Towards continuous and passive authentication across mobile devices: an empirical study

Mobile devices, such as smartphones and tablets, have become prevalent given their ample functionality brought by a variety of applications. Unfortunately, these devices face security and privacy threats due to unauthorized access. Ordinary protection mechanisms such as passcode and fingerprint verification are widely employed to mitigate the threats. To achieve strong security without sacrificing usability, extensive research efforts have been devoted to continuous authentication through passive sensing and behavior modeling. Nowadays, more and more users own multiple devices. This trend presents opportunities for further optimization of authentication across devices. In this paper, we conduct an empirical study on how a behavioral model created on one device can be transferred to other devices to bootstrap continuous authentication. To pursue this goal, we collect 160 sets of usage data on multiple mobile devices and perform a proof-of-concept experiment. The results demonstrate that we can leverage the similarity between user behaviors on different devices to enable cross-device authentication and anomaly detection.