智慧型手機在近幾年越來越流行。幾乎每一位使用者都擁有一檯智慧型手機。而隨著應用程式越來越多元，在手機上面的功能也越來越多。智慧型手機可以幫你轉帳、儲存照片以及線上購買應用程式等等。隨著手機功能越來越多元，智慧型手機本身對於擁有者來說也變得越來越隱私。為了保護手機不被任意存取Google已經在Android手機上實作許多安全鎖的方式，如圖形解鎖、密碼輸入，甚至是臉部辨識。這些解鎖方式雖然保障了使用者的隱私，但卻犧牲掉了使用智慧型手機的便利性。在這樣解鎖方式下，使用者必須在每一次存取手機時不斷地輸入圖形來解鎖他自己的手機。這對使用者來說已經造成很大的不方便。
在其他篇論文當中提出不同實作隱式認證的框架。他們利用了許多使用者的生物特徵來做判斷解鎖依據。

在本論文當中，我們提出了一種結合加速器資料以及螢幕接觸資料的認證方式，使用者只需要使用手機，就可以註冊他們的生物特徵資訊在手機中。而利用這種生物特徵解鎖方式，手機持有者可以避免掉每次使用手機都必須輸入圖形解鎖的困擾，也可以避免掉隨著圖形鎖輸入次數的增加，被熟識的人破解手機的可能性。

Smartphones have become very popular in recent years. Nowadays, almost everyone has a smartphone. Smartphones are getting more powerful and have more functions than before. You can transfer money, save photos, or buy an application for a smart phone. For these reasons, smartphones have more and more privacy issues than before. Google already proposed a few locking features in an android device, like graphical pattern lock or PIN code lock. Although these kinds of unlock phone features keep the devices safe when the owner is not near the mobile phone, users have to face an inconvenient problem. Whenever an owner wants to use his mobile phone, he has to draw the same pattern or input the same PIN code again and again. It increases the risk of being compromised by an insider. Some previous work has discussed about the implicit authentication. They proposed a new framework that can unlock mobile phones without the owners' effort.


In this thesis, we propose a new framework that combines the accelerometer and touch event sensor in a mobile phone to identify the user's identity continuously. All the owner has to do is enroll their behavior biometrics into the mobile device.

1 Introduction 1
1.1 Motivation................................. 4
1.2 OurContribution............................. 5
1.3 Organization ............................... 5
2 Related work 6
2.1 Implicitauthentication ......................... 6
2.2 SensorLeakingPrivacy.......................... 10
3 System Architecture and Design 11
3.1 AttackModel............................... 11
3.2 MainIdea................................. 12
3.2.1 Challenge ............................. 13
3.3 MainFramework ............................. 14
3.3.1 Featureselection ......................... 14
3.3.2 ClassifiedMethod ........................ 16
3.3.3 PredictionPolicy......................... 17
4 Implementation 22
4.1 TheOverviewofAndroid ........................ 22
4.2 TheStructureofAndroidApplications ................. 23
4.3 OurFrameworkinAndroid ....................... 24
4.3.1 Weka ............................... 24 i
4.3.2 DecisionMaker.......................... 24
4.3.3 LivewallPaper .......................... 25
4.3.4 MonitoringService........................ 25
4.4 Summary ................................. 25
5 Analysis 26
5.1 ExperimentDesign ............................ 26
5.2 AnalysisResult.............................. 27
5.2.1 Experiment1........................... 27
5.2.2 Experiment2........................... 28
5.2.3 Experiment3........................... 28
6 Conclusion 32
6.1 Conclusion................................. 32
6.2 FutureWork ...............................

