SenSec Mobile Application Advances Smartphone Security
Carnegie Mellon Silicon Valley Assistant Research Professor, Dr. Joy Ying Zhang and Ph.D. ECE student, Jiang Zhu, recently debuted an application on the Android market (now Google Playstore) based on their research on passive authentication. Their paper entitled, “SenSec: Mobile Application Security Through Passive Sensing,” written with Pang Wu and Xiao Wang, has also been accepted into the 2013 International Conference on Computing, Networking, and Communications, to be held in San Diego, CA.
SenSec is a new mobile system framework that uses passive sensory data to ensure the security of applications and data on mobile devices. Data collected by SenSec will result in a gesture model of how the owner of the phone ”normally” uses his device. Based on the sureness score, mobile devices can dynamically request the user to provide active authentication (such as a strong password), or disable certain features to protect user’s privacy and information security.
Dr. Zhang first began working in mobile sensors in 2008 and quickly realized that behavior metrics could be applied to mobility research. “I thought, if there are unique patterns that identify one user from another, why don’t we use that data to authenticate users on a mobile device,” said Zhang.
Today’s increasingly mobile landscape means that more and more cell phone users own smartphones, which results in a multitude of sensitive information that can be lost in just a second of carelessness. With many companies adopting a BYOD – Bring Your Own Device – policy, the cost of that information, which can include trade secrets, is significant. From both a practical and theoretical perspective, the SenSec team’s research aims to tackle the very relevant issue of privacy attacks for mobile users.
“Say you leave your phone out in the open after a public lunch. How can you be assured that the sensitive information on your phone will stay private? We need a more robust security scheme within mobile devices but, at the same time, still provide a seamless user experience, ” said Zhang. Existing mobile authentication schemes include retina scans and fingerprint scanning but can often prove frustrating for users and lack robustness.
The SenSec team hopes that offering the application to the public will provide more user feedback on a larger scale in the coming weeks. Assessments during the trial period have already returned data indicating that false positives are still too common an occurrence. Updates to the application aim to improve the performance and accuracy of the system, as well as enhance user experience, thus alleviating some of the frustrations current users are experiencing. Future plans also include expanding to the Apple iOS platform.
“I am happy to see that our research has now turned into a real product that is both usable and useful to consumers. CMU is unique in that we are not content to just stop after the lab stage or publishing a paper,” said Dr. Zhang.
Watch a video to learn more about SenSec.
SenSec is now available for free download at the Google Playstore.