Authenticating mobile phone users using keystroke analysis
International Journal of Information Security
Towards movement-aware access control
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Mobile user location-specific encryption (MULE): using your office as your password
Proceedings of the third ACM conference on Wireless network security
Ensemble: cooperative proximity-based authentication
Proceedings of the 8th international conference on Mobile systems, applications, and services
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
Journal of Systems and Software
Implicit authentication through learning user behavior
ISC'10 Proceedings of the 13th international conference on Information security
On the need for different security methods on mobile phones
Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services
TreasurePhone: context-sensitive user data protection on mobile phones
Pervasive'10 Proceedings of the 8th international conference on Pervasive Computing
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications
Proceedings of the Eighth Symposium on Usable Privacy and Security
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling
SOCIALCOM-PASSAT '12 Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
SilentSense: silent user identification via touch and movement behavioral biometrics
Proceedings of the 19th annual international conference on Mobile computing & networking
When kids' toys breach mobile phone security
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Implicit authentication schemes are a secondary authentication mechanism that provides authentication by employing unique patterns of device use that are gathered from smartphone users without requiring deliberate actions. Contemporary implicit authentication schemes operate at the device level such that they neither discriminate between data from different applications nor make any assumption about the nature of the application that the user is currently using. In this paper, we challenge the device-centric approach to implicit authentication on smartphones. We argue that the conventional approach of misuse detection at the device level has inherent limitations for mobile platforms. To this end, we analyze and empirically evaluate the device-centric nature of implicit authentication schemes to show their limitations in terms of detection accuracy, authentication overhead, and fine grained authentication control. To mitigate these limitations and for effective and pragmatic implicit authentication on the mobile platform, we propose a novel application-centric implicit authentication approach. We observe that for implicit authentication, an application knows best on when to authenticate and how to authenticate. Therefore, we delegate the implicit authentication task to the application and let the application provider decide when and how to authenticate a user in order to protect the owner's personal information. Our proposed application-centric implicit authentication approach improves accuracy and provides fine grained authentication control with low authentication overhead. Future research in this domain will benefit from our findings to provide pragmatic implicit authentication solutions.