Like it or not, computer systems store vast quantities of our personal information. Our financial transactions, medical records, business contacts, email messages, even our appointments are all saved somewhere on the Internet. Smartphone apps help us manage this information.
“Smartphones come pre-installed with many security measures, such as passwords, fingerprint scanners and face detection which block unauthorized access to our devices,” Rahul Murmuria, a PhD student at Mason’s Volgenau School of Engineering, “but hackers can bypass these measures and get straight to our data. There is security for our devices, but no security for our data.”
It’s as if we locked the safe, but it is full of cracks.
Many recent studies show that attackers with motivation can pick biometric locks. While intentional misuse of data is a concern, we should also worry about accidental misuse when sharing phones. The world is a social place and smartphones that carry sensitive information can fall into the hands of family members, friends, and kids.
To solve this problem, Murmuria designed intelligence into smartphones, so that they can continuously give users a trust score between 0 and 100. This score represents the probability that users are actually behaving like they normally do.
To measure your behavior, the smartphones learn patterns in how your hand shakes while you read your emails. It learns to identify how you walk, how you drive, how much pressure you apply on the touchscreen while performing specific tasks on the device, and even how much power you consume while doing the tasks. Your smartphones have real-time access to all of these signals and within milliseconds can detect any changes in normal behavior.
“Of course everybody’s behavior isn’t one hundred percent consistent, and the smartphones expect you to occasionally behave in a new way,” said Murmuria. “So, they will look for clusters of abnormal behavior to reduce the trust score. The best part is, all the data remains in your hands at all times. There is no cloud, no server, no need for any Internet at all. Your smartphones can now recognize you.”
Once deployed, users can customize their security measures. For example banking apps could be blocked if the score falls below 80, but social networking might be blocked when the score dips below 60. Additionally, these trust scores can be continuously broadcasted to all the apps installed on the phone. Medical apps could use this score to detect a veteran’s rate recovery from PTSD. Airlines could use it to detect if their pilots were drunk the night before a flight. Parents could use it to find when their child gets into a fight at school and receive an automatic call back.
“The possibilities are endless, and all of these are feasible today,” said Murmuria.
A patent for Murmuria’s technology was filed by Kryptowire, LLC in August 2015 under the title “Active Authentication of Users.” Kryptowire is local company founded by Volgenau professor Angelos Stavrou. Murmuria, who graduates in summer 2017, is currently looking for full-time scientist/researcher positions and would like to continue creating patentable products for his next employer.