BubbleMap: Privilege Mapping for Behavior-based Implicit Authentication Systems
Implicit authentication (IA) is gaining popularity over recent years due to its use of user behavior as the main input, relieving users from explicit actions such as remembering and entering passwords. Various IA schemes have been proposed based on different behavioral and contextual features such as gait, touch, and GPS. However, existing IA schemes suffer from false positives, i.e., falsely accepting an adversary, and false negatives, i.e., falsely rejecting the legitimate user, more so than the more mature explicit authentication counterpart, due to users' behavior change. To deal with this problem, we propose BubbleMap (BMap), a framework that can be seamlessly incorporated into any existing IA system to balance between security (reducing false positives) and usability (reducing false negatives) as well as improving authentication accuracy. To evaluate the proposed framework, we implemented BMap on four state-of-the-art IA systems. We also conducted a comprehensive experiment in a real-world environment spanned two years and eight months. Most of the experimental results show that BMap can greatly enhance the IA schemes' performances in terms of authentication accuracy, security and usability, with a small amount of penalty on energy consumption.
READ FULL TEXT