Modeling interactive sensor-behavior with smartphones for implicit and active user authentication

Abstract

While the public enjoy the convenience aroused by the proliferation of the smartphones, they also face the risk of exposing their sensitive and secure information to attackers. Extant smartphone authentication methods (e.g., PIN and fingerprint) typically provide one-time identity verification, but the verified user is still subject to session hijacking or masquerading attacks. In this paper, we propose a framework and performance analysis of using onboard-sensor behavior for continuous user authentication on smartphones, which can implicitly and continuously verifies the presence of a smartphone user. When a user carries the smartphone to do daily activities, time-, frequency- and wavelet-domain features are extracted from smartphone sensor data for accurately depicting users' motion patterns. A decision procedure based on one-class learning algorithms is developed and employed in the feature space to perform the continuous authentication task. Analyses are conducted based on sensor-interaction data on five typical daily activities with 27,681 samples across five phonecarrying positions. Extensive experiments in two specific scenarios are included to examine the efficacy of the proposed approach, which achieves a relatively high accuracy with the equal-error rate achieves 2.40% and 5.50% respectively. Our authentication system can be seamlessly integrated with extant smartphone authentication mechanisms, and is nonintrusive to users and does not need extra hardware.