SCS Colloquium Series: Urs Hengartner - On Implicit Authentication

How often have you been annoyed about your smartphone because it asks you to enter a PIN each time you want to use it? Maybe you have been so annoyed that you turned off authentication entirely. Of course, you regretted this decision as soon as you caught your two-year old kid making random phone calls from your phone.

 

Would it not be great if your smartphone could detect who is using it based on how the person is using the phone? This is the idea behind implicit authentication, which uses behavioural patterns to continuously and transparently authenticate mobile device users. Researchers have proposed various implicit authentication schemes based on, for example, people's touch-input behaviour, their gait pattern, or their location or browser history.

 

While these schemes have been shown to have reasonable detection accuracy, many research challenges remain. In this colloquium, I am going to report on our research efforts in this area, namely comparing different implicit authentication schemes, building an open-source framework for implicit authentication, and studying users' security and usability perceptions of implicit authentication.