Implicit authentication

From HandWiki
Short description: Recognition of user by behavioural means

Implicit authentication (IA) is a technique that allows the smart device to recognize its owner by being acquainted with his/her behaviors. It is a technique that uses machine learning algorithms to learn user behavior through various sensors on the smart devices and achieve user identification.[1][2] Most of the current authentication techniques, e.g., password, pattern lock, finger print and iris recognition, are explicit authentication which require user input. Comparing with explicit authentication, IA is transparent to users during the usage, and it significantly increases the usability by reducing time users spending on login, in which users find it more annoying than lack of cellular coverage.[3]

Model

In Implicit authentication (IA), user behaviors (raw) data are captured by various sensors embedded in the smart device, and stored in the database preparing for further processing. After filtering out noise and selecting suitable features, the data will be sent to machine learning tool(s) which will train and return a fine-tuned model back to smart device. The smart device then uses the model as signature to identify the current user. Due to the battery and computation limitation of smart device, the training phase, in which most of the computations are carried out, is usually implemented in the remote server.[4] Some lightweight algorithms, e.g., Kl divergence, are implemented in the local device as parts of real-time authentication units which control lock mechanism of the device.

The developing of IA model largely depends on the operating systems, which usually adopt Android and iOS, and there are two different approaches to establish IA model, which are device-centric and application-centric.[5] Device-centric approaches, as the traditional way to establish IA model, leverage most of the information gathered by operating system from various sensors, and IA model is directly running above the operating system. Application-centric approaches however achieve IA through establishing individual framework in each app, which executes independently in the sandbox, and it preserves the intrinsic structure of operating system, while simplifies IA developing.

History

In 1977, Helen M. Wood[6] indicated that there were two types of bio-metric authentication approaches - physiological and behavioral bio-metrics. The second approach related to user's gait, location information and keystroke patterns. The utilization of the bio-metrics for user authentication had been developed in the field such as: location-based access control,[7][8] notably keystroke dynamics and typing pattern.[9] In 2010, Shi et al. had migrated bio-metrics authentication approach to mobile device which contained many sensors, and significantly increased the accuracy of the authentication, and they called the new approach "implicit authentication".[10] Due to the fast growth of smart technology, smart device became more and more sophisticated with computational power grew in each year, and it provided the foundation for IA to achieve high accurate and user-friendly authentication. The current IA approaches mainly focused on touch sensor, GPS and accelerometer, and the corresponding techniques were SVM, kNN, GMM and topic model.

References

  1. Yang, Yingyuan (2015). "Retraining and Dynamic Privilege for Implicit Authentication Systems". 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems. pp. 163–171. doi:10.1109/MASS.2015.69. ISBN 978-1-4673-9101-6. 
  2. Khan, Hassan; Atwater, Aaron; Hengartner, Urs (2014-01-01). "Itus". Proceedings of the 20th annual international conference on Mobile computing and networking. MobiCom '14. New York: ACM. pp. 507–518. doi:10.1145/2639108.2639141. ISBN 9781450327831. 
  3. "Sprint and Lookout Survey Reveals Consumers' Mobile Behaviors | Lookout Blog". https://blog.lookout.com/blog/2013/10/21/sprint-and-lookout-survey/. 
  4. Chow, Richard; Jakobsson, Markus; Masuoka, Ryusuke; Molina, Jesus; Niu, Yuan; Shi, Elaine; Song, Zhexuan (2010-01-01). "Authentication in the clouds". Proceedings of the 2010 ACM workshop on Cloud computing security workshop. CCSW '10. New York: ACM. pp. 1–6. doi:10.1145/1866835.1866837. ISBN 9781450300896. 
  5. Khan, Hassan; Hengartner, Urs (2014-01-01). "Towards application-centric implicit authentication on smartphones". Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. HotMobile '14. New York: ACM. pp. 10:1–10:6. doi:10.1145/2565585.2565590. ISBN 9781450327428. 
  6. Wood, Helen M. (1977-01-01). "The use of passwords for controlling access to remote computer systems and services". Proceedings of the June 13-16, 1977, national computer conference on - AFIPS '77. AFIPS '77. pp. 27–33. doi:10.1145/1499402.1499410. 
  7. Sastry, Naveen; Shankar, Umesh; Wagner, David (2003-01-01). "Secure verification of location claims". Proceedings of the 2nd ACM workshop on Wireless security. WiSe '03. New York: ACM. pp. 1–10. doi:10.1145/941311.941313. ISBN 978-1581137699. 
  8. Damiani, Maria Luisa; Silvestri, Claudio (2008-01-01). "Towards movement-aware access control". Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS. SPRINGL '08. New York: ACM. pp. 39–45. doi:10.1145/1503402.1503410. ISBN 9781605583242. 
  9. Monrose, Fabian; Rubin, Aviel (1997-01-01). "Authentication via keystroke dynamics". Proceedings of the 4th ACM conference on Computer and communications security - CCS '97. CCS '97. New York: ACM. pp. 48–56. doi:10.1145/266420.266434. ISBN 978-0897919128. https://archive.org/details/proceedingsof4th0000unse/page/48. 
  10. Shi, Elaine; Niu, Yuan; Jakobsson, Markus; Chow, Richard (2010-10-25). Burmester, Mike. ed (in en). Implicit Authentication through Learning User Behavior. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 99–113. doi:10.1007/978-3-642-18178-8_9. ISBN 9783642181771.