LightLock: user identification system using light intensity readings on smartphones

To read the full-text of this research, you can request a copy directly from the authors.


Sensor data on a user’s mobile device can often be used to identify the user for improving the security of smartphones in indoor environments. In this paper, we present a novel continuous user identification system called LightLock that collects light sensor data from a user’s smartphone and analyzes them to identify a specific user using a machine learning approach. We develop a multi-model system to extract four different feature vectors: (1) absolute time series (ATS); (2) auto-correlation function (ACF); (3) level crossing rate (LCR); and (4) peak readings detection (PRD). To show the feasibility of LightLock, we implemented an Android application and evaluated the performance of LightLock on the dataset collected during a period of 20 days. LightLock achieves over 98% accuracy in identifying a specific user. LightLock also provides an accurate and cost-less alternative solution to existing approaches that require explicit user-smartphone interaction or the high energy consumption of multiple sensors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Fig. 3c shown a person is recording the measurements of light intensity by the smartphone, where the phone is oriented horizontally. All high-end smartphones have a built-in light sensor that provides discrete readings of ambient light intensity [23]. Fig. 4 shows the problem of illumination changes that cannot be controlled in a realistic environment. ...
... Security concerns have grown with the increasing ubiquity of smartphone usage because a smartphone contains social media applications, personal files, and banking and business information. During use, a smartphone's built-in sensors, such as the touchscreen, accelerometer, gyroscope, microphone, camera, and light sensor, can be used to obtain identity information [3][4][5][6][7][8][9][10][11]. Continuous authentication is inconvenient in scenarios such as when the user's face is not in front of the camera [12]. ...
Full-text available
Most smartphone users prefer easy and convenient authentication without remembering complicated passwords or drawing intricate patterns. Preferably, after one-time authentication, there is no verification of the user's authenticity. Therefore, security and privacy against unauthorized users is a crucial research area. Behavioral authentication is an emerging security technique that is gaining attention for its uniqueness and transparency. In this paper, a behavior-based authentication system is built using swipe movements to continuously authenticate the user after one-time traditional authentication. The key feature is the selection of an optimal feature set for the swipe movement. Five machine learning classifiers are used, of which random forest is selected based on the best values of accuracy and F-measure. A real-time system is developed by shifting all of the computational power to a cloud server to overcome the smartphone's computational limitations. The system is tested on three smartphones, and it is found that a minimum of seven swipes is sufficient to check user authenticity. In our experiments , the proposed feature set performs better than a state-of-the-art feature set.
ResearchGate has not been able to resolve any references for this publication.