Performance Analysis of Multi-Motion Sensor Behavior for Active Smartphone Authentication

The increasing use of smartphones as personal computing platforms to access personal information has stressed the demand for secure and usable authentication techniques, and for constantly protecting privacy. Smartphone sensors can measure users’ unique behavioral characteristics when they interact with smartphones, based on different habits, gestures, and angle preferences of touch actions. This paper investigates the reliability and applicability of using motion-sensor behavior for active and continuous smartphone authentication across various operational scenarios, and presents a systematic evaluation of the distinctiveness and permanence properties of the behavior. For each sample of sensor behavior, kinematic information sequences are extracted and analyzed, which are characterized by statistic-, frequency-, and wavelet-domain features, to provide accurate and fine-grained characterization of users’ touch actions. A Markov-based decision procedure, using one-class learning techniques, is developed and applied to the feature space for performing authentication. Analyses are conducted using the sensor data of 520 200 touch actions from 102 subjects across various operational scenarios. Extensive experiments show that motion-sensor behavior exhibits sufficient discriminability and stability for active and continuous authentication, and can achieve a false-rejection rate of 5.03% and a false-acceptance rate of 3.98%. Additional experiments on usability to operation length, sensitivity to application scenario, scalability to user size, contribution to different sensors, and response to behavior change are provided to further explore the effectiveness and applicability. We also implement an authentication system into the Android system that can react to the presence of the legitimate user.

[1]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[2]  Ning Zhang,et al.  A survey on touch dynamics authentication in mobile devices , 2016, Comput. Secur..

[3]  Lilian Mitrou,et al.  Smartphone sensor data as digital evidence , 2013, Comput. Secur..

[4]  Matjaz Gams,et al.  Accelerometer Placement for Posture Recognition and Fall Detection , 2011, 2011 Seventh International Conference on Intelligent Environments.

[5]  Samy Bengio,et al.  A statistical significance test for person authentication , 2004, Odyssey.

[6]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[7]  Alex Bateman,et al.  An introduction to hidden Markov models. , 2007, Current protocols in bioinformatics.

[8]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[9]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[10]  Erkki Sutinen,et al.  Comparison of Dimension Reduction Methods for Automated Essay Grading , 2008, J. Educ. Technol. Soc..

[11]  Sandeep Mandliya,et al.  A comparison of SVM and HMM classifiers in the off-line signature verification , 2015 .

[12]  Aggelos K. Katsaggelos,et al.  Automatic facial expression recognition using facial animation parameters and multistream HMMs , 2006, IEEE Transactions on Information Forensics and Security.

[13]  Malik Yousef,et al.  One-Class SVMs for Document Classification , 2002, J. Mach. Learn. Res..

[14]  Xiang-Yang Li,et al.  SilentSense: silent user identification via touch and movement behavioral biometrics , 2013, MobiCom.

[15]  Rama Chellappa,et al.  Touch Gesture-Based Active User Authentication Using Dictionaries , 2015, 2015 IEEE Winter Conference on Applications of Computer Vision.

[16]  Qing Yang,et al.  HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users , 2015, IEEE Transactions on Information Forensics and Security.

[17]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Blase Ur,et al.  Measuring password guessability for an entire university , 2013, CCS.

[19]  Cheng Li,et al.  Fisher Linear Discriminant Analysis , 2014 .

[20]  Tae Hwan Oh,et al.  Analyzing User Awareness of Privacy Data Leak in Mobile Applications , 2015, Mob. Inf. Syst..

[21]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[22]  Charu C. Aggarwal,et al.  A Survey of Stream Classification Algorithms , 2014, Data Classification: Algorithms and Applications.

[23]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[24]  Calton Pu,et al.  Active authentication using scrolling behaviors , 2015, 2015 6th International Conference on Information and Communication Systems (ICICS).

[25]  David Griffiths,et al.  Shoulder surfing defence for recall-based graphical passwords , 2011, SOUPS.

[26]  Andrey Makrushin,et al.  Automatic Template Update Strategies for Biometrics , 2007 .

[27]  Rama Chellappa,et al.  Visual Domain Adaptation: A survey of recent advances , 2015, IEEE Signal Processing Magazine.

[28]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[29]  Roger Wattenhofer,et al.  A personal touch: recognizing users based on touch screen behavior , 2012, PhoneSense '12.

[30]  Wenyuan Xu,et al.  Regional Patterns and Vulnerability Analysis of Chinese Web Passwords , 2016, IEEE Transactions on Information Forensics and Security.

[31]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[32]  Luca Benini,et al.  A Wireless Body Area Sensor Network for Posture Detection , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[33]  Christoph Busch,et al.  Authentication of Smartphone Users Based on the Way They Walk Using k-NN Algorithm , 2012, 2012 Eighth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[34]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[35]  Ying Zhang,et al.  n-Gram Geo-trace Modeling , 2011, Pervasive.

[36]  Rama Chellappa,et al.  Domain adaptive sparse representation-based classification , 2015, 2015 11th IEEE International Conference and Workshops on Automatic Face and Gesture Recognition (FG).

[37]  Tao Feng,et al.  Continuous mobile authentication using a novel Graphic Touch Gesture Feature , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[38]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[39]  Anil K. Jain,et al.  Biometric Template Protection: Bridging the performance gap between theory and practice , 2015, IEEE Signal Processing Magazine.

[40]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[41]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[42]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[43]  Arun Ross,et al.  Biometric Template Selection: A Case Study in Fingerprints , 2003, AVBPA.

[44]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[45]  Richard G. Baraniuk,et al.  Improved wavelet denoising via empirical Wiener filtering , 1997, Optics & Photonics.

[46]  Stephen E. Fienberg,et al.  Testing Statistical Hypotheses , 2005 .

[47]  David B. Skillicorn,et al.  Classification Using Streaming Random Forests , 2011, IEEE Transactions on Knowledge and Data Engineering.

[48]  Xiaohong Guan,et al.  Input extraction via motion-sensor behavior analysis on smartphones , 2015, Comput. Secur..

[49]  Ioannis A. Kakadiaris,et al.  Mobile User Authentication Using Statistical Touch Dynamics Images , 2014, IEEE Transactions on Information Forensics and Security.

[50]  Lynne Baillie,et al.  Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors , 2014, ArXiv.

[51]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[52]  Margit Antal,et al.  Biometric Authentication Based on Touchscreen Swipe Patterns , 2016 .

[53]  Roy A. Maxion Making Experiments Dependable , 2011, Dependable and Historic Computing.

[54]  Nasir D. Memon,et al.  An HMM-based multi-sensor approach for continuous mobile authentication , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[55]  Joachim M. Buhmann,et al.  Denoising and Dimension Reduction in Feature Space , 2006, NIPS.

[56]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.

[57]  Xiaohong Guan,et al.  Performance Analysis of Motion-Sensor Behavior for User Authentication on Smartphones , 2016, Sensors.

[58]  Xiao Wang,et al.  SenSec: Mobile security through passive sensing , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[59]  Steven Furnell,et al.  Text-Based Active Authentication for Mobile Devices , 2014, SEC.

[60]  Ruby B. Lee,et al.  Multi-sensor authentication to improve smartphone security , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[61]  Enrique Argones-Rúa,et al.  Biometric Template Protection Using Universal Background Models: An Application to Online Signature , 2012, IEEE Transactions on Information Forensics and Security.

[62]  M. Kenward,et al.  An Introduction to the Bootstrap , 2007 .

[63]  Malek Ben Salem,et al.  You Are What You Use: An Initial Study of Authenticating Mobile Users via Application Usage , 2016, MobiCASE.