Skip to main content
SpringerLink
Log in

Developing Cloud-Based Intelligent Touch Behavioral Authentication on Mobile Phones

  • Chapter
  • First Online:
Deep Biometrics

Part of the book series: Unsupervised and Semi-Supervised Learning ((UNSESUL))

Abstract

Mobile devices especially mobile phones have become a major target for cyber-criminals, there is a great need to design appropriate authentication mechanisms to protect users’ private information. The majority of smartphones offers a touchscreen where users can perform various touch actions. Thus, touch behavioral authentication is considered to be an important way to complement the existing textual passwords. Most behavioral schemes usually adopt machine learning techniques to profile users’ touch behaviors; however, machine learning-based schemes suffer from unstable performance, which would greatly reduce the system usability, i.e., causing a high false rejection. In this chapter, we advocate the effectiveness of intelligent touch behavioral authentication, and propose a cloud-based scheme to further reduce the workload by offloading both classifier selection and behavioral modelling to a cloud. Our experimental results demonstrated that our scheme can greatly reduce the required workload to complete user authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.cyanogenmod.com/.

  2. 2.

    A Beta version of our customized-Android OS can be downloaded from SourceForge: https://sourceforge.net/projects/touchdynamicsauthentication/files/Android_OS/.

  3. 3.

    https://play.google.com/store/apps/details?id=com.cpuid.cpu_z.

References

  1. A.J. Aviv, K. Gibson, E. Mossop, M. Blaze, J.M. Smith, Smudge attacks on smartphone touch screens, in Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT) (USENIX Association, Berkeley, 2010), pp. 1–10

    Google Scholar 

  2. F. Bergadano, D. Gunetti, C. Picardi, User authentication through keystroke dynamics. ACM Trans. Inf. Syst. Secur. 5(4), 367–397 (2002)

    Article  Google Scholar 

  3. N.D.W. Cahyani, B. Martini, K.K.R. Choo, A.M.N. Al-Azhar. Forensic data acquisition from cloud-of-things devices: windows Smartphones as a case study. Concurrency Comput.: Practice and Experience 29(14), e3855 (2017)

    Article  Google Scholar 

  4. N.L. Clarke, S.M. Furnell, Telephones–a survey of attitudes and practices. Comput. Secur. 24(7), 519–527 (2005)

    Article  Google Scholar 

  5. N.L. Clarke, S.M. Furnell, Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6(1), 1–14 (2007)

    Article  Google Scholar 

  6. L. Chang, Smartphone usage soars in US as other devices’ popularity declines (2015). Available at: https://www.digitaltrends.com/mobile/us-smartphone-usage-soars/

    Google Scholar 

  7. J. Dai, J. Zhou, Multifeature-based high-resolution palmprint recognition. IEEE Trans. Pattern Anal. Mach. Intell. 33(5), 945–957 (2011)

    Article  Google Scholar 

  8. Deloitte, Global Mobile Consumer Survey (2017). https://www2.deloitte.com/content/dam/Deloitte/be/Documents/technology-media-telecommunications/global-mobile-consumer-survey-2017_belgian-edition.pdf

  9. P. Dunphy, A.P. Heiner, N. Asokan, A closer look at recognition-based graphical passwords on mobile devices, in Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS) (ACM, New York, 2010), pp. 1–12

    Google Scholar 

  10. T. Feng, Z. Liu, K.-A. Kwon, W. Shi, B. Carbunary, Y. Jiang, N. Nguyen, Continuous mobile authentication using touchscreen gestures, in Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST) (IEEE, Piscataway, 2012), pp. 451–456

    Book  Google Scholar 

  11. D. Fiorella, A. Sanna, F. Lamberti, Multi-touch user interface evaluation for 3D object manipulation on mobile devices. J. Multimodal User Interfaces 4(1), 3–10 (2010)

    Article  Google Scholar 

  12. D. Florencio, C. Herley, A large-scale study of web password habits, in Proceedings of the 16th International Conference on World Wide Web (WWW) (ACM, New York, 2007), pp. 657–666

    Google Scholar 

  13. M. Frank, R. Biedert, E. Ma, I. Martinovic, D. Song, Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)

    Article  Google Scholar 

  14. J.E. Gaffney, J.W. Ulvila, Evaluation of intrusion detectors: a decision theory approach, in Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001), pp. 50–61

    Google Scholar 

  15. M. Goel, J.O. Wobbrock, S.N. Patel, GripSense: using built-in sensors to detect hand posture and pressure on commodity mobile phones, in Proceedings of the 25th Annual ACM symposium on User Interface Software and Technology (UIST) (ACM, New York, 2012), pp. 545–554

    Google Scholar 

  16. N.Z. Gong, R. Moazzezi, M. Payer, M. Frank, Forgery-resistant touch-based authentication on mobile devices, in Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (2016), pp. 499–510

    Google Scholar 

  17. G. Gu, P. Fogla, W. Lee, B. Skoric, Measuring intrusion detection capability: an information-theoretic approach, in Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security (ASIACCS) (ACM, New York, 2006), pp. 90–101

    Google Scholar 

  18. N. Gunson, D. Marshall, F. McInnes, M. Jack, Usability evaluation of voiceprint authentication in automated telephone banking: sentences versus digits. Interacting Comput. 23(1), 57–69 (2011)

    Article  Google Scholar 

  19. IDC. With Expectations of a Positive Second Half of 2018 and Beyond. https://www.idc.com/getdoc.jsp?containerId=prUS44240118.

