Download pdf - Leveraging Battery Usage from Mobile Devices for Active ...downloads.hindawi.com/journals/misy/2017/1367064.pdf · Leveraging Battery Usage from Mobile Devices for Active Authentication

Research ArticleLeveraging Battery Usage from Mobile Devices forActive Authentication

Jan Spooren Davy Preuveneers andWouter Joosen

imec-DistriNet Department of Computer Science KU Leuven Leuven Belgium

Correspondence should be addressed to Davy Preuveneers davypreuveneerscskuleuvenbe

Received 7 September 2016 Revised 16 January 2017 Accepted 14 February 2017 Published 12 March 2017

Academic Editor Daniele Riboni

Copyright copy 2017 Jan Spooren et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Active authentication is the practice of continuously verifying the identity of users based on their context interactions with asystem and information provided by that system In this paper we investigate if battery charge readings from mobile devices canbe used as an extra factor to improve active authentication We make use of a large data set of battery charge readings from realusers and construct two computationally inexpensive machine learning classifiers to predict if a user session is authentic the firstone only based on the battery charge at a certain time of day the second one predicts the authenticity of the user session when aprevious recent battery charge reading is available Our research shows that a simple two-figure battery charge value can make auseful albeit minor contribution to active authentication

1 Introduction

Mobile devices allow users to access online informationresources and services anywhere anytime and anyhow Acornerstone to secure access to these resources and services iseffective user authentication Several methods are available toauthenticate a user to a remote systemThemost well-knownusername and password authentication is still widely useddue to its low cost and ease of implementation However thisauthentication method exhibits some severe security threatssuch as password reuse on different services easily guess-able passwords leaking passwords or even entire passworddatabases leaking from badly implemented online systemsState-of-practice multifactor authentication [1] combinesinherence possession and knowledge factors that is some-thing the user is has and knows leveraging hardware tokenssmart cards or biometric devices [2] to strengthen authenti-cation but such solutions are often perceived as cumbersomeor too expensive to roll out to users

In this work we investigate to what extent informationprovided by mobile information systems themselves canbe leveraged as additional authentication factors to addresssome of the above security threats

The focus of our work is on multifactor authenticationwith the objective to offer user-friendly means of authenti-cation that is beyond typing passwords on small or inconve-nient user interfaces using the capabilities of amobile deviceThe goal is not an enhanced smart device locking featurethat would protect resources on the device itself althoughthis would also be feasible with the techniques presented inthis paper but rather having the ability with a mobile deviceto securely authenticate an individual against an online webapplication or service that is usually protected by an identityand access management system (such as ForgeRockrsquos Ope-nAM [3]) The challenges we aim to address are twofold (1)how can we first conveniently and reliably authenticate theidentity of a user and (2) how canwe then continuously assessthe confidence in the userrsquos identity during the applicationsession Indeed in the past decade we have observed a grow-ing interest in Active Authentication also known as Context-aware [4] Continuous [5] or Implicit [6] AuthenticationThese authentication systems try to use information about theuserrsquos context or the userrsquos behavior [7 8] within that contextto assess the likelihood of an authentic user session Theproliferation of mobile devices and the resulting abundanceof new sensors carried by users have fueled a renewed interest

HindawiMobile Information SystemsVolume 2017 Article ID 1367064 14 pageshttpsdoiorg10115520171367064

2 Mobile Information Systems

Authenticate

Username ampPassword

BatteryFingerprint

Network

Fingerprint Matching

Success

FailureForgeRock OpenAM

Step-up Authentication

SMS Email e-ID

Figure 1 Integrating battery-based fingerprinting for multifactor authentication in contemporary identity and access management systems

in the idea of being able to authenticate a user simply byher context and interactions with the device As depicted inFigure 1 the features provided by the mobile device are thencontinuously and seamlessly leveraged as additional authen-tication factors to validate (1) the userrsquos identity and (2) theuserrsquos session

One criticismof behavior-based authentication systems isthat similar to biometric authentication the authenticationmaterial cannot be revoked However in the event of com-promised behavioral data privacy requirements will typicallyallow the user to revoke the use of ldquobehaviometricsrdquo at theexpense of usability An alternative solution is to split thecomputation using cryptographic schemes such as securemultiparty computation [9] or homomorphic encryption[10] for privacy preservingmachine learning However froma practical point of view such solutionsmight be too resourcedemanding for the mobile client device and effectively jeop-ardize the effectiveness of using battery charge values as abehaviometric

A common approach to realize active authentication is toemploy a risk-basedmethodology [11 12] an existing authen-tication technology is used for initial authentication afterwhich the authenticated session is maintained as long as theconfidence in the authenticity of that session is high Thisresults in potentially long lasting sessions only when theconfidence in the session drops below a certain threshold theuser is asked to reauthenticateThe choice of the threshold forreauthentication allows balancing usability with security

To make predictions on a sessionrsquos authenticity suitablecontext features are selected as well as matching classifiersFeatures are measurable properties of the system and of theuserrsquos interaction with the system Classifiers are algorithmsthat map the input of one or more features to a predictioninto classes such as 119886119906119905ℎ119890119899119905119894119888 119888119900119898119901119903119900119898119894119904119890119889 typically aftertraining the classifier with real (historical) data Examplesof features that can be used for classification are location[6 13 14] other devices nearby application usage [13]telephone calls placed and received [6 14] websites browsed

and network traffic [15] stylometry [13] keystroke dynamics[16ndash19] ambient sound [20] and gait recognition [21 22]In active authentication typically one context feature and itsmatching classifier are not sufficient to reliably predict theauthenticity of a user session Instead multiple features andclassifiers are considered and their decision is fused to obtainacceptable error rates

In this paper we investigate if mobile device batterychargemeasurements can be used as a feature contributing topredictions for session authenticity To the best of our knowl-edge no one has studied the use of battery charge data as anovel information source for active authentication Batterycharge is an interesting information property since its valueis largely determined by the userrsquos use of the mobile deviceand therefore constitutes a user behavior fingerprint In thatsense behavioral authentication factors (or behaviometrics)are closely related to inherence or biometric factors Whereasthe latter are unique features that reflect the person you arethe former tries to distinguish a user based on something youdo

The advantage of using battery charge information asa behaviometric factor is that biometric factors such asfingerprints voice or iris patterns usually require additionalhardware While some mobile devices do have fingerprintscanners this feature is not yet ubiquitously available Addi-tionally fingerprint scanners are cumbersome to the end-userThey are impractical for continuous authentication andrather privacy sensitive as a user cannot retract his finger-prints in a way he can change his password if needed Usingbattery charge information as a behaviometric does not havethese drawbacks Furthermore it is a feature which can easilybe obtained Native apps can usually query this value andweb applications can obtain a mobile devicersquos battery chargewithout the userrsquos knowledge through the HTML5 draft Bat-tery Status API which (at the time of writing) is available inthe Chrome and FireFox browsers Battery charge is thereforea convenient feature to add to an active authentication systemthereby decreasing the overall error rate of such a system

Mobile Information Systems 3

To ascertain and validate the authenticity of the userrsquosdigital identity and session we investigate two novel binaryclassifiers based on battery charge measurements as a sourceof behavioral information

(1) User identity the first classifier is based onhistogramsused to estimate the probability for a given user todetect a particular battery charge at a particular timeof the day

(2) User session the second classifier is using a storedrecent battery charge measurement to assess the like-lihood of measuring a particular battery charge aftera certain time interval

These classifiers are both computationally and storage-wiseinexpensive and scale well for large numbers of usersWe alsoexplore the use of kernel density estimators as well as otherconventional machine learning algorithms which may clas-sify more accurately at the cost of being more computation-ally intensive compared to our histograms Fortunately thesetechniques and algorithms can be parallelised to run on sev-eralmachines if need beThis is a key advantagewhenever thedata and risk analysis must be carried out for multiple usersin parallel on the authentication platform rather than onthe mobile device Indeed only the authentication platform(on the server side) is able to analyze process and comparethe behavioral data of all its registered users and devices

To obtain battery charge data from real users we exploredexisting data sets such as Carat [23 24] and the data setcollected by the Device Analyzer Android App for large-scalemobile data collection [25] The usefulness of Carat for ourresearch turned out to be limited due to insufficient informa-tion about battery charge levels as well as lacking timestampsand unique identifiers per userWe carried out our evaluationon 28 days of battery charge measurements of 645 devicesfrom the Device Analyzer Dataset While it was possible forsome devices to tap into months of battery charge measure-ments we limit the period onwhichwe train the classificationalgorithms therefore allowing real-life implementation to usea sliding window approach to collecting training data Thisway our solution can handle changing user behavior withoutaffecting the user

