TouchIn: Sightless two-factor authentication on multi-touch mobile devices

Mobile authentication is indispensable for preventing unauthorized access to multi-touch mobile devices. Existing mobile authentication techniques are often cumbersome to use and also vulnerable to shoulder-surfing and smudge attacks. This paper focuses on designing, implementing, and evaluating TouchIn, a two-factor authentication system on multi-touch mobile devices. TouchIn works by letting a user draw on the touchscreen with one or multiple fingers to unlock his mobile device, and the user is authenticated based on the geometric properties of his drawn curves as well as his behavioral and physiological characteristics. TouchIn allows the user to draw on arbitrary regions on the touchscreen without looking at it. This nice sightless feature makes TouchIn very easy to use and also robust to shoulder-surfing and smudge attacks. Comprehensive experiments on Android devices confirm the high security and usability of TouchIn.

[1]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[2]  Dan Boneh,et al.  Mobile token-based authentication on a budget , 2011, HotMobile '11.

[3]  Xiaoli Zhang,et al.  User Identification Based on Touch Dynamics , 2012, 2012 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing.

[4]  M. Faundez-Zanuy,et al.  On the vulnerability of biometric security systems , 2004, IEEE Aerospace and Electronic Systems Magazine.

[5]  Oscar Miguel-Hurtado,et al.  Analysis of handwritten signature performances using mobile devices , 2011, 2011 Carnahan Conference on Security Technology.

[6]  Raul Sanchez-Reillo,et al.  Analysis on the resolution of the different signals in an on-line handwritten signature verification system applied to portable devices , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[7]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[8]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[9]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[10]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[11]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[12]  Heikki Ailisto,et al.  Identifying users of portable devices from gait pattern with accelerometers , 2005, Proceedings. (ICASSP '05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005..

[13]  Lin Zhong,et al.  User evaluation of lightweight user authentication with a single tri-axis accelerometer , 2009, Mobile HCI.

[14]  Marco Gruteser,et al.  Distinguishing users with capacitive touch communication , 2012, Mobicom '12.

[15]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[16]  Brian D. Noble,et al.  Mobile Device Security Using Transient Authentication , 2006, IEEE Transactions on Mobile Computing.

[17]  Gonzalo Bailador,et al.  Analysis of pattern recognition techniques for in-air signature biometrics , 2011, Pattern Recognit..

[18]  Zhen Wang,et al.  uWave: Accelerometer-based Personalized Gesture Recognition and Its Applications , 2009, PerCom.

[19]  Einar Snekkenes,et al.  Spoof Attacks on Gait Authentication System , 2007, IEEE Transactions on Information Forensics and Security.

[20]  Christoph Busch,et al.  Fingerprint Recognition with Embedded Cameras on Mobile Phones , 2011, MobiSec.

[21]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[22]  Volker Roth,et al.  The IR ring: authenticating users' touches on a multi-touch display , 2010, UIST '10.

[23]  Wenyuan Xu,et al.  KinWrite: Handwriting-Based Authentication Using Kinect , 2013, NDSS.

[24]  S. Chiba,et al.  Dynamic programming algorithm optimization for spoken word recognition , 1978 .

[25]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[26]  Stanislav Kurkovsky,et al.  Experiments with Simple Iris Recognition for Mobile Phones , 2010, 2010 Seventh International Conference on Information Technology: New Generations.

[27]  Richard E. Ladner,et al.  PassChords: secure multi-touch authentication for blind people , 2012, ASSETS '12.