A Behavioral Authentication (BA) system constructs a behavioral profile for a user and uses it to verify their identity claims. It is primarily used as a second factor in user authentication. A BA system starts with an initial database of user profiles, and uses a verification algorithm to accept or reject a verification request, that consists of a claimed identity and behavioral data by measuring the distance between the profile of the claimed identity and the presented behavioral data. As new

more »

... users join the system, the size of profile database grows and for a user u, the probability of other users with "close" profiles increases, and this results in an increase in the error probability of verification algorithm. We analyze this problem in distance-based verification systems, and introduce the notion of scalability of BA systems that requires the system error probability to remain (almost) unchanged as the size of the profile database grows. To achieve scalability, we propose personalization of verification algorithm. More specifically, for a user u the verification algorithm considers a set of doppelgangers that consists of users that have "close" profiles to u, and uses the set to form additional verification checks for verification requests against u. We use extensive experiments to validate the above, including the increase in the verification error with the increase in the database size, and implement and evaluate our proposed scalable verification algorithm in reducing this error. To our knowledge, this is the first systematic treatment of scalability of BA systems. Our notion of scalability and the approach to achieving it are general and applicable to other distance-based authentication systems.