From a practical point of view our solution only needs afew battery charge measurements to become useful When aparticular value is known at a given point in time our algo-rithms can ascertain the likelihood that a certain measure-ment is genuineminutes later during authentication by takinginto consideration the physical limitations on the maximumcharging and discharging rate of a mobile phone Once moremeasurements are collected the likelihood can be furthertuned tomatch the specific behavior of the user both in termsof obtaining a genuine measurement at any given time of theday and when a recent prior battery charge measurement isknown Depending on the mobile phone usage our solutiontypically needs to collect a few days of data before it becomeseffective

Last but not least we also evaluate possible securitythreatswith respect to using battery information as a behavio-metric for authentication purposes Indeed we must avoid

having awell-informed attacker being able to impersonate theuser by observing his behavior as well as even ascertain thepossibility of an attacker to reliably predict and subsequentlyspoof the battery charge at any moment in time without anyfurther information

The key contributions of this work are (1) two classifiersfor predicting identity and session authenticity based onbattery draining and charging behavior (2) the confirmationthat battery charge measurements can contribute to activeauthentication systems and (3) a practical integration into astate-of-practice identity and access management platform

We have integrated our solution in OpenAM (httpswwwforgerockcomplatformidentity-management) 13 acontemporary identity and access management system Ope-nAM offers device fingerprinting and matching capabilitiesusing client-side and server-side JavaScript technology Asshown in our previous work [26] the built-in fingerprintingcode is not well suited for mobile devices In this work weadapted the JavaScript code to call our service to processbattery data The additional benefit of this integration (illus-trated in Figure 1) is that OpenAM and our solution can beindependently scaled out

After reviewing related work in Section 2 we describeour approach to collecting real userrsquos data and building usableclassifiers in Section 3 In Section 4 we evaluate the proposedclassifiers and discuss the results of our experimental evalua-tion We formulate conclusions and topics for future work inSection 5

2 Related Work

Several studies have investigated the concept of ActiveAuthentication using various different sources of informa-tion like app usage [13] stylometry [13] keystroke dynamics[16ndash18 27 28] mouse movement [27] smart phone touchscreen dynamics [29ndash31] phone calls placed [6 14] GPSlocation [6 13 14] ambient sound [20] and so forthWe referto an extensive survey on behavioral biometrics [32] for adetailed comparison of accuracy rates when verifying userswith different behavioral biometric approaches

Traore et al [27] combined keystroke dynamics andmouse movement and showed that they can be used for risk-based authentication on a web page

To the best of our knowledge no one has studied the useof battery charge data as a behavioral information source foractive authentication Furthermore most studies are basedon information that must be harvested by a dedicated app onthe mobile device while (similarly to [27 33]) our work canalso be used (through the HTML5 draft Battery Status API)by web services without requiring any dedicated monitoringsoftware on the mobile device

One can construct a more accurate classifier and improvethe confidence in a particular user session by fusing the out-put of different features and their individual classifiers Frid-man et al [13] studied the combination of several differentbehavioral context elements selecting suitable classifiers foreach of them and combining their decision outputs usingChair and Varshneyrsquos [34] Optimal Fusion Rule to combinethe decisions of multiple detectors [1] minimizing the overall


error probability [35] Bailey et al [36] used Ensemble BasedDecision Level (EBDL) fusion to combine classifiers for key-board mouse and GUI interaction features and concludedthat EBDL fusion significantly outperformed each individualmodality as well as feature fusion

Preuveneers and Joosen [37] presented a contextualauthentication framework built upon an existing identity andaccess management platform (OpenAM 11) They used IPaddress range geolocation time of access and a numberof user agent fingerprints (language color depth screenresolution etc)

In a paper by Olejnik et al [38] battery capacity is usedto fingerprint mobile devices However the focus of thisresearch was not on battery usage as a behavior fingerprintbut on battery capacity as a device fingerprint which isnot suitable for authentication purposes (since it can easilybe obtained and then replayed by an adversary to falselyimpersonate a user) as illustrated in our previous work [26]on the use of device and browser fingerprints [39] for authen-ticationWe also believe that web browser manufacturers caneasily modify the estimated device capacity to be less uniquewithout affecting usefulness of the Battery Status API whilethis is much less likely for the battery charge percentagewhich we use in this work

Our work goes beyond the state of the art by researchingthe applicability of battery charge information as a (weak)behaviometric both as a means for authenticating the userrsquosidentity and as a continuous assessment of the confidence ofa userrsquos identity during the application sessionThe advantageof our proposal is that relevant information is readily availableand accessible even within a browser context by tappinginto the HTML 5 Battery Status API Compared to therelated work this behaviometric does not require any explicituser interaction and is therefore much more convenient toleverage

3 Methodology

The goal of this work is to investigate the usefulness of bat-tery charge information for active authentication A typicalscenario might be that of a user who consults a website usingher mobile phone (also see Figure 1) As part of the authen-tication mechanism the website can request the currentbattery charge level from themobile device using theHTML5draft Battery Status API This information (merged withseveral other authentication elements) can then be used bythe website to verify the authenticity of the user

The approach to establishing the userrsquos identity can betwofold Firstly the website can use a classifier that uses thebattery charge at a certain time of the day as a feature topredict if this is the expected user Secondly if another batterycharge reading was recently collected by the same websitethen a different classifier can be built predicting the likeli-hood of the user session to be authentic Clearly a mobiledevice that was reporting a battery charge of 20 is veryunlikely to be reporting 95 battery charge only 20 minuteslater By keeping track of how battery charges are distributedthroughout the day we can ascertain not only whether a par-ticular battery charge is likely or not for a particular user or

device but also if that measurement is probable or even tech-nically feasible given a previous battery charge measurementfor that same device

We call the first classifier based on the battery charge ata certain time of the day the User Verification Classifier It ispresented in Section 32 The second classifier which uses abattery charge and another recently collected battery chargefrom the same device 119905 minutes earlier is called the UserSession Classifier and is presented in Section 33

The overall methodology of our active authenticationsolution is as followsThe enrollment of new users starts withan on-boarding phase in which the user registers his mobiledevice to the authentication platform In our solution webuild on top of ForgeRockrsquos OpenAM authentication plat-form (see Figure 1) This way both users and mobile deviceshave a unique identity Using its push authentication mech-anism the OpenAM platform can interact with the mobiledevice in the background to collect any behavioral informa-tion including battery charge information An alternative isto have amobile application continuously collect and forwardbehavioral data to the OpenAM authentication platform

By leveraging statistical features in the collected data andmachine learning techniques we build a profile for eachuser and his mobile device that characterizes the formerrsquosinteraction behavior by tapping into the battery consumptionof themobile deviceThis profile is continuously updated andsignificant deviations from this profile may indicate that thedevice (or the person using the device) is not genuine

31 Battery Charge Data Acquisition To study the feasibilityof using device battery data for authentication purposesactual battery data is needed from mobile devices used byreal users Several methods are available to collect this batterydata it can be obtained by a native application on the mobileor by adding JavaScript code to web pages of an existing fre-quently usedweb serviceUsing theHTML5draftBattery Sta-tus API a devicersquos battery charge can be queried and recordedfor all users visiting the web pages Contrary to a native appli-cation on the mobile the web page will not be able continu-ously collect battery information at runtime as it only oper-ates from within a browser context whenever the user visitsthe instrumented web page While the training phase needssufficient data to build an accurate model to avoid bias in themeasurements as well as a lack of information in particularcircumstances we only need occasional samples during thetesting phase to analyze the confidence in the userrsquos identitymaking the HTML5 Battery Status API a perfect candidatefor a practical realization in a concrete online application

For training purposes a dedicated device monitoring appcan be installed which will record the devicersquos battery chargewith regular intervals We opted for the latter solution andmade use of theDeviceAnalyzer data set whichwas collectedby the University of Cambridge [25] It contains over 100billion records of Android smartphone and tablet usage fromover 20000 devices across the globe (httpdeviceanalyzerclcamacuk) collected from volunteers who installed anAndroid app which gives them insights in their own usage


data in return We filtered a subset of this data based on thefollowing criteria

(i) A device has at least 28 consecutive days of batterycharge measurements

(ii) These measurements are collected in intervals of lessthan 15 minutes

In total 645 mobile devices were retained of which we usedthe last 28 days of battery data recorded

