BubbleMap: Privilege Mapping for Behavior-based Implicit Authentication Systems

TL;DR

BubbleMap is a versatile framework that improves behavior-based implicit authentication systems by balancing security and usability, significantly reducing error rates with minimal energy impact.

Contribution

The paper introduces BubbleMap, a novel framework that can be integrated into existing IA systems to optimize their performance in security and usability.

Findings

BMap enhances IA system performance in terms of EER, security, and usability.

Experimental results show significant improvements across five IA systems.

BMap incurs a small energy consumption penalty.

Abstract

Leveraging users' behavioral data sampled by various sensors during the identification process, implicit authentication (IA) relieves users from explicit actions such as remembering and entering passwords. Various IA schemes have been proposed based on different behavioral and contextual features such as gait, touch, and GPS. However, existing IA schemes suffer from false positives, i.e., falsely accepting an adversary, and false negatives, i.e., falsely rejecting the legitimate user due to users' behavior change and noise. To deal with this problem, we propose BubbleMap (BMap), a framework that can be seamlessly incorporated into any existing IA system to balance between security (reducing false positives) and usability (reducing false negatives) as well as reducing the equal error rate (EER). To evaluate the proposed framework, we implemented BMap on five state-of-the-art IA systems. We also conducted an experiment in a real-world environment from 2016 to 2020. Most of the experimental results show that BMap can greatly enhance the IA schemes' performances in terms of the EER, security, and usability, with a small amount of penalty on energy consumption.