Keystroke and Touch-dynamics Based Authentication for Desktop and Mobile Devices

The most commonly used system on desktop computers is a simple username and password approach which assumes that only genuine users know their own credentials. Once broken, the system will accept every authentication trial using compromised credentials until the breach is detected. Mobile devices, such as smart phones and tablets, have seen an explosive increase for personal computing and internet browsing. While the primary mode of interaction in such devices is through their touch screen via gestures, the authentication procedures have been inherited from keyboard-based computers, e.g. a Personal Identification Number, or a gesture based password, etc.;This work provides contributions to advance two types of behavioral biometrics applicable to desktop and mobile computers: keystroke dynamics and touch dynamics. Keystroke dynamics relies upon the manner of typing rather than what is typed to authenticate users. Similarly, a continual touch based authentication that actively authenticates the user is a more natural alternative for mobile devices.;Within the keystroke dynamics domain, habituation refers to the evolution of user typing pattern over time. This work details the significant impact of habituation on user behavior. It offers empirical evidence of the significant impact on authentication systems attempting to identify a genuine user affected by habituation, and the effect of habituation on similarities between users and impostors. It also proposes a novel effective feature for the keystroke dynamics domain called event sequences. We show empirically that unlike features from traditional keystroke dynamics literature, event sequences are independent of typing speed. This provides a unique advantage in distinguishing between users when typing complex text.;With respect to touch dynamics, an immense variety of mobile devices are available for consumers, differing in size, aspect ratio, operating systems, hardware and software specifications to name a few. An effective touch based authentication system must be able to work with one user model across a spectrum of devices and user postures. This work uses a locally collected dataset to provide empirical evidence of the significant effect of posture, device size and manufacturer on user authentication performance. Based on the results of this strand of research, we suggest strategies to improve the performance of continual touch based authentication systems

Optimal Mobile IT Location Based on Ergonomics

U.S. and Canadian electric utility companies are in the process of integrating mobile computers into their fleet vehicle cabs. The placement of the mobile computer in the vehicle cab could have a significant effect on biomechanical loading, performance, and subjective assessment. The objective of this research is to determine the best location to place a mobile computer in a truck cab. In this experiment, four locations of mobile computers in a truck cab were selected and tested in a laboratory study to determine how location affected muscle activity of the lower back and shoulders; joint angles of the shoulders, elbows, and wrist; user performance; and subjective assessment. Along with location, subject size and type of computer task were also considered in the analysis. Twenty-two participants were tested in this study. Placing the mobile computer closer to the steering wheel reduced the low back and shoulder muscle activity required to use the mobile computer. Joint angles of the shoulders, elbows and wrists were also closer to neutral angle. In general there were no practical differences in performance between the locations. Subjective assessment indicated that users preferred the mobile computer to be as close as possible to the steering wheel. It was also found that using the touchscreen required more muscle force and less neutral joint angles than the keyboard. Locating the mobile computer close to the steering wheel reduces risk of injuries such as low back pain and shoulder tendonitis. Also, mobile computer users prefer the location to be close to the steering wheel. Results from this study can guide electric utility companies in the installation of mobile computers into vehicle cabs. Results may also be generalized to other industries that use truck-like vehicles, such as construction

