POSTER: When and How to Implicitly Authenticate Smartphone Users. Atwater, A., Khan, H., & Hengartner, U. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), of CCS '14, pages 1415-1417, 11, 2014. ACM.
POSTER: When and How to Implicitly Authenticate Smartphone Users [link]Website  abstract   bibtex   
Possession of modern smartphones is becoming increasingly ubiquitous, and with this rise in usage comes a rise in the amount of sensitive data being stored on them. Despite this, the high-frequency, low-duration nature of the average smartphone session makes passwords or PIN-locks even less usable than in the desktop context. To combat these issues, implicit authentication (IA) schemes can be developed and deployed to smartphones. IA schemes continuously authenticate users by profiling their behaviour using the variety of sensors prevalent on the phones, such as touchscreens and accelerometers. When a non-owner acquires the device and attempts to access sensitive data on it, the IA scheme recognizes the difference in behaviour and automatically ejects the attacker from the system. In particularly sensitive contexts, IA schemes can also be deployed as a secondary defence mechanism on top of explicit authentication, providing layered security in the event of, for example, a shoulder-surfing attack compromising the device's PIN or an operating system vulnerability allowing its bypass. In this work, we evaluate existing proposals for IA schemes using different behavioural feature sets, and evaluate them against real-world data to show when they are (and are not) useful. We have implemented them in an easily extensible open source framework for the Android operating system called Itus, which allows other researchers to iteratively improve on the existing mechanisms for performing IA. Itus performs IA at the app level, which we have shown allows app developers to selectively protect sensitive data while decreasing the impact on battery life and device performance, and at the same time obtaining better detection accuracy for the IA scheme being invoked.
@inProceedings{
 title = {POSTER: When and How to Implicitly Authenticate Smartphone Users},
 type = {inProceedings},
 year = {2014},
 identifiers = {[object Object]},
 keywords = {authentication,behavioural,biometrics,implicit,security},
 pages = {1415-1417},
 websites = {http://doi.acm.org/10.1145/2660267.2662373},
 month = {11},
 publisher = {ACM},
 city = {New York, NY, USA},
 series = {CCS '14},
 id = {99df17ce-f577-3498-b3d5-892963e914e0},
 created = {2018-07-12T21:31:18.202Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:31:18.202Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {atwater:implicit14},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {Possession of modern smartphones is becoming increasingly ubiquitous, and with this rise in usage comes a rise in the amount of sensitive data being stored on them. Despite this, the high-frequency, low-duration nature of the average smartphone session makes passwords or PIN-locks even less usable than in the desktop context. To combat these issues, implicit authentication (IA) schemes can be developed and deployed to smartphones. IA schemes continuously authenticate users by profiling their behaviour using the variety of sensors prevalent on the phones, such as touchscreens and accelerometers. When a non-owner acquires the device and attempts to access sensitive data on it, the IA scheme recognizes the difference in behaviour and automatically ejects the attacker from the system. In particularly sensitive contexts, IA schemes can also be deployed as a secondary defence mechanism on top of explicit authentication, providing layered security in the event of, for example, a shoulder-surfing attack compromising the device's PIN or an operating system vulnerability allowing its bypass. In this work, we evaluate existing proposals for IA schemes using different behavioural feature sets, and evaluate them against real-world data to show when they are (and are not) useful. We have implemented them in an easily extensible open source framework for the Android operating system called Itus, which allows other researchers to iteratively improve on the existing mechanisms for performing IA. Itus performs IA at the app level, which we have shown allows app developers to selectively protect sensitive data while decreasing the impact on battery life and device performance, and at the same time obtaining better detection accuracy for the IA scheme being invoked.},
 bibtype = {inProceedings},
 author = {Atwater, Aaron and Khan, Hassan and Hengartner, Urs},
 booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS)}
}

Downloads: 0