Skip to main content
SpringerLink
Log in

Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce

  • Conference paper
  • First Online:
Internetworked World (WEB 2016)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 296))

Included in the following conference series:

  • 888 Accesses

Abstract

Recent advances in sensing and wireless communication technologies have led to an explosion in the use of touch-screen mobile devices such as smartphones and tablets in mobile commerce and other daily work and life activities. These activities have resulted in more and more private and sensitive information stored on those devices. Therefore, improving the security of mobile devices by effective user authentication to prevent unauthorized information access becomes an imminent task. Mobile user authentication refers to the process of checking a user’s identity and verifying whether he/she is authorized to access a device. Due to the increasing incidence of mobile phones getting lost, stolen, or snatched while being used by the owner, continuous user authentication (CUA) after logging in a mobile device has attracted increasing attention. Prior research has shown that traditional password authentication is insufficient or ineffective for CUA. Despite the recent research progress in CUA, many existing methods are explicit by nature in that they require users to perform specific operations, which can cause interruptions to users’ ongoing activities or may be easily learned from observation by others. In this research, we propose a new touch dynamics based approach to CUA on touch screen mobile devices that authenticates users while they are interacting with mobile devices. Touch dynamics, which is rich in cognitive quality and unique to individuals, has yet to be explored for implicit CUA. We conducted a longitudinal study to evaluate the proposed mobile CUA approach. The results demonstrate that our method can improve the security of CUA for touch screen mobile devices. The findings have significant implications for the security and adoption of m-commerce.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Bhatti, T.: Exploring factors influencing the adoption of mobile commerce. J. Int. Bank. Commer. 12, 1–13 (2007)

    Google Scholar 

  2. Abdulhakim, A., Abdul, M.: Touch gesture authentication framework for touch screen mobile devices. J. Theor. Appl. Inf. Technol. 62, 493–498 (2014)

    Google Scholar 

  3. Patel, V.M., Chellappa, R., Chandra, D., Barbello, B.: Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Sig. Process. Mag. 33, 49–61 (2016)

    Article  Google Scholar 

  4. Preuveneers, D., Joosen, W.: SmartAuth: dynamic context fingerprinting for continuous user authentication. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 2185–2191. ACM, Salamanca, Spain (2015)

    Google Scholar 

  5. Karnan, M., Akila, M.: Identity authentication based on keystroke dynamics using genetic algorithm and particle swarm optimization. In: 2nd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2009, pp. 203–207 (2009)

    Google Scholar 

  6. Crawford, H., Renaud, K.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manag. 1, 1–28 (2014)

    Article  Google Scholar 

  7. Al-Rubaie, M., Chang, J.M.: Reconstruction attacks against mobile-based continuous authentication systems in the cloud. IEEE Trans. Inf. Forensics Secur. 11, 2648–2663 (2016)

    Article  Google Scholar 

  8. Hadid, A., Heikkila, J.Y., Silven, O., Pietikainen, M.: Face and eye detection for person authentication in mobile phones. In: 2007 First ACM/IEEE International Conference on Distributed Smart Cameras, pp. 101–108 (2007)

    Google Scholar 

  9. Kim, D.J., Chung, K.W., Hong, K.S.: Person authentication using face, teeth and voice modalities for mobile device security. IEEE Trans. Consum. Electron. 56, 2678–2685 (2010)

    Article  Google Scholar 

  10. Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Secur. Priv. 1, 33–42 (2003)

    Article  Google Scholar 

  11. Qinghan, X.: Security issues in biometric authentication. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 8–13 (2005)

    Google Scholar 

  12. Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 15. USENIX Association, Bellevue, WA (2012)

    Google Scholar 

  13. Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_9

    Chapter  Google Scholar 

  14. Li, F., Clarke, N., Papadaki, M., Dowland, P.: Misuse detection for mobile devices using behaviour profiling. Int. J. Cyber Warf. Terror. (IJCWT) 1, 41–53 (2011)

    Article  Google Scholar 

  15. Feng, T., Liu, Z., Kwon, K.A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456 (2012)

    Google Scholar 

  16. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8, 136–148 (2013)

    Article  Google Scholar 

  17. Feng, T., Zhao, X., Carbunar, B., Shi, W.: Continuous mobile authentication using virtual key typing biometrics. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE Computer Society, Los Alamitos, CA, USA; Melbourne, VIC, Australia. Country of Publication: USA. (2013)

    Google Scholar 

  18. Sae-Bae, N., Ahmed, K., Isbister, K., Memon, N.: Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 977–986. ACM (2012)

    Google Scholar 

  19. Scheibel, J.-B., Pierson, C., Martin, B., Godard, N., Fuccella, V., Isokoski, P.: Virtual stick in caret positioning on touch screens. In: Proceedings of the 25th IEME Conference Francophone on l’Interaction Homme-Machine, pp. 107–114. ACM, Talence, France (2013)

    Google Scholar 

  20. Lai, J., Zhang, D.: A study of direction’s impact on single-handed thumb interaction with touch-screen mobile phones. In: CHI 2014 Extended Abstracts on Human Factors in Computing Systems, pp. 2311–2316. ACM, Toronto, Ontario, Canada (2014)

