%0 Conference Paper %B ACM Symposium on Access Control Models and Technologies (SACMAT) %D 2017 %T Secure Pick Up: Implicit Authentication When You Start Using the Smartphone %A Lee, Wei-Han %A Liu, Xiaochen %A Shen, Yilin %A Jin, Hongxia %A Lee, Ruby %C Indianapolis %K Authentication, Security, Privacy, Machine Learning, Smartphone, Dynamic Time Warping, Mobile System %X We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users? phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate the users. Our SPU outperforms the state-of-the-art implicit authentication mechanisms in three main aspects: 1) SPU automatically learns the user?s behavioral pattern without requiring a large amount of training data (especially those of other users) as previous methods did, making it more deployable. Towards this end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW) algorithm to effectively quantify similarities between users? pick-up movements; 2) SPU does not rely on a remote server for providing further computational power, making SPU efficient and usable even without network access; and 3) our system can adaptively update a user?s authentication model to accommodate user?s behavioral drift over time with negligible overhead. Through extensive experiments on real world datasets, we demonstrate that SPU can achieve authentication accuracy up to 96.3% with a very low latency of 2.4 milliseconds. It reduces the number of times a user has to do explicit authentication by 32.9%, while effectively defending against various attacks. %8 06/21/2017