Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.1.127

A Study of User Perception on Features Used in Behavior-Based Authentication  

Lee, Youngjoo (Information Security Lab, Yonsei University)
Ku, Yeeun (Information Security Lab, Yonsei University)
Kwon, Taekyoung (Information Security Lab, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.1, 2019 , pp. 127-137 More about this Journal
Abstract
The growth in smartphone service has given rise to an increase in frequency and importance of authentication. Existing smartphone authentication mechanisms such as passwords, pattern lock and fingerprint recognition require a high level of awareness and authenticate users temporarily with a point-of-entry techniques. To overcome these disadvantages, there have been active researches in behavior-based authentication. However, previous studies focused on enhancing the accuracy of the authentication. Since authentication is directly used by people, it is necessary to reflect actual users' perception. This paper proposes user perception on behavior-based authentication with feature analysis. We conduct user survey to empirically understand user perception regarding behavioral authentication with selected authentication features. Then, we analyze acceptance of the behavioral authentication to provide continuous authentication with minimal awareness while using the device.
Keywords
Smartphone Authentication; Behavior-based Authentication; Authentication Features; User Perception;
Citations & Related Records
연도 인용수 순위
  • Reference
1 H. Saevanee, N. Clarke, S. Furnell, V. Biscione, "Text-based active authentication for mobile devices," IFIP, pp. 99-112, June. 2014.
2 M. Durmuth, D. Freeman, and B. Biggio, "Who are you? A statistical approach to measuring user authenticity," NDSS, pp. 1-15, Feb. 2016.
3 A.H. Lashkari, S. Farmand, O.B. Zakaria, and R. Saleh "Shoulder surfing attack in graphical password authentication," IJCSIS, vol. 6, no. 2, pp. 145-154, Nov. 2009.
4 A.J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, "Smudge Attacks on Smartphone Touch Screens," WOOT, pp. 1-7, 2010.
5 M. Shahzad, A. X. Liu, and A. Samuel, "Secure unlocking of mobile touch screen devices by simple gestures: You can see it but you can not do it," MobiCom, pp. 39-50, Sept. 2013.
6 A. K. Jain, K. Nandakumar, A. Ross, "50 years of biometric research: Accomplishments challenges and opportunities," Pattern Recognition Letters, vol. 79, no. 1, pp. 80-105, Aug. 2016.   DOI
7 F. Li, N. Clarke, M. Papadaki, P. Dowland, "Active authentication for mobile devices utilising behaviour profiling," Int. J. Inf. Security, vol. 13, no. 3, pp. 229-244, Jun. 2014.   DOI
8 A.D. Luca and J. Lindqvist, "Is Secure and Usable Smartphone Authentication Asking Too Much?," IEEE Computer, vol. 48, no. 5, pp. 64-68, May. 2015.
9 N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM Systems Journal, vol. 40, no. 3, pp. 614-634, 2001.   DOI
10 N. Clarke and S. Furnell, "Authentication of users on mobile telephones - a survey of attitudes and practices," Computers & Security, vol. 24, no. 7, pp. 519-527, Oct. 2005.   DOI
11 P.S. Teh, N. Zhang, A.B.J Teoh, and K. Chen, "A survey on touch dynamics authentication in mobile devices," Computers & Security, Vol. 59, pp. 210-235, June. 2016.   DOI
12 L. Li, X. Zhao, and G. Xue, "Unobservable re-Authentication for smartphones," NDSS, Feb. 2013
13 Xu, H., Zhou, Y., and Lyu, M, "Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones," SOUPS, pp. 187-198, July. 2014.
14 Z. Sitova, J. Sedenka, Q. Yang, G. Peng, G. Zhou, P. Gasti, K. S. Balagani, "HMOG: New behavioral biometric features for continuous authentication of smart-phone users," IEEE Trans. Inform. Forensics Security, vol. 11, no. 5, pp. 877-892, May. 2016.   DOI
15 W.-H. Lee, X. Liu, Y. Shen, H. Jin, R. Lee, "Secure pick up: Implicit authentication when you start using the smartphone," SACMAT, pp. 67-78, June. 2017.
16 Karapanos, N., Marforio, C., Soriente, C., & Capkun, S. "Sound-proof: usable two-factor authentication based on ambient sound" USENIX Security, pp. 483-498, Aug. 2015.
17 L. Zhang, S. Tan, J. Yang, Y. Chen, "VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones," CCS, pp. 1080-1091, Oct. 2016.
18 D. Liu, J. Chen, Q. Deng, A. Konate, and Z. Tian, "Secure pairing with wearable devices by using ambient sound and light," Wuhan University Journal of Natural Sciences, vol. 22, no. 4, pp. 329-336, Aug. 2017.   DOI
19 T. Neal, D. Woodard, A. Striegel, "Mobile device application Bluetooth and Wi-Fi usage data as behavioral biometric traits," Proc. IEEE Int. Conf Biometrics Theory Applicat. and Syst., pp. 1-6, Sept. 2015.
20 F. Tao, L. Ziyi, C. Bogdan, B. Daining, and S. Weidong, "Continuous mobile authentication using touchscreen gestures," HST, pp. 451-456, Nov. 2012.
21 F. Li, N. Clarke, M. Papadaki, P. Dowland, "Behaviour profiling for transparent authentication for mobile devices," Proc. Euro. Conf. Inform. Warfare and Security, pp. 307-314, July. 2011.
22 H. Xu, S. Gupta, M. B. Rosson, and J. M. Carroll. "Measuring mobile users' concerns for information privacy." ICIS. pp. 1-6, Dec. 2012.
23 L. Fridman, S. Weber, R. Greenstadt, and M. Kam, "Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location," IEEE Systems Journal, vol. 11, no. 2, pp. 513-521, 2017.   DOI
24 S. Yazji, X. Chen, R. P. Dick, and P. Scheuermann. "Implicit User Re-authentication for Mobile Devices," In Ubiquitous Intelligence and Computing, Lecture Notes in Computer Science, pp. 325-339, July. 2009.
25 Preuveneers, D., Joosen, W., " Smartauth: dynamic context fingerprinting for continuous user authentication," In Proc. of the ACM Symposium on Applied Computing, SAC, pp. 2185-2191, Apr. 2015
26 E. Chin, A. P. Felt, V. Sekar, and D. Wagner. "Measuring user confidence in smartphone security and privacy." SOUPS, pp. 1-6, July. 2012
27 Password Selection and Use Guide, Korea Internet & Security Agency, Jan. 2010
28 A. Serwadda, V. Phoha, and Z. Wang, "Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms," BTAS, pp. 1-8, Sept. 2013.
29 C. Braz, and J. M. Robert, "Security and usability: the case of the user authentication methods," IHM, pp. 199-203, Apr. 2006.
30 S. M. Furnell, P.S Dowland, H.M Illingworth, and P.L Reynolds, "Authentication and Supervision: A Survey of User Attitudes," Computers & Security, vol. 19, no. 6, pp. 529-539, Oct. 2000.   DOI