Touch-screen Behavioural Biometrics on Mobile Devices

Robust user verification on mobile devices is one of the top priorities globally from a financial security and privacy viewpoint and has led to biometric verification complementing or replacing PIN and password methods. Research has shown that behavioural biometric methods, with their promise of improved security due to inimitable nature and the lure of unintrusive, implicit, continuous verification, could define the future of privacy and cyber security in an increasingly mobile world. Considering the real-life nature of problems relating to mobility, this study aims to determine the impact of user interaction factors that affect verification performance and usability for behavioural biometric modalities on mobile devices. Building on existing work on biometric performance assessments, it asks: To what extent does the biometric performance remain stable when faced with movements or change of environment, over time and other device related factors influencing usage of mobile devices in real-life applications? Further it seeks to provide answers to: What could further improve the performance for behavioural biometric modalities? Based on a review of the literature, a series of experiments were executed to collect a dataset consisting of touch dynamics based behavioural data mirroring various real-life usage scenarios of a mobile device. Responses were analysed using various uni-modal and multi-modal frameworks. Analysis demonstrated that existing verification methods using touch modalities of swipes, signatures and keystroke dynamics adapt poorly when faced with a variety of usage scenarios and have challenges related to time persistence. The results indicate that a multi-modal solution does have a positive impact towards improving the verification performance. On this basis, it is recommended to explore alternatives in the form of dynamic, variable thresholds and smarter template selection strategy which hold promise. We believe that the evaluation results presented in this thesis will streamline development of future solutions for improving the security of behavioural-based modalities on mobile biometrics

Evaluation of stability of swipe gesture authentication across usage scenarios of mobile device

Background: User interaction with a mobile device predominantly consists of touch motions, otherwise known as swipe gestures, which are used as a behavioural biometric modality to verify the identity of a user. Literature reveals promising verification accuracy rates for swipe gesture authentication. Most of the existing studies have considered constrained environment in their experimental set-up. However, real-life usage of a mobile device consists of several unconstrained scenarios as well. Thus, our work aims to evaluate the stability of swipe gesture authentication across various usage scenarios of a mobile device. Methods: The evaluations were performed using state-of-the-art touch-based classification algorithms—support vector machine (SVM), k-nearest neighbour (kNN) and naive Bayes—to evaluate the robustness of swipe gestures across device usage scenarios. To simulate real-life behaviour, multiple usage scenarios covering stationary and dynamic modes are considered for the analysis. Additionally, we focused on analysing the stability of verification accuracy for time-separated swipes by performing intra-session (acquired on the same day) and inter-session (swipes acquired a week later) comparisons. Finally, we assessed the consistency of individual features for horizontal and vertical swipes using a statistical method. Results: Performance evaluation results indicate impact of body movement and environment (indoor and outdoor) on the user verification accuracy. The results reveal that for a static user scenario, the average equal error rate is 1%, and it rises significantly for the scenarios involving any body movement—caused either by user or the environment. The performance evaluation for time-separated swipes showed better verification accuracy rate for swipes acquired on the same day compared to swipes separated by a week. Finally, assessment on feature consistency reveal a set of consistent features such as maximum slope, standard deviation and mean velocity of second half of stroke for both horizontal and vertical swipes. Conclusions: The performance evaluation of swipe-based authentication shows variation in verification accuracy across different device usage scenarios. The obtained results challenge the adoption of swipe-based authentication on mobile devices. We have suggested ways to further achieve stability through specific template selection strategies. Additionally, our evaluation has established that at least 6 swipes are needed in enrolment to achieve acceptable accuracy. Also, our results conclude that features such as maximum slope and standard deviation are the most consistent features across scenarios

A Framework for Assessing Factors Influencing User Interaction for Touch-based Biometrics

Touch-based behavioural biometrics is an emerging technique for passive and transparent user authentication on mobile devices. It utilises dynamics mined from users’ touch actions to model behaviour. The interaction of the user with the mobile device using touch is an important aspect to investigate as the interaction errors can influence the stability of sample donation and overall performance of the implemented biometric authentication system. In this paper, we are outlining a data collection framework for touch-based behavioural biometric modalities (signature, swipe and keystroke dynamics) that will enable us to study the influence of environmental conditions and body movement on the touch-interaction. In order to achieve this, we have designed a multi-modal behavioural biometric data capturing application “Touchlogger” that logs touch actions exhibited by the user on the mobile device. The novelty of our framework lies in the collection of users’ touch data under various usage scenarios and environmental conditions. We aim to collect touch data in two different environments - indoors and outdoors, along with different usage scenarios - whilst the user is seated at a desk, walking on a treadmill, walking outdoors and seated on a bus. The range of collected data may include swiping, signatures using finger and stylus, alphabetic, numeric keystroke data and writing patterns using a stylus

Biometric Systems Interaction Assessment: The State of the Art

The design and implementation of effective and efficient biometric systems presents a series of challenges to information technology (IT) designers to ensure robust performance. One of the most important factors across biometric systems, aside from algorithmic matching ability, is the human interaction influence on performance. Changes in biometric system paradigms have motivated further testing methods, especially within mobile environments, where the interaction with the device has fewer environmental constraints, whichmay severely affect system performance. Testing methods involve the need for reflecting on the influence of user-system interaction on the overall system performance in order to provide information for design and testing. This paper reflects on the state of the art of biometric systems interaction assessment, leading to a comprehensive document of the relevant research and standards in this area. Furthermore, the current challenges are discussed and thus we provide a roadmap for the future of biometrics systems interaction research

Attacking a smartphone biometric fingerprint system:a novice’s approach

Biometric systems on mobile devices are an increasingly ubiquitous method for identity verification. The majority of contemporary devices have an embedded fingerprint sensor which may be used for a variety of transactions including unlock a device or sanction a payment. In this study we explore how easy it is to successfully attack a fingerprint system using a fake finger manufactured from commonly available materials. Importantly our attackers were novices to producing the fingers and were also constrained by time. Our study shows the relative ease that modern devices can be attacked and the material combinations that lead to these attacks