A framework for continuous, transparent mobile device authentication

Heather Crawford, Karen Renaud, Timothy Storer

Research output: Contribution to journalArticlepeer-review

87 Citations (Scopus)

Abstract

We address two distinct problems with de facto mobile device authentication, as provided by a password or sketch. Firstly, device activity is permitted on an all-or-nothing basis, depending on whether the user successfully authenticates at the beginning of a session. This ignores the fact that tasks performed on a mobile device have a range of sensitivities, depending on the nature of the data and services accessed. Secondly, users are forced to re-authenticate frequently due to the bursty nature that characterizes mobile device use. Owners react to this by disabling the mechanism, or by choosing a weak “secret”. To address both issues, we propose an extensible Transparent Authentication Framework that integrates multiple behavioral biometrics with conventional authentication to implement an effortless and continuous authentication mechanism. Our security and usability evaluation of the proposed framework showed that a legitimate device owner can perform all device tasks, while being asked to authenticate explicitly 67% less often than without a transparent authentication method. Furthermore, our evaluation showed that attackers are soon denied access to on-device tasks as their behavioral biometrics are collected. Our results support the creation of a working prototype of our framework, and provide support for further research into transparent authentication on mobile devices.
Original languageEnglish
Pages (from-to)127-136
Number of pages10
JournalComputers and Security
Volume39
Issue numberPart B
DOIs
Publication statusPublished - 1 Nov 2013

Keywords

  • authentication
  • biometrics
  • transparent
  • framework
  • mobile
  • mobile device authentication

Fingerprint

Dive into the research topics of 'A framework for continuous, transparent mobile device authentication'. Together they form a unique fingerprint.

Cite this