  20. A.K. Karlson, A.B. Brush, S. Schechter, Can i borrow your phone?: understanding concerns when sharing mobile phones, in Proceedings of the 27th International Conference on Human Factors in Computing Systems (CHI) (ACM, New York, 2009), pp. 1647–1650

    Google Scholar 

  21. M. Keith, B. Shao, P. Steinbart, The usability of passphrases for authentication: an empirical field study. Int. J. Hum. Comput. Stud. 65(1), 17–28 (2007)

    Article  Google Scholar 

  22. D. Kim, P. Dunphy, P. Briggs, J. Hook, J.W. Nicholson, J. Nicholson, P. Olivier, Multi-touch authentication on tabletops, in Proceedings of the 28th International Conference on Human Factors in Computing Systems (CHI) (ACM, New York, 2010), pp. 1093–1102

    Google Scholar 

  23. L. Kotthoff, I.P. Gent, I. Miguel, An evaluation of machine learning in algorithm selection for search problems. AI Commun. 25(3), 257–270 (2012)

    Article  MathSciNet  Google Scholar 

  24. R. Lemos, Passwords: the weakest link? hackers can crack most in less than a minute (2002) http://news.com/2009-1001-916719.html

    Google Scholar 

  25. J. Li, J. Li, X. Chen, C. Jia, W. Lou, Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans. Commun. 64(2), 425–437 (2015)

    MathSciNet  MATH  Google Scholar 

  26. J. Li, Z. Liu, X. Chen, F. Xhafa, X. Tan, D.S. Wong, L-EncDB: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl.-Based Syst. 79, 18–26 (2015)

    Article  Google Scholar 

  27. J. Li, H. Yan, Z. Liu, X. Chen, X. Huang, D.S. Wong, Location-sharing systems with enhanced privacy in mobile online social networks. IEEE Syst. J. 11(2), 439–448 (2017)

    Article  Google Scholar 

  28. J. Li, Y. Zhang, X. Chen, Y. Xiang, Secure attribute-based data sharing for resource-limited users in cloud computing. Comput. Secur. 72, 1–12 (2018)

    Article  Google Scholar 

  29. D. Maio, D. Maltoni, J.L. Wayman, A.K. Jain, Fvc2000: fingerprint verification competition. IEEE Trans. Pattern Anal. Mach. Intell. 24(3), 402–412 (2002)

    Article  Google Scholar 

  30. Y. Meng, Measuring intelligent false alarm reduction using an ROC curve-based approach in network intrusion detection, in Proceedings of the 2012 IEEE International Conference on Computational Intelligence for Measurement Systems and Applications (CIMSA) (2012), pp. 108–113

    Google Scholar 

  31. Y. Meng, L.F. Kwok, Adaptive false alarm filter using machine learning in intrusion detection, in Proceedings of the 6th International Conference on Intelligent Systems and Knowledge Engineering (ISKE), Advances in Intelligent and Soft Computing (Springer, Berlin, 2011), pp. 573–584

    Google Scholar 

  32. Y. Meng, D.S. Wong, R. Schlegel, L.F. Kwok, Touch gestures based biometric authentication scheme for touchscreen mobile phones, in Proceedings of the 8th China International Conference on Information Security and Cryptology (INSCRYPT). Lecture Notes in Computer Science (Springer, Heidelberg, 2012), pp. 331–350

    Chapter  Google Scholar 

  33. Y. Meng, D.S. Wong, L.-F. Kwok, Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones, in Proceedings of the ACM Symposium on Applied Computing (2014), pp. 1680–1687

    Google Scholar 

  34. W. Meng, D.S. Wong, S. Furnell, J. Zhou, Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutorials 17(3), 1268–1293 (2015)

    Article  Google Scholar 

  35. W. Meng, Evaluating the effect of multi-touch behaviours on Android unlock patterns. Int. J. Inf. Comput. Secur. 24(3), 277–287 (2016)

    Article  Google Scholar 

  36. W. Meng, W. Li, D.S. Wong, J. Zhou, TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones, in Proceedings of the 14th International Conference on Applied Cryptography and Network Security (ACNS) (2016), pp. 629–647

