Implicit Authentication On Mobile Devices

Users are increasingly becoming dependent on mobile devices. However, the current authentication methods are vulnerable to threats and significantly more frustrating, leading users to create and reuse shorter passwords and pins, or no authentication at all. Research in implicit authentication suggests that the time period a specific trait is monitored is useful in identification of user behavior. Focusing on this aspect, I have proposed an implicit user re-authentication approach that uses observations of users behavior for authentication this system does not requires any application changes or hardware modifications. The proposed technique observes users specific patterns as users access network resources in order to build models of normal behavior of users. These models help to distinguish between normal usage and anomalous usage.In this thesis, I have described an automated approach to generate users behavior models and to differentiate between normal usage and abnormal usage. I have discussed on how to efficiently authenticate users implicitly on mobile devices. This approach is based on this analogy:Most people are creatures of habit-a person goes to work in the morning, perhaps with a stop at the coffee shop, but almost always using the same route. The proposed approach observes the user traits over a period of time in order to distinguish between normal users and attackers. To validate the performance of my approach, I used data collected from30users of mobile devices and the approach recorded high accuracy rate. Therefore the approach is able to categorize different types of users reliably and with high confidence. In summary, the contributions of my thesis are as follow:· Provision of an implicit user authentication approach that incorporates nine features (such as IP address, port, protocol, application) that help to uniquely identity user behaviors thus improving the accuracy of user authentication.· Development of a novel architectural framework that observes user-specific patterns to distinguish between legitimate users and illegitimate users thus enhancing and strengthening user authentication.· Development of an engine that calculates the authentication score (the similarity of features of the past and recent behaviours) for a given user.