32 User Verification Classifier Histogram-Based Classifica-tion on Battery Data In this first classifier we will try to usesolely the reported battery charge at a particular time of theday to predict if a user session is authentic

For each user we construct a classifier for classification ofthe battery charge 119862 at time 119905 into two classes the first class(1198671) is trained on the battery chargemeasurements andmea-surement times for the valid user and the second class (1198670) istrained on the charge measurements andmeasurement timesof all users

As a simple binary classifier we determine the maximumlikelihood of finding charge 119862 at time 119905 (as a minute-of-the-day offset) for the valid user or for the average user

119867lowast = 119867119894 | argmax119894isin01

119875 (119862119905 | 119867119894) (1)

Differently put we estimate the user session of user 119906 tobe valid when the probability 119875119906(119862119905) for this user of findingbattery charge119862 at time 119905 is higher than the probability 119875(119862119905)of finding battery charge 119862 at time 119905 for the average user

To estimate these probabilities we create a battery his-togram matrix 119861119906119894119895 for each user 119906 Each measurement 119898 =(119898119862 119898119905) in the collection of measurements 119872119906 for user 119906is tallied into a 101 times 1440 matrix providing 101 chargeslots (for charges recorded from 0 100 in one percentincrements in one dimension and 1440 minute per day slotsfor the other dimension)

119861119906119894119895 = sum119898isin119872119906

120575119894119898119862120575119895119898119905 (2)

where 119898119905 is the time of the measurement represented inminutes since midnight and 120575119894119895 is the Kronecker delta

Then we normalize each of the columns as follows

119861119906119894119895 =119861119906119894119895

sum119896 119861119906119896119895 (3)

For each column (corresponding to minute-of-the-day 119895)the sum of the elements for all possible charges now equalssum119894 119861119906

119894119895 = 1 and the matrix element 119861119906119894119895 of the normalizedbattery histogram matrix therefore contains an estimation ofthe probability of finding a charge 119894 at minute-of-the-day 119895for user 119906 based on past measurements

We can write the estimated probability of finding a charge119862 at time 119905 as follows

119875119906 (119862 | 119905) = 119861119906119862119905 (4)

A graphical representation of the probability densities pro-vided by the normalized battery histogram is shown inFigure 2(a) The red cells indicate high probability and theblue and purple cells indicate low probability for finding aparticular battery charge at a particular time slot

Each of the columns in the grids of Figure 2 represents ahistogram for one particular one minute time slot

To estimate the probability for the invalid class we createa normalized global battery histogram for all of the users inthe system

119861119894119895 =sum119906sum119898isin119872119906 120575119894119898119862120575119895119898119905

sum119906sum119896 119861119906119896119895 (5)

The normalized global battery histogram for our mea-surement data is shown in Figure 3

33 User Session Classifier Histogram-Based Classification onBattery Data with Known Prior Battery Charges Similar tothe first classifier this second classifier too uses histogramsto calculate the probability of a userrsquos mobile device having aspecific battery charge percentage at a certain time It differsfrom the one proposed in Section 32 in that it establishesthe probability of measuring a specific battery charge readinggiven another prior and recent battery charge measurement

Let 119875119906(119862 | 1198621015840119905) be the probability of measuring a batterycharge 119862 for user 119906 119905minutes after a previous battery charge1198621015840 was recordedThis probability is interesting because it canbe used to detect hijacked user sessions Battery charge is acontinuously evolving property and both the physical prop-erties of the device and the typical usage patterns of the userdictate boundarieswithinwhich the battery charge can evolveduring a certain time span Battery charge readings outside ofthese boundaries can be an indication of a compromised usersession We can estimate the probability 119875119906(119862 | 1198621015840119905) by usingpast battery charge measurements

Let 119880 be the collection of users and119872119906 the collection ofbattery measurement samples for user 119906 isin 119880 Each 119898 isin 119872119906is a (battery charge time) tuple119898 = (119898119862 119898119905) For each user119906 timespan 119905 isin 5 10 15 20 140 and initial charge 1198621015840we can now create a

1198631199061198621015840

119862119905 = sum119898isin119872119906

sum1198981015840isin119872119906

1205751198621015840 1198981015840119862

120575119905(119898119905minus1198981015840119905)120575119862119898119862 (6)

and normalize1198631199061198621015840

119862119905 as follows

1198631199061198621015840

119862119905 =119863119906119862

1015840

119862119905

sum1198621015840isin01001198631199061198621015840

1198621015840 119905

(7)

such that

sum119862isin0100

1198631199061198621015840

119862119905 = 1

forall119906 isin 119880 1198621015840 isin 0 100 119905 isin 0 5 10 140

(8)

1198631199061198621015840

119862119905 can now be regarded as an estimation based on pastmeasurements of the probability119875119906(119862 | 1198621015840119905) to detect a battery


Charge probability histogram (sd = 00)device = 072c8304e71634b1a7ddf4be4eb3316c7608eab5

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

10

09

08

07

06

05

04

03

02

01

00

(a)


0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

000

005

010

015

020

025

030

035

040

045

(b)


0000

0015

0030

0045

0060

0075

0090

0105

0120

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

(c)

Figure 2 Graphical representation of normalized battery histograms (a) without Gaussian smoothing applied and (b and c) with Gaussiansmoothing applied with respectively 120590 = 10 and 120590 = 50

charge 119862 and a timespan 119905 after having detected an earlierbattery charge 1198621015840

The approach is illustrated in Figure 4 which shows theprobability distribution 1198631199067011986260 for user 119906 for measuring aparticular battery charge 119862 60 minutes after a battery chargeof 70 was measured In this case the figure indicates thatthe highest probability is at 66 Clearly for this user theaverage battery discharge is around 4per hourHowever wecan also see past records of the battery charge having droppeddown to 48 presumably when the user had been using themobile device heavily Towards the other side of the chargeaxis we can see recorded charges up to 94 indicating thatthe maximum charging speed for this device is 24h

Figure 5 shows the probability distribution 11986311990670119862119905 for thesame user 119906 for measuring a particular battery charge 119862 119905minutes after a battery charge of 70 was measured

Using the calculated probability estimations we can nowcreate a binary classifier by choosing a threshold probability120579 The classifier will predict a valid user session when119875119906(119862 | 1198621015840119905) asymp 119863119906119862

1015840

119862119905 ge 120579 and an invalid user session when

119875119906(119862 | 1198621015840119905) asymp 1198631199061198621015840

119862119905 lt 120579

34 Threat Model and Attack Vectors The use of batterycharge measurements as an additional source of informationfor multifactor authentication assumes that it is not trivial for


Global probability histogram (sd = 10)

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054

Figure 3 Graphical representation of the normalized global batteryhistogram (Gaussian smoothing 120590 = 1 applied)

Charge probability 60 minutes after charge was 70

000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()

Figure 4 Battery charge probability distribution for one of thedevices 60 minutes after an initial battery charge of 70 was seen

a malicious adversary to guess and spoof the battery chargefor a particular device on a given time of the day

In this work we assume that the adversary is able tocollect data from different devices to compute likely valuesthroughout the day possibly by relying on data sets we havealso used for our experiments This means he is able tocompute the probability distribution of battery charges foranyminute of the day (as in Figure 3) and can try to spoof theauthentication system by using the most likely battery chargevalue To evaluate the effectiveness of the proposed schemewe evaluate the impact of two different types of attacks

(i) Zero-effort attack the adversary is simply anothersubject in the database that acts as a casual impostor

(ii) Nonzero effort attack the adversary actively masquer-ades as someone else by spoofing the battery chargeof the claimed identity

In the zero-effort attack we use the data of the othersubjects as negative examples for a given user to get insightsinto the probability of accidentally authenticating on anotherdevice For the nonzero effort attack we assume the adversaryimplements a nonpersonalized attack vector that requiresminimal effort to spoof the batterymeasure In the latter casewe distinguish between two scenarios (1) the adversary hasno information from the targetrsquos device but just a nonper-sonal probability distribution of battery charges and (2) theadversary can exploit previous battery charge information

4 Evaluation

An important tool for assessing the value of a feature and acorresponding classifier for active authentication is metricsthat describe the effectiveness of the classifier

(i) False acceptance rate (FAR) the ratio of the numberof classifications where a nonauthentic user is falselyaccepted as authentic by the classifier over the totalnumber of classifications performed