[1] Steven Furnell, Nathan Clarke, and Sevasti Karatzouni. Beyond the pin: En- hancing user authentication for mobile devices. Computer fraud & security, 2008(8):12–17, 2008.
[2] Carole Theriault. Survye says 70 percentages don’t password-protect mobiles : download free mobile toolkit. http://nakedsecurity.sophos.com/2011/08/ 09/free-sophos-mobile-security-toolkit/, 2011.
[3] Amy K Karlson, AJ Brush, and Stuart Schechter. Can i borrow your phone?: understanding concerns when sharing mobile phones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 1647– 1650. ACM, 2009.
[4] Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, and Kon- stantin Beznosov. Know your enemy: the risk of unauthorized access in smart- phones by insiders. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services, pages 271–280. ACM, 2013.
[5] Lorrie Faith Cranor. Security and usability: designing secure systems that people can use. ” O’Reilly Media, Inc.”, 2005.
[6] S Karatzouni, SM Furnell, NL Clarke, and RA Botha. Perceptions of user authentication on mobile devices. In Proceedings of the ISOneWorld Conference, Las Vegas, USA, April, pages 11–13, 2007.
34
[7] Hojin Seo, Eunjin Kim, and Huy Kang Kim. A novel biometric identification based on a users input pattern analysis for intelligent mobile devices. Interna- tional Journal of Advanced Robotic Systems, 9, 2012.
[8] Yi Guo, Lei Yang, Xuan Ding, Jinsong Han, and Yunhao Liu. Opensesame: Unlocking smart phone through handshaking biometrics. In INFOCOM, 2013 Proceedings IEEE, pages 365–369. IEEE, 2013.
[9] Yang Zhang, Peng Xia, Junzhou Luo, Zhen Ling, Benyuan Liu, and Xinwen Fu. Fingerprint attack against touch-enabled devices. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pages 57–68. ACM, 2012.
[10] Adam J Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M Smith. Smudge attacks on smartphone touch screens. WOOT, 10:1–7, 2010.
[11] Arash Habibi Lashkari, Samaneh Farmand, Dr Zakaria, Omar Bin, Dr Saleh, et al. Shoulder surfing attack in graphical password authentication. arXiv preprint arXiv:0912.0951, 2009.
[12] Cheng Bo, Lan Zhang, Xiang-Yang Li, Qiuyuan Huang, and Yu Wang. Silentsense: Silent user identification via touch and movement behavioral bio- metrics. In Proceedings of the 19th Annual International Conference on Mobile Computing & Networking, MobiCom ’13, pages 187–190, New York, NY, USA, 2013. ACM.
[13] Anil K Jain, Arun Ross, and Salil Prabhakar. An introduction to biometric recognition. Circuits and Systems for Video Technology, IEEE Transactions on, 14(1):4–20, 2004.
[14] Markus Jakobsson, Elaine Shi, Philippe Golle, and Richard Chow. Implicit authentication for mobile devices. In Proceedings of the 4th USENIX conference on Hot topics in security, pages 9–9. USENIX Association, 2009.
35
[15] Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. Implicit authen- tication through learning user behavior. In Information Security, pages 99–113. Springer, 2011.
[16] Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. You are how you touch: User verification on smartphones via tapping behaviors. Technical report, Tech. Rep. WM-CS-2012-06, 2012.
[17] Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos. Pro- gressive authentication: Deciding when to authenticate on mobile phones. In USENIX Security Symposium, pages 301–316, 2012.
[18] Heather Crawford, Karen Renaud, and Tim Storer. A framework for continu- ous, transparent mobile device authentication. Computers & Security, 39:127– 136, 2013.
[19] Koji Iwano, Tomoharu Hirose, Eigo Kamibayashi, and Sadaoki Furui. Audio- visual person authentication using speech and ear images. In Workshop on Multimodal User Authentication (MMUA 2003), pages 85–90, 2003.
[20] Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. Acces- sory: password inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, page 9. ACM, 2012.
[21] Liang Cai and Hao Chen. Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In HotSec, 2011.
[22] Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. Tapprints: your finger taps have fingerprints. In Proceedings of the 10th international conference on Mobile systems, applications, and services, pages 323–336. ACM, 2012.
[23] Ron Kohavi. The power of decision tables. In Machine Learning: ECML-95, pages 174–189. Springer, 1995.
36
[24] The University of WAIKATO. Weka 3: Data mining software in java. http: //weka.wikispaces.com, 2012.
[25] rjmarsan. Weka for android. https://github.com/rjmarsan/ Weka-for-Android, Feb 2011.