ABSTRACT
We propose a new approach for authenticating users of mobile devices that is based on analyzing the user's touch interaction with common user interface (UI) elements, e.g., buttons, checkboxes and sliders. Unlike one-off authentication techniques such as passwords or gestures, our technique works continuously in the background while the user uses the mobile device. To evaluate our approach's effectiveness, we conducted a lab study with 20 participants, where we recorded their interaction traces on a mobile phone and a tablet (e.g., touch pressure, locations), while they filled out electronic forms populated with UI widgets. Using classification methods based on SVM and Random Forests, we achieved an average of 97.9% accuracy with a mobile phone and 96.79% accuracy with a tablet for single user classification, demonstrating that our technique has strong potential for real-world use. We believe our research can help strengthen personal device security and safeguard against unintended or unauthorized uses, such as small children in a household making unauthorized online transactions on their parents' devices, or an impostor accessing the bank account belonging to the victim of a stolen device.
- Clarke, N., Furnell, S., Rodwell, P., and Reynolds, P. Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security 21, 3 (2002), 220--228. Google ScholarDigital Library
- Davis, D., Monrose, F., and Reiter, M. K. On user choice in graphical password schemes. In USENIX Security Symposium, vol. 13 (2004), 11--11. Google ScholarDigital Library
- De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. Touch me once and i know it's you!: Implicit authentication based on touch screen patterns. In Proc. CHI'12, CHI '12, ACM (2012), 987--996. Google ScholarDigital Library
- Frank, M., Biedert, R., Ma, E., Martinovic, I., and Song, D. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. Information Forensics and Security, IEEE Transactions on 8, 1 (1 2013), 136--148.Google Scholar
- Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., and Witten, I. H. The weka data mining software: an update. ACM SIGKDD explorations newsletter 11, 1 (2009), 10--18. Google ScholarDigital Library
- Khan, M. K., Zhang, J., and Wang, X. Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons & Fractals 35, 3 (2008), 519--524.Google ScholarCross Ref
- Kim, D., Dunphy, P., Briggs*, P., and Hook, J. Multi-touch authentication on tabletops. In Proc. CHI'10, ACM Press (2010), 1093--1102. Google ScholarDigital Library
- Liu, J., Zhong, L., Wickramasuriya, J., and Vasudevan, V. uwave: Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing 5, 6 (2009), 657--675. Google ScholarDigital Library
- Rosenblatt, S. Touch id hack verified as legit, 9 2013. http://news.cnet.com/8301-1009_3-57604255-83/touch-id-hack-verified-as-legit/.Google Scholar
- Sae-Bae, N., Ahmed, K., Isbister, K., and Memon, N. Biometric-rich gestures: A novel approach to authentication on multi-touch devices. In Proc. CHI'12, ACM Press (2012), 977--986. Google ScholarDigital Library
- Zheng, N., Bai, K., Huang, H., and Wang, H. You are how you touch: User verication on smartphones via tapping behaviors. ACM Press (2012), 1093--1102.Google Scholar
Index Terms
- LatentGesture: active user authentication through background touch analysis
Recommendations
When kids' toys breach mobile phone security
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityTouch-based verification --- the use of touch gestures (e.g., swiping, zooming, etc.) to authenticate users of touch screen devices --- has recently been widely evaluated for its potential to serve as a second layer of defense to the PIN lock mechanism. ...
Toward Robotic Robbery on the Touch Screen
Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated ...
Gesturemote: interacting with remote displays through touch gestures
AVI '14: Proceedings of the 2014 International Working Conference on Advanced Visual InterfacesWe present Gesturemote, a technique for interacting with remote displays through touch gestures on a handheld touch surface. By combining a variety of different touch gestures and connecting them smoothly, Gesturemote supports a wide range of ...
Comments