(ii) False rejection rate (FRR) the ratio of the numberof classifications where an authentic user is falselyrejected by the classifier over the total number ofclassifications performed

(iii) Equal error rate (ERR) in many cases a classifierrsquosFAR can be decreased by modifying the classifier tobe more selective at the cost of an increasing FRRand vice versaThis typically allows balancing security(requiring a low FAR) with usability (requiring a lowFRR) The point where the classifier is tuned to havea FAR which is equal in value to the FRR is called theEqual Error Rate

41 Evaluation of the User Verification Classifier

Calculating FAR and FRR We used the described classifica-tion method to make predictions on the validity of a usersession purely based on battery charge and time of dayFor calculating the False Rejection Rate we used a 4-foldcross-validation strategy on a per-week basis One week wasexcluded from the training data and set aside to be used fortesting the built model therefore ensuring the training datais not used to validate the built model We then repeated thetest threemore times each time excluding another week fromthe training data and using it to test the model

Since the (119898119862 119898119905) samples are time series excludingrandom samples in a typical stratified 119896-fold cross-validationstrategy would lead to overly optimistic results since thosetesting samples can easily be fitted in the corresponding gapsin the training data This is why we chose to exclude largecontiguous blocks from the training data opting for 4-foldcross-validation (resulting in blocks of one week) rather thanthe standard 10-fold cross-validation


Prob

abili

ty

0 20 40 60 80 100

Time after measurement

(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging

Initial charge of 70

Charging

000005010015020025030035040045

Figure 5 Battery charge probability distribution for one of the tracked devices in the time after an initial battery charge of 70 was seen

Table 1 Results of battery histogram classification

Mean stdevFAR 0044 0025FRR 0938 0039

To calculate the False Acceptance Rate all measurementsavailable from all other users were fed to a userrsquos classifierto verify if they were falsely accepted as authentic Whilethe userrsquos classifier does include measurements from all otherusers due to the use of the of the normalized global batteryhistogram (as shown in (5)) we believe that thiswill have littleeffect on the accuracy of the results since the global batteryhistogram is an average over 645 different users

The results are provided in Table 1The results listed in Table 1 look far from usefulThe False

Acceptance Rate is excellent but clearly the False RejectionRate is abominable Looking closer at Figure 2(a) reveals thatsince the matrices we are using are very fine-grained andsince only 21 days of training data are used the matrices donot really indicate a probability rather they merely contain apast record of observed samples To create useful probabilityestimations we can use Kernel Density Estimation with asuitable bandwidth to estimate underlying probabilities asillustrated in Figure 6 where a Gaussian kernel was used anda bandwidth of 50

However since the collected samples are already dis-cretized in percentage charge and minute of the day usinga Gaussian smoothing algorithm on the battery histogramswill achieve a very similar result at a performance cost whichis orders of magnitude lower Instead of a Kernel DensityEstimation bandwidth we can fine tune the classifier usingthe Gaussian blurring standard deviation for certain applica-tions one might be interested in decreasing the FRR (therebyincreasing the usability) at the cost of an increasing FAR(thereby sacrificing security) or vice versa Applying Gaus-sian smoothing with different standard deviations for theGaussian kernel to the battery histograms can achieve exactlythis where we use a standard deviation in the time dimen-sion which is 144 times larger than the standard deviation

000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

Kernel Density Estimationdevice = 072c8304e71634b1a7ddf4be4eb3316c7608eab5

Figure 6 Using Kernel Density Estimation to build a chargetimeprobability model for the device that was shown in Figure 2

used in the charge dimension to compensate for the fact thatthe probability matrices are 144 times more fine-grained inthe time dimension than the charge dimension For simplicityof notation in the remainder of this work we refer to thestandard deviation of the charge dimension the standarddeviation in the time dimension should bemultiplied by 144A graphical representation of the effect of the Gaussianfilter on the battery charge histograms can be observed inFigures 2(b) and 2(c) where Gaussian kernel standard devi-ations of 10 and 50 were used The results of this approachon the classification errors are listed in Table 2 and plotted inFigure 7

Using linear interpolation on the FARFRR curvebetween standard deviation 14 and 3 yields an Equal ErrorRate of 0413


Table 2 Results of battery histogram classification with a givenGaussian Smoothing filter

Smoothing level FFR FARMean stdev Mean stdev

10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050

Histograms classifier FAR versus FRR for different Gaussian smoothing standard deviations

1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR

Figure 7 False Acceptance versus False Rejection Rates for differentsmoothing levels on the user models (indicated in the data labels)FAR was calculated by feeding 5 random (time charge) samplesfrom every known user to the classifier

Attacker Model Earlier in this section we calculated theFAR by feeding the (charge time) measurements from allother users into the proposed first classifier and recordingthe number of times the classifier wrongly predicted that thiscould be the user we are evaluatingThe results of this lookedmodest but still useful with an EER of 4126 taking intoaccount the fact that it was achieved only using a 2-figurebattery charge measurement However this approach did notassume an attacker who deliberately tries to circumvent theactive authentication systemA clever attackerwill investigatewhich is the most likely battery charge to present to theauthentication system at any given time We can assume thatthe attacker will not have access to the detailed per-user

Histograms classifier FAR versus FRR

FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

Figure 8 False Acceptance versus False Rejection Rates for differentsmoothing levels on the user models FAR was calculated using fourdifferent attack models (i) using 5 random (time charge) samplesfrom every known user (blue line) (ii) using the global probabilityestimation to find the most likely charge value at each time of theday (green line) (iii) the adversary always reporting 100 batterycharge (yellow line) and (iv) using 2500 random samples of otherusers having the same mobile device model (orange line)

charge probability histograms however the NormalizedGlobal Battery ChargeHistogram119861 can be regarded as publicknowledge It could be used by an attacker to determine themost likely battery charge for the average user at any giventime of the day Another likely value to be used by an attackerwould be the 100 charge value since this is especially in themorning a very likely battery charge

Repeating our analysis where instead of feeding mea-surements from different users into the classifier we presentthe most likely battery charge and repeating one moretime presenting invariably the 100 battery charge results indifferent FARFRR values as shown in Figure 8

We observe that in the classifier range with FRR between038 and 044 (smoothing standard deviations between 14and 35) these targeted attacks on the classifier do notperform better than a random sample choice Our hypothesisis that since the classifier is based on the difference betweenthe userrsquos past charge history and the average userrsquos pastcharge history it works particularly well for distinguishingaverage charge data from the target userrsquos charge data

Finally one last attacker model was interesting to con-sider one of the core assumptions of this work is that thebattery charge constitutes both a device fingerprint and auser behavior fingerprint To investigate how large the impactof the device was on the classifier we calculated the FalseAcceptance Rate by picking 2500 random samples fromother users who used an identical model of mobile device (inthis FAR calculation sincewe compare to other userswith thesame devicemodel we dropped the data fromdevicesmodelsthat were used only by a single user therefore the data


Table 3 Mean and standard deviation of metrics for different classification algorithms in a zero-effort attack scenario

Algorithm Accuracy Precision Recall F1 FAR FRRMean stdev Mean stdev Mean stdev Mean stdev Mean stdev Mean stdev

LR 0569 0079 0559 0073 0591 0159 0570 0107 0453 0087 0408 0159DT 0616 0074 0601 0064 0688 0159 0634 0095 0455 0121 0311 0159RF 0625 0075 0610 0064 0684 0157 0638 0097 0434 0103 0315 0157GBT 0627 0079 0616 0068 0661 0150 0633 0101 0405 0085 0338 0150NB 0523 0030 0522 0030 0523 0052 0522 0040 0477 0025 0476 0052MLP 0556 0060 0556 0056 0587 0261 0538 0150 0474 0237 0412 0261KNN 0611 0069 0598 0056 0657 0117 0624 0081 0434 0053 0342 0117

of 533 devices (of the total of 645 devices) was used for thisFAR calculation) As can be observed in the orange dataplot of Figure 8 the FAR rate becomes slightly higher withan average increase of 0013 indicating that although theclassifier appears to be measuring mostly a user behaviorfingerprint there is indeed a very small effect of the devicefingerprint present in the classifier

42 Comparison with Conventional ML Classification Algo-rithms In this section we investigate the feasibility of con-ventional machine learning algorithms to classify batterycharges as either genuine or not For each of the 645 deviceswe create a separate model that we train on genuine data ofone device and attacker data For the latter we implement thetwo attack vectors that is the zero-effort attack by relyingon data from other subjects and the nonzero effort attack byattacking with likely battery values

