Continuous implicit authentication for mobile devices based on adaptive neuro-fuzzy inference system

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.As mobile devices have become indispensable in modern life, mobile security is becoming much more important. Traditional password or PIN-like point-of-entry security measures score low on usability and are vulnerable to brute force and other types of attacks. In order to improve mobile security, an adaptive neuro-fuzzy inference system(ANFIS)-based implicit authentication system is proposed in this paper to provide authentication in a continuous and transparent manner. To illustrate the applicability and capability of ANFIS in our implicit authentication system, experiments were conducted on behavioural data collected for up to 12 weeks from different Android users. The ability of the ANFIS-based system to detect an adversary is also tested with scenarios involving an attacker with varying levels of knowledge. The results demonstrate that ANFIS is a feasible and efficient approach for implicit authentication with an average of 95% user recognition rate. Moreover, the use of ANFIS-based system for implicit authentication significantly reduces manual tuning and configuration tasks due to its self-learning capability

ConXsense – Context Sensing for Adaptive Usable Access Control

In this paper, we present the design and implementation of ConXsense, a framework utilizing context sensing for easy-to-use and adaptive context-aware access control for mobile devices. Previous work often require either users to laboriously specify detailed policies or they rely on pre-specified, non-personalized and error-prone policies for generic context classes. Recent approaches attempt to address these deficiencies by learning from context data. Our approach improves on this by using context data to automatically estimate the sensitivity and safety of the user’s context and using the estimates for dynamically enforcing access control rules in a highly personalized, nonintrusive and usable manner. Our initial implementation of the framework addresses two smartphone-related problem scenarios for context-aware access control: 1) how to prevent unauthorized apps (like sensory malware) from gathering information about the context of a mobile device (contextual privacy) and 2) how to protect the data and applications on the device from physical threats in the context (like thieves or device misuse by others). We start with a sociological user study, and use its results to inform the design and implementation of ConXsense. We carry out a data collection and analysis study based on which we evaluate the effectiveness and accuracy of ConXsense. Moreover, we integrate ConXsense with a fine-grained access control architecture and show how it can effectively protect against sensory malware as well as device theft and misuse