Mobile Authentication Using Tapping Behavior

  • Vasaki PonnusamyEmail author
  • Chan Mee Yee
  • Adnan Bin Amanat Ali
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)


Mobile phones or smartphones are rapidly becoming the primary and essential communication device in people’s lives that cannot be replaced by other communication devices, because of the portability, the size, and the multifunctionality provided in it. Nowadays, mobile phones are being used in almost every aspect of life and work as your personal assistant e.g. meeting reminders. It monitors your daily activities and gives suggestions accordingly e.g. health applications. With the help of smartphone online transactions can be performed, meetings can be conducted via video conferencing. It contains your personal files, emails, bank information, and your social network accounts record. It also contains information related to the credentials, which are stored in its memory. Despite all the benefits, there is a great threat to private information, in the case when mobile is snatched, misplaced, or in the use of an unauthorized user. An attacker can steal the user’s private data and can misuse it without the owner’s consent. Although the traditional authentication methods are in use, they have several limitations. In this paper, an authentication system is proposed that uses a combination of user behavior and touchscreen which can seamlessly capture the user’s tapping behavior. The information obtained from the touch screen sensors reflects the unique tapping behavior of each user. Moreover, machine learning is utilized to perform the classification for the user’s authentication.


Tapping behavior Machine learning Mobile authentication Behavior-based authentication 


