Toward Secure User-Habit-Oriented Authentication for Mobile Devices

Mobile device security has become increasingly important as we become more dependent on mobile devices. One fundamental security problem is user authentication, and if not executed correctly, leaves the mobile user vulnerable to harm like impersonation. Although many user authentication mechanisms have presented in the past, studies have shown mobile users prefer usability over security and, unfortunately, a higher level of security often entails sacrificing usability. Moreover, mobile users often unlock their devices in public spaces, inevitably resulting in a high possibility of user credentials disclosure. Motivated by the above, we introduce a novel user-habit-oriented authentication model, where mobile users can integrate their own habits with user authentication on mobile devices. The user-habit-oriented authentication turns a tedious security action into an enjoyable experience. Also, we propose a rhythm based authentication scheme, providing the first proof of concept toward secure user-habit-oriented authentication for mobile devices. Experimental results show that the proposed scheme has high accuracy in terms of false rejection rate. Also, the proposed scheme is able to protect from attacks caused by credential disclosure, which could be fatal to the traditional schemes.