User Behaviour-Based Mobile Authentication System
Android is one of the most popular operating systems being used in smartphones and is facing security issues. Many authentication techniques are being used, and most of them are based on username, password or PIN. These techniques are considered weak because of several drawbacks such as passwords and PIN can be guessed, forgotten or stolen. When the mobile phone is stolen, misplaced or in the possession of the third party, an unauthorized user can get access to the applications and features of the mobile phone. Furthermore, after a one-time login, no further credentials are required. Therefore, a better security authentication system is needed to overcome this problem. This study proposes an identity management framework that can secure mobile application’s data from an unauthorized user. The proposed framework consists of various features that are extracted from phone swiping behaviour. The framework is comprised of enrolment and authentication phases. In the enrolment phase, the system learns the user behaviour, and in the authentication phase, it is able to accept or reject the current user based on his behaviour.
KeywordsContinuous authentication Behavioural Touch screen Sensors Security
This research is funded by Universiti Tunku Abdul Rahman (UTAR) under the UTAR Research Fund (UTARRF): 6200/V02.
Informed consent was obtained from all individual participants included in the study.
- 1.Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: Proceedings of International Conference on Dependable Systems and Networks, pp. 125–134 (2009)Google Scholar
- 2.Roh, J.H., Lee, S.H., Kim, S.: Keystroke dynamics for authentication in smartphone. In: 2016 International Conference on Information and Communication Technology Convergence, ICTC 2016, pp. 1155–1159 (2016)Google Scholar
- 5.Nauman, M., Ali, T.: TOKEN: trustable keystroke-based authentication for web-based applications on smartphones. Commun. Comput. Inf. Sci. 76, 286–297 (2010)Google Scholar
- 6.Zahid, S., Shahzad, M., Khayam, S.A.: Keystroke-based user identification on smart phones. In: International Workshop on Recent Advances in Intrusion Detection, pp. 224–243 (2009)Google Scholar
- 7.Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: Proceedings—International Conference on Network Protocols, ICNP 2014, pp. 221–232 (2014)Google Scholar
- 9.Takahashi, H., Ogura, K., Bista, B.B., Takata, T.: A user authentication scheme using keystrokes for smartphones while moving. In: International Symposium on Information Theory and Its Applications, no. C, pp. 310–314 (2016)Google Scholar
- 11.Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of 8th USENIX Security Symposium, vol. 8, p. 1 (1999)Google Scholar
- 13.De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you! In: Proceedings of 2012 ACM Annual Conference on Human Factors in Computing Systems, CHI ’12, p. 987 (2012)Google Scholar
- 14.Sae-Bae, N., Ahmed, K., Isbister, K., Memon, N.: Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In: SIGCHI Conference on Human Factors in Computing Systems, p. 977 (2012)Google Scholar
- 15.Riva, O., Qin, C., Strauss, K.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of the 21 st USENIX Conference on Security Symposium, pp. 1–16 (2011)Google Scholar
- 16.Teh, P.S., Teoh, A.B.J., Yue, S.: A survey of keystroke dynamics biometrics. Sci. World J. 2013 (2013)Google Scholar
- 17.Babaeizadeh, M., Bakhtiari, M., Maarof, M.A.: Keystroke dynamic authentication in mobile cloud computing. Int. J. Comput. Appl. 90(1), 975–8887 (2014)Google Scholar
- 19.Putri, A.N., Asnar, Y.D.W., Akbar, S.: A continuous fusion authentication for Android based on keystroke dynamics and touch gesture. In: Proceedings of 2016 International Conference on Data and Software Engineering, ICoDSE 2016 (2017)Google Scholar
- 20.Abdulhakim Alariki, A., Abdul Manaf, A., Mojtaba Mousavi, S.: Features extraction scheme for behavioral biometric authentication in touchscreen mobile devices. Int. J. Appl. Eng. Res. 11(18), 973–4562 (2016)Google Scholar