Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users

Abstract

Handheld devices today do not continuously verify the identity of the user while sensitive activities are performed. This enables attackers, who can either compromise the initial password or grab the device after login, full access to sensitive data and applications on the device. To mitigate this risk, we propose continuous user monitoring using a machine learning based approach comprising of an ensemble of three distinct modalities: power consumption, touch gestures, and physical movement. Users perform different activities on different applications: we consider application context when we model user behavior. We employ anomaly detection algorithms for each modality and place a bound on the fraction of anomalous events that can be considered "normal" for any given user. We evaluated our system using data collected from 73 volun- teer participants. We were able to verify that our system is functional in real-time while the end-user was utilizing popular mobile applications.