Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intra-session authentication, 2%-3% for inter-session authentication and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multi-modal biometric authentication system.Comment: to appear at IEEE Transactions on Information Forensics & Security; Download data from http://www.mariofrank.net/touchalytics

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Secure Pick Up: Implicit Authentication When You Start Using the Smartphone

We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate the users. Our SPU outperforms the state-of-the-art implicit authentication mechanisms in three main aspects: 1) SPU automatically learns the user's behavioral pattern without requiring a large amount of training data (especially those of other users) as previous methods did, making it more deployable. Towards this end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW) algorithm to effectively quantify similarities between users' pick-up movements; 2) SPU does not rely on a remote server for providing further computational power, making SPU efficient and usable even without network access; and 3) our system can adaptively update a user's authentication model to accommodate user's behavioral drift over time with negligible overhead. Through extensive experiments on real world datasets, we demonstrate that SPU can achieve authentication accuracy up to 96.3% with a very low latency of 2.4 milliseconds. It reduces the number of times a user has to do explicit authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies (SACMAT) 201

The utility of behavioral biometrics in user authentication and demographic characteristic detection: a scoping review

Background Objective measures of screen time are necessary to better understand the complex relationship between screen time and health outcomes. However, current objective measures of screen time (e.g., passive sensing applications) are limited in identifying the user of the mobile device, a critical limitation in children’s screen time research where devices are often shared across a family. Behavioral biometrics, a technology that uses embedded sensors on modern mobile devices to continuously authenticate users, could be used to address this limitation. Objective The purpose of this scoping review was to summarize the current state of behavioral biometric authentication and synthesize these findings within the scope of applying behavioral biometric technology to screen time measurement. Methods We systematically searched five databases (Web of Science Core Collection, Inspec in Engineering Village, Applied Science & Technology Source, IEEE Xplore, PubMed), with the last search in September of 2022. Eligible studies were on the authentication of the user or the detection of demographic characteristics (age, gender) using built-in sensors on mobile devices (e.g., smartphone, tablet). Studies were required to use the following methods for authentication: motion behavior, touch, keystroke dynamics, and/or behavior profiling. We extracted study characteristics (sample size, age, gender), data collection methods, data stream, model evaluation metrics, and performance of models, and additionally performed a study quality assessment. Summary characteristics were tabulated and compiled in Excel. We synthesized the extracted information using a narrative approach. Results Of the 14,179 articles screened, 122 were included in this scoping review. Of the 122 included studies, the most highly used biometric methods were touch gestures (n = 76) and movement (n = 63), with 30 studies using keystroke dynamics and 6 studies using behavior profiling. Of the studies that reported age (47), most were performed exclusively in adult populations (n = 34). The overall study quality was low, with an average score of 5.5/14. Conclusion The field of behavioral biometrics is limited by the low overall quality of studies. Behavioral biometric technology has the potential to be used in a public health context to address the limitations of current measures of screen time; however, more rigorous research must be performed in child populations first.Systematic review registrationThe protocol has been pre-registered in the Open Science Framework database (https://doi.org/10.17605/OSF.IO/92YCT)

Hybrid Behavior-based Biometric Authentication Systems (HBAS)

An idea of proposing hybrid security based on behavioural biometrics is displayed in this paper, on the two bases of tapping and swiping. Tapping and swiping are the main focus as they are the easiest actions to perform on a mobile device. Actions and mannerisms performed by either attacker and/or the user are explained alongside the results of said actions and mannerisms. An attacker will haphazardly try to brute force the motion while the owner will perform his action consistently. Then, a training set is done where an attacker and an owner’s training sets are obtained and set, to determine which classifiers work best in determining the confusion matrix from a range of training set values with Hoeffiding Tree and Naïve Bayes Multinomial classifiers performing the best over the three sets of training values provided