Enhancing Usability and Security through Alternative Authentication Methods

With the expanding popularity of various Internet services, online users have be- come more vulnerable to malicious attacks as more of their private information is accessible on the Internet. The primary defense protecting private information is user authentication, which currently relies on less than ideal methods such as text passwords and PIN numbers. Alternative methods such as graphical passwords and behavioral biometrics have been proposed, but with too many limitations to replace current methods. However, with enhancements to overcome these limitations and harden existing methods, alternative authentications may become viable for future use. This dissertation aims to enhance the viability of alternative authentication systems. In particular, our research focuses on graphical passwords, biometrics that depend, directly or indirectly, on anthropometric data, and user authentication en- hancements using touch screen features on mobile devices. In the study of graphical passwords, we develop a new cued-recall graphical pass- word system called GridMap by exploring (1) the use of grids with variable input entered through the keyboard, and (2) the use of maps as background images. as a result, GridMap is able to achieve high key space and resistance to shoulder surfing attacks. to validate the efficacy of GridMap in practice, we conduct a user study with 50 participants. Our experimental results show that GridMap works well in domains in which a user logs in on a regular basis, and provides a memorability benefit if the chosen map has a personal significance to the user. In the study of anthropometric based biometrics through the use of mouse dy- namics, we present a method for choosing metrics based on empirical evidence of natural difference in the genders. In particular, we develop a novel gender classifi- cation model and evaluate the model’s accuracy based on the data collected from a group of 94 users. Temporal, spatial, and accuracy metrics are recorded from kine- matic and spatial analyses of 256 mouse movements performed by each user. The effectiveness of our model is validated through the use of binary logistic regressions. Finally, we propose enhanced authentication schemes through redesigned input, along with the use of anthropometric biometrics on mobile devices. We design a novel scheme called Triple Touch PIN (TTP) that improves traditional PIN number based authentication with highly enlarged keyspace. We evaluate TTP on a group of 25 participants. Our evaluation results show that TTP is robust against dictio- nary attacks and achieves usability at acceptable levels for users. We also assess anthropometric based biometrics by attempting to differentiate user fingers through the readings of the sensors in the touch screen. We validate the viability of this biometric approach on 33 users, and observe that it is feasible for distinguishing the fingers with the largest anthropometric differences, the thumb and pinkie fingers

Touch-screen Behavioural Biometrics on Mobile Devices

Robust user verification on mobile devices is one of the top priorities globally from a financial security and privacy viewpoint and has led to biometric verification complementing or replacing PIN and password methods. Research has shown that behavioural biometric methods, with their promise of improved security due to inimitable nature and the lure of unintrusive, implicit, continuous verification, could define the future of privacy and cyber security in an increasingly mobile world. Considering the real-life nature of problems relating to mobility, this study aims to determine the impact of user interaction factors that affect verification performance and usability for behavioural biometric modalities on mobile devices. Building on existing work on biometric performance assessments, it asks: To what extent does the biometric performance remain stable when faced with movements or change of environment, over time and other device related factors influencing usage of mobile devices in real-life applications? Further it seeks to provide answers to: What could further improve the performance for behavioural biometric modalities? Based on a review of the literature, a series of experiments were executed to collect a dataset consisting of touch dynamics based behavioural data mirroring various real-life usage scenarios of a mobile device. Responses were analysed using various uni-modal and multi-modal frameworks. Analysis demonstrated that existing verification methods using touch modalities of swipes, signatures and keystroke dynamics adapt poorly when faced with a variety of usage scenarios and have challenges related to time persistence. The results indicate that a multi-modal solution does have a positive impact towards improving the verification performance. On this basis, it is recommended to explore alternatives in the form of dynamic, variable thresholds and smarter template selection strategy which hold promise. We believe that the evaluation results presented in this thesis will streamline development of future solutions for improving the security of behavioural-based modalities on mobile biometrics

Features extraction scheme for behavioral biometric authentication in touchscreen mobile devices

