Harmonized authentication based on ThumbStroke dynamics on touch screen mobile phones

Abstract The pervasive and prevalent use of touch screen mobile phones in both work and daily life has generated more and more private and sensitive information on those devices. Accordingly, there is an ever-increasing need to improve the security of mobile phones. Recent advances in mobile user authentication technologies mainly focus on entry-point authentication. Although post-log-in continuous authentication has attracted increasing attention from researchers, none of the previous studies addressed mobile user authentication at both stages simultaneously. In addition, extant authentication systems are subject to the common trade-off between security and usability. To address the above limitations, we propose Harmonized Authentication based on ThumbStroke dynamics (HATS) that supports both entry-point and post-log-in mobile user authentication. HATS integrates password, gesture, keystroke, and touch dynamics-based authentication methods to address the vulnerabilities of individual methods to certain security attacks. Moreover, HATS supports one-handed thumb stroke-based interaction with touch screen mobile phones to improve the usability of authentication systems. We empirically evaluated HATS through controlled lab experiments. The results provide strong evidence that HATS improved both security and usability of mobile user authentication compared with keystroke dynamics based user authentication.

[1]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[2]  Per Ola Kristensson,et al.  Complementing text entry evaluations with a composition task , 2014, TCHI.

[3]  Cheng-Jung Tsai,et al.  A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices , 2012, J. Syst. Softw..

[4]  Venu Govindaraju,et al.  Behavioural biometrics: a survey and classification , 2008, Int. J. Biom..

[5]  Trevor Hastie,et al.  Multi-class AdaBoost ∗ , 2009 .

[6]  Andrew Beng Jin Teoh,et al.  A Survey of Keystroke Dynamics Biometrics , 2013, TheScientificWorldJournal.

[7]  Iztok Fister,et al.  A biometric authentication model using hand gesture images , 2013, BioMedical Engineering OnLine.

[8]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[9]  Nambu Hirotaka,et al.  Reassessing current cell phone designs: using thumb input effectively , 2003, CHI Extended Abstracts.

[10]  Virpi Roto,et al.  Interaction in 4-second bursts: the fragmented nature of attentional resources in mobile HCI , 2005, CHI.

[11]  Matthias Trojahn,et al.  Toward Mobile Authentication with Keystroke Dynamics on Mobile Phones and Tablets , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[12]  Aaron Smith,et al.  U.S. Smartphone Use in 2015 , 2015 .

[13]  Ben Shneiderman,et al.  Universal usability , 2000, Commun. ACM.

[14]  Jiang Zhu,et al.  KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction , 2013, MobiCASE.

[15]  M. Akila,et al.  Identity authentication based on keystroke dynamics using genetic algorithm and particle Swarm Optimization , 2009, 2009 2nd IEEE International Conference on Computer Science and Information Technology.

[16]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[17]  이훈,et al.  지각된 유용성(Perceived Usefulness)의 영향분석 , 2004 .

[18]  Vittorio Fuccella,et al.  Virtual Stick in Caret Positioning on Touch Screens , 2013, IHM.

[19]  Miguel Macías Macías,et al.  Consistent performance measurement of a system to detect masses in mammograms based on blind feature extraction , 2013, Biomedical engineering online.

[20]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[21]  Kwang-Seok Hong,et al.  Person authentication using face, teeth and voice modalities for mobile device security , 2010, IEEE Transactions on Consumer Electronics.

[22]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[23]  Nathan L. Clarke,et al.  Keystroke Analysis for Thumb-based Keyboards on Mobile Devices , 2007, SEC.

[24]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[25]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[26]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[27]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[28]  Taqwa A. Alhaj,et al.  On password strength measurements: Password entropy and password quality , 2013, 2013 INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING (ICCEEE).

[29]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[30]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[31]  Muddassar Farooq,et al.  Keystroke-Based User Identification on Smart Phones , 2009, RAID.

[32]  Benjamin B. Bederson,et al.  ThumbSpace: Generalized One-Handed Input for Touchscreen-Based Mobile Devices , 2007, INTERACT.

[33]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[34]  Kashif Saleem,et al.  Authentication of Fingerprint Biometrics Acquired using a cellphone Camera: a Review , 2013, Int. J. Wavelets Multiresolution Inf. Process..

[35]  Bernhard Schölkopf,et al.  A tutorial on support vector regression , 2004, Stat. Comput..

[36]  Sadiq Almuairfi,et al.  A novel image-based implicit password authentication system (IPAS) for mobile and non-mobile devices , 2013, Math. Comput. Model..

[37]  Paul C. van Oorschot,et al.  Passwords: If We're So Smart, Why Are We Still Using Them? , 2009, Financial Cryptography.

