Behavior Based Human Authentication on Touch Screen Devices Using Gestures and Signatures

With the rich functionalities and enhanced computing capabilities available on mobile computing devices with touch screens, users not only store sensitive information (such as credit card numbers) but also use privacy sensitive applications (such as online banking) on these devices, which make them hot targets for hackers and thieves. To protect private information, such devices typically lock themselves after a few minutes of inactivity and prompt a password/PIN/pattern screen when reactivated. Passwords/PINs/patterns based schemes are inherently vulnerable to shoulder surfing attacks and smudge attacks. In this paper, we propose BEAT, an authentication scheme for touch screen devices that authenticates users based on their behavior of performing certain actions on the touch screens. An action is either a gesture, which is a brief interaction of a user's fingers with the touch screen such as swipe rightwards, or a signature, which is the conventional unique handwritten depiction of one's name. Unlike existing authentication schemes for touch screen devices, which use what user inputs as the authentication secret, BEAT authenticates users mainly based on how they input, using distinguishing features such as velocity, device acceleration, and stroke time. Even if attackers see what action a user performs, they cannot reproduce the behavior of the user doing those actions through shoulder surfing or smudge attacks. We implemented BEAT on Samsung Focus smart phones and Samsung Slate tablets running Windows, collected 15,009 gesture samples and 10,054 signature samples, and conducted real-time experiments to evaluate its performance. Experimental results show that, with only 25 training samples, for gestures, BEAT achieves an average equal error rate of 0.5 percent with three gestures and for signatures, it achieves an average equal error rate of 0.52 percent with single signature.

[1]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[2]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[3]  Kirsi Helkala,et al.  Biometric Gait Authentication Using Accelerometer Sensor , 2006, J. Comput..

[4]  Zhihua Xia,et al.  Steganalysis of least significant bit matching using multi-order differences , 2014, Secur. Commun. Networks.

[5]  Bo Wang,et al.  Secret sharing scheme with dynamic size of shares for distributed storage system , 2014, Secur. Commun. Networks.

[6]  Miao Wang,et al.  Mobile Authentication through Touch-Behavior Features , 2013, CCBR.

[7]  Charles Pippin Dynamic Signature Verification using Local and Global Features , 2004 .

[8]  Gary M. Weiss,et al.  Cell phone-based biometric identification , 2010, 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[9]  Roy A. Maxion,et al.  Why Did My Detector Do That?! - Predicting Keystroke-Dynamics Error Rates , 2010, RAID.

[10]  Naixue Xiong,et al.  Steganalysis of LSB matching using differences between nonadjacent pixels , 2016, Multimedia Tools and Applications.

[11]  Bernadette Dorizzi,et al.  On Using the Viterbi Path Along With HMM Likelihood Information for Online Signature Verification , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[12]  Xingming Sun,et al.  Fast Motion Estimation Based on Content Property for Low-Complexity H.265/HEVC Encoder , 2016, IEEE Transactions on Broadcasting.

[13]  Bernhard Sick,et al.  Online Signature Verification With Support Vector Machines Based on LCSS Kernel Functions , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[14]  Zhong Ming,et al.  An Intelligent Wireless Sensor Networks System with Multiple Servers Communication , 2015, Int. J. Distributed Sens. Networks.

[15]  Xuemin Shen,et al.  Enabling device-to-device communications in millimeter-wave 5G cellular networks , 2015, IEEE Communications Magazine.

[16]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[17]  F. Richard Yu,et al.  Software-Defined Device-to-Device (D2D) Communications in Virtual Wireless Networks With Imperfect Network State Information (NSI) , 2016, IEEE Transactions on Vehicular Technology.

[18]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[19]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[20]  Liang Wan,et al.  On-line signature verification with two-stage statistical models , 2005, Eighth International Conference on Document Analysis and Recognition (ICDAR'05).

[21]  Xiaonan Guo,et al.  MODLoc: Localizing Multiple Objects in Dynamic Indoor Environment , 2014, IEEE Transactions on Parallel and Distributed Systems.

