A spatial entropy-based approach to improve mobile risk-based authentication

Abstract

The research presented in this paper develops a novel approach for a risk-based authentication system that takes into account mobile user movement patterns. Inspired by the concept of Shannon's information theory, we introduce a variant version of spatial entropy vectors embedded with time information as a mathematical modeling tool to evaluate regular movement patterns, and spatial entropy vectors derived from user movements range and paces. To support the approach, several algorithms have been designed and implemented. A prototype iPhone application was developed as a proof-of-concept, user movement data has been collected over a predetermined timeframe by accumulating, merging, and saving spatial entropy vectors in a database on the application. The application simulates risk-based authentication by calculating risk factors based on the similarity between current spatial entropy vectors calculated on demand, and historical distributions of movement patterns. Data collected on the field shows that the risk factor is relatively low for similar moving patterns, while different patterns can yield a higher risk factor. Rather than modeling this process by directly storing GPS location data with complicated path-matching algorithms, the spatial entropy model developed uses sampled location data, but does not keep it, preserving user privacy. Practical applications can be used, for example, to adjust fingerprint authentication threshold in iPhone when combining with the risk factor calculated in real time.