    Google Scholar 

  37. W. Meng, W. Li, L. Jiang, L. Meng, On multiple password interference of touch screen patterns and text passwords, in Proceedings of ACM Conference on Human Factors in Computing Systems (2016), pp. 4818–4822

    Google Scholar 

  38. W. Meng, W.H. Lee, S.R. Murali, S.P.T. Krishnan, JuiceCaster: towards automatic juice filming attacks on smartphones. J. Netw. Comput. Appl. 68, 201–212 (2016)

    Article  Google Scholar 

  39. W. Meng, W. Li, L.-F. Kwok, K.-K.R. Choo, Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)

    Article  Google Scholar 

  40. W. Meng, L. Jiang, Y. Wang, J. Li, J. Zhang, Y. Xiang, JFCGuard: detecting juice filming charging attack via processor usage analysis on smartphones. Comput. Secur. 76, 252–264 (2018)

    Article  Google Scholar 

  41. W. Meng, W. Li, D.S. Wong, Enhancing touch behavioral authentication via cost-based intelligent mechanism on smartphones. Multimed. Tools Appl. 77(23), 30167–30185 (2018)

    Article  Google Scholar 

  42. W. Meng, Z. Liu, TMGMap: designing touch movement-based geographical password authentication on smartphones, in The 14th International Conference on Information Security Practice and Experience (ISPEC 2018) (2018), pp. 373–390

    Google Scholar 

  43. Millennial Media. Mobile mix: The mobile device index (2012). Available at: http://www.millennialmedia.com/research

    Google Scholar 

  44. Mobile and NCSA. Report on Consumer Behaviors and Perceptions of Mobile Security (2012). Available at: http://docs.nq.com/NQ_Mobile_Security_Survey_Jan2012.pdf

  45. T.V. Nguyen, N. Sae-Bae, N. Memon, DRAW-A-PIN: authentication using finger-drawn PIN on touch devices. Comput. Secur. 66, 115–128 (2017)

    Article  Google Scholar 

  46. Y. Numabe, H. Nonaka, T. Yoshikawa, Finger Identification for touch panel operation using tapping fluctuation, in Proceedings of the IEEE 13th International Symposium on Consumer Electronics (2009), pp. 899–902

    Google Scholar 

  47. S. Pokharel, K.K.R. Choo, J. Liu, Mobile cloud security: an adversary model for lightweight browser security. Comput. Stand. Interfaces 49, 71–78 (2017)

    Article  Google Scholar 

  48. R. Potharaju, A. Newell, C. Nita-Rotaru, X. Zhang, Plagiarizing smartphone applications: attack strategies and defense techniques, in Proceedings of the 2012 International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (Springer, Heidelberg, 2012), pp. 106–120

    Google Scholar 

  49. M. Pusara, C.E. Brodley, User Re-authentication via mouse movements, in Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC) (ACM, New York, USA, 2004), pp. 1–8

    Book  Google Scholar 

  50. D. Quick, K.K.R. Choo, Pervasive social networking forensics: intelligence and evidence from mobile device extracts. J. Netw. Comput. Appl. 86, 24–33 (2017)

    Article  Google Scholar 

  51. J. Ranjan, K. Whitehouse, Automatic authentication of smartphone touch interactions using smartwatch, in Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing (2016), pp. 361–364

    Google Scholar 

  52. N. Sae-Bae, N. Memon, K. Isbister, K. Ahmed, Multitouch gesture-based authentication. IEEE Trans. Inf. Forensics Secur. 9(4), 568–582 (2014)

    Article  Google Scholar 

  53. H. Saevanee, P. Bhattarakosol, Authenticating user using keystroke dynamics and finger pressure, in Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference (CCNC) (IEEE, Piscataway, 2009), pp. 1078–1079

    Google Scholar 

  54. F. Schaub, R. Deyhle, M. Weber, Password entry usability and shoulder surfing susceptibility on different smartphone platforms, in Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia (MUM) (ACM, New York, 2012), pp. 1–10

    Google Scholar 

  55. N.A. Schmid, M.V. Ketkar, H. Singh, B. Cukic, Performance analysis of iris-based identification system at the matching score level. IEEE Trans. Inf. Forensics Secur. 1(2), 154–168 (2006)

    Article  Google Scholar 

  56. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer, Google Android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)

    Article  Google Scholar 

  57. M. Shahzad, A.X. Liu, A. Samuel, Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. Mob. Comput. 16(10), 2726–2741 (2017)

    Article  Google Scholar 

  58. V. Sharma, R. Enbody, User authentication and identification from user interface interactions on touch-enabled devices, in Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2017), pp. 1–11

    Google Scholar 

  59. M. Smith-Creasey, M. Rajarajan, A continuous user authentication scheme for mobile devices, in Proceedings of the 14th Annual Conference on Privacy, Security and Trust (PST) (2016), pp. 104–113