    Google Scholar 

  21. Trojahn, M., Ortmeier, F.: Toward mobile authentication with keystroke dynamics on mobile phones and tablets. In: 2013 Workshops of 27th International Conference on Advanced Information Networking and Applications (WAINA). IEEE Computer Society, Los Alamitos, CA, USA; Barcelona, Spain, USA (2013)

    Google Scholar 

  22. Mingers, J.: An empirical comparison of pruning methods for decision tree induction. Mach. Learn. 4, 227–243 (1989)

    Article  Google Scholar 

  23. Zhang, H.: The optimality of naive bayes, In: Barr, V., Markov, Z., (eds.) FLAIRS Conference, AAAI Press (2004)

    Google Scholar 

  24. Smola, A., Schölkopf, B.: A tutorial on support vector regression. Stat. Comput. 14, 199–222 (2004)

    Article  MathSciNet  Google Scholar 

  25. Zhou, L., Burgoon, J.K., Twitchell, D.P., Qin, T., Nunamaker Jr., J.F.: A Comparison of classification methods for predicting deception in computer-mediated communication. J. Manage. Inf. Syst. 20, 139–166 (2004)

    Article  Google Scholar 

  26. Meng, Y., Wong, Duncan S., Schlegel, R., Kwok, L.-f.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38519-3_21

    Chapter  Google Scholar 

  27. Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)

    Article  MATH  Google Scholar 

  28. Geurts, P., Ernst, D., Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63, 3–42 (2006)

    Article  MATH  Google Scholar 

  29. Freund, Y., Schapire, Robert E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: Vitányi, P. (ed.) EuroCOLT 1995. LNCS, vol. 904, pp. 23–37. Springer, Heidelberg (1995). doi:10.1007/3-540-59119-2_166

    Chapter  Google Scholar 

  30. Zhu, J., Zou, H., Rosset, S., Hastie, T.: Multi-class adaboost. Stat. Interface 2, 349–360 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  31. Sen, S., Muralidharan, K.: Putting ‘pressure’on mobile authentication. In: 2014 Seventh International Conference on Mobile Computing and Ubiquitous Networking (ICMU), pp. 56–61. IEEE (2014)

    Google Scholar 

  32. Hwang, S.-S., Cho, S., Park, S.: Keystroke dynamics-based authentication for mobile devices. Comput. Secur. 28, 85–93 (2009)

    Article  Google Scholar 

  33. Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13, 319–340 (1989)

    Article  Google Scholar 

  34. MacKenzie, I.S., Soukoreff, R.W., Helga, J.: 1 thumb, 4 buttons, 20 words per minute: design and evaluation of H4-writer. In: Proceedings of the 24th Annual ACM Symposium on User Interface Software and Technology, pp. 471–480. ACM, Santa Barbara, California, USA (2011)

    Google Scholar 

  35. Isokoski, P., Raisamo, R.: Device independent text input: a rationale and an example. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 76–83. ACM, Palermo, Italy (2000)

    Google Scholar 

  36. Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: Prasad, R., Farkas, K., Schmidt, Andreas U., Lioy, A., Russello, G., Luccio, Flaminia L. (eds.) MobiSec 2011. LNICSSITE, vol. 94, pp. 13–24. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30244-2_2

    Chapter  Google Scholar 

  37. Banovic, N., Yatani, K., Truong, K.: Escape-keyboard: a sight-free one-handed text entry method for mobile touch-screen devices. Int. J. Mob. Hum. Comput. Interact. 5(3), 42–61 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

This research was supported in part by the National Science Foundation (SES-152768, IIS-1250395, CNS 1704800). Any opinions, findings or recommendations expressed here are those of the authors and are not necessarily those of the sponsor of this research.

Author information

Authors and Affiliations

  1. Department of Information Systems, University of Maryland, Baltimore, USA

    Dongsong Zhang, Yin Kang & Lina Zhou

  2. School of Information Technology, Illinois State University, Normal, USA

    Jianwei Lai

Authors
  1. Dongsong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yin Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lina Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianwei Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dongsong Zhang .

Editor information

Editors and Affiliations

  1. University of Washington, Seattle, Washington, USA

    Ming Fan

  2. University of Turku, Turku, Finland

    Jukka Heikkilä

  3. University of Turku, Turku, Finland

    Hongxiu Li

  4. University of Illinois, Urbana-Champaign, Illinois, USA

    Michael J. Shaw

  5. Georgia Institute of Technology, Atlanta, Georgia, USA

    Han Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, D., Kang, Y., Zhou, L., Lai, J. (2017). Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce. In: Fan, M., Heikkilä, J., Li, H., Shaw, M., Zhang, H. (eds) Internetworked World. WEB 2016. Lecture Notes in Business Information Processing, vol 296. Springer, Cham. https://doi.org/10.1007/978-3-319-69644-7_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69644-7_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69643-0

  • Online ISBN: 978-3-319-69644-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation