Implicit Authentication for Smartphone Security


Lee, W.; Lee, R.B.


Information Systems Security and Privacy, Springer, Volume 576, p.160-176 (2016)


Common authentication methods based on passwords, or fingerprints in smartphones, depend on user participation. They do not protect against the threat of an attacker getting hold of the phone after the user has been authenticated. Using a victim’s smartphone, the attacker can launch impersonation attacks, which threaten the data that can be accessed from the smartphone and also the security of other users in the network. In this paper, we propose an implicit authentication method using the sensors already built into smartphones. We utilize machine learning algorithms for smartphones to continuously and implicitly authenticate the current user. We compare two typical machine learning methods, SVM and KRR, for authenticating the user. We show that our method achieves high performance (more than 90 % authentication accuracy) and high efficiency. Our method needs less than 10 s to train the model and 20 s to detect an abnormal user. We also show that the combination of more sensors provides better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.

Implicit Authentication for Smartphone Security.pdf530.86 KB