Dynamic Multi-level Privilege Control in Behavior-based Implicit Authentication Systems Leveraging Mobile Devices

Implicit authentication (IA) is gaining popularity over recent years due to its use of user behavior as the main input, relieving users from explicit actions such as remembering and entering passwords. However, such convenience comes with a cost of authentication accuracy and delay which we propose to improve in this paper. Authentication accuracy deteriorates as users’ behaviors change as a result of mood, age, a change of routine, etc. Current authentication systems handle failed authentication attempts by locking the users out of their mobile devices. It is unsuitable for IA whose accuracy deterioration induces a high false reject rate, rendering the IA system unusable. Furthermore, existing IA systems leverage computationally expensive machine learning, which can introduce a large authentication delay. It is challenging to improve the authentication accuracy of these systems without sacrificing authentication delay. In this paper, we propose a multi-level privilege control (MPC) scheme that dynamically adjusts users’ access privilege based on their behavior change. MPC increases the system’s confidence in users’ legitimacy even when their behaviors deviate from historical data, thus improving authentication accuracy. It is a lightweight feature added to the existing IA schemes that helps avoid frequent and expensive retraining of machine learning models, thus improving authentication delay. We demonstrate that MPC increases authentication accuracy by 18.63% and reduces authentication delay by 7.02 minutes on average, using a public dataset that contains comprehensive user behavior data.