IIT Home Page CNR Home Page

Mobile Silent and Continuous Authentication using Apps Sequence

The last years have seen a growing explosion of the use of mobile devices. As matter of fact ``smart'' devices are used for a plethora of activities: from spending leisure time on social networks to e-banking. For these reasons smart devices hold huge volumes of private and sensitive user data and allow the access to critical applications in terms of privacy and security. Currently mobile devices provide an authentication mechanism based on the login: they do not continuously verify the identity of the user while sensitive activities are performed. This mechanism may allow an adversary to access sensitive information about users and to replace them during sensitive tasks, once they have obtained the user's credentials. To mitigate this risk, in this paper we propose a method for the silent and continuous authentication. Considering that each user typically runs recurrently a certain set of applications in every-day life, our method extracts this characterizing sequences of apps for profiling the user and recognizing the user of the device that is not the owner. Using machine learning techniques several classifiers have been trained and the effectiveness of the proposed method has been evaluated by modeling the user behavior of 15 volunteer participants. Encouraging results have been obtained, i.e. a precision in distinguishing an impostor from the owner equal to 99%. The main benefit of this method is that is does not use sensitive data, nor biometrics, which, if compromised, cannot be replaced.

14th International Conference on Security and Cryptography (SECRYPT), Madrid, Spain, 2017

External authors: Gerardo Canfora (Dipartimento di Ingegneria, Università degli Studi del Sannio), Giovanni Cappabianca (Dipartimento di Ingegneria, Università degli Studi del Sannio), Pasquale Carangelo (Dipartimento di Ingegneria, Università degli Studi del Sannio), Ernesto Rosario Russo (Dipartimento di Ingegneria, Università degli Studi del Sannio), Corrado Aaron VIsaggio (Dipartimento di Ingegneria, Università degli Studi del Sannio)
IIT authors:

Type: Contributo in atti di convegno
Field of reference: Computer Science & Engineering

File: mobile-silent-continuous.pdf

Activity: Sicurezza di dispositivi mobili