  1. 1.
    Lee, T.: Study finds 61% of people check their phone 5 minutes after waking up. Accessed 21 Nov 2019
  2. 2.
    Shafique, U., et al.: Modern authentication techniques in smart phones: security and usability perspective. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 8(1), 331–340 (2017)MathSciNetGoogle Scholar
  3. 3.
    Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services - MobiSys 2012, p. 323 (2012)Google Scholar
  4. 4.
    Xu, Z., Bai, K., Zhu, S.: TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks - WISEC 2012, p. 113 (2012)Google Scholar
  5. 5.
    Clarke, N.L., Furnell, S.M.: Advanced user authentication for mobile devices. Comput. Secur. 26(2), 109–119 (2007)CrossRefGoogle Scholar
  6. 6.
    Clarke, N.L., Furnell, S.M.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Secur. 6(1), 1–14 (2006)CrossRefGoogle Scholar
  7. 7.
    Schaffer, K.B.: Expanding continuous authentication with mobile devices. Computer 48(11), 92–95 (2015)CrossRefGoogle Scholar
  8. 8.
    Zhu, H., Hu, J., Chang, S., Lu, L.: ShakeIn: secure user authentication of smartphones with single-handed shakes. IEEE Trans. Mob. Comput. 16(10), 2901–2912 (2017)CrossRefGoogle Scholar
  9. 9.
    Guerra-Casanova, J., Sánchez-Ávila, C., Bailador, G., de Santos Sierra, A.: Authentication in mobile devices through hand gesture recognition. Int. J. Inform. Secur. 11(2), 65–83 (2012)CrossRefGoogle Scholar
  10. 10.
    Muaaz, M., Mayrhofer, R.: Smartphone-based gait recognition: from authentication to imitation. IEEE Trans. Mob. Comput. X(X), 1 (2017)Google Scholar
  11. 11.
    Damaševičius, R., et al.: Smartphone user identity verification using gait characteristics. Symmetry 8(10), 100 (2016)CrossRefGoogle Scholar
  12. 12.
    Neal, T., Woodard, D.: Surveying biometric authentication for mobile device security. J. Pattern Recognit. Res. 11(1), 74–110 (2016)CrossRefGoogle Scholar
  13. 13.
    Pinola, M.: The most (and least) common PIN numbers and numeric passwords. is yours one of them? Accessed 21 Nov 2018
  14. 14.
    Bernstein, J.: Survey says: people have way too many passwords to remember (2016). Accessed 23 Nov 2018
  15. 15.
    Ali, A.B.A., Ponnusamay, V., Sangodiah, A.: User behaviour-based mobile authentication system. In: Bhatia, S.K., Tiwari, S., Mishra, K.K., Trivedi, M.C. (eds.) Advances in Computer Communication and Computational Sciences. AISC, vol. 924, pp. 461–472. Springer, Singapore (2019). Scholar
  16. 16.
    Crawford, H., Renaud, K., Storer, T.: A framework for continuous, transparent mobile device authentication. Comput. Secur. 39, 127–136 (2013)CrossRefGoogle Scholar
  17. 17.
    Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: ACCessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications - HotMobile 2012, p. 1 (2012)Google Scholar
  18. 18.
    Jakobsson, M. Shi, E., Golle, P., Chow, R.: Implicit authentication for mobile devices. In: Proceedings of the 4th USENIX Conference on Hot Topics in Security, p. 9 (2009)Google Scholar
  19. 19.
    Bergadano, F., Gunetti, D., Picardi, C.: User authentication through keystroke dynamics. ACM Trans. Inform. Syst. Secur. 5(4), 367–397 (2002)CrossRefGoogle Scholar
  20. 20.
    Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 48–56 (1997)Google Scholar
  21. 21.
    Krishnamoorthy, S., Rueda, L., Saad, S., Elmiligi, H.: Identification of user behavioral biometrics for authentication using keystroke dynamics and machine learning. In: Proceedings of the 2018 2nd International Conference on Biometric Engineering and Applications - ICBEA 2018, pp. 50–57 (2018)Google Scholar
  22. 22.
    Monrose, F., Reiter, M.K., Wetzel, S.: Password hardening based on keystroke dynamics. Int. J. Inf. Secur. 1(2), 69–83 (2002)CrossRefGoogle Scholar
  23. 23.
    Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 125–134 (2009)Google Scholar
  24. 24.
    Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from smartphone motion. HotSec 11(2011), 9 (2011)Google Scholar
  25. 25.
    Karatzouni, S., Clarke, N.: Keystroke analysis for thumb-based keyboards on mobile devices. In: IFIP International Federation for Information Processing, vol. 232, pp. 253–263 (2007)CrossRefGoogle Scholar
  26. 26.
    Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-based user identification on smart phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009). Scholar
  27. 27.
    Tasia, C.-J., Chang, T.-Y., Cheng, P.-C., Lin, J.-H.: Two novel biometric features in keystroke dynamics authentication systems for touch screen devices. Secur. Commun. Netw. 7(4), 750–758 (2014)CrossRefGoogle Scholar
  28. 28.
    Sen, S., Muralidharan, K.: Putting ‘pressure’ on mobile authentication. In: 2014 7th International Conference on Mobile Computing and Ubiquitous Networking, ICMU 2014, pp. 56–61 (2014)Google Scholar
  29. 29.
    Buschek, D., De Luca, A., Alt, F.: Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems - CHI 2015, pp. 1393–1402 (2015)Google Scholar
  30. 30.
    Antal, M., Szabó, L.Z., Bokor, Z.: Identity information revealed from mobile touch gestures. Stud. Univ. Babes-Bolyai Inform. 59 (2014)Google Scholar
  31. 31.
    Zhang, H., Patel, V.M., Fathy, M., Chellappa, R.: Touch gesture-based active user authentication using dictionaries. In: 2015 IEEE Winter Conference on Applications of Computer Vision, pp. 207–214 (2015)Google Scholar
  32. 32.
    Sae-Bae, N., Memon, N., Isbister, K., Ahmed, K.: Multitouch gesture-based authentication. IEEE Trans. Inf. Forensics Secur. 9(4), 568–582 (2014)CrossRefGoogle Scholar
  33. 33.
    Muaaz, M., Mayrhofer, R.: Smartphone-based gait recognition: from authentication to imitation. IEEE Trans. Mob. Comput. 16(11), 3209–3221 (2017)CrossRefGoogle Scholar
  34. 34.
    Ferrero, R., Gandino, F., Montrucchio, B., Rebaudengo, M., Velasco, A., Benkhelifa, I.: On gait recognition with smartphone accelerometer. In: 2015 4th Mediterranean Conference on Embedded Computing (MECO), pp. 368–373 (2015)Google Scholar
  35. 35.
    Al-Naffakh, N., Clarke, N., Li, F., Haskell-Dowland, P.: Unobtrusive gait recognition using smartwatches. In: 2017 International Conference of the Biometrics Special Interest Group (BIOSIG), pp. 1–5 (2017)Google Scholar
  36. 36.
    Fernandez-lopez, P., Sanchez-casanova, J., Tirado-martin, P., Liu-jimenez, J.: Optimizing resources on smartphone gait recognition. In: International Joint Conference on Biometrics, pp. 1–6 (2017)Google Scholar
  37. 37.
    Laghari, A., Waheed-ur-Rehman, Memon, Z.A.: Biometric authentication technique using smartphone sensor. In: 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 381–384 (2016)Google Scholar
  38. 38.
    Maghsoudi, J., Tappert, C.C.: A behavioral biometrics user authentication study using motion data from android smartphones. In: 2016 European Intelligence and Security Informatics Conference (EISIC), pp. 184–187 (2016)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Vasaki Ponnusamy
    • 1
    Email author
  • Chan Mee Yee
    • 1
  • Adnan Bin Amanat Ali
    • 1
  1. 1.Faculty of Information and Communication TechnologyUniversiti Tunku Abdul Rahman KamparKamparMalaysia

Personalised recommendations