Abstract
Since the pervasiveness of mobile technologies has been increasing, sensitive user information is often stored on mobile devices. Currently, mobile devices do not verify the identity of the user after the login. This enables attackers full access to sensitive data and applications on the device, if they obtain the password or grab the device after login. In order to mitigate this risk, we propose a continuous and silent monitoring process based on a set of features: orientation, touch and cell tower. The assumption is that the features are representative of smartphone owner interaction with the device and this is the reason why the features can be useful to distinguish the owner from an impostor. Results show that our system, modeling the user behavior of 21 volunteer participants, obtains encouraging results, since we measured a precision in distinguishing an impostor from the owner between 99% and 100%.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Akula, S., Devisetty, V.: Image based registration and authentication system. In: Proceedings of Midwest Instruction and Computing Symposium, vol. 4 (2004)
Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13, p. 11 (2004)
Dhamija, R., Perrig, A.: Déjà Vu: a user study using images for authentication (2000)
Sae-Bae, N., Memon, N.: A simple and effective method for online signature verification. In: BIOSIG, pp. 1–12. IEEE (2013)
Shepherd, S.: Continuous authentication by analysis of keyboard typing characteristics. In: European Convention on Security and Detection, pp. 111–114. IET (1995)
Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 48–56. ACM (1997)
Bhattacharyya, D., Ranjan, R., Farkhod Alisherov, A., Choi, M.: Biometric authentication: a review. Int. J. u- e-Serv. Sci. Technol. 2(3), 13–28 (2009)
Bailey, K.O., Okolica, J.S., Peterson, G.L.: User identification and authentication using multi-modal behavioral biometrics. Comput. Secur. 43, 77–89 (2014)
Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. ACM 33(2), 168–176 (1990)
Brown, M., Rogers, S.J.: User identification via keystroke characteristics of typed names using neural networks. Int. J. Man Mach. Stud. 39(6), 999–1014 (1993)
Ahmed, A.A.E., Traore, I.: Anomaly intrusion detection based on biometrics. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 452–453. IEEE (2005)
Shen, C., Cai, Z., Guan, X., Cai, J.: A hypo-optimum feature selection strategy for mouse dynamics in continuous identity authentication and monitoring. In: 2010 IEEE International Conference on Information Theory and Information Security (ICITIS), pp. 349–353. IEEE (2010)
Gamboa, H., Fred, A.: A behavioral biometric system based on human-computer interaction. In: Defense and Security, International Society for Optics and Photonics, pp. 381–392 (2004)
Canfora, G., Notte, P.D., Mercaldo, F., Visaggio, C.A.: Silent and continuous authentication in mobile environment. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, pp. 97–108, Lisbon, Portugal, 26–28 July 2016 (2016)
Koreman, J., Morris, A., Wu, D., Jassim, S., Sellahewa, H., Ehlers, J., Chollet, G., Aversano, G., Bredin, H., Garcia-Salicetti, S., et al.: Multi-modal biometric authentication on the securephone PDA. In: Proceedings of the MMUA workshop on Multimodal User Authentication (2006)
Nicholson, A.J., Corner, M.D., Noble, B.D.: Mobile device security using transient authentication. IEEE Trans. Mob. Comput. 5(11), 1489–1502 (2006)
Dunphy, P., Heiner, A.P., Asokan, N.: A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 3. ACM (2010)
De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and I know it’s you!: Implicit authentication based on touch screen patterns. In: Proceedings of the SIGCHI, pp. 987–996. ACM (2012)
Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: ICNP, pp. 221–232. IEEE (2014)
Seo, H., Kim, E., Kim, H.K.: A novel biometric identification based on a users input pattern analysis for intelligent mobile devices. Int. J. Adv. Rob. Syst. 9, 1–10 (2012)
Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 301–316 (2012)
Kwapisz, J.R., Weiss, G.M., Moore, S.A.: Cell phone-based biometric identification. In: 2010 Fourth IEEE International Conference on Biometrics: Theory Applications and Systems (BTAS), pp. 1–7. IEEE (2010)
Frank, M., Biedert, R., Ma, E.D., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)
Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, pp. 125–134. IEEE (2009)
Bo, C., Zhang, L., Jung, T., Han, J., Li, X.Y., Wang, Y.: Continuous user identification via touch and movement behavioral biometrics. In: 2014 IEEE International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2014)
Murmuria, R., Stavrou, A., Barbará, D., Fleck, D.: Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 405–424. Springer, Cham (2015). doi:10.1007/978-3-319-26362-5_19
Gascon, H., Uellenbeck, S., Wolf, C., Rieck, K.: Continuous authentication on mobile devices by analysis of typing motion behavior. In: Sicherheit, pp. 1–12 (2014)
Clarke, N., Mekala, A.: Transparent handwriting verification for mobile devices. In: Proceedings of the Sixth International Network Conference (INC 2006), pp. 11–14, Plymouth, UK. Citeseer (2006)
Brocardo, M.L., Traore, I.: Continuous authentication using micro-messages. In: Privacy, Security and Trust (PST), pp. 179–188. IEEE (2014)
Wu, J.S., Lin, W.C., Lin, C.T., Wei, T.E.: Smartphone continuous authentication based on keystroke and gesture profiling. In: 2015 International Carnahan Conference on Security Technology (ICCST), pp. 191–197. IEEE (2015)
Piuri, V., Scotti, F.: Fingerprint biometrics via low-cost sensors and webcams. In: 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems, BTAS 2008, pp. 1–6. IEEE (2008)
Kotropoulos, C., Samaras, S.: Mobile phone identification using recorded speech signals. In: 2014 19th International Conference on Digital Signal Processing (DSP), pp. 586–591. IEEE (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Canfora, G., di Notte, P., Mercaldo, F., Visaggio, C.A. (2017). A Methodology for Silent and Continuous Authentication in Mobile Environment. In: Obaidat, M. (eds) E-Business and Telecommunications. ICETE 2016. Communications in Computer and Information Science, vol 764. Springer, Cham. https://doi.org/10.1007/978-3-319-67876-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-67876-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67875-7
Online ISBN: 978-3-319-67876-4
eBook Packages: Computer ScienceComputer Science (R0)