Active authentication for mobile devices utilising behaviour profiling

Active authentication for mobile devices utilising behaviour profiling

With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security 2014-06, Vol.13 (3), p.229-244
Main Authors: Li, Fudong, Clarke, Nathan, Papadaki, Maria, Dowland, Paul
Format: Article
Language:eng
Subjects:
Applied sciences
Authentication
Authentication protocols
Behavior
Biometrics
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Cryptology
Data processing. List processing. Character string processing
Devices
Exact sciences and technology
Experiments
Feasibility studies
Fraud
Fraud prevention
Global positioning systems
GPS
Management of Computing and Information Systems
Memory and file management (including protection and security)
Memory organisation. Data processing
Mobile communication systems
Mobile communications networks
Modular
Networks
Neural networks
Operating Systems
Passwords
Profiling
Regular Contribution
Security
Software
Statistical analysis
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is designed to overcome this problem by utilising biometric techniques to continuously assess user identity. This paper describes a feasibility study into a behaviour profiling technique that utilises historical application usage to verify mobile users in a continuous manner. By utilising a combination of a rule-based classifier, a dynamic profiling technique and a smoothing function, the best experimental result for a users overall application usage was an equal error rate of 9.8 %. Based upon this result, the paper proceeds to propose a novel behaviour profiling framework that enables a user’s identity to be verified through their application usage in a continuous and transparent manner. In order to balance the trade-off between security and usability, the framework is designed in a modular way that will not reject user access based upon a single application activity but a number of consecutive abnormal application usages. The proposed framework is then evaluated through simulation with results of 11.45 and 4.17 % for the false rejection rate and false acceptance rate, respectively. In comparison with point-of-entry-based approaches, behaviour profiling provides a significant improvement in both the security afforded to the device and user convenience.
ISSN:1615-5262
1615-5270