Retraining and Dynamic Privilege for Implicit Authentication Systems

With the rapid growth of the smart device market, associated security issues become more threatening and diverse than ever before. Due to the limitations of the traditional explicit authentication mechanisms (e.g., Password-based, biometrics), researchers and the industry have been promoting implicit authentication (IA) that does not require explicit user action and potentially enhances user experience to further protect devices from misuse. IA typically leverages various types of behavioral data to deduce a user behavior model for authentication purpose. However, IA systems are still at their infancy and exhibit many limitations, one of which is how to determine the best retraining frequency when updating the user behavior model. Another limitation is how to gracefully degrade user privilege, when authentication fails to identify legitimate users (i.e., False negatives) for a practical IA system. To address the first problem, we propose an algorithm that utilizes Jensen-Shannon (JS)-dis(tance) to determine the optimal retraining frequency. For the second problem, we introduce a dynamic privilege mechanism, again based on JS-dis(tance), to achieve multi-level fine-grained access control. Our simulation results show that the proposed techniques can successfully detect the degradation of accuracy of the user behavior model, as well as automatically determine and adjust to the best retraining frequency. It is also shown that the dynamic privilege-based access control reduces the impact of false negatives on legitimate users and enhances system reliability and user experience compared with the traditional lock-only method in case of authentication failure.