CaIAuth: Context-Aware Implicit Authentication When the Screen Is Awake

Abstract

Relieving users from the burden of remembering and inputting authentication information explicitly, such as passwords/PINs and lock patterns, implicit authentication mechanisms have gained an increasing concern. When providing authentication, the existing implicit methods only depend on a specific behavior, such as typing on the screen, performing gestures, or taking a walk. However, in real applications, a user’s behavioral characteristics are also decided by the context where behavior is performed. Thus, those existing methods show limited authentication accuracy and usability. To address these issues, we propose CaIAuth, a reliable context-aware implicit authentication framework, which profiles users’ behavior and context characteristics in a holistic fashion. It observes the states of context-sensing entities for different smartphone usage patterns and builds a context-aware model to distinguish between legitimate users and illegal ones. We conducted extensive experiments to evaluate system performance with a large data set collected from 142 subjects. The experimental results show that our system achieves a low equal error rate (EER) (e.g., less 7%) and is resilient against common threats, including zero-effect attack and mimicry attack. In addition, CaIAuth achieves a low authentication delay and overhead.