to trans-parent handwriting verification for mobile devices. Information Management & Computer Security 15(3), 214–225 (2007)
Clarke, N.L., Furnell, S.M.: Authenticating Mobile Phone Users Using Keystroke Analysis. International Journal of Information Security, 1–14 (2006) ISSN:1615-5262
DARPA, Active Authentication, DARPA (2011), http://www.darpa.mil/OurWork/I2O/Programs/Ac-tiveAuthentication.aspx (accessed: January 17, 2014)
Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition. In: Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (2010)
Eagle, N., Pentland, A., Lazer, D.: Inferring social network structure using mobile phone data. Proceedings of the National Academy of Sciences (PNAS) 106, 15274–15278 (2009)
FaceLock (2014), http://www.facelock.mobi/ (date accessed: January 08, 2014)
Gartner, Gartner Says Mobile App Stores Will See Annual Downloads Reach 102 Billion in 2013 (2013), http://www.gartner.com/newsroom/id/2592315 (accessed: October 10, 2014)
Huth, A., Orlando, M., Pesante, L.: Password Security, Protection, and Management (2012), https://www.uscert.gov/sites/default/files/publications/PasswordMgmt2012.pdf (accessed: January 09, 2014)
IDC, Android Pushes Past 80% Market Share While Windows Phone Shipments Leap 156.0% Year Over Year in the Third Quarter (2013), http://www.idc.com/getdoc.jsp?con-tainerId=prUS24442013 (accessed: January 23, 2014)
ITU, Global ICT developments (2014), http://www.itu.int/en/ITUD/Statistics/Pages/stat/default.aspx (accessed: January 06, 2014)
Kurkovsky, S., Syta, E.: Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. In: Proceedings of the IEEE International Symposium on Technology and Society (ISTAS), pp. 441–449 (2010)
Lazou, A., Weir, G.: Perceived risk and sensitive data on mobile devices. Cyberforensics. University of Strathclyde, Glasgow, pp. 183–196 (2011) ISBN 9780947649784
Li, F., Clarke, N.L., Papadaki, M., Dowland, P.S.: Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security (2013), doi:10.1007/s10207-013-0209-6
Portioresearch, Fast growth of apps user base in booming Asia Pacific market (2013), http://www.portioresearch.com/en/blog/2013/fast-growth-of-apps-user-base-in-booming-asia-pacific-market.aspx (accessed January 10, 2014)
Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Security & Privacy 1(2), 33–42 (2003)
Weinstein, E., Ho, P., Heisele, B., Poggio, T., Steele, K., Agarwal, A.: Handheld face identification technology in a pervasive computing environment. In: Pervasive 2002, Zurich, Switzerland, pp. 48–54 (2002)
Woo, R., Park, A., Hazen, T.: The MIT Mobile Device Speaker Verification Corpus: Data collection and preliminary experiments. In: Proceeding of Odyssey, The Speaker & Language Recognition Workshop, San Juan, Puerto Rico (June 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Li, F., Wheeler, R., Clarke, N. (2014). An Evaluation of Behavioural Profiling on Mobile Devices. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_29
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)