A novel transparent user authentication approach for mobile applications

Authors

Saud Nejr Alotaibi
Steven Furnell, Edith Cowan UniversityFollow
Nathan Clarke, Edith Cowan UniversityFollow

Author Identifier

Steven Furnell

https://orcid.org/0000-0003-0984-7542

Nathan Clarke

https://orcid.org/0000-0002-3595-3800

Document Type

Journal Article

Publication Title

Information Security Journal: A Global Perspective

Volume

27

Issue

5-6

First Page

292

Last Page

305

Publisher

Taylor & Francis

School

School of Science / Electron Science Research Institute

RAS ID

45044

Funders

Kingdom of Saudi Arabia - Ministry of Interior.

Comments

Alotaibi, S. N., Furnell, S., & Clarke, N. (2019). A novel transparent user authentication approach for mobile applications. Information Security Journal: A Global Perspective, 27(5-6), 292-305. https://doi.org/10.1080/19393555.2019.1609628

Abstract

With the rapid growth of smartphones and tablets in our daily lives, securing the sensitive data stored upon them makes authentication of paramount importance. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after accessing a mobile phone. Accordingly, there is a security benefit if authentication can be applied continually and transparently (i.e., without obstructing the user’s activities) to authenticate legitimate users, which is maintained beyond the point of entry. To this end, this paper suggests a novel transparent user authentication method for mobile applications by applying biometric authentication on each service within a single application in a secure and usable manner based on the risk level. A study involving data collected from 76 users over a one-month period using 12 mobile applications was undertaken to examine the proposed approach. The experimental results show that this approach achieved desirable outcomes for applying a transparent authentication system at an intra-process level, with an average of 6% intrusive authentication requests. Interestingly, when the participants were divided into three levels of usage (high, medium and low), the average intrusive authentication request was 3% which indicates a clear enhancement and suggests that the system would add a further level of security without imposing significant inconvenience upon the user.

DOI

10.1080/19393555.2019.1609628

Access Rights

subscription content