Utilizing Sequences of Touch Gestures for User Verification on Mobile Devices

  • Liron Ben KimonEmail author
  • Yisroel MirskyEmail author
  • Lior RokachEmail author
  • Bracha ShapiraEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10939)


Smartphones have become ubiquitous in our daily lives; they are used for a wide range of tasks and store increasing amounts of personal data. To minimize risk and prevent misuse of this data by unauthorized users, access must be restricted to verified users. Current classification-based methods for gesture-based user verification only consider single gestures, and not sequences. In this paper, we present a method which utilizes information from sequences of touchscreen gestures, and the context in which the gestures were made using only basic touch features. To evaluate our approach, we built an application which records all the necessary data from the device (touch and contextual sensors which do not consume significant battery life). Using XGBoost on the collected data, we were able to classify between a legitimate user and the population of illegitimate users (imposters) with an average equal error rate (EER) of 4.78% and an average area under the curve (AUC) of 98.15%. Our method demonstrates that by considering only basic touch features and utilizing sequences of gestures, as opposed to individual gestures, the accuracy of the verification process improves significantly.


Continuous user verification Mobile Security Touchscreen gestures Sequence recognition Context Behavioral models XGBoost 


  1. 1.
    Lookout Blog: Phone Theft in America: What really happens when your phone gets grabbed (2014).
  2. 2.
    Lee, A.: A Thief Snatched My iPhone (2014).
  3. 3.
    Consumer Report: Smart phone thefts rose to 3.1 million in 2013 (2014).
  4. 4.
    Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones - a survey of attitudes and practices. Comput. Secur. 24(7), 519–527 (2005)CrossRefGoogle Scholar
  5. 5.
    Vance, A.: If your password is 123456, just make it hackme. N.Y. Times 20, A1 (2010)Google Scholar
  6. 6.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: USENIX Conference on Offensive Technology, pp. 1–7 (2010)Google Scholar
  7. 7.
    Feng, T., Liu, Z., Kwon, K.A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE International Conference on Technologies for Homeland Security, HST 2012, pp. 451–456 (2012)Google Scholar
  8. 8.
    Frank, M., et al.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRefGoogle Scholar
  9. 9.
    Murmuria, R., Stavrou, A., Barbará, D., Fleck, D.: Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 405–424. Springer, Cham (2015). Scholar
  10. 10.
    Ben Kimon, L., et al.: User verification on mobile devices using sequences of touch gestures. In: Proceedings of the 25th Conference on User Modeling, Adaptation and Personalization. ACM (2017)Google Scholar
  11. 11.
    Patel, V.M., Chellappa, R., Chandra, D., Barbello, B.: Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Sig. Process. Mag. 33(4), 49–61 (2016)CrossRefGoogle Scholar
  12. 12.
    Feng, T., Yang, J., Yan, Z., Tapia, E.M., Shi, W.: TIPS: context-aware implicit user identification using touch screen in uncontrolled environments. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, pp. 9:1–9:6 (2014)Google Scholar
  13. 13.
    Zhao, X., Feng, T., Shi, W.: Continuous mobile authentication using a novel graphic touch gesture feature. In: IEEE 6th International Conference on Biometrics: Theory, Applications and Systems, BTAS 2013 (2013)Google Scholar
  14. 14.
    Zhao, X., Feng, T., Shi, W., Kakadiaris, I.A.: Mobile user authentication using statistical touch dynamics images. IEEE Trans. Inf. Forensics Secur. 9(11), 1780–1789 (2014)CrossRefGoogle Scholar
  15. 15.
    Shi, W., Yang, J., Jiang, Y., Yang, F., Xiong, Y.: SenGuard: passive user identification on smartphones using multiple sensors. In: International Conference on Wireless and Mobile Computing, Networking and Communications, pp. 141–148 (2011)Google Scholar
  16. 16.
    Huang, J., Ling, C.X.: Using AUC and accuracy in evaluating learning algorithms. IEEE Trans. Knowl. Data Eng. 17(3), 299–310 (2005)CrossRefGoogle Scholar
  17. 17.
    Rokach, L., Maimom, O.: Data mining with decision trees: theory and applications (2007)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Software and Information Systems EngineeringBen-Gurion University of the NegevBeer ShevaIsrael

Personalised recommendations