SGFA: A Two-Factor Smartphone Authentication Mechanism Using Touch Behavioral Biometrics

In this paper we propose a user authentication method on smartphone devices based on the popular pattern lock mechanism, called the Simple Game For Authentication (SGFA). The SGFA mechanism resembles a simple game involving connecting points on the touch screen that is relatively easy to perform. To provide increased security, the mechanism utilizes both the user's knowledge and behavioral biometrics based on touch screen interaction an active layer of defence against unauthorized access. Based on an initial experiment, we determine the minimum number of strokes forming a password to reach a satisfying level of success rate. We discuss possible problems and attacks that can potentially break the process and evaluate the impact of over-the-shoulder attacks on the security of the password-matching layer. We further evaluate the biometric layer in terms of user authentication error rates. In an experiment involving 33 participants, the biometric layer achieved the false acceptance rate (FAR) and false rejection rate (FRR) of approx. 1.4% and 2%, respectively. Combined with the password-matching layer, the SGFA mechanism provides a more secure approach than pattern locks.

[1]  Daniela Chudá,et al.  Toward Posture Recognition with Touch Screen Biometrics , 2016, CompSysTech.

[2]  Yanyan Yang,et al.  Game Authentication Based on Behavior Pattern , 2017, MoMM.

[3]  Lior Rokach,et al.  User Verification on Mobile Devices Using Sequences of Touch Gestures , 2017, UMAP.

[4]  D.A. Schulz,et al.  Mouse Curve Biometrics , 2006, 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference.

[5]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[6]  Steffen Werner,et al.  Graphical Authentication Resistance to Over-the-Shoulder-Attacks , 2017, CHI Extended Abstracts.

[7]  Andrew Beng Jin Teoh,et al.  A Survey of Keystroke Dynamics Biometrics , 2013, TheScientificWorldJournal.

[8]  Daniela Chudá,et al.  Recognition of web users with the aid of biometric user model , 2018, Journal of Intelligent Information Systems.

[9]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[10]  Erik Wästlund,et al.  Exploring Touch-Screen Biometrics for User Identification on Smart Phones , 2011, PrimeLife.

[11]  Aboul Ella Hassanien,et al.  Biometric and Traditional Mobile Authentication Techniques: Overviews and Open Issues , 2014, Bio-inspiring Cyber Security and Cloud Services.

[12]  K P Tripathi,et al.  A Comparative Study of Biometric Technologies with Reference to Human Interface , 2011 .

[13]  Achim Ebert,et al.  Simple shape-based touch behavioral biometrics authentication for smart mobiles , 2018, AVI.

[14]  Ning Zhang,et al.  Recognizing Your Touch: Towards Strengthening Mobile Device Authentication via Touch Dynamics Integration , 2015, MoMM.

[15]  Lior Rokach,et al.  User identity verification via mouse dynamics , 2012, Inf. Sci..

[16]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[17]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Daniela Chudá,et al.  Biometric Properties of Mouse Interaction Features on the Web , 2018, Interact. Comput..