research-article

PRISM: Policy-driven Risk-based Implicit locking for improving the Security of Mobile end-user devices

Authors:

Arun Ramakrishnan,

Davy Preuveneers,

Yolande BerbersAuthors Info & Claims

MoMM 2015: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia

Pages 365 - 374

https://doi.org/10.1145/2837126.2837157

Published: 11 December 2015 Publication History

Abstract

Nowadays, most mobile applications rely on device screen locking mechanisms for ensuring practical security, which expects the users to explicitly authenticate with a PIN or biometric irrespective of the perceived threats. Owing to this usability issues, many avoid using device locks potentially compromising the security. To overcome the limitations of this binary approach, we present an implicit authentication framework called PRISM (Policy-driven Risk-based Implicit locking for improving the Security of Mobile end-user devices). It provides risk based authentication by detecting anomalies in the usual behavior patterns of the users which include their expected locations, activities and application usage. Its device unlocking decisions are driven by policies that are defined either automatically by mining sensor data or manually by the end-users. Our experiments show that PRISM is able to discover useful behavior patterns efficiently even with limited data. The number of required explicit authentications is significantly reduced while assuring the preferred security for everyday scenarios.

References

[1]

Android smart lock. https://support.google.com/nexus/answer/6093922?hl=en. Accessed: 2015-08-24.

[2]

Consumers' mobile behaviors. https://blog.lookout.com/blog/2013/10/21/sprint-and-lookout-survey/. Accessed: 2015-08-24.

[3]

Mobile privacy is important. https://blog.lookout.com/blog/2013/01/29/mobile-privacy-is-important/. Accessed: 2015-08-24.

[4]

N. Aharony, W. Pan, C. Ip, I. Khayal, and A. Pentland. Social fmri: Investigating and shaping social mechanisms in the real world. Pervasive and Mobile Computing, 7(6):643--659, 2011. PerCom 2011.

Digital Library

[5]

C. Bo, L. Zhang, X.-Y. Li, Q. Huang, and Y. Wang. Silentsense: Silent user identification via touch and movement behavioral biometrics. In Proceedings of the 19th Annual International Conference on Mobile Computing and Networking, MobiCom '13, pages 187--190, New York, NY, USA, 2013. ACM.

Digital Library

[6]

S. Buthpitiya, A. Dey, and M. Griss. Soft authentication with low-cost signatures. In Pervasive Computing and Communications (PerCom), 2014 IEEE International Conference on, pages 172--180, March 2014.

[7]

T. Feng, J. Yang, Z. Yan, E. M. Tapia, and W. Shi. Tips: Context-aware implicit user identification using touch screen in uncontrolled environments. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, HotMobile '14.

Digital Library

[8]

I. Fischer, C. Kuo, L. Huang, and M. Frank. Short paper: Smartphones: Not smart enough? In 2nd ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM), pages 27--32. ACM, 2012.

Digital Library

[9]

J. Frank, S. Mannor, and D. Precup. Activity and gait recognition with time-delay embeddings. In in Proceedings of AAAI, 2010.

Digital Library

[10]

D. Gafurov, E. Snekkenes, and P. Bours. Gait authentication and identification using wearable accelerometer sensor. In Automatic Identification Advanced Technologies, 2007 IEEE Workshop on, pages 220--225, June 2007.

[11]

M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The weka data mining software: An update. SIGKDD Explor. Newsl., 11(1):10--18, Nov. 2009.

Digital Library

[12]

E. Hayashi, S. Das, S. Amini, J. Hong, and I. Oakley. Casa: Context-aware scalable authentication. SOUPS '13, pages 3:1--3:10, New York, NY, USA, 2013. ACM.

Digital Library

[13]

E. Hayashi, O. Riva, K. Strauss, A. J. B. Brush, and S. Schechter. Goldilocks and the two mobile devices: Going beyond all-or-nothing access to a device's applications. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS '12, pages 2:1--2:11, New York, NY, USA, 2012. ACM.

Digital Library

[14]

H. G. Kayacik, M. Just, L. Baillie, D. Aspinall, and N. Micallef. Data driven authentication: On the effectiveness of user behaviour modelling with mobile device sensors. CoRR, abs/1410.7743, 2014.

[15]

K. Rachuri, C. Mascolo, and M. Musolesi. Energy-accuracy trade-offs of sensor sampling in smart phone based sensing systems. In T. Lovett and E. O'Neill, editors, Mobile Context Awareness, pages 65--76. Springer London, 2012.

