A continuous fusion authentication for Android based on keystroke dynamics and touch gesture

As one of the most popular smartphone operating system nowadays, Android is used for various needs start from casual purpose such as games up to critical aims like banking. To avoid any access by impostor (unauthorized parties), the use of authentication system is a must. Android provides basic authentication system based on screen-lock using PIN, password, or pattern. However all those ways have several vulnerabilities, i.e: 1) leak or transfered key access, 2) only supports full binary authentication, and 3) no re-authentication nor revocation. This research aims at developing continuous behavioral authentication as a solution for those vulnerabilities. Our solution uses authentication score, not just a binary authentication. The score is constructed using fusion approach combining two modalities i.e. keystroke dynamics (typing behavior) and touch gesture (tap, swipe, and pinch behavior). Each of those authentication model is built using two-class machine learning classification. This authentication system is designed to run continuously on Android background, so it is possible to change authorization or make a revocation anytime needed. This proposed solution has been implemented as a prototype on a testing application. There are some tests have been held, first is modality experiment to find the best classifier each modality, second is continuous fusion authentication test, third is performance test. The result shows that our proposed fusion authentication get more accurate than if the modalities work respectively. Based on the continuous and live authentication testing on Android device, best fusion method is mean Olympic with a threshold 0.81 that makes the FAR and FRR equal in 0.26.

[1]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[2]  Marilyn Tremaine,et al.  Typing Biometrics: Impact of Human Learning on Performance Quality , 2011, JDIQ.

[3]  Neil Daswani,et al.  Foundations of Security - What Every Programmer Needs to Know , 2007 .

[4]  Shatha J. Alghamdi,et al.  Dynamic User Verification Using Touch Keystroke Based on Medians Vector Proximity , 2015, 2015 7th International Conference on Computational Intelligence, Communication Systems and Networks.

[5]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[6]  P.Susan Lalitha Grace,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017 .

[7]  S. Khan,et al.  A study of touching behavior for authentication in touch screen smart devices , 2016, 2016 International Conference on Intelligent Systems Engineering (ICISE).

[8]  Nasir D. Memon,et al.  An HMM-based multi-sensor approach for continuous mobile authentication , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[9]  Alexandru-Cosmin Grivei Touch based biometric authentication for Android devices , 2015, 2015 7th International Conference on Electronics, Computers and Artificial Intelligence (ECAI).

[10]  Yigitcan Aksari,et al.  Active authentication by mouse movements , 2009, 2009 24th International Symposium on Computer and Information Sciences.

[11]  Margit Antal,et al.  An Evaluation of One-Class and Two-Class Classification Algorithms for Keystroke Dynamics Authentication on Mobile Devices , 2015, 2015 20th International Conference on Control Systems and Computer Science.

[12]  Sharath Pankanti,et al.  Multi-modal biometrics for mobile authentication , 2014, IEEE International Joint Conference on Biometrics.

[13]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[14]  Anil K. Jain,et al.  Soft Biometric Traits for Continuous User Authentication , 2010, IEEE Transactions on Information Forensics and Security.