In Table 3 we list the aggregated results of the followingclassification algorithms that is logistic regression (LR)decision trees (DT) random forest (RF) gradient boostedtrees (GBT) naive Bayes (NB) multilayer perceptron (MLP)and 119896-nearest neighbors (KNN) The data sets that havebeen used for testing and training are based on 7200 batterycharge measurements of a genuine device and 7200 batterycharge measurements of an attacker (random samples ofother users) For the training data we take 70 of the samplesin the dataset and 30 for the test set The split is notrandom but in time which means that the test samples havebeen collected after the training samples The motivationfor taking equal amount of genuine device and attackersamples is that imbalanced training and test datasets wouldseverely affect the classification accuracy of some machinelearning algorithms (eg KNN would favor those classeswith many more samples) For each of the 645 devices weconstructed the corresponding datasets and computed theAccuracy Precision Recall F1 False Acceptance Rate andFalse Rejection Rate classification metrics Table 3 providesan overview of the mean and standard deviation of thesemetrics showing that the gradient boosted trees classificationalgorithm gets the best results in terms of accuracy The FARis around 0405 which means it is about 10 better comparedto random choice where 50 of test samples would be falselyaccepted

In Table 4 we show the results of a nonzero free effortattack where the adversary tries to spoof the battery charge

Table 4 Mean and standard deviation of metrics for differentclassification algorithms in two nonzero effort attack scenarios (1)the most likely battery charge and (2) a 100 full battery charge

Algorithm FAR (most likely) FAR (100)Mean stdev Mean stdev

LR 0406 0333 0488 0484DT 0462 0269 0368 0304RF 0440 0274 0351 0293GBT 0406 0244 0338 0282NB 0482 0054 0465 0182MLP 0472 0285 0465 0364KNN 0471 0207 0397 0241

by either (1) selecting the most likely battery charge valuebased on previously collected information from many usersor (2) simply using a full battery charge level Based on theprevious histograms one could conclude that using a 100battery charge level would be a good guess but as the tableshows several classifiers can reject these false attempts

Also worth noting is that there is a slight difference in thestandard deviation of the above metrics In case of a largestandard deviation it means that some targets are easier tospoof than others As such one could use these estimatesas a personal risk indicator whether a battery charge is agood parameter to use for multifactor authentication on anindividual basis

From a performance point of view some of the aboveconventional machine learning algorithms might classifybetter but at a significant cost of performance and mem-ory consumption (at least an order of magnitude highercompared to our histogram-based approach) which wouldmake these techniques less feasible for implementation anddeployment on an identity and access management platformthat must handle thousands of users concurrently

43 Evaluation of the User Session Classifier

Calculating FAR and FRRThe second classifier was evaluatedby creating probability histograms per user per amount oftime passed since a previously recorded battery charge (witha resolution of 5min) The histograms record the probabilityof recording a battery charge119862 given an earlier battery chargereading 1198621015840 received 119905minutes earlier


User Session Classifier per user classifier 120579 = 0008

FRRFAR most likelyFAR 100

FAR RndFAR Model

Time last charge recorded (minutes)

0

01

02

03

04

05

Prob

abili

ty

140120100806040200

Figure 9 FAR and FRR rates for the User Session for differentelapsed time periods since last known battery charge Chosenthreshold 120579 = 0008

To calculate the False Rejection Rate we again use a 4-fold cross-validation approach per measurement day leavingout a week of data when training the model and then makingpredictions for the week left out of the training data tallyingthe false predictions for valid user data and then repeating3 more times with different week folds and averaging theobtained FRR

To calculate the False Acceptance Rate we adopted theattacker model introduced in Section 41 The FAR is againcalculated in four different ways

(i) Using random samples(ii) Using themost likely battery charge value for the time

of the day as predicted by the Global Battery ChargeHistogram 119861

(iii) Using consistently 100 battery charge(iv) Using battery chargemeasurements taken at the same

time of day by a device identical to that of the user wetry to impersonate

The FAR and FRR rates were calculated for different timeperiods since the user was last seen The results are shownin Figure 9 Similarly to the fact that 120590 can be used in theUser Verification Classifier to tune the FARFRR ratio theUser Session Classifier FARFRR ratio can be fine-tuned byselecting different threshold values 120579 allowing usability tobe balanced by security or allowing better fine tuning inan Active Authenticationrsquos fusion algorithm that combinesdifferent classifiers

As expected the error rates gradually increase as timegoes by Past battery measurements which are 60 minutesstale can be used for predicting session authenticity with aFRR of 0273 and a worst-case FAR (the attacker providingthe most likely charge for the time of the day) of 0332 whichis significantly better than a random guess and therefore

User Session Classifier global classifier 120579 = 0012



FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200

Figure 10 FAR and FRR rates for User Session Classifier whenusing the average probability histograms for different elapsed timeperiods since last known battery charge Chosen threshold 120579 =0012

suitable as a component for active authentication A pastbattery charge measurement that is 120 minutes old will yielda FRR of 0428 and a worst-case FAR of 0392 which is at thelimit of its usefulness for active authentication

To obtain these results we have collected the trainingmaterial by monitoring the participantsrsquo mobile devicesbattery charge for 28 days at regular time intervals (at leastevery 15 minutes) This is a scenario that cannot be usedfor instance by a website where users are not continuouslyconnected In such an application training the classifier tolearn the charge and discharge behavior for each individualuser may not be realisticTherefore we investigated how wellthe classification would work when using a single classifiertrained on all user data instead of a unique classifier per userThe results are shown in Figure 10

The error rates are slightly higher than when trainingfor individual users but still useful With a past batterymeasurement that is 60 minutes old the FRR is 0292 andthe worst-case FAR (when the attacker reports 100 batterycharge) is 0406 Measurements older than 80 minutes have aFAR above 050 and can be considered beyond usefulness foractive authentication

Since no individual user training is required this option isrealistically usable for active authentication for instance forwebsites to detect session hijacking (sessions can be hijackedin several ways eg by predictable session tokens cross-sitescripting attacks and malicious JavaScript code) As long asthe user requests web pages with intervals no longer than60 minutes a compromised session could be detected Manyweb sites have a policy to expire sessions after a certaintimeout period which is often less than 60 minutes

Interestingly for both versions of the User Session Clas-sifier the FAR when calculated with charge samples fromidentical devices follows closely but is slightly lower than the


FAR calculated with the most likely battery value for the timeof the day This might be explained by the fact that the mostlikely battery charge is calculated overmanymore devices andtherefore represents a better probability estimation than thesamples from identical devices only

44 Discussion The concept of active authentication is basedon fusing different sensor inputs together thereby reducingthe total error rate to acceptable levels both from a usabilitypoint of view (implying a low FRR) and a security point ofview (requiring a low FAR) In this paper we have studied ifbattery charge can be used as one of these sensors Clearly thelog2(100) = 66 bits of entropy provided by a 2-figure batterycharge reading can impossibly uniquely identify a userhowever combined with other inputs battery charge maybe a useful component of an active authentication systemespecially for building a confidence score for estimatingsession authenticity

The first proposed classifier showed an Equal Error Rateof 413This is 87 better than a random guess and impliesit couldmake a small contribution to an active authenticationsystemThe fact that the FalseAcceptance and False RejectionRates can be tuned is an additional interesting property

The second classifier is trained on past data creating aseries of battery charge probability histograms These his-tograms present the probability of finding a particular chargea certain time after a certain earlier charge was observedThisis a very suitable technique to detect anomalies introduced forinstance by user impersonation or session hijacking wherethe adversary does not know the current battery charge ofthe user Stored in binary format 240000 bytes would besufficient to store this data (assuming 1 byte per charge bucket100 times 100 charge buckets per histogram for 24 time periods)A classification requires a simple table lookup for the threedimensions (119862 1198621015840 119905) and comparison to a predeterminedthreshold 120579 This implies that this system is practicallyimplementable in authentication systems in terms of bothperformance and data storage required

Building the histogram tables with past measurements isstraightforward Although (6) suggests a119874(1198992) effort with thesize of the measurement data in fact for each examined timeperiod (in our case 24) the collection of measurements isiterated oncemaking it an119874(119899) effort Itmay not be practicalhowever to build per-user histogram tables sincemanymea-surements are required to build accurate histogram tablesHowever our analysis in Section 43 showed that the classifierstill performs well when histogram tables are constructed forclasses of users Therefore these tables need not be con-structed by the service providing active authentication ser-vices but can be harvested from independent research