    Google Scholar 

  60. R. Sommer, V. Paxson, Outside the closed world: on using machine learning for network intrusion detection, in Proceedings of the 2010 IEEE symposium on Security and Privacy (2010), pp. 305–316

    Google Scholar 

  61. Y. Song, Z. Cai, Z.-L. Zhang, Multi-touch authentication using hand geometry and behavioral information, in Proceedings of IEEE Symposium on Security and Privacy (2017), pp. 357–372

    Google Scholar 

  62. F. Tari, A.A. Ozok, S.H. Holden, A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords, in Proceedings of the 2nd Symposium on Usable Privacy and Security (SOUPS)(ACM, New York, 2006), pp. 56–66

    Google Scholar 

  63. M. Temper, S. Tjoa, M. Kaiser, Touch to authenticate—continuous biometric authentication on mobile devices, in Proceedings of the 2015 International Conference on Software Security and Assurance (ICSSA) (2015), pp. 30–35

    Google Scholar 

  64. The University of Waikato. WEKA-Waikato Environment for Knowledge Analysis. Available at: http://www.cs.waikato.ac.nz/ml/weka/

  65. P.S. The, N. Zhang, A.B.J. Teoh, K. Chen, Recognizing your touch: towards strengthening mobile device authentication via touch dynamics integration, in Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia (MoMM) (2015), pp. 108–116

    Google Scholar 

  66. S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, S. Ben-David, Biometric authentication on a mobile device: a study of user effort, error and task disruption, in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) (2012), pp. 159–168

    Google Scholar 

  67. D. Van Thanh, Security issues in mobile eCommerce, in Proceedings of the 11th International Workshop on Database and Expert Systems Applications (DEXA) (IEEE, Piscataway, 2000), pp. 412–425

    Google Scholar 

  68. R. Wallace, M. McLaren, C. McCool, S. Marcel, Cross-pollination of normalisation techniques from speaker to face authentication using Gaussian mixture models. IEEE Trans. Inf. Forensics Secur. 7(2), 553–562 (2012)

    Article  Google Scholar 

  69. D. Wang, H. Cheng, P. Wang, X. Huang, G. Jian, Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 277–2791 (2017)

    Google Scholar 

  70. J. Yan, A. Blackwell, R. Anderson, A. Grant, Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)

    Article  Google Scholar 

  71. S. Zahid, M. Shahzad, S.A. Khayam, M. Farooq, Keystroke-based user identification on smart phones, in Proceedings of Recent Advances in Intrusion Detection. Lecture Notes in Computer Science (Springer, Berlin, 2009), pp. 224–243

    Google Scholar 

  72. X. Zhao, T. Feng, W. Shi, I.A. Kakadiaris, Mobile user authentication using statistical touch dynamics images. IEEE Trans. Inf. Forensics Secur. 9(11), 1780–1789 (2014)

    Article  Google Scholar 

  73. N. Zheng, K. Bai, H. Huang, H. Wang, You are how you touch: user verification on smartphones via tapping behaviors, in Proceedings of the 2014 International Conference on Network Protocols (ICNP) (2014), pp. 221–232

    Google Scholar 

Download references

Acknowledgement

The authors would like to thank all participants for their work in the user study.

Author information

Authors and Affiliations

  1. CyberTree, Shatin, Hong Kong SAR

    Zhi Lin

  2. DTU Compute, Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  3. Department of Computer Science, City University of Hong Kong, Kowloon, Hong Kong SAR

    Wenjuan Li

  4. Hong Kong Applied Science and Technology Research Institute, Shatin, Hong Kong SAR

    Wenjuan Li & Duncan S. Wong

Authors
  1. Zhi Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Duncan S. Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng .

Editor information

Editors and Affiliations

  1. School of Computing and Communication, InfoLab21, Lancaster University, Lancaster, UK

    Richard Jiang

  2. School of Information Technology, Deakin University, Waurn Ponds, VIC, Australia

    Chang-Tsun Li

  3. Electrical Engineering and Computer Science, School of Electronics, Queen’s University Belfast, Belfast, UK

    Danny Crookes

  4. Technical University of Denmark, Kgs. Lyngby, Denmark

    Weizhi Meng

  5. GREYC research Lab, ENSICAEN, Caen, France

    Christophe Rosenberger

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Lin, Z., Meng, W., Li, W., Wong, D.S. (2020). Developing Cloud-Based Intelligent Touch Behavioral Authentication on Mobile Phones. In: Jiang, R., Li, CT., Crookes, D., Meng, W., Rosenberger, C. (eds) Deep Biometrics. Unsupervised and Semi-Supervised Learning. Springer, Cham. https://doi.org/10.1007/978-3-030-32583-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-32583-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-32582-4

  • Online ISBN: 978-3-030-32583-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation