Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning

TL;DR

This paper introduces a novel implicit, continuous smartphone user authentication system that leverages existing sensors and contextual machine learning to accurately verify users with minimal system overhead and battery impact.

Contribution

It presents a new context-based authentication model using ubiquitous smartphone sensors and machine learning for continuous user verification.

Findings

Achieves 98.1% authentication accuracy

Maintains less than 2.4% battery consumption

Demonstrates high accuracy with various sensor and feature configurations

Abstract

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the smartphone user based on behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We propose novel context-based authentication models to differentiate the legitimate smartphone owner versus other users. We systematically show how to achieve high authentication accuracy with different design alternatives in sensor and feature selection, machine learning techniques, context detection and multiple devices. Our system can achieve excellent authentication performance with 98.1% accuracy with negligible system overhead and less than 2.4% battery consumption.