In 2016, there expects two billion people using smartphones worldwide. The main reason of the popularity of the smartphones is that smartphones are convenient for users to access various online services. Every day, people use smartphones to check emails, log on social networks applications, such as Facebook, store personal information, data and files onto the clouds and etc. During the use of smartphones, people likely save their personal information, photos, and passwords into the websites and applications.
So, nowadays, smartphone is not only a communication device for calling and texting, but a personal assistant device which is full of personal and private information. Obviously, the devices cannot be guaranteed of complete safety. Unreliable and simple passwords, and ubiquitous attackers present severe threatens to users’ personal and sensitive information stored on the devices. Therefore, providing a reliable authentication to these devices is an essential requirement. Passwords used to be the only option to authenticate people to access their devices.
In recent years, more and more devices provide biometric sensors such as fingerprints or drawing on screen as alternative authentication options to unlock the devices, but still require passwords as the last help resource in case that biometric solutions fail to work with repeated tries. Even though, these new options cannot avoid the usability issue. A device still requires its user to repeatedly enter their passwords or pins, touch the screen with drawing, or place a finger on the fingerprint sensor. Therefore, how to minimize the usability issue of inconvenience is significant, essential but challenging.
In this thesis work, we propose a non-password software-only solution which is a passive and continuous authentication. It does not rely on the traditional authentication inputs such as password or biometric information, but on user’s historical behaviors in using a device. In recent years, technology companies such as Google and Apple provide more and more built-in sensors to increase user experiences. The larger amount of data collected by sensors in modeling user behavior to creates a lot of opportunities for improving mobile device security.
We propose a multi-sensor-based authentication framework for smartphone users. The framework leverages accelerometer, orientation, and touch size data which are gathered from an Android smartphone, and then, it uses Hidden Markov Model to train a user’s figure gesture and handholding pattern, which is dynamically authenticate the legitimate user of the device and distinguish the user from other unauthorized users.