Continuous authentication on mobile devices using behavioral biometrics

Abstract

As mobile device usage is increasing and users are storing large amounts of important and private data on these devices, security is becoming an increasingly important systemic aspect. If private information is leaked, this may have many negative consequences for the owner of a mobile device. Modern mobile devices are generally using only static, one-shot authentication, which does not provide a sufficient level of security throughout the entire usage session. Potential attackers who manage to unlock a mobile device (such as a smartphone) can use it and steal important data. To prevent such situations, a continuous biometrics system can be used which tries to identify the user and grant access to the right person throughout the entire session, thus improving security considerably. In this paper, we present an unobtrusive continuous authentication system which operates on behavioral biometrics and will identify users based on their hand movements when using the smartphone using built-in sensors and public APIs. We will also compare model-based and template-based approaches in terms of adding new users to the system, and test them on an actual device. Because this type of authentication does not attain an accuracy comparable to that of the best static authentication methods, it should not be treated as an alternative security mechanism but rather as another layer of security added to the existing static authentication system.