A framework for continuous, transparent mobile device authentication

Crawford, H., Renaud, K. and Storer, T. (2013) A framework for continuous, transparent mobile device authentication. Computers and Security, 39(B), pp. 127-136. (doi: 10.1016/j.cose.2013.05.005)

Full text not currently available from Enlighten.

Publisher's URL: http://dx.doi.org/10.1016/j.cose.2013.05.005

Abstract

We address two distinct problems with de facto mobile device authentication, as provided by a password or sketch. Firstly, device activity is permitted on an all-or-nothing basis, depending on whether the user successfully authenticates at the beginning of a session. This ignores the fact that tasks performed on a mobile device have a range of sensitivities, depending on the nature of the data and services accessed. Secondly, users are forced to re-authenticate frequently due to the bursty nature that characterizes mobile device use. Owners react to this by disabling the mechanism, or by choosing a weak “secret”. To address both issues, we propose an extensible Transparent Authentication Framework that integrates multiple behavioral biometrics with conventional authentication to implement an effortless and continuous authentication mechanism. Our security and usability evaluation of the proposed framework showed that a legitimate device owner can perform all device tasks, while being asked to authenticate explicitly 67% less often than without a transparent authentication method. Furthermore, our evaluation showed that attackers are soon denied access to on-device tasks as their behavioral biometrics are collected. Our results support the creation of a working prototype of our framework, and provide support for further research into transparent authentication on mobile devices.

Item Type:Articles
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Storer, Dr Tim and Renaud, Professor Karen
Authors: Crawford, H., Renaud, K., and Storer, T.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Computers and Security
Publisher:Elsevier
ISSN:0167-4048
ISSN (Online):1872-6208

University Staff: Request a correction | Enlighten Editors: Update this record