FingerAuth: 3D magnetic finger motion pattern based implicit authentication for mobile devices

Abstract Smart devices, as the most widely used platforms for the mobile cyber–physical system (CPS) applications, such as smart home and health care systems, are becoming the prime targets of various attackers for users’ considerable private and confidential data in them. To fight against side channel attacks aiming to obtain credentials, e.g., passwords, during the process of user authentication, touch pattern based implicit authentication has been proposed. However, such a defensive technique fails to obtain an entire pattern of user operation by deriving user operation data via a touch-enabled screen. Considering that user operations, including on-screen and in-air finger movements, are performed in three-dimensional (3D) space, we propose a novel 3D magnetic finger motion pattern based implicit authentication technique, referred to as FingerAuth. To use FingerAuth, a user operates on her mobile device, e.g., texting a message and browsing websites, with a magnetic ring on the finger she uses. With the help of a built-in three-axis magnetometer on the mobile device, we can derive the 3D magnetic finger motion pattern as a human behavioral feature for implicitly authenticating the user. By using machine learning techniques, a robust 3D magnetic finger motion pattern detection model can be constructed. Two rounds of usability tests are conducted for the evaluation of FingerAuth. In the initial usability test targeting a given group of smart device users, we test the uniqueness of the proposed trait in typing scenario, achieving high average accuracy of 96.38%, low average false acceptance rate (FAR) of 4.06%, and false rejection rate (FRR) of 3.18%. In the second user usability test, we further evaluate the permanence of 3D finger motion pattern in multiple user–device interaction scenarios. There is an interim of two-week period between the training data collection phase and the testing data collection phase. The results of the high accuracy of over 80%, as well as the FAR and FRR of below 15%, indicate the applicability of FingerAuth.

[1]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[2]  Ivan Stojmenovic,et al.  An overview of Fog computing and its security issues , 2016, Concurr. Comput. Pract. Exp..

[3]  Wanlei Zhou,et al.  Identifying Propagation Sources in Networks: State-of-the-Art and Comparative Studies , 2017, IEEE Communications Surveys & Tutorials.

[4]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[5]  Dimitris Kanellopoulos,et al.  Data Preprocessing for Supervised Leaning , 2007 .

[6]  Raymond J Staron,et al.  Personal Attributes Authentication Techniques. , 1977 .

[7]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[8]  Jun Zhang,et al.  Modeling Propagation Dynamics of Social Network Worms , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  Xian Ke,et al.  Typing patterns: a key to user identification , 2004, IEEE Security & Privacy Magazine.

[10]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[11]  Aboul Ella Hassanien,et al.  Biometric and Traditional Mobile Authentication Techniques: Overviews and Open Issues , 2014, Bio-inspiring Cyber Security and Cloud Services.

[12]  Zhen Ling,et al.  Password Extraction via Reconstructed Wireless Mouse Trajectory , 2016, IEEE Transactions on Dependable and Secure Computing.