Authentication is an integral part of protecting data on
		  modern mobile devices from unauthorized physical access of
		  third parties. However, it faces different challenges to
		  suit users’ needs. On the one hand classic authentication
		  approaches like PIN or password are obtrusive especially on
		  mobile devices. They impose cognitive load on users and
		  their input on mobile devices is cumbersome due to small
		  user interfaces and limited haptic feedback. This is
		  further intensified by mobile devices being used more
		  frequently but for shorter durations than classic
		  computers. On the other hand biometrics can provide for
		  less obtrusive authentication. However, disclosure of
		  biometric data to third parties can have significant impact
		  as they cannot be changed as easily as PINs or passwords.
		  To avert this additional risk, embedded smart cards (SCs)
		  can be used to process and store biometric data. As those
		  are computationally limited this often leads to feature
		  transformations and matching procedures also being limited.
		  In addition, in contrast to users authenticating to mobile
		  devices, devices usually do not authenticate to users. This
		  enables hardware phishing attacks (users unwittingly
		  authenticating to an identically looking but malicious
		  phishing device). This dissertation investigates
		  unobtrusive mobile authentication for diverse situations in
		  which authentication can be required. It thereby focuses on
		  authentication approaches that utilize mobile biometrics
		  and embedded sensors. We investigate generic biometric
		  match-on-card (MOC) authentication that combines offline
		  machine learning with simplification of features and
		  authentication models to enable their usage on SCs. As the
		  approach is generic it can be applied to different
		  biometrics – demonstrated with gait and face biometrics
		  – which can facilitate the transition of further mobile
		  biometrics to using MOC techniques. We further investigate
		  mobile token authentication to transfer the authentication
		  state from an unlocked device (e.g. wristwatch) to a locked
		  one (e.g. phone) by briefly shaking both devices
		  conjointly. As shaking patterns are difficult to forge it
		  is difficult for attackers to perform authentication when
		  they do not have both devices under their control. We also
		  investigate mobile device-to-user authentication as
		  countermeasure to hardware phishing attacks and let devices
		  communicate an authentication secret to users with
		  vibration patterns. We evaluate our approach using publicly
		  available data, which reveals authentication durations
		  around 1-2 s and error rates between 0.2 and 0.02. This
		  indicates both that our approach is feasible and that room
		  remains for further improving unobtrusive mobile
		  authentication, e.g. with additional approaches utilizing
		  biometrics and sensors on mobile devices.<br>
<br><pre>@thesis{Findling_17_UnobtrusiveMutualMobile,
  author = {Findling, Rainhard Dieter},
  title = {Unobtrusive Mutual Mobile Authentication with Biometrics
  		  and Mobile Device Motion},
  month = sep,
  year = {2017},
  note = {Defense: 16.10.2017},
  institution = {Institute of Networks and Security (INS), JKU Johannes
  		  Kepler University Linz},
  location = {Altenberger Straße 69, 4040 Linz, Austria},
  type = {Doctoral Dissertation}
}
</pre>