[16]

A. K. Ramakrishnan, D. Preuveneers, and Y. Berbers. A loosely coupled and distributed bayesian framework for multi-context recognition in dynamic ubiquitous environments. In 10th International Conference on Autonomic and Trusted Computing (UIC), pages 270--277. IEEE, 2013.

Digital Library

[17]

A. k. Ramakrishnan, D. Preuveneers, and Y. Berbers. Enabling self-learning in dynamic and open iot environments. Procedia Computer Science, 32:207--214, 2014.

[18]

O. Riva, C. Qin, K. Strauss, and D. Lymberopoulos. Progressive authentication: Deciding when to authenticate on mobile phones. In Presented as part of the 21st USENIX Security Symposium, pages 301--316, Bellevue, WA, 2012.

Digital Library

[19]

T. Stockinger. Implicit authentication on mobile devices. Ubiquitous Computing - Media Informatics Advanced Seminar LMU, (ISSN 1862-5207), 2011.

[20]

F. Zhang, A. Kondoro, and S. Muftic. Location-based authentication and authorization using smart phones. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM '12, pages 1285--1292, Washington, DC, USA, 2012.

Digital Library

Cited By

Cariello NLevine SZhou GHoplight BGasti PBalagani K(2024)SMARTCOPEPervasive and Mobile Computing10.1016/j.pmcj.2023.10187397:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.pmcj.2023.101873
Krishnan VSukumaran S(2022)Risk-Based AuthenticationHandbook of Research on Mathematical Modeling for Smart Healthcare Systems10.4018/978-1-6684-4580-8.ch009(154-179)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-6684-4580-8.ch009
Rafuse MHengartner U(2021)PUPy: A Generalized, Optimistic Context Detection Framework for Implicit Authentication2021 18th International Conference on Privacy, Security and Trust (PST)10.1109/PST52912.2021.9647739(1-10)Online publication date: 13-Dec-2021
https://doi.org/10.1109/PST52912.2021.9647739
Show More Cited By

Index Terms

PRISM: Policy-driven Risk-based Implicit locking for improving the Security of Mobile end-user devices

Recommendations

Secure Communication between Lightweight Communication Devices over the Internet
HICSS '02: Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 7 - Volume 7

The advent of light, low-power handheld compute devices such as Windows CE, Palm and Handspring, is changing the way in which mobile users interact with their home office. These devices can be connected to the Internet through both physical and wireless ...
A Context-aware Adaptive Security Framework for Mobile Applications
ICCASA '14: Proceedings of the 3rd International Conference on Context-Aware Systems and Applications

Mobile devices currently offer many value-added applications and services such as messaging, navigation, social networking, finance, and entertainment. As these mobile applications have access to users' personal information and are capable of gathering ...
Securing Pocket Hard Drives

The availability of inexpensive portable storage devices has made it easier for users to carry data and programs with them and borrow computing platforms when needed. This article focuses on portable storage-based personalization, in which users boot ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MoMM 2015: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia

December 2015

422 pages

ISBN:9781450334938

DOI:10.1145/2837126

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Johannes Kepler University, Linz, Austria
@WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

MoMM 2015

MoMM 2015: The 13th International Conference on Advances in Mobile Computing and Multimedia

December 11 - 13, 2015

Brussels, Belgium

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
158
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cariello NLevine SZhou GHoplight BGasti PBalagani K(2024)SMARTCOPEPervasive and Mobile Computing10.1016/j.pmcj.2023.10187397:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.pmcj.2023.101873
Krishnan VSukumaran S(2022)Risk-Based AuthenticationHandbook of Research on Mathematical Modeling for Smart Healthcare Systems10.4018/978-1-6684-4580-8.ch009(154-179)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-6684-4580-8.ch009
Rafuse MHengartner U(2021)PUPy: A Generalized, Optimistic Context Detection Framework for Implicit Authentication2021 18th International Conference on Privacy, Security and Trust (PST)10.1109/PST52912.2021.9647739(1-10)Online publication date: 13-Dec-2021
https://doi.org/10.1109/PST52912.2021.9647739
Arias-Cabarcos PKrupitzer CBecker C(2019)A Survey on Adaptive AuthenticationACM Computing Surveys10.1145/333611752:4(1-30)Online publication date: 11-Sep-2019
https://dl.acm.org/doi/10.1145/3336117

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents