Abstract
Nowadays, touchscreen mobile phones make up a larger and larger share in the mobile market. Users also often use their mobile phones (e.g., Android phones) to store personal and sensitive data. It is therefore important to safeguard mobile phones by authenticating legitimate users and detecting impostors. In this paper, we propose a novel user authentication scheme based on touch dynamics that uses a set of behavioral features related to touch dynamics for accurate user authentication. In particular, we construct and select 21 features that can be used for user authentication. To evaluate the performance of our scheme, we collect and analyze touch gesture data of 20 Android phone users by comparing several known machine learning classifiers. The experimental results show that a neural network classifier is well-suited to authenticate different users with an average error rate of about 7.8% for our selected features. Finally, we optimize the neural network classifier by using Particle Swarm Optimization (PSO) to deal with variations in users’ usage patterns. Experimental results show that the average error rate of our optimized scheme is only about 3%, achieved solely by analyzing the touch behavior of users on an Android phone.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahmed, A.A.E., Traore, I.: A New Biometric Technology based on Mouse Dynamics. IEEE Transactions on Dependable and Secure Computing 4(3), 165–179 (2007)
Bergadano, F., Gunetti, D., Picardi, C.: User Authentication through Keystroke Dynamics. ACM Transactions on Information and System Security 5(4), 367–397 (2002)
Bishop, C.: Improving the Generalization Properties of Radial Basis Function Neural Networks. Neural Computation 3(4), 579–588 (1991)
Bleha, S., Slivinsky, C., Hussien, B.: Computer-access Security Systems Using Keystroke Dynamics. IEEE Transactions on Pattern Analysis and Machine Intelligence 12(12), 1217–1222 (1990)
Clarke, N.L., Furnell, S.M.: Telephones -A Survey of Attitudes and Practices. Computers & Security 24(7), 519–527 (2005)
Clarke, N.L., Furnell, S.M.: Authenticating Mobile Phone Users Using Keystroke Analysis. International Journal of Information Security 6(1), 1–14 (2007)
Cleary, J.G., Trigg, L.E.: K*: An Instance-based Learner Using an Entropic Distance Measure. In: Proceedings of the 12th International Conference on Machine Learning, pp. 108–114. Morgan Kaufmann (1995)
Dai, J., Zhou, J.: Multifeature-based high-Resolution Palmprint Recognition. IEEE Transactions on Pattern Analysis and Machine Intelligence 33(5), 945–957 (2011)
De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch Me Once and I Know It’s You!: Implicit Authentication based on Touch Screen Patterns. In: Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems (CHI), pp. 987–996. ACM, New York (2012)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Fahlman, S.E.: An Empirical Study of Learning Speed in Back-propagation Networks. Technical Report CMU-CS-88-162, Carnegie Mellon University, Pittsburgh, PA 15213 (1988)
Fiorella, D., Sanna, A., Lamberti, F.: Multi-touch User Interface Evaluation for 3D Object Manipulation on Mobile Devices. Journal on Multimodal User Interfaces 4(1), 3–10 (2010)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The Design and Analysis of Graphical Passwords. In: Proceedings of the 8th USENIX Security Symposium, pp. 1–15. USENIX Association (1999)
Jorgensen, Z., Yu, T.: On Mouse Dynamics as a Behavioral Biometric for Authentication. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), New York, USA, pp. 476–482 (2011)
Karatzouni, S., Clarke, N.: Keystroke Analysis for Thumb-based Keyboards on Mobile Devices. In: Venter, H., Elofif, M., Labuschagne, L., Elofif, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 253–263. Springer, Boston (2007)
Karlson, A.K., Brush, A.B., Schechter, S.: Can I Borrow Your Phone?: Understanding Concerns When Sharing Mobile Phones. In: Proceedings of the 27th International Conference on Human Factors in Computing Systems (CHI), pp. 1647–1650. ACM, New York (2009)
Kennedy, J., Eberhart, R.: Particle Swarm Optimization. In: Proceedings of the 1995 IEEE International Conference on Neural Networks, pp. 1942–1948 (1995)
Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J.W., Nicholson, J., Olivier, P.: Multi-Touch Authentication on Tabletops. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems (CHI), pp. 1093–1102. ACM, New York (2010)
Köse, C., İkibaş, C.: A Personal Identification System using Retinal Vasculature in Retinal Fundus Images. Expert Systems with Applications 38(11), 13670–13681 (2011)
Leggett, J., Williams, G., Usnick, M., Longnecker, M.: Dynamic Identity Verification via Keystroke Characteristics. International Journal of Man-Machine Studies 35(6), 859–870 (1991)
Lemos, R.: Passwords: the Weakest Link? Hackers can Crack most in less than a Minute (May 2002), http://news.com/2009-1001-916719.html
Liu, Y., Zheng, Q., Shi, Z., Chen, J.: Training Radial Basis Function Networks with Particle Swarms. In: Yin, F.-L., Wang, J., Guo, C. (eds.) ISNN 2004. LNCS, vol. 3173, pp. 317–322. Springer, Heidelberg (2004)
Maio, D., Maltoni, D., Wayman, J.L., Jain, A.K.: Fvc2000: Fingerprint Verification Competition. IEEE Transactions on Pattern Analysis and Machine Intelligence 24(3), 402–412 (2002)
Maiorana, E., Campisi, P., González-Carballo, N., Neri, A.: Keystroke Dynamics Authentication for Mobile Phones. In: Proceedings of the 2011 ACM Symposium on Applied Computing (SAC), pp. 21–26. ACM, New York (2011)
Matyás Jr., V., Riha, Z.: Toward Reliable User Authentication through Biometrics. IEEE Security and Privacy 1(3), 45–49 (2003)
McAfee and Carnegie Mellon University. Mobility and Security: Dazzling Opportunities, profound challenges (May 2011), http://www.mcafee.com/mobilesecurityreport
McHugh, J.: Intrusion and Intrusion Detection. International Journal of Information Security 1(1), 14–35 (2001)
Millennial Media. Mobile mix: The mobile device index (2011), http://www.millennialmedia.com/research
N. Mobile and NCSA. Report on Consumer Behaviors and Perceptions of Mobile Security (January 2012), http://docs.nq.com/NQ_Mobile_Security_Survey_Jan2012.pdf
Monrose, F., Reiter, M.K., Wetzel, S.: Password Hardening based on Keystroke Dynamics. International Journal of Information Security 1(2), 69–83 (2002)
Monrose, F., Rubin, A.: Authentication via Keystroke Dynamics. In: Proceedings of the 4th ACM Conference on Computer and Communications Security (CCS), pp. 48–56. ACM, New York (1997)
Monrose, F., Rubin, A.: Keystroke Dynamics as a Biometric for Authentication. Future Generation Computer Systems 16(4), 351–359 (2000)
Nakkabi, Y., Traoré, I., Ahmed, A.A.E.: Improving Mouse Dynamics Biometric Performance using Variance Reduction via Extractors with Separate Features. IEEE Transactions on Systems, Man, and Cybernetics, Part A 40(6), 1345–1353 (2010)
Nauman, M., Ali, T., Rauf, A.: Using Trusted Computing for Privacy Preserving Keystroke-based Authentication in Smartphones. Telecommunication Systems, 1–13 (2011)
Numabe, Y., Nonaka, H., Yoshikawa, T.: Finger Identification for Touch Panel Operation using Tapping Fluctuation. In: Proceedings of the IEEE 13th International Symposium on Consumer Electronics, pp. 899–902 (May 2009)
Orr, M.J.L.: Introduction to Radial Basis Function Networks (1996)
Paola, J.D., Schowengerdt, R.A.: A Detailed Comparison of Backpropagation Neural Network and Maximum-likelihood Classifiers for Urban Land Use Classification. IEEE Transactions on Geoscience and Remote Sensing 33(4), 981–996 (1995)
Pusara, M., Brodley, C.E.: User Re-Authentication via Mouse Movements. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), pp. 1–8. ACM, New York (2004)
Qasem, S.N., Shamsuddin, S.M.: Hybrid Learning Enhancement of RBF Network based on Particle Swarm Optimization. In: Yu, W., He, H., Zhang, N. (eds.) ISNN 2009, Part III. LNCS, vol. 5553, pp. 19–29. Springer, Heidelberg (2009)
Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)
Quinlan, J.R.: Improved Use of Continuous Attributes in C4.5. Journal of Artificial Intelligence Research 4(1), 77–90 (1996)
Rennie, J.D.M., Shih, L., Teevan, J., Karger, D.R.: Tackling the Poor Assumptions of Naive Bayes Text Classifiers. In: Proceedings of the 20th International Conference on Machine Learning, pp. 616–623 (2003)
Rish, I.: An Empirical Study of the Naive Bayes Classifier. In: Proceedings of IJCAI 2001 Workshop on Empirical Methods in AI, pp. 41–46 (2001)
Robinson, J.A., Liang, V.W., Chambers, J.A.M., MacKenzie, C.L.: Computer User Verification using Login String Keystroke Dynamics. IEEE Transactions on Systems, Man, and Cybernetics, Part A 28(2), 236–241 (1998)
Schmid, N.A., Ketkar, M.V., Singh, H., Cukic, B.: Performance Analysis of Iris-based Identification System at the Matching Score Level. IEEE Transactions on Information Forensics and Security 1(2), 154–168 (2006)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A Comprehensive Security Assessment. IEEE Security Privacy 8(2), 35–44 (2010)
Tari, F., Ozok, A.A., Holden, S.H.: A Comparison of Perceived and Real Shoulder-Surfing Risks between Alphanumeric and Graphical Passwords. In: Proceedings of the 2nd Symposium on Usable Privacy and Security (SOUPS), pp. 56–66. ACM, New York (2006)
The University of Waikato. WEKA-Waikato Environment for Knowledge Analysis, http://www.cs.waikato.ac.nz/ml/weka/
Wallace, R., McLaren, M., McCool, C., Marcel, S.: Cross-pollination of Normalisation Techniques from Speaker to Face Authentication using Gaussian Mixture Models. IEEE Transactions on Information Forensics and Security 7(2), 553–562 (2012)
Weiss, R., De Luca, A.: Passshapes: Utilizing Stroke based Authentication to Increase Password Memorability. In: Proceedings of the 5th Nordic Conference on Human-Computer Interaction: Building Bridges (NordiCHI), pp. 383–392. ACM, New York (2008)
Yao, X.: Evolving Artificial Neural Networks. Proceedings of the IEEE 87(9), 1423–1447 (1999)
Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-Based User Identification on Smart Phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)
Zheng, N., Paloski, A., Wang, H.: An Efficient User Verification System via Mouse Movements. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 139–150. ACM, New York (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Meng, Y., Wong, D.S., Schlegel, R., Kwok, Lf. (2013). Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones. In: Kutyłowski, M., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2012. Lecture Notes in Computer Science, vol 7763. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38519-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-38519-3_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38518-6
Online ISBN: 978-3-642-38519-3
eBook Packages: Computer ScienceComputer Science (R0)