18 research outputs found
A Framework for Assessing Factors Influencing User Interaction for Touch-based Biometrics
Touch-based behavioural biometrics is an
emerging technique for passive and transparent user
authentication on mobile devices. It utilises dynamics mined
from users’ touch actions to model behaviour. The
interaction of the user with the mobile device using touch is
an important aspect to investigate as the interaction errors
can influence the stability of sample donation and overall
performance of the implemented biometric authentication
system. In this paper, we are outlining a data collection
framework for touch-based behavioural biometric
modalities (signature, swipe and keystroke dynamics) that
will enable us to study the influence of environmental
conditions and body movement on the touch-interaction. In
order to achieve this, we have designed a multi-modal
behavioural biometric data capturing application
“Touchlogger” that logs touch actions exhibited by the user
on the mobile device. The novelty of our framework lies in
the collection of users’ touch data under various usage
scenarios and environmental conditions. We aim to collect
touch data in two different environments - indoors and
outdoors, along with different usage scenarios - whilst the
user is seated at a desk, walking on a treadmill, walking
outdoors and seated on a bus. The range of collected data
may include swiping, signatures using finger and stylus,
alphabetic, numeric keystroke data and writing patterns
using a stylus
Augmenting Authentication with Context-Specific Behavioral Biometrics
Behavioral biometrics, being non-intrusive and cost-efficient, have the potential to assist user identification and authentication. However, user behaviors can vary significantly for different hardware, software, and applications. Research of behavioral biometrics is needed in the context of a specific application. Moreover, it is hard to collect user data in real world settings to assess how well behavioral biometrics can discriminate users. This work aims to improving authentication by behavioral biometrics obtained for user groups. User data of a webmail application are collected in a large-scale user experiment conducted on Amazon Mechanical Turk. Used in a continuous authentication scheme based on user groups, off-line identity attribution and online authentication analytic schemes are proposed to study the applicability of application-specific behavioral biometrics. Our results suggest that the useful user group identity can be effectively inferred from users’ operational interaction with the email application
Using Hover to Compromise the Confidentiality of User Input on Android
We show that the new hover (floating touch) technology, available in a number
of today's smartphone models, can be abused by any Android application running
with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input
into other applications. Leveraging this attack, a malicious application
running on the system is therefore able to profile user's behavior, capture
sensitive input such as passwords and PINs as well as record all user's social
interactions. To evaluate our attack we implemented Hoover, a proof-of-concept
malicious application that runs in the system background and records all input
to foreground applications. We evaluated Hoover with 40 users, across two
different Android devices and two input methods, stylus and finger. In the case
of touchscreen input by finger, Hoover estimated the positions of users' clicks
within an error of 100 pixels and keyboard input with an accuracy of 79%.
Hoover captured users' input by stylus even more accurately, estimating users'
clicks within 2 pixels and keyboard input with an accuracy of 98%. We discuss
ways of mitigating this attack and show that this cannot be done by simply
restricting access to permissions or imposing additional cognitive load on the
users since this would significantly constrain the intended use of the hover
technology.Comment: 11 page
Heartbeats in the Wild: A Field Study Exploring ECG Biometrics in Everyday Life
This paper reports on an in-depth study of electrocardiogram (ECG) biometrics
in everyday life. We collected ECG data from 20 people over a week, using a
non-medical chest tracker. We evaluated user identification accuracy in several
scenarios and observed equal error rates of 9.15% to 21.91%, heavily depending
on 1) the number of days used for training, and 2) the number of heartbeats
used per identification decision. We conclude that ECG biometrics can work in
the wild but are less robust than expected based on the literature,
highlighting that previous lab studies obtained highly optimistic results with
regard to real life deployments. We explain this with noise due to changing
body postures and states as well as interrupted measures. We conclude with
implications for future research and the design of ECG biometrics systems for
real world deployments, including critical reflections on privacy.Comment: 14 pages, 10 figures, CHI'2