[22]  Xingming Sun,et al.  Structural Minimax Probability Machine , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[23]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[24]  Yejun He,et al.  An ALOHA-based improved anti-collision algorithm for RFID systems , 2013, IEEE Wireless Communications.

[25]  Hamid Reza Pourreza,et al.  Offline Signature Verification Using Local Radon Transform and Support Vector Machines , 2009 .

[26]  Kwok-Wo Wong,et al.  Period Distribution of Generalized Discrete Arnold Cat Map for N=pe , 2012, IEEE Trans. Inf. Theory.

[27]  Ling Shao,et al.  A rapid learning algorithm for vehicle classification , 2015, Inf. Sci..

[28]  Qian Zhang,et al.  CUTS: Improving Channel Utilization in Both Time and Spatial Domain in WLANs , 2013, IEEE Transactions on Parallel and Distributed Systems.

[29]  Gady Agam,et al.  Warping-Based Offline Signature Recognition , 2007, IEEE Transactions on Information Forensics and Security.

[30]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[31]  Tülay Yildirim,et al.  Conic Section Function Neural Network Circuitry for Offline Signature Recognition , 2010, IEEE Transactions on Neural Networks.

[32]  Zhen Ji,et al.  Secure interoperation of identity managements among different circles of trust , 2011, Comput. Stand. Interfaces.

[33]  Xingming Sun,et al.  Effective and Efficient Global Context Verification for Image Copy Detection , 2017, IEEE Transactions on Information Forensics and Security.

[34]  Chih-Jen Lin,et al.  Asymptotic Behaviors of Support Vector Machines with Gaussian Kernel , 2003, Neural Computation.

[35]  K. Sankar,et al.  On-Demand Security Architecture for Cloud Computing , 2014 .

[36]  Xingming Sun,et al.  Segmentation-Based Image Copy-Move Forgery Detection Scheme , 2015, IEEE Transactions on Information Forensics and Security.

[37]  LinLin Shen,et al.  Differentiated security levels for personal identifiable information in identity management system , 2011, Expert Syst. Appl..

[38]  Peng Jin,et al.  Fast reference frame selection based on content similarity for low complexity HEVC encoder , 2016, J. Vis. Commun. Image Represent..

[39]  Maged M.M. Fahmy,et al.  Online handwritten signature verification system based on DWT features extraction and neural network classification , 2010 .

[40]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[41]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[42]  Bin Gu,et al.  Incremental Support Vector Learning for Ordinal Regression , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[43]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[44]  Bin Gu,et al.  Incremental learning for ν-Support Vector Regression , 2015, Neural Networks.

[45]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[46]  Zhen Ji,et al.  Optimization between security and delay of quality-of-service , 2011, J. Netw. Comput. Appl..

[47]  Muddassar Farooq,et al.  Keystroke-Based User Identification on Smart Phones , 2009, RAID.

[48]  Sargur N. Srihari,et al.  Offline Signature Verification And Identification Using Distance Statistics , 2004, Int. J. Pattern Recognit. Artif. Intell..

[49]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[50]  J. H. Ward Hierarchical Grouping to Optimize an Objective Function , 1963 .

[51]  Muddassar Farooq,et al.  A hybrid GA-PSO fuzzy system for user identification on smart phones , 2009, GECCO.

[52]  Sam Kwong,et al.  Efficient Motion and Disparity Estimation Optimization for Low Complexity Multiview Video Coding , 2015, IEEE Transactions on Broadcasting.

[53]  Weijia Jia,et al.  Analysis of channel allocation scheme for wireless cellular networks , 2009, Int. J. Ad Hoc Ubiquitous Comput..

[54]  Bin Gu,et al.  A Robust Regularization Path Algorithm for $\nu $ -Support Vector Classification , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[55]  Michael Weber,et al.  Password entry usability and shoulder surfing susceptibility on different smartphone platforms , 2012, MUM.