Event-Driven Implicit Authentication for Mobile Access Control

TL;DR

This paper introduces an event-driven implicit authentication scheme for mobile devices that operates in the background, using real-time data to recognize legitimate users and detect abnormal activity with high accuracy.

Contribution

The paper proposes a novel background, real-time implicit authentication method utilizing threshold algorithms, validated through extensive Android user data experiments.

Findings

High user recognition rate achieved

Effective detection of abnormal activity demonstrated

Feasible lightweight real-time authentication on smartphones

Abstract

In order to protect user privacy on mobile devices, an event-driven implicit authentication scheme is proposed in this paper. Several methods of utilizing the scheme for recognizing legitimate user behavior are investigated. The investigated methods compute an aggregate score and a threshold in real-time to determine the trust level of the current user using real data derived from user interaction with the device. The proposed scheme is designed to: operate completely in the background, require minimal training period, enable high user recognition rate for implicit authentication, and prompt detection of abnormal activity that can be used to trigger explicitly authenticated access control. In this paper, we investigate threshold computation through standard deviation and EWMA (exponentially weighted moving average) based algorithms. The result of extensive experiments on user data collected over a period of several weeks from an Android phone indicates that our proposed approach is feasible and effective for lightweight real-time implicit authentication on mobile smartphones.