Abstract
Current state of the art authentication systems for mobile devices primarily rely on single point of entry authentication which imposes several flaws. For example, an attacker obtaining an unlocked device can potentially use and exploit it until the screen gets locked again. With continuous mobile user authentication, a system is embedded into the mobile devices, which continuously monitors biometric features of the person using the device, to validate if those monitored inputs match and therefore were made by the previously authenticated user. We start by giving an introduction towards the state of the art of currently used authentication systems and address related problems. For our main contribution we then propose, implement and discuss a continuous user authentication system for the Android ecosystem, which continuously monitors and records touch, accelerometer and timestamp data, and run experiments to gather data from multiple subjects. After feature extraction and normalization, a Hidden Markov Model is employed using an unsupervised learning approach as classifier and integrated into the Android application for further system evaluation and experimentation. The final model achieves an Area Under Curve of up to 100% while maintaining an Equal Error Rate of 1.34%. This is done by combining position and accelerometer data using gestures with at least 50 data points and averaging the prediction result of 25 consecutive gestures.
Highlights
Advances in new technologies are shifting away from personal computers and notebooks to mobile devices, which are more capable of fulfilling tasks than ever before
Our work describes possible implementations of continuous mobile user authentication, in contrast to single-point-of-entry authentication mechanisms
Clarke and Furnell [10] surveyed users about their opinion on biometric authentication systems resulting in 83% of all respondents thinking positively about biometric authentication systems
Summary
Advances in new technologies are shifting away from personal computers and notebooks to mobile devices, which are more capable of fulfilling tasks than ever before. Combined with the fact that users store a lot of sensitive personal data, like passwords, pictures, and even banking information on their mobile devices, it makes them an increasingly popular target for theft [4]. An important advantage of biometrics is that they are more difficult to forge and copy than password-based authenticators. Their strength lies in the difficulty of counterfeiting them. If an adversary gets hold of a user’s fingerprint, or a driver’s license as a traditional biometric, they should no longer be used for authentication, since a third party could be tricked into thinking the adversary is the original owner of the biometric data [17]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
