Abstract
Implicit authentication schemes are a secondary authentication mechanism that provides authentication by employing unique patterns of device use that are gathered from smartphone users without requiring deliberate actions. Contemporary implicit authentication schemes operate at the device level such that they neither discriminate between data from different applications nor make any assumption about the nature of the application that the user is currently using. In this paper, we challenge the device-centric approach to implicit authentication on smartphones. We argue that the conventional approach of misuse detection at the device level has inherent limitations for mobile platforms. To this end, we analyze and empirically evaluate the device-centric nature of implicit authentication schemes to show their limitations in terms of detection accuracy, authentication overhead, and fine grained authentication control. To mitigate these limitations and for effective and pragmatic implicit authentication on the mobile platform, we propose a novel application-centric implicit authentication approach. We observe that for implicit authentication, an application knows best on when to authenticate and how to authenticate. Therefore, we delegate the implicit authentication task to the application and let the application provider decide when and how to authenticate a user in order to protect the owner's personal information. Our proposed application-centric implicit authentication approach improves accuracy and provides fine grained authentication control with low authentication overhead. Future research in this domain will benefit from our findings to provide pragmatic implicit authentication solutions.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.