Active authentication for mobile devices utilising behaviour profiling
Document Type
Journal Article
Publisher
Springer Verlag
Faculty
Faculty of Health, Engineering and Science
School
ECU Security Research Institute
RAS ID
15977
Abstract
With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is designed to overcome this problem by utilising biometric techniques to continuously assess user identity. This paper describes a feasibility study into a behaviour profiling technique that utilises historical application usage to verify mobile users in a continuous manner. By utilising a combination of a rule-based classifier, a dynamic profiling technique and a smoothing function, the best experimental result for a users overall application usage was an equal error rate of 9.8 %. Based upon this result, the paper proceeds to propose a novel behaviour profiling framework that enables a user's identity to be verified through their application usage in a continuous and transparent manner. In order to balance the trade-off between security and usability, the framework is designed in a modular way that will not reject user access based upon a single application activity but a number of consecutive abnormal application usages. The proposed framework is then evaluated through simulation with results of 11.45 and 4.17 % for the false rejection rate and false acceptance rate, respectively. In comparison with point-of-entry-based approaches, behaviour profiling provides a significant improvement in both the security afforded to the device and user convenience.
DOI
10.1007/s10207-013-0209-6
Access Rights
subscription content
Comments
Li, F., Clarke, N., Papadaki, M., Dowland, P. (2014). Active authentication for mobile devices utilising behaviour profiling. International Journal of Information Security, 13(3), 229-244. Available here