Event-Driven Implicit Authentication for Mobile Access Control
This addresses privacy protection for mobile device users by providing an implicit authentication method, though it appears incremental as it builds on existing threshold computation techniques.
The paper tackles mobile user authentication by proposing an event-driven implicit scheme that operates in the background, requiring minimal training and enabling high recognition rates; experiments on real Android data over several weeks show it is feasible and effective for lightweight real-time authentication.
In order to protect user privacy on mobile devices, an event-driven implicit authentication scheme is proposed in this paper. Several methods of utilizing the scheme for recognizing legitimate user behavior are investigated. The investigated methods compute an aggregate score and a threshold in real-time to determine the trust level of the current user using real data derived from user interaction with the device. The proposed scheme is designed to: operate completely in the background, require minimal training period, enable high user recognition rate for implicit authentication, and prompt detection of abnormal activity that can be used to trigger explicitly authenticated access control. In this paper, we investigate threshold computation through standard deviation and EWMA (exponentially weighted moving average) based algorithms. The result of extensive experiments on user data collected over a period of several weeks from an Android phone indicates that our proposed approach is feasible and effective for lightweight real-time implicit authentication on mobile smartphones.