Recent years have witnessed widespread adoption of mobile devices. Whereas initial
popularity was driven by voice telephony services, capabilities are now broadening to
allow an increasing range of data orientated services. Such services serve to extend the
range of sensitive data accessible through such devices and will in turn increase the
requirement for reliable authentication of users.
This thesis considers the authentication requirements of mobile devices and proposes novel
mechanisms to improve upon the current state of the art. The investigation begins with an
examination of existing authentication techniques, and illustrates a wide range of
drawbacks. A survey of end-users reveals that current methods are frequently misused and
considered inconvenient, and that enhanced methods of security are consequently required.
To this end, biometric approaches are identified as a potential means of overcoming the
perceived constraints, offering an opportunity for security to be maintained beyond pointof-
entry, in a continuous and transparent fashion.
The research considers the applicability of different biometric approaches for mobile
device implementation, and identifies keystroke analysis as a technique that can offer
significant potential within mobile telephony. Experimental evaluations reveal the potential
of the technique when applied to a Personal Identification Number (PIN), telephone
number and text message, with best case equal error rates (EER) of 9%, 8% and 18%
respectively. In spite of the success of keystroke analysis for many users, the results
demonstrate the technique is not uniformly successful across the whole of a given
population. Further investigation suggests that the same will be true for other biometrics,
and therefore that no single authentication technique could be relied upon to account for all
the users in all interaction scenarios. As such, a novel authentication architecture is
specified, which is capable of utilising the particular hardware configurations and
computational capabilities of devices to provide a robust, modular and composite
authentication mechanism. The approach, known as IAMS (Intelligent Authentication
Management System), is capable of utilising a broad range of biometric and secret
knowledge based approaches to provide a continuous confidence measure in the identity of
the user. With a high confidence, users are given immediate access to sensitive services
and information, whereas with lower levels of confidence, restrictions can be placed upon
access to sensitive services, until subsequent reassurance of a user's identity.
The novel architecture is validated through a proof-of-concept prototype. A series of test
scenarios are used to illustrate how IAMS would behave, given authorised and impostor
authentication attempts. The results support the use of a composite authentication approach
to enable the non-intrusive authentication of users on mobile devices.
Date of Award | 2004 |
---|
Original language | English |
---|
Awarding Institution | |
---|
Sponsors | Orange Personal Communications Services Ltd. |
---|
Advanced user authentification for mobile devices
Clarke, N. (Author). 2004
Student thesis: PhD