Continuous authentication and identification for mobile devices: Combining security and forensics

In this paper we consider an additional functionality to continuous authentication which is the identification of an impostor. We use continuous authentication to protect a mobile device. Once it is detected that it is not the genuine user that is using the mobile device, it is important to lock it, but in a closed user group, valuable information could also be gained from determining who the actual person was that was operating the device. This new concept is termed continuous identification and in this paper we will show that we can identify the impostors with almost 98% accuracy in case the security settings are such that an impostor is detected after 15 actions on average. In case of a higher security, we already can detect impostors after 4 actions on the mobile device, but in that case the recognition rate of the correct impostor drops to almost 83%.