Abstract
We address two distinct problems with de facto mobile device authentication, as provided by a password or sketch. Firstly, device activity is permitted on an all-or-nothing basis, depending on whether the user successfully authenticates at the beginning of a session. This ignores the fact that tasks performed on a mobile device have a range of sensitivities, depending on the nature of the data and services accessed. Secondly, users are forced to re-authenticate frequently due to the bursty nature that characterizes mobile device use. Owners react to this by disabling the mechanism, or by choosing a weak “secret”. To address both issues, we propose an extensible Transparent Authentication Framework that integrates multiple behavioral biometrics with conventional authentication to implement an effortless and continuous authentication mechanism. Our security and usability evaluation of the proposed framework showed that a legitimate device owner can perform all device tasks, while being asked to authenticate explicitly 67% less often than without a transparent authentication method. Furthermore, our evaluation showed that attackers are soon denied access to on-device tasks as their behavioral biometrics are collected. Our results support the creation of a working prototype of our framework, and provide support for further research into transparent authentication on mobile devices.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
