MAUTH: Continuous User Authentication Based on Subtle Intrinsic Muscular Tremors
Yi Jiang, Hongzi Zhu, Shan Chang, Bo Li
Abstract
Continuous authentication is viewed to be increasingly important for mobile devices, which store a wide range of private data and sensitive information of users. Traditional continuous authentication methods need user inputs (e.g. typing, sliding). In this work, we present MAUTH, a zero-effect continuous authentication scheme for mobile devices. With the built-in motion sensors on commercial off-the-shelf (COTS) devices, MAUTH can continuously extract, classify and verify the unique tremor features of users on how their body intrinsically shakes during the normal use of such devices. As a result, it is extremely difficult if not impossible to reproduce the same set of tremors as individuals differ in their muscle development. We implement MAUTH as a software on Android-based smartphones, which demonstrates that MAUTH is light-weight and unobtrusive to its users. We conduct extensive real-world experiments and trace-driven simulations in controlled and uncontrolled environments on 21 volunteers. The results show that MAUTH is difficult to counterfeit and achieves a low average false positive rate (FPR) of 6.73% under real-world spoofing attacks. Moreover, MAUTH is comfortable to use and can achieve a low average false negative rate (FNR) of 2.2% during uncontrolled and continuous usage of devices, leveraging isolation-forest-based classifiers trained with only 40 training samples.