IDeAuth: A novel behavioral biometric-based implicit deauthentication scheme for smartphones

Many studies have shown that single entry-point authentication schemes for smartphones can easily be circumvented. IDeAuth is an implicit deauthentication scheme that aims to minimize unauthorized access to security-sensitive applications and services running on users’ smartphones when unauthorized access or intrusions are detected. IDeAuth verifies legitimate owners of their smartphones by exploiting their micro hand-movements and decides to sign off the default user account revoking security-sensitive applications and services linked with it. We design and develop an Android-based prototype application as a proof-of-concept and collect a new dataset consisting of 21263 observations from 41 users in a real scenario. The user verification process employs four different one-class classifiers (OCCs), which is evaluated on the collected dataset using the holdout test method. IDeAuth achieves a Half Total Error Rate (HTER) of ≈4% after applying a decision-level-fusion enhancing the best individual classifier’s performance by ≈1%.