Advertisement

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

  • Julio Angulo
  • Erik Wästlund
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 375)

Abstract

The use of mobile smart devices for storing sensitive information and accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classifier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users’ biometric information is handled outside their control.

Keywords

Mobile user experience biometrics smart mobile devices mobile identity management mobile authentication privacy lock patterns 

References

  1. 1.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT 2010, pp. 1–7. USENIX Association, Berkeley (2010)Google Scholar
  2. 2.
    Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: Learning from the first twelve years. Technical report TR-11-01, School of Computer Science, Carleton University (January 2011)Google Scholar
  3. 3.
    Breiman, L.: Random forests. Machine Learning 45(1), 5–32 (2001)zbMATHCrossRefGoogle Scholar
  4. 4.
    Brubeck, M., Schepers, D., Moon, S.: Touch events version 1 - w3c working draft (September 13, 2011), http://www.w3.org/TR/2011/WD-touch-events-20110913/ (accessed October 27, 2011)
  5. 5.
    Chairunnanda, P., Pham, N., Hengartner, U.: Privacy: Gone with the Typing! Identifying Web Users by Their Typing Pattern. In: 4th Hot Topics in Privacy Enhancing Technologies (HotPETs). The 11th Privacy Enhancing Technologies Symposium. Springer, Waterloo (2011)Google Scholar
  6. 6.
    Clarke, N.L., Furnell, S.: Authentication of users on mobile telephones - a survey of attitudes and practices. Computers & Security 24(7), 519–527 (2005)CrossRefGoogle Scholar
  7. 7.
    Clarke, N.L., Furnell, S.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Sec. 6(1), 1–14 (2007)CrossRefGoogle Scholar
  8. 8.
    Clarke, N., Karatzouni, S., Furnell, S.: Flexible and Transparent User Authentication for Mobile Devices. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 1–12. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 249–259. ACM, New York (2011)Google Scholar
  10. 10.
    Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive user-authentication on mobile phones using biometric gait recognition. In: Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2010, pp. 306–311. IEEE Computer Society, USA (2010)CrossRefGoogle Scholar
  11. 11.
    Ekberg, J.E.: Mobile trusted computing based on MTM. IJDTIS 1(4), 25–42 (2010)Google Scholar
  12. 12.
    Ekberg, J.E., Bugiel, S.: Trust in a small package: minimized MRTM software implementation for mobile secure environments. In: STC, pp. 9–18 (2009)Google Scholar
  13. 13.
    Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning, 1st edn. Addison-Wesley Longman Publishing Co., Boston (1989)zbMATHGoogle Scholar
  14. 14.
    Google: Android: Android - open source project (June 2011), http://source.android.com/
  15. 15.
    Hwang, Y.S., Bang, S.Y.: An efficient method to construct a radial basis function neural network classifier. Neural Netw. 10, 1495–1503 (1997)CrossRefGoogle Scholar
  16. 16.
    Karatzouni, S., Clarke, N.L.: Keystroke Analysis for Thumb-based Keyboards on Mobile Devices. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) SEC 2007. IFIP, vol. 232, pp. 253–263. Springer, Boston (2007)Google Scholar
  17. 17.
    Karlson, A.K., Bederson, B.B., Contreras-Vidal, J.L.: Understanding Single-Handed Mobile Device Interaction (2006)Google Scholar
  18. 18.
    Kekre, H., Bharadi, V.: Ageing adaptation for multimodal biometrics using adaptive feature set update algorithm. In: IEEE International Advance Computing Conference, pp. 535–540 (2009)Google Scholar
  19. 19.
    Kennedy, J., Eberhart, R.C.: Particle swarm optimization. In: Proceedings of the IEEE International Conference on Neural Networks. pp. 1942–1948 (1995)Google Scholar
  20. 20.
    Killourhy, K., Maxion, R.: Why Did My Detector Do That?!: Predicting Keystroke-Dynamics Error Rates. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 256–276. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: Casimiro, A., de Lemos, R., Gacek, C. (eds.) Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, Lisbon, Portugal, pp. 125–134. IEEE Computer Society Press, Los Alamitos (2009)CrossRefGoogle Scholar
  22. 22.
    Maxion, R.A., Killourhy, K.S.: Keystroke biometrics with number-pad input. In: International Conference on Dependable Systems and Networks, pp. 201–210 (2010)Google Scholar
  23. 23.
    Moncur, W., Leplâtre, G.: Pictures at the ATM: exploring the usability of multiple graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2007, pp. 887–894. ACM, New York (2007)CrossRefGoogle Scholar
  24. 24.
    Nauman, M., Ali, T.: TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones. In: Bandyopadhyay, S.K., Adi, W., Kim, T.h., Xiao, Y. (eds.) ISA 2010. CCIS, vol. 76, pp. 286–297. Springer, Heidelberg (2010)Google Scholar
  25. 25.
    Nauman, M., Ali, T., Rauf, A.: Using trusted computing for privacy preserving keystroke-based authentication in smartphones. Telecommunication Systems, 1–13 (2011)Google Scholar
  26. 26.
    Nickel, C., Derawi, M.O., Bours, P., Busch, C.: Scenario test of accelerometer-based biometric gait recognition. In: 3rd International Workshop Security and Communication Networks (IWSCN), Gjøvik, Norway (2011)Google Scholar
  27. 27.
    van Oorschot, P.C., Salehi-Abari, A., Thorpe, J.: Purely automated attacks on passpoints-style graphical passwords. IEEE Transactions on Information Forensics and Security 5, 393–405 (2010)CrossRefGoogle Scholar
  28. 28.
    Perito, D., Castelluccia, C., Kâafar, M.A., Manils, P.: How unique and traceable are usernames? CoRR abs/1101.5578 (2011)Google Scholar
  29. 29.
    Safary Developer Library: Handling events (2011), http://developer.apple.com/library/safari/#documentation/appleapplications/reference/SafariWebContent/HandlingEvents/HandlingEvents.html#//apple_ref/doc/uid/TP40006511-SW1 (accessed October 27, 2011)Google Scholar
  30. 30.
    Salehi-Abari, A., Thorpe, J., van Oorschot, P.: On purely automated attacks and click-based graphical passwords. In: Computer Security Applications Conference, Annual, pp. 111–120 (2008)Google Scholar
  31. 31.
    Trusted Computing Group: Mobile trusted module 2.0 - Use cases (March 2011), http://www.trustedcomputinggroup.org/resources/mobile_trusted_module_20_use_cases
  32. 32.
    Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2006, pp. 177–184. ACM, New York (2006)CrossRefGoogle Scholar
  33. 33.
    Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-Based User Identificationon Smart Phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)Google Scholar
  34. 34.
    Zhang, G.: Analyzing Key-Click Patterns of PIN Input for Recognizing VoIP Users. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 247–258. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Julio Angulo
    • 1
  • Erik Wästlund
    • 1
  1. 1.Karlstad UniversityKarlstadSweden

Personalised recommendations