10,132 research outputs found
Keystroke and Touch-dynamics Based Authentication for Desktop and Mobile Devices
The most commonly used system on desktop computers is a simple username and password approach which assumes that only genuine users know their own credentials. Once broken, the system will accept every authentication trial using compromised credentials until the breach is detected. Mobile devices, such as smart phones and tablets, have seen an explosive increase for personal computing and internet browsing. While the primary mode of interaction in such devices is through their touch screen via gestures, the authentication procedures have been inherited from keyboard-based computers, e.g. a Personal Identification Number, or a gesture based password, etc.;This work provides contributions to advance two types of behavioral biometrics applicable to desktop and mobile computers: keystroke dynamics and touch dynamics. Keystroke dynamics relies upon the manner of typing rather than what is typed to authenticate users. Similarly, a continual touch based authentication that actively authenticates the user is a more natural alternative for mobile devices.;Within the keystroke dynamics domain, habituation refers to the evolution of user typing pattern over time. This work details the significant impact of habituation on user behavior. It offers empirical evidence of the significant impact on authentication systems attempting to identify a genuine user affected by habituation, and the effect of habituation on similarities between users and impostors. It also proposes a novel effective feature for the keystroke dynamics domain called event sequences. We show empirically that unlike features from traditional keystroke dynamics literature, event sequences are independent of typing speed. This provides a unique advantage in distinguishing between users when typing complex text.;With respect to touch dynamics, an immense variety of mobile devices are available for consumers, differing in size, aspect ratio, operating systems, hardware and software specifications to name a few. An effective touch based authentication system must be able to work with one user model across a spectrum of devices and user postures. This work uses a locally collected dataset to provide empirical evidence of the significant effect of posture, device size and manufacturer on user authentication performance. Based on the results of this strand of research, we suggest strategies to improve the performance of continual touch based authentication systems
Forgery-Resistant Touch-based Authentication on Mobile Devices
Mobile devices store a diverse set of private user data and have gradually
become a hub to control users' other personal Internet-of-Things devices.
Access control on mobile devices is therefore highly important. The widely
accepted solution is to protect access by asking for a password. However,
password authentication is tedious, e.g., a user needs to input a password
every time she wants to use the device. Moreover, existing biometrics such as
face, fingerprint, and touch behaviors are vulnerable to forgery attacks.
We propose a new touch-based biometric authentication system that is passive
and secure against forgery attacks. In our touch-based authentication, a user's
touch behaviors are a function of some random "secret". The user can
subconsciously know the secret while touching the device's screen. However, an
attacker cannot know the secret at the time of attack, which makes it
challenging to perform forgery attacks even if the attacker has already
obtained the user's touch behaviors. We evaluate our touch-based authentication
system by collecting data from 25 subjects. Results are promising: the random
secrets do not influence user experience and, for targeted forgery attacks, our
system achieves 0.18 smaller Equal Error Rates (EERs) than previous touch-based
authentication.Comment: Accepted for publication by ASIACCS'1
Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
We investigate whether a classifier can continuously authenticate users based
on the way they interact with the touchscreen of a smart phone. We propose a
set of 30 behavioral touch features that can be extracted from raw touchscreen
logs and demonstrate that different users populate distinct subspaces of this
feature space. In a systematic experiment designed to test how this behavioral
pattern exhibits consistency over time, we collected touch data from users
interacting with a smart phone using basic navigation maneuvers, i.e., up-down
and left-right scrolling. We propose a classification framework that learns the
touch behavior of a user during an enrollment phase and is able to accept or
reject the current user by monitoring interaction with the touch screen. The
classifier achieves a median equal error rate of 0% for intra-session
authentication, 2%-3% for inter-session authentication and below 4% when the
authentication test was carried out one week after the enrollment phase. While
our experimental findings disqualify this method as a standalone authentication
mechanism for long-term authentication, it could be implemented as a means to
extend screen-lock time or as a part of a multi-modal biometric authentication
system.Comment: to appear at IEEE Transactions on Information Forensics & Security;
Download data from http://www.mariofrank.net/touchalytics
- …