A Behavior Profiling Model for User Authentication in IoT Networks based on App Usage Patterns

Abstract

Access to Internet of Things (IoT) devices is, in most cases, achieved remotely through end-user devices such as smartphones. However, these devices are susceptible to theft or loss, and their use by unauthorized users could lead to unauthorized access to IoT networks, consequently allowing access to user information. Due to the inherent weaknesses in many authentication approaches, such as knowledge-based authentication, as well as the complications involved in employing them for continuous and implicit authentication, focus has turned to a consideration of behavioral-based authentication. As most access to IoT devices is achieved through end-user devices, a variety of information can be extracted and utilized for continuous authentication without requiring further user intervention. As an example, the ability to continuously retrieve application usage profiles and sensor data on such devices strengthens the argument for employing behavioral-based mechanisms for continuous user authentication. Behavioral techniques that are user-friendly and non-intrusive can be utilized in the background to continuously and transparently verify users. This paper discusses behavioral-based authentication mechanisms with regard to security and usability. It then presents an authentication model that verifies users with an average F-measure of 96.5%. Overall, the preliminary results are promising and show the effectiveness and usability of the proposed model.