University of Houston

Due to the dramatical increase in popularity of mobile devices in the last decade, more sensitive user information is stored and accessed on these devices everyday. Securing the sensitive data stored and accessed from mobile devices makes user identity management a problem of paramount importance. The tension between security and usability renders however the task of user identity verification on mobile devices a challenging task. However, most existing technologies for user identity verification only cover the login stage or only work in restricted controlled environments or GUIs in the post login stage, and most of them lack of application level access control management.

To solve the aforementioned problems, we investigate and seek approaches from both the sensor data generated between human-mobile interactions. We collected and investigated on the data collected from onboard sensors, including voice from microphone, acceleration data from accelerometer, angular acceleration from gyroscope, magnetic force from magnetometer, and multi-touch gesture input from touchscreen. We researched on the feasibility of extracting biometric and behaviour features from the above data and how to efficiently employing the features extracted to perform user identity verification. Based on the experiment results of the single sensor modalities, we further investigated how to integrate them with hardware such as fingerprint and Trust Zone to practically design and implement a usable identity management system for both local application control and remote services scenarios. User study and on device testing sessions are held for privacy and usa bility evaluation.