Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intra-session authentication, 2%-3% for inter-session authentication and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multi-modal biometric authentication system.Comment: to appear at IEEE Transactions on Information Forensics & Security; Download data from http://www.mariofrank.net/touchalytics

Application of Keystroke Dynamics Modelling Techniques to Strengthen the User Identification in the Context of E-commerce

Keystroke dynamics is a biometric technique to identify users based on analysing habitual rhythm patterns in their typing behaviour. In e-commerce, this technique brings benefits to both security and the analysis of patterns of consumer behaviour. This paper focuses on analysing the keystroke dynamics against an e-commerce site for personal identification. This paper is an empirical reinforcement of previous works, with data extracted from realistic conditions that are of most interest for the practical application of modelling keystroke dynamics in free texts. It was a collaborative work with one of the leading e-commerce companies in Latin America. Experimental results showed that it was possible to identify typists with an accuracy of 89% from a sampling of 300 randomly selected users just by reading comment field keystrokes.VII Workshop Seguridad Informática (WSI)Red de Universidades con Carreras en Informática (RedUNCI

GANTouch: An Attack-Resilient Framework for Touch-based Continuous Authentication System

Previous studies have shown that commonly studied (vanilla) implementations of touch-based continuous authentication systems (V-TCAS) are susceptible to active adversarial attempts. This study presents a novel Generative Adversarial Network assisted TCAS (G-TCAS) framework and compares it to the V-TCAS under three active adversarial environments viz. Zero-effort, Population, and Random-vector. The Zero-effort environment was implemented in two variations viz. Zero-effort (same-dataset) and Zero-effort (cross-dataset). The first involved a Zero-effort attack from the same dataset, while the second used three different datasets. G-TCAS showed more resilience than V-TCAS under the Population and Random-vector, the more damaging adversarial scenarios than the Zero-effort. On average, the increase in the false accept rates (FARs) for V-TCAS was much higher (27.5% and 21.5%) than for G-TCAS (14% and 12.5%) for Population and Random-vector attacks, respectively. Moreover, we performed a fairness analysis of TCAS for different genders and found TCAS to be fair across genders. The findings suggest that we should evaluate TCAS under active adversarial environments and affirm the usefulness of GANs in the TCAS pipeline.Comment: 11 pages, 7 figures, 2 tables, 3 algorithms, in IEEE TBIOM 202