0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
False Accept Rate
True Accept Rate
Figure 2.3: An example ROC curve. The AUC for this curve is 80.13%. The EER (25.99%) is the point where the two lines cross.
and standard computer authentication.
2.7
Transparent and Continuous Authentication
In the context of this work, transparent authentication is defined as verifying the identity of the user of a mobile device without explicitly requiring user effort. This section discusses current literature on transparent authentication, which is also called implicit [56, 80, 139] or zero-interaction authentication [140]. For the purposes of this research, the term transparent authentication will be used in place of all other similar terms. The implication is that the data upon which to base an authentication decision is found in how a person uses a device while that person goes about their regular tasks.
Attempts to describe transparent authentication have been seen as early as 2002. Corner and Noble [140] describe a system that uses a physical hardware token worn by the user that wirelessly communicates a master password to a laptop that is then used to unlock a larger password file. However, their system requires the user to explicitly authenticate to the token, which means that their system is not truly transparent, although the authors state that the owner would have to authenticate less often than with regular password systems [140]. Since early attempts in 2002, the idea of transparent authentication has been researched heavily. In 2008, Briggs and Olivier [141] suggested creating “biometric daemons” that learned their owners’ behavior, pined and eventually died in the absence of this behavior. Their ideas were based on the His Dark Materials trilogy of books by Philip Pullman [142] in which a human is matched with a small creature, called his daemon, who essentially represents the human’s soul and will pine and die in the absence of the human, as will the
2.7. Transparent and Continuous Authentication 35 human in the absence of the daemon. Briggs and Olivier paint a picture of an electronic form of daemon that requires imprinting and nurturing – essentially equivalent to the more traditional enrolment and testing phases of authentication systems. This is a rather fanciful embodiment of the idea of transparent authentication, and Briggs and Olivier do not go beyond the thought-experiment phase.
In 2009, Tanviruzzaman et al. [52] experimented with the idea of an “electronic pet” that learns the owner’s patterns to determine the identity of the person using it. Tanviruzzaman et al. go beyond Briggs and Olivier’s idea to describe which biometrics they intend to gather: gait, location, voice, fingerprints, and facial patterns. It is unclear how they intend to com- bined these processor-intensive biometrics into a single decision. Their system is described as “silent and less intrusive most of the time, i.e., the authentication process runs continu- ously in the background until a higher level of security is needed” [52], which implies that it is an transparent authentication system although they do not use such a term specifically. They have extended Briggs and Olivier’s thought experiment but have not yet, to this author’s knowledge, empirically evaluated their proposals.
Marsh and Briggs [143] expanded the idea of a biometric daemon further by developing a concept they call device comfort. Rather than focusing solely on the capabilities of the biometric daemon, Marsh and Briggs examine the device’s relationship with its owner – device comfort – and relate it to the concept of trust in an electronic environment. Marsh and Briggs consider electronic trust to be related to the device’s knowledge of its owner’s patterns, preferences and data on the device, although this is a simplification of a increasingly well-defined concept [144]. In this way, the concepts of electronic device trust may also be used as a foundation for transparent authentication on a mobile device. While trust in an electronic environment is applicable to transparent authentication, it is not a topic that will be addressed in this dissertation. The reader is directed towards more thorough sources for further information [144, 145].
Marsh and Briggs point out that device comfort is not the same as the owner’s relationship with the device. Device comfort is from the point of view of the device rather than from its owner. The owner’s point of view is achieved through customizing the device interface. Device comfort originates from the point of view of the device since it is the device that does the majority of the work. Their work was intended to fill the gap between increasing mobile device functionality and the limited amount of security on such devices. In this way, the work of Marsh and Briggs has similar goals as the work described in this dissertation, although their work does not reference authentication. They do, however, provide a “roadmap” that can be used to apply the concept of device comfort to a mobile environment, which allows transparent authentication on mobile devices to be developed with this in mind as well as with a strong idea of how electronic trust applies.
2.7. Transparent and Continuous Authentication 36 Riva et al. have proposed a solution to mobile device authentication [146]. Their solution, called progressive authentication, does not appear to be a new method; instead, it is an exam- ination of whether when we decide to authenticate (as opposed to how) improves the security of mobile devices. The authors suggest that if the mobile device remains in the owner’s pos- session, even if the owner is not currently interacting with it, there is no need to authenticate should the owner decide to use the device. However, if the device has lost contact with its owner (i.e., it is lent to someone else or placed on a surface), then authentication should be required. Riva et al. suggest a hybrid transparent authentication method since with enough information regarding who possesses the device, authentication is transparent. Otherwise, explicit authentication is required. Their user study showed that they were able to reduce the number of required authentications by 42%.
Shi et al. cite the frustration owners experience in entering standard passwords and PINs into small mobile device keyboards as a motivating factor for transparent authentication [80], a notion that is supported by Allen et al. [147]. Shi et al. proposed using a smartphone to record the owner’s location, motion, phone call patterns, and application usage to determine whether the owner is in possession of the smartphone, and allow him or her to access the Internet based on this determination. Shi et al. have the main goal of using sources of identifying data that do not require typing since they see smartphone keyboards as frustrating and error- prone. The high levels of reported success show that device use patterns are indeed a rich source of information.
A behavioral biometric that may be used transparently was studied by Conti et al. [148] in 2011. Their work uses the accelerometers and gyroscopes in mobile devices to track the movements a user makes when answering a phone call, with the purpose of using these distinctive movements to identify the device’s owner. Their research showed that there is sufficient uniqueness in this pattern to verify the owner’s identity, and suggest that it can be used in an transparent manner. The gap in the research that Conti et al. have filled is that passwords and PINs on mobile devices are not required when answering an incoming phone call, and thus do not protect the device from misuse in that case.
The applicability of behavioral biometrics to transparent authentication has been presented in this section. While these individual instances of studies to determine their feasibility are important, what is required to solve the mobile device authentication problem is a model that is biometric and platform independent, so that as technology progresses, the model stays useful.