Abstract
Mobile devices are being used to access and store an ever-increasing amount of sensitive data. Due to their compact form factor, mobile devices can be easily lost or stolen. Yet users frequently choose not to enable authentication or select authentication methods which are insufficient to protect their devices, placing user information at risk. In this paper, we propose the use of a behavioral biometric based approach to authentication that functions by modeling the manner in which users interact wit mobile games, which are one of the most popular uses of mobile devices. We conducted an IRB approved study in which 30 participants were asked to play three popular Android games as well as utilize a mobile touchscreen without any gameplay prompting. We extracted features from users’ touchscreen activity during these interactions, then applied a Support Vector Machine to classify users based on patterns which emerged from their usage during the game. Our results indicate that using gameplay as a behavioral biometric is an effective means of authenticating users to their mobile devices, but care must be taken to select a game which encourages users to make frequent distinctive gestures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Buschek, D., De Luca, A., Alt, F.: Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices. In: Conference on Human Factors in Computing Systems (CHI), pp. 1393–1402 (2015)
Cherapau, I., Muslukhov, I., Asanka, N., Beznosov, K.: On the impact of touch ID on iPhone passcodes. In: Symposium on Usable Privacy and Security (SOUPS), pp. 257–276 (2015)
Feng, T., Yang, J., Yan, Z., Tapia, E.M., Shi, W.: TIPS: context-aware implicit user identification using touch screen in uncontrolled environments. In: Proceedings of 15th Workshop on Mobile Computing Systems and Applications (HotMobile), p. 9 (2014)
Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. Trans. Inf. Forensics Secur. (TIFS) 8(1), 136–148 (2013)
Harbach, M., Von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M.: It’s a hard lock life: a field study of smartphone (un)locking behavior and risk perception. In: Symposium on Usable Privacy and Security (SOUPS), pp. 9–11 (2014)
Khan, H., Hengartner, U.: Towards application-centric implicit authentication on smartphones. In: Workshop on Mobile Computing Systems and Applications (HotMobile), p. 10 (2014)
Khan, H., Hengartner, U., Vogel, D.: Usability and security perceptions of implicit authentication: convenient, secure, sometimes annoying. In: Symposium on Usable Privacy and Security (SOUPS), pp. 225–239 (2015)
Khan, H., Hengartner, U., Vogel, D.: Targeted mimicry attacks on touch input based implicit authentication schemes. In: International Conference on Mobile Systems, Applications, and Services (MobiSys), pp. 387–398 (2016)
Krombholz, K., Hupperich, T., Holz, T.: Use the force: evaluating force-sensitive authentication for mobile devices. In: Symposium on Usable Privacy and Security (SOUPS), pp. 207–219 (2016)
Security Research Labs: Fingerprints are Not Fit for Secure Device Unlocking (2014). https://srlabs.de/bites/spoofing-fingerprints/. Accessed 12/18/17
Lana’i Lookout: Phone Theft in American, Breaking Down the Phone Theft Epidemic (2014). https://transition.fcc.gov/cgb/events/Lookout-phone-theft-in-america.pdf. Accessed 18 Dec 2017
Murdock, A.: Consumers Spend More than 1 Billion Hours a Month Playing Mobile Games (2015). http://www.vertoanalytics.com/consumers-spend-1-billion-hours-month-playing-mobile-games. Accessed 18 Dec 2017
Neal, T.J., Woodard, D.L.: Surveying Biometric Authentication for Mobile Device Security. Journal of Pattern Recognition Research 1, 74–110 (2016)
Ngyuen, T., Voris, J.: Touchscreen biometrics across multiple devices. In: Who are You?! Adventures in Authentication Workshop (WAY) Co-located with the Symposium on Usable Privacy and Security (SOUPS) (2017)
Salem, M.B., Voris, J., Stolfo, S.: Decoy applications for continuous authentication on mobile devices. In: Who are You?! Adventures in Authentication Workshop (WAY) Co-located with the Symposium on Usable Privacy and Security (SOUPS) (2014)
Schaub, F., Deyhle, R., Weber, M.: Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In: Conference on Mobile and Ubiquitous Multimedia (MUM) (2012)
Scindia, P., Voris, J.: Exploring games for improved touchscreen authentication on mobile devices. In: Who Are You?! Adventures in Authentication Workshop (WAY) Co-located with the Symposium on Usable Privacy and Security (SOUPS) (2016)
Tapellini, D.: Smart Phone Thefts Rose to 3.1 Million in 2013 (2014). http://www.consumerreports.org/cro/news/2014/04/smart-phone-thefts-rose-to-3-1-million-last-year/index.htm. Accessed 18 Dec 2017
Welling, M.: Fisher linear discriminant analysis. Technical report, Department of Computer Science, University of Toronto (2005)
Woollaston, V.: How Often Do You Check Your Phone? The Average Person Does It 110 Times a DAY (And up to Every 6 Seconds in the Evening) (2013). http://www.dailymail.co.uk/sciencetech/article-2449632/How-check-phone-The-average-person-does-110-times-DAY-6-seconds-evening.html. Accessed 18 Dec 2017
Xu, H., Zhou, Y., Lyu, M.R.: Towards continuous and passive authentication via touch biometrics: an experimental study on smartphones. In: Symposium on Usable Privacy and Security (SOUPS) (2014)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Privacy 2, 25–31 (2004)
Acknowledgements
Many thanks to Graduate Assistant Tuan Ngyuen for his efforts performing the study reported in this paper and Graduate Assistant Sheharyar Naseer for his editing assistance.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix: Study Questionnaire
A Appendix: Study Questionnaire
Table 6 lists the survey questions that were used in our study in the order they were presented to participants.
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Voris, J. (2018). Measuring How We Play: Authenticating Users with Touchscreen Gameplay. In: Murao, K., Ohmura, R., Inoue, S., Gotoh, Y. (eds) Mobile Computing, Applications, and Services. MobiCASE 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 240. Springer, Cham. https://doi.org/10.1007/978-3-319-90740-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-90740-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-90739-0
Online ISBN: 978-3-319-90740-6
eBook Packages: Computer ScienceComputer Science (R0)