SnapAuth: A Gesture-Based Unobtrusive Smartwatch User Authentication Scheme

  • Attaullah BuriroEmail author
  • Bruno Crispo
  • Mojtaba Eskandri
  • Sandeep Gupta
  • Athar Mahboob
  • Rutger Van Acker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11263)


In this paper, we present a novel motion-based behavioral biometric-based user authentication solution - SnapAuth, for Android-based smartwatch. SnapAuth requires the user to perform finger-snapping (Snapping (or clicking) one’s fingers is the act of creating a snapping or clicking sound with one’s fingers. Primarily this is done by building tension between the thumb and another (middle, index, or ring) finger and then moving the other finger forcefully downward so it hits the palm of the same hand at a high speed [4].) action, while wearing the smartwatch to perform the authentication. SnapAuth profiles the arm-movements by collecting data from smartwatch’s built-in accelerometer and gyroscope sensors, while the user performs this action. We implemented and evaluated SnapAuth on Motorola Moto 3G smartwatch. SnapAuth could be widely accepted by users as it utilizes the users’ familiarity with the very common finger-snapping action and users do not need to remember any secret.


Security Authentication and access control Behavioral biometrics Smartwatch 


  1. 1.
    Lashkari, A.H., Farmand, S., Zakaria, D., Bin, O., Saleh, D.: Shoulder surfing attack in graphical password authentication. arXiv preprint: arXiv:0912.0951 (2009)
  2. 2.
    Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13 (2004)Google Scholar
  3. 3.
    Gupta, S., Buriro, A., Crispo, B.: Demystifying authentication concepts in smartphones: ways and types to secure access. Mob. Inf. Syst. (Hindawi) 2018, 16 (2018)Google Scholar
  4. 4.
    Finger snapping. Accessed 20 June 2018
  5. 5.
    About Face ID advanced technology. Accessed 20 June 2018
  6. 6.
    How the iPhone 5S Fingerprint Scanner Works and What It Means For You. Accessed 20 June 2018
  7. 7.
    De Luca, A., Hang, A., Von Zezschwitz, E., Hussmann, H.: I feel like I’m taking selfies all day! Towards understanding biometric authentication on smartphones. In: 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 1411–1414 (2010)Google Scholar
  8. 8.
    Windows Hello face recognition spoofed with photographs. Accessed 20 June 2018
  9. 9.
    iPhone 6 vulnerable to TouchID fingerprint hack. Accessed 20 June 2018
  10. 10.
    Hacker fakes German minister’s fingerprints using photos of her hands. Accessed 20 June 2018
  11. 11.
    Buriro, A.: Behavioral biometrics for smartphone user authentication. Ph.D dissertation. University of Trento, Italy (2017)Google Scholar
  12. 12.
    Nguyen, T., Memon, N.: Smartwatches locking methods: a comparative study. In: Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  13. 13.
    Lewis, A., Li, Y., Xie, M.: Real time motion-based authentication for smartwatch. In: IEEE Conference on Communications and Network Security (CNS), pp. 380–381 (2016)Google Scholar
  14. 14.
    Kumar, R., Phoha, V.V., Raina, R.: Authenticating users through their arm movement patterns. arXiv preprint arXiv:1603.02211 (2016)
  15. 15.
    Lu, C.X., Du, B., Kan, X., Wen, H., Markham, A., Trigoni, N.: VeriNet: user verification on smartwatches via behavior biometrics. In: Proceedings of the First ACM Workshop on Mobile Crowd sensing Systems and Applications, pp. 68–73 (2017)Google Scholar
  16. 16.
    Sitova, Z., et al.: HMOG: A New Biometric Modality for Continuous Authentication of Smartphone Users. arXiv preprint arXiv:1501.01199 (2015)
  17. 17.
    Buriro, A., Akhtar, Z., Crispo, B., Gupta, S.: Mobile biometrics: towards a comprehensive evaluation methodology. In: IEEE International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2017)Google Scholar
  18. 18.
    Buriro, A., Crispo, B., Delfrari, F., Wrona, K.: Hold and sign: a novel behavioral biometrics for smartphone user authentication. In: Proceedings of the IEEE Security and Privacy Workshops (SPW), pp. 276–285 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Department of Information Engineering and Computer Science (DISI)University of TrentoTrentoItaly
  2. 2.Department of Information SecurityKhwaja Fareed University of Engineering and Information TechnologyRahim Yar KhanPakistan
  3. 3.Department of Computer ScienceDistriNET, KU LuevenLeuvenBelgium
  4. 4.Create-NETFoundazione Bruno Kessler (FBK)TrentoItaly
  5. 5.Swift via ExellysHamont-Achel HamontBelgium

Personalised recommendations