5 Conclusions

In this work we investigated the use of battery informationfrom mobile devices for multifactor authentication with theobjective to offer user-friendly means of continuous or activeauthentication against an online service or application Bat-tery charge is an interesting mobile information property as

its value is largely determined by the userrsquos use of the mobiledevice and therefore constitutes a behavioral fingerprintthat characterizes the user in an implicit way Furthermoreharvesting such battery charge data on web pages is simplethrough the HTML5 draft Battery Status API

While other behaviometrics have been proposed in theliterature for authentication purposes the novelty of thiswork is the use of battery charge and discharge behavior as anew metric The objective was to quantify the added value ofbattery information on its own and to evaluate the resilienceof this behaviometric against zero-effort and nonzero effortattack vectors

We proposed a first binary classifier for determining auserrsquos authenticity solely based on battery charge and time ofdayThis classifier characterizes the likelihood of a given bat-tery charge for that particular user (or device)With an EqualError Rate of 413 (compared to 50 for random guessingwhether the user is authentic or not) we believe the classifiercan bring a small contribution to active authenticationIndeed as a two-digit battery charge measurement does notcarry much information in practice it would be combinedwith other parameters to further strengthen continuous mul-tifactor authentication Compared to conventional machinelearning algorithms our classification method performs bet-ter or has comparable results but at a computationally lowercost that makes the proposed technique more feasible fordeployment on a large scale where the behavior of mul-tiple users must be analyzed concurrently An additionaladvantage is that the classifierrsquos False Rejection Rate andFalse Acceptance Rate can be tuned to balance security withusability or to meet the requirements of the decision fusionsystem typically implemented in an active authenticationsystem

We also proposed a complementary second binary clas-sifier used to determine session authenticity when a recentpast battery measurement is available We investigated theevolution of the False Acceptance Rate and False RejectionRatewith the age of the previousmeasurement and concludedthat previous battery measurements of up to 2 hours old cancontribute to active authentication We also evaluated theclassifier when trained on all user data eliminating the needto train classifiers for each individual user concluding thatmeasurements of up to 1 hour old can still contribute to activeauthentication

The complementary nature of these binary classifiersmeans that they each are able to find different types of anoma-lies in battery charge measurements depending on the datathat is available on the subjectWhile both candetect spoofingattacks in different ways the second technique performsbetter when an attacker is not able to directly collect batterycharge measurements from the mobile device of the targetedsubject and when the authentication system has recentlycollected genuine measurements

In future work we will combine battery charge withadditional authentication features to further validate thefeasibility of active authentication on other battery-powereddevices


Conflicts of Interest

The authors declare that they have no conflicts of interest

Disclosure

Please note that the University of Cambridge ComputerLaboratory does not bear any responsibility for this analysisor the interpretation of the Device Analyzer Dataset or datatherein

Acknowledgments

This research is partially funded by the Research Fund KULeuvenThe authors wish to thank the Device Analyzer teamof the University of Cambridge and Alastair Beresford inparticular for making the Device Analyzer Dataset available

References

[1] D Dasgupta A Roy and A Nag ldquoToward the design of adap-tive selection strategies for multi-factor authenticationrdquo Com-puters amp Security vol 63 pp 85ndash116 2016

[2] C Militello V Conti F Sorbello and S Vitabile ldquoA fast fusiontechnique for finger-print and iris spatial descriptors in multi-modal biometric systemsrdquo Computer Systems Science and Engi-neering vol 29 no 3 pp 205ndash217 2014

[3] T Heyman D Preuveneers andW Joosen ldquoScalability analysisof the OpenAM access control system with the universal scala-bility lawrdquo in Proceedings of the 2nd International Conference onFuture Internet of Things and Cloud (FiCloud rsquo14) pp 505ndash512Barcelona Spain August 2014

[4] E Hayashi S Das S Amini J Hong and I Oakley ldquoCASAcontext-aware scalable authenticationrdquo in Proceedings of the 9thSymposium on Usable Privacy and Security (SOUPS rsquo13) pp 31ndash310 ACM Newcastle UK July 2013

[5] S J Shepherd ldquoContinuous authentication by analysis of key-board typing characteristicsrdquo in Proceedings of the EuropeanConvention on Security and Detection pp 111ndash114 May 1995

[6] E Shi Y Niu M Jakobsson and R Chow ldquoImplicit authenti-cation through learning user behaviorrdquo inProceedings of the 13thInternational Conference on Information Security (ISC rsquo10) pp99ndash113 Springer Berlin Germany 2011 httpdlacmorgcita-tioncfmid=19493171949329

[7] R Crossler A Johnston P Lowry Q Hu MWarkentin and RBaskerville ldquoFuture directions for behavioral information secu-rity researchrdquo Computers and Security vol 32 pp 90ndash101 2013

[8] H G Kayacik M Just L Baillie D Aspinall and N MicallefldquoData driven authentication on the effectiveness of user behav-iour modelling with mobile device sensorsrdquo httpsarxivorgabs14107743

[9] Y Lindell and B Pinkas ldquoSecure multiparty computationfor privacy-preserving data miningrdquo IACR Cryptology ePrintArchive 2008197 2008 httpeprintiacrorg2008197

[10] D Mittal D Kaur and A Aggarwal ldquoSecure data mining incloud using homomorphic encryptionrdquo in Proceedings of theIEEE International Conference on Cloud Computing in EmergingMarkets (CCEM rsquo14) pp 1ndash7 IEEE Bangalore India October2014

[11] M Jakobsson E Shi P Golle and R Chow ldquoImplicit authen-tication for mobile devicesrdquo in Proceedings of the 4th USENIX

Conference on Hot Topics in Security (HotSec rsquo09) p 9 USENIXAssociation Berkeley Calif USA 2009 httpdlacmorgcita-tioncfmid=18556281855637

[12] O Riva C Qin K Strauss and D Lymberopoulos ldquoProgres-sive authentication deciding when to authenticate on mobilephonesrdquo in Proceedings of the 21st USENIX Security Symposium(USENIX Security rsquo12) pp 301ndash316 USENIX Bellevue WashUSA 2012 httpswwwusenixorgconferenceusenixsecurity-12technical-sessionspresentationriva

[13] L Fridman S Weber R Greenstadt and M Kam ldquoActiveauthentication on mobile devices via stylometry applicationusage web browsing and GPS locationrdquo IEEE Systems Journal2016

[14] F Li N Clarke M Papadaki and P Dowland ldquoActive authenti-cation formobile devices utilising behaviour profilingrdquo Interna-tional Journal of Information Security vol 13 no 3 pp 229ndash2442014

[15] C Imbert ldquoBeyond the cookie using network traffic charac-teristics to enhance confidence in user identityrdquo 2014 httpsoftware-securitysansorgresourcespaperreading-roomcoo-kie-network-traffic-characteristics-enhance-confidence-user-identity

[16] M Antal L Z Szabo and I Laszlo ldquoKeystroke dynamics onandroid platformrdquo in Proceedings of the 8th International Confe-rence Interdisciplinarity in Engineering (INTER-ENG rsquo14) vol 19pp 820ndash826 TirguMures Romania October 2014 httpwwwsciencedirectcomsciencearticlepiiS221201731500119X

[17] YDeng andY Zhong ldquoKeystroke dynamics user authenticationbased on Gaussian mixture model and deep belief netsrdquo ISRNSignal Processing vol 2013 Article ID 565183 7 pages 2013

[18] J Wu and Z Chen ldquoAn implicit identity authentication systemconsidering changes of gesture based on keystroke behaviorsrdquoInternational Journal of Distributed Sensor Networks vol 11no 5 2015 httpjournalssagepubcomdoiabs1011552015470274

[19] P S Teh A B J Teoh and S Yue ldquoA survey of keystroke dyna-mics biometricsrdquoThe Scientific World Journal vol 2013 ArticleID 408280 24 pages 2013

[20] N Karapanos CMarforio C Soriente and S Capkun ldquoSound-proof usable two-factor authentication based on ambientsoundrdquo in Proceedings of the 24th USENIX Security Symposium(USENIX Security rsquo15) pp 483ndash498 USENIX AssociationWashington DC USA August 2015 httpswwwusenixorgconferenceusenixsecurity15technical-sessionspresentationkarapanos

