Authentication refers to the process of verifying a user based on certain credentials, before granting access to a secure system, resource, or area. Vulnerabilities in an authentication system may be exploited by adversaries, leading to leakage of confidential data (e.g., encryption keys), compromised integrity, and loss of privacy. The need for an authentication mechanism is not limited to logging in to computers. It is also needed to protect restricted physical spaces (e.g., datacenters) and secure software (e.g., e-commerce) applications.
Traditionally, authentication is only performed when the user initially interacts with the system. In these scenarios, the user faces a knowledge-based authentication challenge (e.g., a password inquiry), and the user is authenticated only if he offers the correct answer (e.g., the password).
Although one-time authentication has been the dominant authentication mechanism for decades, several issues spanning user inconvenience to security flaws have been investigated by researchers. For example, the user has to focus on several authentication steps when he tries to unlock a smart phone, which utilizes a password/pattern-based authentication method. This may lead to safety risks (e.g., distraction when the user is driving). A serious security flaw of one-time authentication is its inability to detect intruders after initial authentication has been performed. For example, an unauthorized user can access private resources of the initial user if he leaves his authenticated device to take a break, or forgets to log out.
The above concerns have led to investigations of continuous authentication mechanisms, which frequently monitor the user's interactions with the device even after the initial login to ensure that the initially-authenticated user is still the one using the device. Initial efforts in this direction were based on simple security policies that lock the user's device after a period of inactivity, and ask the user to re-enter the password. However, such schemes may be annoying and expose a window of vulnerability, leaving much room for improvement.