Common authentication mechanisms in mobile devices such as passwords and Personal Identification Number have failed to keep up with the rapid pace of challenges associated with the use of ubiquitous devices over the Internet, since they can easily be lost or stolen. Thus, it is important to develop authentication mechanisms that can be adapted to such an environment. Biometric-based person recognition is a good alternative to overcome the difficulties of password and token approaches, since biometrics cannot be easily stolen or forgotten. An important characteristic of biometric authentication is that there is an explicit connection with the user's identity, since biometrics rely entirely on behavioral and physiological characteristics of human being. There are a variety of biometric authentication options that have emerged so far, all of which can be used on a mobile phone. These options include but are not limited to, face recognition via camera, fingerprint, voice recognition, keystroke and gesture recognition via touch screen. Touch gesture behavioural biometrics are commonly used as an alternative solution to existing traditional biometric mechanism. However, current touch gesture authentication schemes are fraught with authentication accuracy problems. In fact, the extracted features used in some researches on touch gesture schemes are limited to speed, time, position, finger size and finger pressure. However, extracting a few touch features from individual touches is not enough to accurately distinguish various users. In this research, behavioural features are extracted from recorded touch screen data and a discriminative classifier is trained on these extracted features for authentication. While the user performs the gesture, the touch screen sensor is leveraged on and twelve of the user‘s finger touch features are extracted. Eighty four different users participated in this research work, each user drew six gesture with a total of 504 instances. The extracted touch gesture features are normalised by scaling the values so that they fall within a small specified range. Thereafter, five different Feature Selection Algorithm were used to choose the most significant features subset. Six different machine learning classifiers were used to classify each instance in the data set into one of the predefined set of classes. Results from experiments conducted in the proposed touch gesture behavioral biometrics scheme achieved an average False Reject Rate (FRR) of 7.84%, average False Accept Rate (FAR) of 1%, average Equal Error Rate (EER) of 4.02% and authentication accuracy of 91.67%,. The comparative results showed that the proposed scheme outperforms other existing touch gesture authentication schemes in terms of FAR, EER and authentication accuracy by 1.67%, 6.74% and 4.65% respectively. The results of this research affirm that user authentication through gestures is promising, highly viable and can be used for mobile devices

On the Feasibility of Interoperable Schemes in Hand Biometrics

Personal recognition through hand-based biometrics has attracted the interest of many researchers in the last twenty years. A significant number of proposals based on different procedures and acquisition devices have been published in the literature. However, comparisons between devices and their interoperability have not been thoroughly studied. This paper tries to fill this gap by proposing procedures to improve the interoperability among different hand biometric schemes. The experiments were conducted on a database made up of 8,320 hand images acquired from six different hand biometric schemes, including a flat scanner, webcams at different wavelengths, high quality cameras, and contactless devices. Acquisitions on both sides of the hand were included. Our experiment includes four feature extraction methods which determine the best performance among the different scenarios for two of the most popular hand biometrics: hand shape and palm print. We propose smoothing techniques at the image and feature levels to reduce interdevice variability. Results suggest that comparative hand shape offers better performance in terms of interoperability than palm prints, but palm prints can be more effective when using similar sensors

Towards the internet of smart clothing: a review on IoT wearables and garments for creating intelligent connected e-textiles

[Abstract] Technology has become ubiquitous, it is all around us and is becoming part of us. Togetherwith the rise of the Internet of Things (IoT) paradigm and enabling technologies (e.g., Augmented Reality (AR), Cyber-Physical Systems, Artificial Intelligence (AI), blockchain or edge computing), smart wearables and IoT-based garments can potentially have a lot of influence by harmonizing functionality and the delight created by fashion. Thus, smart clothes look for a balance among fashion, engineering, interaction, user experience, cybersecurity, design and science to reinvent technologies that can anticipate needs and desires. Nowadays, the rapid convergence of textile and electronics is enabling the seamless and massive integration of sensors into textiles and the development of conductive yarn. The potential of smart fabrics, which can communicate with smartphones to process biometric information such as heart rate, temperature, breathing, stress, movement, acceleration, or even hormone levels, promises a new era for retail. This article reviews the main requirements for developing smart IoT-enabled garments and shows smart clothing potential impact on business models in the medium-term. Specifically, a global IoT architecture is proposed, the main types and components of smart IoT wearables and garments are presented, their main requirements are analyzed and some of the most recent smart clothing applications are studied. In this way, this article reviews the past and present of smart garments in order to provide guidelines for the future developers of a network where garments will be connected like other IoT objects: the Internet of Smart Clothing.Xunta de Galicia; ED431C 2016-045Xunta de Galicia; ED341D R2016/012Xunta de Galicia; ED431G/01Agencia Estatal de Investigación de España; TEC2013-47141-C4-1-RAgencia Estatal de Investigación de España; TEC2016-75067-C4-1-RAgencia Estatal de Investigación de España; TEC2015-69648-RED