Fingerprint identification, password protection and phone storage encryption are a few ways to make your smartphones more secure. But Google is looking to take the security measure one step further, using behavioral analysis of everything from typing habits to photo identifiers to authenticate people to their smartphones – with the goal of making passwords obsolete.
CSL professors Nikita Borisov, Tom Huang and Mark Hasegawa-Johnson are working with Google’s Advanced Technology and Projects (ATAP) division to help develop this authentication method. Borisov’s team was awarded a six-month $52,250 grant for the project and Huang and Hasegawa-Johnson’s team received $90,000 for the six-month project.
“The goal here is to use the many sensors on phones that give you weak identifying information to identify if the correct person is in possession of a certain phone,” Borisov said. “The project aims to combine these weak identifiers and fuse them all together in order to get a strong indication of whether the phone is in the right person’s hands.”
There are about a dozen teams from various universities working on the project, with Illinois contributing two teams. Google has collected a large data set from about 1,000 participants and representatives from each team will work on-site at Google’s headquarters to build a prototype. Teams participated in preliminary work, but the majority of the research has been done on-site from January to April, due to privacy concerns with the data.
“Google is proposing to make telephones more secure from theft, which, to me, is a great goal to support,” said Hasegawa-Johnson, speaking from experience. When he was sitting in a Chicago café three years ago, his phone was stolen out of his hand. Unfortunately, there was nothing he or his phone company could do to track the phone.
The teams will be using various types of sensors, readings, pictures and other behaviors to ensure that whoever is using a phone is the owner at any point in time, eliminating the need to enter a password to unlock a phone.
“The end goal is that all the authentication analysis would be done on the phone, with the data never leaving the phone, which potentially mitigates some of the privacy concerns,” Borisov said.
Borisov, along with two of his graduate students Joshua Juen (ECE) and Anupam Das (CS), were asked to participate due to their previous work doing fingerprinting on acoustic sensors in smartphones and monitoring people’s gait from smartphone sensors to infer heath information about a user.
Hasegawa-Johnson and Huang are working with graduate students Sujeeth Bharadwaj (ECE), Jianping Wang and Ding Liu (ECE). Bharadwaj will be contributing to the project by using general machine learning techniques to help detect anomalous sequences of events, while Wang will focus on facial recognition. Das, Bharadwaj and Wang have been representing the teams during the on-site work this semester.
One of the difficulties Borisov anticipates facing as the project continues is how to gather data when the phone is locked and dealing with battery life issues. The current data set provided by Google doesn’t include data when the phone is locked to protect the privacy of the participants, but this can be a valuable source of information. Additionally, this project only deals with authentication and not what would happen after a phone is found to be in the wrong hands.
“We’re hoping to create a more usable and more secure way to authenticate you to your phone to make sure your personal information is protected,” Borisov said. “Many people don’t set up any protection on their phone and even if they do, it’s not always the highest level of security. Your phone is a gateway to everything you do online and a lot of sensitive information can be discovered if a phone falls into the hands of the wrong person.”
Filed Under: M2M (machine to machine)