Novelty Detection for Risk-based User Authentication on Mobile Devices

User authentication acts as the first line of defense verifying the identity of a mobile user, often as a prerequisite to allow access to resources in a mobile device. For several decades, user authentication was based on the “something the user knows”, known also as knowledge-based user authentication. Recent studies state that although knowledge-based user authentication has been the most popular for authenticating an individual, nowadays it is no more considered secure and convenient for the mobile user as it is imposing several limitations. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Toward this direction, user authentication based on the “something the user is” has caught the attention. This category includes authentication methods which make use of human physical characteristics (also referred to as physiological biometrics), or involuntary actions (also referred to as behavioral biometrics). In particular, risk-based user authentication based on behavioral biometrics appears to have the potential to increase mobile authentication security without sacrificing usability. In this context, we, firstly, present an overview of user authentication on mobile devices and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, a set of novelty detection algorithms for risk estimation is tested and evaluated to identify the most appropriate ones for risk-based user authentication on mobile devices.