Multi-sensor authentication to improve smartphone security

TL;DR

This paper introduces a multi-sensor system for continuous, implicit smartphone user authentication that adapts to behavioral changes, enhancing security with high accuracy and minimal training time.

Contribution

It presents a novel multi-sensor-based authentication method that learns user behavior patterns and environment, providing continuous, adaptive, and implicit security without user interruption.

Findings

Training time less than 10 seconds

Detection time around 20 seconds

Authentication accuracy exceeds 90%

Abstract

The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim's smartphone, the attacker can launch impersonation attacks, which threaten the security of the victim and other users in the network. Our threat model includes the attacker taking over the phone after the user has logged on with his password or pin. Our goal is to design a mechanism for smartphones to better authenticate the current user, continuously and implicitly, and raise alerts when necessary. In this paper, we propose a multi-sensors-based system to achieve continuous and implicit authentication for smartphone users. The system continuously learns the owner's behavior patterns and environment characteristics, and then authenticates the current user without interrupting user-smartphone interactions. Our method can adaptively update a user's model considering the temporal change of user's patterns. Experimental results show that our method is efficient, requiring less than 10 seconds to train the model and 20 seconds to detect the abnormal user, while achieving high accuracy (more than 90%). Also the combination of more sensors provide better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.