PUPy: A Generalized, Optimistic Context Detection Framework for Implicit Authentication

Devices like smartphones and laptops employ some form of user authentication to ensure that access to confidential data by the wrong user is avoided. Implicit authentication aims to limit the number of explicit authentications that a user is subjected to by using passive approaches to authenticate the user. Context detection frameworks aim to reduce explicit authentications by disabling explicit authentication entirely when appropriate. Since explicit and implicit authentication are not mutually exclusive, we can also use context detection frameworks to decide whether explicit or implicit authentication should be used when authentication is required. We present a novel context detection framework, PUPy, that uses sensed context data to infer and make available three values–privacy, unfamiliarity, and proximity–allowing clients of our framework, like authentication services, to better adapt to different contexts. As opposed to existing work, our context detection framework is based on an optimistic approach to context detection. Our assumption is that the absence of data, like the inability to detect nearby people or devices, can be taken as a sign that a context is safe. Such an optimistic approach may provide less security than a pessimistic approach, but provides a significantly improved user experience due to reducing the number of explicit authentications. We provide an Android implementation of the framework, including an API that allows other developers to contribute modules to the system. We also conduct a statistical analysis of our framework based on a large real-world dataset. We find that PUPy compares favourably to existing works, permitting a 77.2% reduction in the number of explicit authentications.