Implicit authentication for mobile device based on 3D magnetic finger motion pattern

Touch pattern based implicit authentication has been proposed to defend against diverse attacks against mobile devices that aim to obtain credentials, e.g., passwords, in the process of user authentication. However, this defense technique cannot obtain a complete user operation pattern by merely deriving user operation data via a touch-enabled screen, since user operations, including on-screen and in-air finger movements, are performed in a three-dimensional space. In this paper, we propose a novel three-dimensional magnetic finger motion pattern based implicit authentication technique, referred to as FingerAuth. To use FingerAuth, a user first wears a magnetic ring on her finger and uses this finger to operate her mobile device, e.g., typing messages and surfing websites. By using a built-in three-axis magnetometer on the mobile device, we can derive the three-dimension (3D) magnetic finger motion pattern that is used as a human behavioral feature to implicitly authenticate the user. We construct robust 3D magnetic finger motion pattern detection model using machine learning techniques. Real-world experiments were conducted to demonstrate that our approach achieves high accuracy of 96.38% as well as low false acceptance rate of 4.06% and low false rejection rate of 3.18%.

[1]  Sungjae Hwang,et al.  MagPen: magnetically driven pen interactions on and around conventional smartphones , 2013, MobileHCI '13.

[2]  Raymond J Staron,et al.  Personal Attributes Authentication Techniques. , 1977 .

[3]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[4]  Pat Langley,et al.  Estimating Continuous Distributions in Bayesian Classifiers , 1995, UAI.

[5]  Christoph Busch,et al.  Authentication of Smartphone Users Based on the Way They Walk Using k-NN Algorithm , 2012, 2012 Eighth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[6]  Hamed Ketabdar,et al.  MagiSign : User Identification / Authentication Based on 3 D Around Device Magnetic Signatures , 2010 .

[7]  Gueesang Lee,et al.  Implicit authentication based on ear shape biometrics using smartphone camera during a call , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[8]  Ming Yang,et al.  Secure fingertip mouse for mobile devices , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[9]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[10]  Xian Ke,et al.  Typing patterns: a key to user identification , 2004, IEEE Security & Privacy Magazine.

[11]  Yang Zhang,et al.  Fingerprint attack against touch-enabled devices , 2012, SPSM '12.

[12]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[13]  Aboul Ella Hassanien,et al.  Biometric and Traditional Mobile Authentication Techniques: Overviews and Open Issues , 2014, Bio-inspiring Cyber Security and Cloud Services.

[14]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[15]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[16]  Zhen Ling,et al.  Blind Recognition of Touched Keys on Mobile Devices , 2014, CCS.

[17]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[18]  Hamed Ketabdar,et al.  MagiWrite: towards touchless digit entry using 3D space around mobile devices , 2010, Mobile HCI.

[19]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[20]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[21]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[22]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.

[23]  Sungjae Hwang,et al.  MagGetz: customizable passive tangible controllers on and around conventional mobile devices , 2013, UIST.

[24]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[25]  Zhen Ling,et al.  Password Extraction via Reconstructed Wireless Mouse Trajectory , 2016, IEEE Transactions on Dependable and Secure Computing.

[26]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[27]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[28]  Sebastian Möller,et al.  Identity theft, computers and behavioral biometrics , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[29]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[30]  Klaus H. Hinrichs,et al.  An implicit author verification system for text messages based on gesture typing biometrics , 2014, CHI.