Muhammad Shahzad
ABSTRACT
With the rich functionalities and enhanced computing capabilities available on mobile computing devices with touch screens, users not only store sensitive information (such as credit card numbers) but also use privacy sensitive applications (such as online banking) on these devices, which make them hot targets for hackers and thieves. To protect private information, such devices typically lock themselves after a few minutes of inactivity and prompt a password/PIN/pattern screen when reactivated. Passwords/PINs/patterns based schemes are inherently vulnerable to shoulder surfing attacks and smudge attacks. Furthermore, passwords/PINs/patterns are inconvenient for users to enter frequently. In this paper, we propose GEAT, a gesture based user authentication scheme for the secure unlocking of touch screen devices. Unlike existing authentication schemes for touch screen devices, which use what user inputs as the authentication secret, GEAT authenticates users mainly based on how they input, using distinguishing features such as finger velocity, device acceleration, and stroke time. Even if attackers see what gesture a user performs, they cannot reproduce the behavior of the user doing gestures through shoulder surfing or smudge attacks. We implemented GEAT on Samsung Focus running Windows, collected 15009 gesture samples from 50 volunteers, and conducted real-world experiments to evaluate GEAT's performance. Experimental results show that our scheme achieves an average equal error rate of 0.5% with 3 gestures using only 25 training samples.
- "25 leaked celebrity cell phone pics," http://www.holytaco.com/25-leaked-celebrity-cell-phone-pics.Google Scholar
- "The symantec smartphone honey stick project,"Google Scholar
- A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, "Smudge attacks on smartphone touch screens," in Proc. 4th USENIX Conf. on Offensive technologies, 2010, pp. 1--10. Google ScholarDigital Library
- C.-C. Chang and C.-J. Lin, "LIBSVM: a library for support vector machines," ACM Transactions on Intelligent Systems and Technology, vol. 2, no. 3, pp. 27:1--27, 2011. Google ScholarDigital Library
- M. Conti, I. Zachia-Zlatea, and B. Crispo, "Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call," in Proc. ACM Symposium on Information, Computer and Communications Security, 2011, pp. 249--259. Google ScholarDigital Library
- D. Gafurov, K. Helkala, and T. Søndrol, "Biometric gait authentication using accelerometer sensor," Journal of computers, vol. 1, no. 7, pp. 51--59, 2006.Google ScholarCross Ref
- J. Joe H. Ward, "Hierarchical grouping to optimize an objective function," Journal of the American statistical association, vol. 58, no. 301, pp. 236--244, 1963.Google ScholarCross Ref
- S. S. Keerthi and C.-J. Lin, "Asymptotic behaviors of support vector machines with gaussian kernel," Neural computation, vol. 15, no. 7, pp. 1667--1689, 2003. Google ScholarDigital Library
- A. D. Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann, "Touch me once and I know it's you!: implicit authentication based on touch screen patterns," in Proc. ACM (SIGCHI), 2012. Google ScholarDigital Library
- K. Killourhy and R. Maxion, "Why did my detector do that?!" in Proc. RAID, 2010.Google Scholar
- J. Kwapisz, G. Weiss, and S. Moore, "Cell phone-based biometric identification," in Proc. IEEE Int. Conf. on Biometrics: Theory Applications and Systems, 2010, pp. 1--7.Google Scholar
- J. Mantyjarvi, M. Lindholm, E. Vildjiounaite, S. Makela, and H. Ailisto, "Identifying users of portable devices from gait pattern with accelerometers," in Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing, 2005.Google Scholar
- F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proc. ACM CCS, pages 73--82, 1999. Google ScholarDigital Library
- N. Sae-Bae, K. Ahmed, K. Isbister, and N. Memon. Biometric-rich gestures: a novel approach to authentication on multi-touch device. In Proc. ACM SIGCHI, 2012. Google ScholarDigital Library
- F. Schaub, R. Deyhle, and M. Weber, "Password entry usability and shoulder surfing susceptibility on different smartphone platforms," in Proc. Mobile & Ubiquitous Multimedia, 2012. Google ScholarDigital Library
- B. Scholkopf, J. C. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson, "Estimating the support of a high-dimensional distribution," Neural computation, vol. 13, no. 7, 2001. Google ScholarDigital Library
- M. Shahzad, S. Zahid, and M. Farroq, "A hybrid GA-PSO fuzzy system for user identification on smart phones," in Proc. GECCO, 2009, pp. 1617--1624. Google ScholarDigital Library
- F. Tari, A. Ozok, and S. Holden, "A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords," in Proc. SOUPS, 2006, pp. 56--66. Google ScholarDigital Library
- S. Zahid, M. Shahzad, S. A. Khayam, and M. Farooq, "Keystroke-based user identification on smart phones," in Proc. RAID, 2009. Google ScholarDigital Library
- N. Zheng, K. Bai, H. Huang, and H. Wang. You are how you touch: User verification on smartphones via tapping behaviors. Technical report, College of William and Mary, 2012.Google Scholar
Index Terms
- Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it
Recommendations
Behavior Based Human Authentication on Touch Screen Devices Using Gestures and Signatures
With the rich functionalities and enhanced computing capabilities available on mobile computing devices with touch screens, users not only store sensitive information (such as credit card numbers) but also use privacy sensitive applications (such as ...
A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices
Since touch screen handheld mobile devices have become widely used, people are able to access various data and information anywhere and anytime. Most user authentication methods for these mobile devices use PIN-based (Personal Identification Number) ...
User-defined gestures for connecting mobile phones, public displays, and tabletops
MobileHCI '10: Proceedings of the 12th international conference on Human computer interaction with mobile devices and servicesGestures can offer an intuitive way to interact with a computer. In this paper, we investigate the question whether gesturing with a mobile phone can help to perform complex tasks involving two devices. We present results from a user study, where we ...
Comments