Skip to main content

Measuring How We Play: Authenticating Users with Touchscreen Gameplay

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 240)

Abstract

Mobile devices are being used to access and store an ever-increasing amount of sensitive data. Due to their compact form factor, mobile devices can be easily lost or stolen. Yet users frequently choose not to enable authentication or select authentication methods which are insufficient to protect their devices, placing user information at risk. In this paper, we propose the use of a behavioral biometric based approach to authentication that functions by modeling the manner in which users interact wit mobile games, which are one of the most popular uses of mobile devices. We conducted an IRB approved study in which 30 participants were asked to play three popular Android games as well as utilize a mobile touchscreen without any gameplay prompting. We extracted features from users’ touchscreen activity during these interactions, then applied a Support Vector Machine to classify users based on patterns which emerged from their usage during the game. Our results indicate that using gameplay as a behavioral biometric is an effective means of authenticating users to their mobile devices, but care must be taken to select a game which encourages users to make frequent distinctive gestures.

Keywords

  • Active authentication
  • Behavioral biometrics
  • Games for security
  • Gamification
  • Machine learning
  • Mobile authentication
  • SVM
  • Useful games

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-90740-6_9
  • Chapter length: 21 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-90740-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   72.00
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

References

  1. Buschek, D., De Luca, A., Alt, F.: Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices. In: Conference on Human Factors in Computing Systems (CHI), pp. 1393–1402 (2015)

    Google Scholar 

  2. Cherapau, I., Muslukhov, I., Asanka, N., Beznosov, K.: On the impact of touch ID on iPhone passcodes. In: Symposium on Usable Privacy and Security (SOUPS), pp. 257–276 (2015)

    Google Scholar 

  3. Feng, T., Yang, J., Yan, Z., Tapia, E.M., Shi, W.: TIPS: context-aware implicit user identification using touch screen in uncontrolled environments. In: Proceedings of 15th Workshop on Mobile Computing Systems and Applications (HotMobile), p. 9 (2014)

    Google Scholar 

  4. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. Trans. Inf. Forensics Secur. (TIFS) 8(1), 136–148 (2013)

    CrossRef  Google Scholar 

  5. Harbach, M., Von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M.: It’s a hard lock life: a field study of smartphone (un)locking behavior and risk perception. In: Symposium on Usable Privacy and Security (SOUPS), pp. 9–11 (2014)

    Google Scholar 

  6. Khan, H., Hengartner, U.: Towards application-centric implicit authentication on smartphones. In: Workshop on Mobile Computing Systems and Applications (HotMobile), p. 10 (2014)

    Google Scholar 

  7. Khan, H., Hengartner, U., Vogel, D.: Usability and security perceptions of implicit authentication: convenient, secure, sometimes annoying. In: Symposium on Usable Privacy and Security (SOUPS), pp. 225–239 (2015)

    Google Scholar 

  8. Khan, H., Hengartner, U., Vogel, D.: Targeted mimicry attacks on touch input based implicit authentication schemes. In: International Conference on Mobile Systems, Applications, and Services (MobiSys), pp. 387–398 (2016)

    Google Scholar 

  9. Krombholz, K., Hupperich, T., Holz, T.: Use the force: evaluating force-sensitive authentication for mobile devices. In: Symposium on Usable Privacy and Security (SOUPS), pp. 207–219 (2016)

    Google Scholar 

  10. Security Research Labs: Fingerprints are Not Fit for Secure Device Unlocking (2014). https://srlabs.de/bites/spoofing-fingerprints/. Accessed 12/18/17

  11. Lana’i Lookout: Phone Theft in American, Breaking Down the Phone Theft Epidemic (2014). https://transition.fcc.gov/cgb/events/Lookout-phone-theft-in-america.pdf. Accessed 18 Dec 2017

  12. Murdock, A.: Consumers Spend More than 1 Billion Hours a Month Playing Mobile Games (2015). http://www.vertoanalytics.com/consumers-spend-1-billion-hours-month-playing-mobile-games. Accessed 18 Dec 2017

  13. Neal, T.J., Woodard, D.L.: Surveying Biometric Authentication for Mobile Device Security. Journal of Pattern Recognition Research 1, 74–110 (2016)

    CrossRef  Google Scholar 

  14. Ngyuen, T., Voris, J.: Touchscreen biometrics across multiple devices. In: Who are You?! Adventures in Authentication Workshop (WAY) Co-located with the Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  15. Salem, M.B., Voris, J., Stolfo, S.: Decoy applications for continuous authentication on mobile devices. In: Who are You?! Adventures in Authentication Workshop (WAY) Co-located with the Symposium on Usable Privacy and Security (SOUPS) (2014)

    Google Scholar 

  16. Schaub, F., Deyhle, R., Weber, M.: Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In: Conference on Mobile and Ubiquitous Multimedia (MUM) (2012)

    Google Scholar 

  17. Scindia, P., Voris, J.: Exploring games for improved touchscreen authentication on mobile devices. In: Who Are You?! Adventures in Authentication Workshop (WAY) Co-located with the Symposium on Usable Privacy and Security (SOUPS) (2016)

    Google Scholar 

  18. Tapellini, D.: Smart Phone Thefts Rose to 3.1 Million in 2013 (2014). http://www.consumerreports.org/cro/news/2014/04/smart-phone-thefts-rose-to-3-1-million-last-year/index.htm. Accessed 18 Dec 2017

  19. Welling, M.: Fisher linear discriminant analysis. Technical report, Department of Computer Science, University of Toronto (2005)

    Google Scholar 

  20. Woollaston, V.: How Often Do You Check Your Phone? The Average Person Does It 110 Times a DAY (And up to Every 6 Seconds in the Evening) (2013). http://www.dailymail.co.uk/sciencetech/article-2449632/How-check-phone-The-average-person-does-110-times-DAY-6-seconds-evening.html. Accessed 18 Dec 2017

  21. Xu, H., Zhou, Y., Lyu, M.R.: Towards continuous and passive authentication via touch biometrics: an experimental study on smartphones. In: Symposium on Usable Privacy and Security (SOUPS) (2014)

    Google Scholar 

  22. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Privacy 2, 25–31 (2004)

    CrossRef  Google Scholar 

Download references

Acknowledgements

Many thanks to Graduate Assistant Tuan Ngyuen for his efforts performing the study reported in this paper and Graduate Assistant Sheharyar Naseer for his editing assistance.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jonathan Voris .

Editor information

Editors and Affiliations

A Appendix: Study Questionnaire

A Appendix: Study Questionnaire

Table 6 lists the survey questions that were used in our study in the order they were presented to participants.

Table 6. Post-conditional study questionnaire

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Voris, J. (2018). Measuring How We Play: Authenticating Users with Touchscreen Gameplay. In: Murao, K., Ohmura, R., Inoue, S., Gotoh, Y. (eds) Mobile Computing, Applications, and Services. MobiCASE 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 240. Springer, Cham. https://doi.org/10.1007/978-3-319-90740-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-90740-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-90739-0

  • Online ISBN: 978-3-319-90740-6

  • eBook Packages: Computer ScienceComputer Science (R0)