[21] A Kale N Cuntoor B Yegnanarayana A N Rajagopalan andR Chellappa ldquoGait analysis for human identificationrdquo inAudio-and Video-Based Biometric Person Authentication 4th Interna-tional Conference AVBPA 2003 Guildford UK June 9ndash11 2003Proceedings vol 2688 of Lecture Notes in Computer Science pp706ndash714 Springer Berlin Germany 2003

[22] C Ntantogian S Malliaros and C Xenakis ldquoGaithashing atwo-factor authentication scheme based on gait featuresrdquo Com-puters and Security vol 52 pp 17ndash32 2015

[23] A J Oliner A P Iyer I Stoica E Lagerspetz and S TarkomaldquoCarat collaborative energy diagnosis for mobile devicesrdquo inProceedings of the 11thACMConference onEmbeddedNetworkedSensor Systems (SenSys rsquo13) pp 101ndash1014 Roma Italy Novem-ber 2013

[24] E Peltonen E Lagerspetz P Nurmi and S Tarkoma ldquoEnergymodeling of system settings a crowdsourced approachrdquo in Pro-ceedings of the 13th IEEE International Conference on Pervasive


Computing and Communications (PerCom rsquo15) pp 37ndash45 IEEESt Louis Mo USA March 2015

[25] D T Wagner A Rice and A R Beresford ldquoDevice analyzerlarge-scale mobile data collectionrdquo ACM SIGMETRICS Perfor-mance Evaluation Review vol 41 no 4 pp 53ndash56 2014

[26] J Spooren D Preuveneers and W Joosen ldquoMobile device fin-gerprinting considered harmful for risk-based authenticationrdquoin Proceedings of the 8th EuropeanWorkshop on System Security(EuroSec rsquo15) pp 61ndash66 Bordeaux France April 2015

[27] I Traore I Woungang M S Obaidat Y Nakkabi and I LaildquoOnline risk-based authentication using behavioral biometricsrdquoMultimedia Tools and Applications vol 71 no 2 pp 575ndash6052014

[28] S P Banerjee and D Woodard ldquoBiometric authentication andidentification using keystroke dynamics a surveyrdquo Journal ofPattern Recognition Research vol 7 no 1 pp 116ndash139 2012

[29] C-L Liu C-J Tsai T-Y Chang W-J Tsai and P-K ZhongldquoImplementing multiple biometric features for a recall-basedgraphical keystroke dynamics authentication system on a smartphonerdquo Journal of Network and Computer Applications vol 53pp 128ndash139 2015

[30] M Frank R Biedert EMa IMartinovic andD Song ldquoTouch-alytics on the applicability of touchscreen input as a behav-ioral biometric for continuous authenticationrdquo IEEE Transac-tions on Information Forensics and Security vol 8 no 1 pp 136ndash148 2013

[31] P S Teh N Zhang A B J Teoh and K Chen ldquoA survey ontouch dynamics authentication in mobile devicesrdquo Computersand Security vol 59 pp 210ndash235 2016

[32] R V Yampolskiy and V Govindaraju ldquoBehavioural biometricsa survey and classificationrdquo International Journal of Biometricsvol 1 no 1 pp 81ndash113 2008

[33] H Witte C Rathgeb and C Busch ldquoContext-aware mobilebiometric authentication based on support vector machinesrdquoin Proceedings of the 4th International Conference on EmergingSecurity Technologies (EST rsquo13) pp 29ndash32 September 2013

[34] Z Chair and P K Varshney ldquoOptimal data fusion in multiplesensor detection systemsrdquo IEEE Transactions on Aerospace andElectronic Systems vol 22 no 1 pp 98ndash101 1986

[35] A FridmanA Stolerman S Acharya et al ldquoDecision fusion formultimodal active authenticationrdquo IT Professional vol 15 no 4pp 29ndash33 2013

[36] K O Bailey J S Okolica and G L Peterson ldquoUser identifica-tion and authentication using multi-modal behavioral biomet-ricsrdquo Computers and Security vol 43 pp 77ndash89 2014

[37] D Preuveneers and W Joosen ldquoSmartAuth dynamic contextfingerprinting for continuous user authenticationrdquo in Proceed-ings of the 30th Annual ACM Symposium on Applied Computing(SAC rsquo15) pp 2185ndash2191 Salamanca Spain April 2015

[38] L Olejnik G Acar C Castelluccia and C Diaz ldquoThe leakingbattery a privacy analysis of the html5 battery status apirdquoReport 2015616 Cryptology ePrint Archive 2015 httpeprintiacrorg

[39] P Eckersley ldquoHow unique is your web browserrdquo in PrivacyEnhancing Technologies 10th International Symposium PETS2010 Berlin Germany July 21ndash23 2010 Proceedings vol 6205of Lecture Notes in Computer Science pp 1ndash18 Springer BerlinGermany 2010

Submit your manuscripts athttpswwwhindawicom

Computer Games Technology

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Distributed Sensor Networks


Advances in

FuzzySystems

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014


ReconfigurableComputing

Hindawi Publishing Corporation httpwwwhindawicom Volume 2014


Applied Computational Intelligence and Soft Computing

thinspAdvancesthinspinthinsp

Artificial Intelligence

HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014

Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Electrical and Computer Engineering

Journal of

Journal of

Computer Networks and Communications


Hindawi Publishing Corporation

httpwwwhindawicom Volume 2014

Advances in

Multimedia


Biomedical Imaging


ArtificialNeural Systems

Advances in


RoboticsJournal of



Computational Intelligence and Neuroscience

Industrial EngineeringJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Human-ComputerInteraction

Advances in

Computer EngineeringAdvances in



Authenticate

Username ampPassword

BatteryFingerprint

Network

Fingerprint Matching

Success

FailureForgeRock OpenAM

Step-up Authentication

SMS Email e-ID

Figure 1 Integrating battery-based fingerprinting for multifactor authentication in contemporary identity and access management systems

in the idea of being able to authenticate a user simply byher context and interactions with the device As depicted inFigure 1 the features provided by the mobile device are thencontinuously and seamlessly leveraged as additional authen-tication factors to validate (1) the userrsquos identity and (2) theuserrsquos session

One criticismof behavior-based authentication systems isthat similar to biometric authentication the authenticationmaterial cannot be revoked However in the event of com-promised behavioral data privacy requirements will typicallyallow the user to revoke the use of ldquobehaviometricsrdquo at theexpense of usability An alternative solution is to split thecomputation using cryptographic schemes such as securemultiparty computation [9] or homomorphic encryption[10] for privacy preservingmachine learning However froma practical point of view such solutionsmight be too resourcedemanding for the mobile client device and effectively jeop-ardize the effectiveness of using battery charge values as abehaviometric

A common approach to realize active authentication is toemploy a risk-basedmethodology [11 12] an existing authen-tication technology is used for initial authentication afterwhich the authenticated session is maintained as long as theconfidence in the authenticity of that session is high Thisresults in potentially long lasting sessions only when theconfidence in the session drops below a certain threshold theuser is asked to reauthenticateThe choice of the threshold forreauthentication allows balancing usability with security

To make predictions on a sessionrsquos authenticity suitablecontext features are selected as well as matching classifiersFeatures are measurable properties of the system and of theuserrsquos interaction with the system Classifiers are algorithmsthat map the input of one or more features to a predictioninto classes such as 119886119906119905ℎ119890119899119905119894119888 119888119900119898119901119903119900119898119894119904119890119889 typically aftertraining the classifier with real (historical) data Examplesof features that can be used for classification are location[6 13 14] other devices nearby application usage [13]telephone calls placed and received [6 14] websites browsed

and network traffic [15] stylometry [13] keystroke dynamics[16ndash19] ambient sound [20] and gait recognition [21 22]In active authentication typically one context feature and itsmatching classifier are not sufficient to reliably predict theauthenticity of a user session Instead multiple features andclassifiers are considered and their decision is fused to obtainacceptable error rates

In this paper we investigate if mobile device batterychargemeasurements can be used as a feature contributing topredictions for session authenticity To the best of our knowl-edge no one has studied the use of battery charge data as anovel information source for active authentication Batterycharge is an interesting information property since its valueis largely determined by the userrsquos use of the mobile deviceand therefore constitutes a user behavior fingerprint In thatsense behavioral authentication factors (or behaviometrics)are closely related to inherence or biometric factors Whereasthe latter are unique features that reflect the person you arethe former tries to distinguish a user based on something youdo

