Outlier Detection for Risk-based User Authentication on Mobile Devices

Mobile user authentication is the primary means of verifying the claimed identity of a user before granting access to resources on a mobile device. Common user authentication methods include passwords and biometrics. Despite the fact that passwords have been the most popular user authentication method for several decades, recent research suggests that they are no longer secure or convenient for mobile users due to several limitations that compromise both device security and usability. Biometric-based user authentication, on the other hand, is gaining popularity because it appears to strike a balance between security and usability. Such methods rely on human physical traits (physiological biometrics) or user involuntary actions (behavioral biometrics) for authentication. Risk-based user authentication using behavioral biometrics is particularly promising for mobile user authentication enhancing mobile authentication security while maintaining usability. In this context, we present an overview of mobile user authentication and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, we test and evaluate a set of outlier detection algorithms for risk estimation in order to identify the most suitable ones for risk-based user authentication on mobile devices in terms of their accuracy and efficiency.