Continuous user identification via touch and movement behavioral biometrics

With the increased popularity of smartphones, various security threats and privacy leakages targeting them are discovered and investigated. In this work, we present SilentSense, a framework to authenticate users silently and transparently by exploiting dynamics mined from the user touch behavior biometrics and the micro-movement of the device caused by user's screen-touch actions. We build a “touch-based biometrics” model of the owner by extracting some principle features, and then verify whether the current user is the owner or guest/attacker. When using the smartphone, some unique operating dynamics of the user is detected and learnt by collecting the sensor data and touch events silently. When users are mobile, the micro-movement of mobile devices caused by touch is suppressed by that due to the large scale user-movement which will render the touch-based biometrics ineffective. To address this, we integrate a movement-based biometrics for each user with previous touch-based biometrics. We conduct extensive evaluations of our approaches on the Android smartphone, we show that the user identification accuracy is over 99%.

[1]  Marco Gruteser,et al.  Distinguishing users with capacitive touch communication , 2012, Mobicom '12.

[2]  Andreas P. Heiner,et al.  A closer look at recognition-based graphical passwords on mobile devices , 2010, SOUPS.

[3]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[4]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[5]  Eunjin Kim,et al.  A Novel Biometric Identification Based on a User’s Input Pattern Analysis for Intelligent Mobile Devices , 2012 .

[6]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[7]  Yunhao Liu,et al.  It starts with iGaze: visual attention driven networking with smart glasses , 2014, MobiCom.

[8]  Shaojie Tang,et al.  Privacy-preserving data aggregation without secure channel: Multivariate polynomial evaluation , 2013, 2013 Proceedings IEEE INFOCOM.

[9]  H. Bredin,et al.  Multi-modal biometric authentication on the SecurePhone PDA , 2006 .

[10]  Urs Hengartner,et al.  Towards application-centric implicit authentication on smartphones , 2014, HotMobile.

[11]  Brian D. Noble,et al.  Mobile Device Security Using Transient Authentication , 2006, IEEE Transactions on Mobile Computing.

[12]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[13]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[14]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[15]  Stuart E. Schechter,et al.  Can i borrow your phone?: understanding concerns when sharing mobile phones , 2009, CHI.

[16]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[17]  Xiang-Yang Li,et al.  You're driving and texting: detecting drivers using personal smart phones by leveraging inertial sensors , 2013, MobiCom.

[18]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[19]  Hao Chen,et al.  Defending against sensor-sniffing attacks on mobile phones , 2009, MobiHeld '09.

[20]  Urs Hengartner,et al.  Itus: an implicit authentication framework for android , 2014, MobiCom.

[21]  Xiang-Yang Li,et al.  SilentSense: silent user identification via touch and movement behavioral biometrics , 2013, MobiCom.

[22]  David Starobinski,et al.  Poster: gait-based smartphone user identification , 2011, MobiSys '11.

[23]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[24]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[25]  Xiang-Yang Li,et al.  Privacy.tag: privacy concern expressed and respected , 2014, SenSys.