The advantage of using battery charge information asa behaviometric factor is that biometric factors such asfingerprints voice or iris patterns usually require additionalhardware While some mobile devices do have fingerprintscanners this feature is not yet ubiquitously available Addi-tionally fingerprint scanners are cumbersome to the end-userThey are impractical for continuous authentication andrather privacy sensitive as a user cannot retract his finger-prints in a way he can change his password if needed Usingbattery charge information as a behaviometric does not havethese drawbacks Furthermore it is a feature which can easilybe obtained Native apps can usually query this value andweb applications can obtain a mobile devicersquos battery chargewithout the userrsquos knowledge through the HTML5 draft Bat-tery Status API which (at the time of writing) is available inthe Chrome and FireFox browsers Battery charge is thereforea convenient feature to add to an active authentication systemthereby decreasing the overall error rate of such a system













2 Related Work










3 Methodology


















119875 (119862119905 | 119867119894) (1)



119861119906119894119895 = sum119898isin119872119906

120575119894119898119862120575119895119898119905 (2)



119861119906119894119895 =119861119906119894119895

sum119896 119861119906119896119895 (3)




119875119906 (119862 | 119905) = 119861119906119862119905 (4)




119861119894119895 =sum119906sum119898isin119872119906 120575119894119898119862120575119895119898119905

sum119906sum119896 119861119906119896119895 (5)





1198631199061198621015840

119862119905 = sum119898isin119872119906

sum1198981015840isin119872119906

1205751198621015840 1198981015840119862

120575119905(119898119905minus1198981015840119905)120575119862119898119862 (6)

and normalize1198631199061198621015840

119862119905 as follows

1198631199061198621015840

119862119905 =119863119906119862

1015840

119862119905

sum1198621015840isin01001198631199061198621015840

1198621015840 119905

(7)

such that

sum119862isin0100

1198631199061198621015840

119862119905 = 1


(8)

1198631199061198621015840




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

10

09

08

07

06

05

04

03

02

01

00

(a)


0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

000

005

010

015

020

025

030

035

040

045

(b)


0000

0015

0030

0045

0060

0075

0090

0105

0120

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

(c)






1015840


119875119906(119862 | 1198621015840119905) asymp 1198631199061198621015840

119862119905 lt 120579




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054



000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()







4 Evaluation









Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in















2 Related Work










3 Methodology


















119875 (119862119905 | 119867119894) (1)



119861119906119894119895 = sum119898isin119872119906

120575119894119898119862120575119895119898119905 (2)



119861119906119894119895 =119861119906119894119895

sum119896 119861119906119896119895 (3)




119875119906 (119862 | 119905) = 119861119906119862119905 (4)




119861119894119895 =sum119906sum119898isin119872119906 120575119894119898119862120575119895119898119905

sum119906sum119896 119861119906119896119895 (5)





1198631199061198621015840

119862119905 = sum119898isin119872119906

sum1198981015840isin119872119906

1205751198621015840 1198981015840119862

120575119905(119898119905minus1198981015840119905)120575119862119898119862 (6)

and normalize1198631199061198621015840

119862119905 as follows

1198631199061198621015840

119862119905 =119863119906119862

1015840

119862119905

sum1198621015840isin01001198631199061198621015840

1198621015840 119905

(7)

such that

sum119862isin0100

1198631199061198621015840

119862119905 = 1


(8)

1198631199061198621015840




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

10

09

08

07

06

05

04

03

02

01

00

(a)


0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

000

005

010

015

020

025

030

035

040

045

(b)


0000

0015

0030

0045

0060

0075

0090

0105

0120

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

(c)






1015840


119875119906(119862 | 1198621015840119905) asymp 1198631199061198621015840

119862119905 lt 120579




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054



000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()







4 Evaluation









Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in








3 Methodology


















119875 (119862119905 | 119867119894) (1)



119861119906119894119895 = sum119898isin119872119906

120575119894119898119862120575119895119898119905 (2)



119861119906119894119895 =119861119906119894119895

sum119896 119861119906119896119895 (3)




119875119906 (119862 | 119905) = 119861119906119862119905 (4)




119861119894119895 =sum119906sum119898isin119872119906 120575119894119898119862120575119895119898119905

sum119906sum119896 119861119906119896119895 (5)





1198631199061198621015840

119862119905 = sum119898isin119872119906

sum1198981015840isin119872119906

1205751198621015840 1198981015840119862

120575119905(119898119905minus1198981015840119905)120575119862119898119862 (6)

and normalize1198631199061198621015840

119862119905 as follows

1198631199061198621015840

119862119905 =119863119906119862

1015840

119862119905

sum1198621015840isin01001198631199061198621015840

1198621015840 119905

(7)

such that

sum119862isin0100

1198631199061198621015840

119862119905 = 1


(8)

1198631199061198621015840




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

10

09

08

07

06

05

04

03

02

01

00

(a)


0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

000

005

010

015

020

025

030

035

040

045

(b)


0000

0015

0030

0045

0060

0075

0090

0105

0120

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

(c)






1015840


119875119906(119862 | 1198621015840119905) asymp 1198631199061198621015840

119862119905 lt 120579




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054



000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()







4 Evaluation









Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in












119875 (119862119905 | 119867119894) (1)



119861119906119894119895 = sum119898isin119872119906

120575119894119898119862120575119895119898119905 (2)



119861119906119894119895 =119861119906119894119895

sum119896 119861119906119896119895 (3)




119875119906 (119862 | 119905) = 119861119906119862119905 (4)




119861119894119895 =sum119906sum119898isin119872119906 120575119894119898119862120575119895119898119905

sum119906sum119896 119861119906119896119895 (5)





1198631199061198621015840

119862119905 = sum119898isin119872119906

sum1198981015840isin119872119906

1205751198621015840 1198981015840119862

120575119905(119898119905minus1198981015840119905)120575119862119898119862 (6)

and normalize1198631199061198621015840

119862119905 as follows

1198631199061198621015840

119862119905 =119863119906119862

1015840

119862119905

sum1198621015840isin01001198631199061198621015840

1198621015840 119905

(7)

such that

sum119862isin0100

1198631199061198621015840

119862119905 = 1


(8)

1198631199061198621015840




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

10

09

08

07

06

05

04

03

02

01

00

(a)


0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

000

005

010

015

020

025

030

035

040

045

(b)


0000

0015

0030

0045

0060

0075

0090

0105

0120

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

(c)






1015840


119875119906(119862 | 1198621015840119905) asymp 1198631199061198621015840

119862119905 lt 120579




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054



000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()







4 Evaluation









Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in





0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

10

09

08

07

06

05

04

03

02

01

00

(a)


0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

000

005

010

015

020

025

030

035

040

045

(b)


0000

0015

0030

0045

0060

0075

0090

0105

0120

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

(c)






1015840


119875119906(119862 | 1198621015840119905) asymp 1198631199061198621015840

119862119905 lt 120579




0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054



000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()







4 Evaluation









Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in





0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)

0006

0012

0018

0024

0030

0036

0042

0048

0054



000

005

010

015

020

025

Prob

abili

ty

20 40 60 80 1000Charge ()







4 Evaluation









Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




Prob

abili

ty

0 20 40 60 80 100


(m)

0100

200300

400500

600000010020030040050060070080090100

Charge ()

Discharging


Charging

000005010015020025030035040045








000

5

0005

0005

0005

00100010

0015

0015

001

5

001

5

001

5

0020

002

5

00

0

20

40

60

80

100

Char

ge (

)

200 400 600 800 1000 1200 14000Time of day (m)








10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






10 0383 0111 0475 006480 0370 0109 0466 006960 0366 0105 0458 006250 0369 0103 0448 006640 0376 0102 0439 006335 0382 0101 0435 006130 0389 0100 0427 005725 0400 0099 0420 005920 0415 0099 0411 0056175 0425 0099 0405 005315 0438 0100 0396 005414 0444 0100 0393 005012 0458 0100 0384 004910 0477 0101 0374 005008 0501 0102 0360 0050


1086

54 35

325

2175

1514

121

08

034035036037038039

04041042043044045046047048

FAR

04

05

039

037

041

042

043

044

045

046

047

048

049

038

036

051

052

FRR




FRR

FARFAR most likely

FAR 100FAR model

04804704604504404304204104039038037036034

035

036

037

038

039

04

041

042

043

044

045

046

047

048

FAR

























FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






















FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






FAR RndFAR Model


0

01

02

03

04

05

Prob

abili

ty

140120100806040200













FAR RndFAR Model

0

01

02

03

04

05

Prob

abili

ty

140120100806040200













5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in









5 Conclusions











Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in






Disclosure


Acknowledgments


References


















































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in



























Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in










Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in