[38]  Gonzalo Bailador,et al.  Authentication in mobile devices through hand gesture recognition , 2012, International Journal of Information Security.

[39]  M. Jakobsson Rethinking Passwords to Adapt to Constrained Keyboards , 2011 .

[40]  Harry Zhang,et al.  The Optimality of Naive Bayes , 2004, FLAIRS.

[41]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[42]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[43]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.

[44]  Azizah Abdul Manaf,et al.  Touch gesture authentication framework for touch screen mobile devices , 2014 .

[45]  Kent Lyons,et al.  Experimental Evaluations of the Twiddler One-Handed Chording Mobile Keyboard , 2006, Hum. Comput. Interact..

[46]  J. Kase Graphical Passwords , 2008 .

[47]  R. William Soukoreff,et al.  Text entry for mobile computing: models and methods , 2002 .

[48]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[49]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[50]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[51]  I. Scott MacKenzie,et al.  SAK: Scanning ambiguous keyboard for efficient one-key text entry , 2010, TCHI.

[52]  Joanna Bergström-Lehtovirta,et al.  Multimodal Flexibility in a Mobile Text Input Task , 2011 .

[53]  Hao Chen,et al.  Gesture Authentication with Touch Input for Mobile Devices , 2011, MobiSec.

[54]  Norman Poh,et al.  Automated Authentication Using Hybrid Biometric System , 2002 .

[55]  Uno Andre Johansen Keystroke Dynamics on a Device with Touch Screen , 2012 .

[56]  Raymond N. J. Veldhuis,et al.  Biometric Authentication for a Mobile Personal Device , 2006 .

[57]  Duncan S. Wong,et al.  Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones , 2012, Inscrypt.

[58]  Sonia Chiasson,et al.  Improving user authentication on mobile devices: a touchscreen graphical password , 2013, MobileHCI '13.

[59]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[60]  Jay F. Nunamaker,et al.  A Comparison of Classification Methods for Predicting Deception in Computer-Mediated Communication , 2004, J. Manag. Inf. Syst..

[61]  William Cheswick Rethinking Passwords , 2012 .

[62]  Gregory D. Abowd,et al.  BrailleTouch: designing a mobile eyes-free soft keyboard , 2011, Mobile HCI.

[63]  Qinghan Xiao,et al.  Security issues in biometric authentication , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[64]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[65]  Margit Antal,et al.  Keystroke Dynamics on Android Platform , 2015 .

[66]  Pierre Geurts,et al.  Extremely randomized trees , 2006, Machine Learning.

[67]  Kartik Muralidharan,et al.  Putting ‘pressure’ on mobile authentication , 2014, 2014 Seventh International Conference on Mobile Computing and Ubiquitous Networking (ICMU).

[68]  Iffat Nazir,et al.  User authentication for mobile device through image selection , 2009, 2009 First International Conference on Networked Digital Technologies.

[69]  I. Scott MacKenzie,et al.  Phrase sets for evaluating text entry techniques , 2003, CHI Extended Abstracts.

[70]  Dongsong Zhang,et al.  ExtendedThumb: A Target Acquisition Approach for One-Handed Interaction With Touch-Screen Mobile Phones , 2015, IEEE Transactions on Human-Machine Systems.

[71]  John Mingers,et al.  An Empirical Comparison of Pruning Methods for Decision Tree Induction , 1989, Machine Learning.

[72]  Oscar Mauricio Serrano Jaimes,et al.  EVALUACION DE LA USABILIDAD EN SITIOS WEB, BASADA EN EL ESTANDAR ISO 9241-11 (International Standard (1998) Ergonomic requirements For office work with visual display terminals (VDTs)-Parts II: Guidance on usability , 2012 .

[73]  Sungzoon Cho,et al.  Keystroke dynamics-based authentication for mobile devices , 2009, Comput. Secur..

[74]  Lisa Anthony,et al.  $N-protractor: a fast and accurate multistroke recognizer , 2012, Graphics Interface.

[75]  Dongsong Zhang,et al.  A study of direction's impact on single-handed thumb interaction with touch-screen mobile phones , 2014, CHI Extended Abstracts.

[76]  Kasper Hornbæk,et al.  Current practice in measuring usability: Challenges to usability studies and research , 2006, Int. J. Hum. Comput. Stud..

[77]  Fahim Sufi,et al.  Polynomial distance measurement for ECG based biometric authentication , 2010, Secur. Commun. Networks.

[78]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[79]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[80]  Tao Feng,et al.  Continuous Mobile Authentication Using Virtual Key Typing Biometrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.