Smartphones have become a part and parcel of modern life, for both personal and professional use. Consequently, securing them in a convenient and efficient manner is of paramount importance, as we all run serious risks when unauthorized users obtain access. To mitigate such risks all smartphones have lock screens that are protected by a variety of mechanisms including PINs, passwords, gestures, and fingerprints. While lock screens can provide significant protections when properly used, they can also degrade the usability of a device by inserting an unwanted step-the authentication step-between the user and their objective of using their phone at all times of the day and night. The burden is so significant that many users forego the protection of lock screens; even when they do enable them, they may configure it using weak credentials or so the device locks itself infrequently. Furthermore, the protection provided is also incomplete, as some "unauthorized users," in fact, will know how to bypass the lock screen, often with the device owner's consent.
Implicit authentication mechanisms promise to solve these problems by allowing the device to identify the user without the user doing any explicit authentication actions. Several researchers have proposed implicit authentication schemes for smartphones based upon how users interact with a touchscreen, hold the phone or even walk; to date, however, commercially available systems have offered only improved security guarantees, rather than the improved usability of a non-intrusive authentication system. In this talk, we will outline a novel implicit authentication system for mobile devices which employs a users swipe gesture for authentication. We hypothesize that the manner in which a user swipes is unique, as measured by the different sensors on the phone. From a machine learning perspective, this is an extremely challenging task as learning must happen online, with minimal data, be robust to concept shifts and handle extremely variable and noisy data. To this end, we also highlight five key requirements that we deem as being essential for an implicit authentication system.