Document Type

Article

Publication Date

2-1-2019

Publication Title

Proceedings of the Workshop on Usable Security

Department

Department of Computer Science

Abstract

Many users find current smartphone authentication methods (PINs, swipe patterns) to be burdensome, leading them to weaken or disable the authentication. Although some phones support methods to ease the burden (such as fingerprint readers), these methods require active participation by the user and do not verify the user’s identity after the phone is unlocked. We propose CSAW, a continuous smartphone authentication method that leverages wristbands to verify that the phone is in the hands of its owner. In CSAW, users wear a wristband (a smartwatch or a fitness band) with built-in motion sensors, and by comparing the wristband’s motion with the phone’s motion, CSAW continuously produces a score indicating its confidence that the person holding (and using) the phone is the person wearing the wristband. This score provides the foundation for a wide range of authentication decisions (e.g., unlocking phone, deauthentication, or limiting phone access). Through two user studies (N=27,11) we evaluated CSAW’s accuracy, usability, and security. Our experimental evaluation demonstrates that CSAW was able to conduct initial authentication with over 99% accuracy and continuous authentication with over 96.5% accuracy.

DOI

10.14722/usec.2019.23013

Original Citation

Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, and David Kotz. Continuous Smartphone Authentication using Wristbands. Proceedings of the Workshop on Usable Security (USEC), 12 pages. Internet Society, February 2019. doi:10.14722/usec.2019.23013

Share

COinS