An evaluation of behavioural profiling on mobile devices

Fudong Li, Ross Wheeler, Nathan Clarke

Research output: Chapter in Book/Report/Conference proceedingConference contribution

177 Downloads (Pure)

Abstract

With more than 6.3 billion subscribers around the world, mobile de-vices play a significant role in people's daily life. People rely upon them to carry out a wide variety of tasks, such as accessing emails, shopping online, micro-payments and e-banking. It is therefore essential to protect the sensitive information that is stored on the device against misuse. The majority of these mobile devices are still dependent upon passwords and Personal Identification Numbers (PIN) as a form of user authentication. However, the weakness of these point-of-entry techniques is well documented. Furthermore, current point-of-entry authentication will only serve to provide a one-off authentication decision with the time between an authentication and access control decision effectively becoming independent. Through transparent authentication, identity verification can be performed continuously; thereby more closely associating the authentication and access control decisions. The challenge is in providing an effective solution to the trade-off between effective security and usability. With the purpose of providing enhanced security, this paper describes a behavioural profiling framework, which utilizes application or service usage to verify individuals in a continuous manner. In order to examine the effectiveness a series of simulations were conducted by utilising real users' mobile applications usage. The dataset contains 76 users' application activities over a four-week period, including 30,428 log entries for 103 unique applications (e.g. telephone, text message and web surfing). The simulations results show that the framework achieved a False Rejection Rate (FRR) of 12.91% and a False Acceptant Rate (FAR) of 4.17%. In contrast with point of entry approaches, the behavioural profiling technique provides a significant improvement in both device security and user convenience. An end-user trial was undertaken to assist in investigating the perceptions surrounding the concept of behavioural profiling technique - an approach that is conceptually associated with privacy concerns. The survey revealed that participants were strongly in favour (71%) of using the behavioural approach as a supplement of the point-of-entry technique to protect their devices. The results also provided an interesting insight into the perceived privacy issues with the approach, with 38% of the participants stating they do not care about their personal information being recorded.

Original languageEnglish
Title of host publicationHAS 2014: Human Aspects of Information Security, Privacy, and Trust
EditorsT. Tryfonas, I. Askoxylakis
PublisherSpringer
Pages330-339
Number of pages10
ISBN (Electronic)978-3319076201
ISBN (Print)978-3319076195
DOIs
Publication statusPublished - 22 Jun 2014
EventHAS 2014: Human Aspects of Information Security, Privacy, and Trust - Heraklion, Greece
Duration: 22 Jun 201427 Jun 2014

Publication series

NameLecture Notes in Computer Science
Volume8533
ISSN (Print)0302-9743

Conference

ConferenceHAS 2014: Human Aspects of Information Security, Privacy, and Trust
Country/TerritoryGreece
CityHeraklion
Period22/06/1427/06/14

Keywords

  • authentication
  • behavioural profiling
  • non-intrusive
  • transparent

Fingerprint

Dive into the research topics of 'An evaluation of behavioural profiling on mobile devices'. Together they form a unique fingerprint.

Cite this