Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intrasession authentication, 2%-3% for intersession authentication, and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multimodal biometric authentication system.

[1]  H. Saevanee,et al.  User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device , 2008, 2008 International Conference on Computer and Electrical Engineering.

[2]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[3]  Isabelle Guyon,et al.  An Introduction to Variable and Feature Selection , 2003, J. Mach. Learn. Res..

[4]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[5]  Venu Govindaraju,et al.  Behavioural biometrics: a survey and classification , 2008, Int. J. Biom..

[6]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[7]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[8]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[9]  H. Bredin,et al.  Multi-modal biometric authentication on the SecurePhone PDA , 2006 .

[10]  Anil K. Jain,et al.  Continuous user authentication using temporal information , 2010, Defense + Commercial Sensing.

[11]  Philip K. Chan,et al.  Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security , 2004, CCS 2004.

[12]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[13]  M. S. Obaidat,et al.  Keystroke Dynamics Based Authentication , 1996 .

[14]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[15]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[16]  Ting Yu,et al.  On mouse dynamics as a behavioral biometric for authentication , 2011, ASIACCS '11.

[17]  Issa Traoré,et al.  Improving Mouse Dynamics Biometric Performance Using Variance Reduction via Extractors With Separate Features , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[18]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[19]  Sharath Pankanti,et al.  Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.

[20]  Jon Louis Bentley,et al.  An Algorithm for Finding Best Matches in Logarithmic Expected Time , 1977, TOMS.

[21]  I. Traore,et al.  Anomaly intrusion detection based on biometrics , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[22]  Haining Wang,et al.  An efficient user verification system via mouse movements , 2011, CCS '11.

[23]  David Haussler,et al.  Proceedings of the fifth annual workshop on Computational learning theory , 1992, COLT 1992.

[24]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[25]  Loris Nanni,et al.  An On-Line Signature Verification System Based on Fusion of Local and Global Information , 2005, AVBPA.

[26]  Jean-Paul Chilès,et al.  Wiley Series in Probability and Statistics , 2012 .

[27]  Anil K. Jain,et al.  On-line signature verification, , 2002, Pattern Recognit..

[28]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[29]  Toby Berger,et al.  Reliable On-Line Human Signature Verification Systems , 1996, IEEE Trans. Pattern Anal. Mach. Intell..

[30]  Ling Huang,et al.  Short paper: smartphones: not smart enough? , 2012, SPSM '12.