Where Usability and Security Go Hand-in-Hand: Robust Gesture-Based Authentication for Mobile Systems

Gestures have recently gained interest as a secure and usable authentication method for mobile devices. Gesture authentication relies on recognition, wherein raw data is collected from user input and preprocessed into a more manageable form before applying recognition algorithms. Preprocessing is done to improve recognition accuracy, but little work has been done in justifying its effects on authentication. We examined the effects of three variables: location, rotation, and scale, on authentication accuracy. We found that an authentication-optimal combination (location invariant, scale variant, and rotation variant) can reduce the error rate by 45.3% on average compared to the recognition-optimal combination (all invariant). We analyzed 13 gesture recognizers and evaluated them with three criteria: authentication accuracy, and resistance against both brute-force and imitation attacks. Our novel multi-expert method (Garda) achieved the lowest error rate (0.015) in authentication accuracy, the lowest error rate (0.040) under imitation attacks, and resisted all brute-force attacks.

[1]  Douglas E. Sturim,et al.  Support vector machines using GMM supervectors for speaker verification , 2006, IEEE Signal Processing Letters.

[2]  Lei Chen,et al.  Robust and fast similarity search for moving object trajectories , 2005, SIGMOD '05.

[3]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[4]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[5]  Jignesh M. Patel,et al.  An efficient and accurate method for evaluating time series similarity , 2007, SIGMOD '07.

[6]  Sven G. Kratz,et al.  AirAuth: evaluating in-air hand gestures for authentication , 2014, MobileHCI '14.

[7]  Radu-Daniel Vatavu,et al.  Understanding the consistency of users' pen and finger stroke gesture articulation , 2013, Graphics Interface.

[8]  Lisa Anthony,et al.  A lightweight multistroke recognizer for user interface prototypes , 2010, Graphics Interface.

[9]  L. Bergroth,et al.  A survey of longest common subsequence algorithms , 2000, Proceedings Seventh International Symposium on String Processing and Information Retrieval. SPIRE 2000.

[10]  A. Newton,et al.  Sketched symbol recognition using Zernike moments , 2004, ICPR 2004.

[11]  Douglas A. Reynolds,et al.  Speaker Verification Using Adapted Gaussian Mixture Models , 2000, Digit. Signal Process..

[12]  Jason I. Hong,et al.  Wave to me: user identification using body lengths and natural gestures , 2014, CHI.

[13]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[15]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[16]  Daniel Vogel,et al.  Estimating the Perceived Difficulty of Pen Gestures , 2011, INTERACT.

[17]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[18]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[19]  Alireza Sahami Shirazi,et al.  Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks , 2012, CHI.

[20]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[21]  Ayoub Al-Hamadi,et al.  Hand trajectory-based gesture spotting and recognition using HMM , 2009, 2009 16th IEEE International Conference on Image Processing (ICIP).

[22]  A. Richard Newton,et al.  Sketched symbol recognition using Zernike moments , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[23]  Jiangwen Deng,et al.  An HMM-based approach for gesture segmentation and recognition , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[24]  Danuta Rutkowska Multi-expert Systems , 2003, PPAM.

[25]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[26]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[27]  Mengjun Xie,et al.  MotionAuth: Motion-based authentication for wrist worn smart devices , 2015, 2015 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[28]  Janne Lindqvist,et al.  Engineering Gesture-Based Authentication Systems , 2014, IEEE Pervasive Computing.

[29]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[30]  Antti Oulasvirta,et al.  Free-Form Gesture Authentication in the Wild , 2016, CHI.

[31]  William M. Campbell,et al.  Support vector machines for speaker and language recognition , 2006, Comput. Speech Lang..

[32]  Alexander De Luca,et al.  Is secure and usable smartphone authentication asking too much? , 2015, Computer.

[33]  Manfred Tscheligi,et al.  Mid-air Authentication Gestures: An Exploration of Authentication Based on Palm and Finger Motions , 2014, ICMI.

[34]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[35]  Xiang-Yang Li,et al.  SilentSense: silent user identification via touch and movement behavioral biometrics , 2013, MobiCom.

[36]  Marc Langheinrich,et al.  Back-of-device authentication on smartphones , 2013, CHI.

[37]  Wenyuan Xu,et al.  KinWrite: Handwriting-Based Authentication Using Kinect , 2013, NDSS.

[38]  Yang Li,et al.  Gestures without libraries, toolkits or training: a $1 recognizer for user interface prototypes , 2007, UIST.

[39]  Michael Weber,et al.  Exploring the design space of graphical passwords on smartphones , 2013, SOUPS.

[40]  Ziming Zhao,et al.  On the Security of Picture Gesture Authentication , 2013, USENIX Security Symposium.

[41]  Alexander De Luca,et al.  Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[42]  Uran Oh,et al.  The challenges and potential of end-user gesture customization , 2013, CHI.

[43]  Berrin A. Yanikoglu,et al.  SUSIG: an on-line signature database, associated protocols and benchmark results , 2008, Pattern Analysis and Applications.

[44]  Yang Li,et al.  Protractor: a fast and accurate gesture recognizer , 2010, CHI.

[45]  Lalit R. Bahl,et al.  Design of a linguistic statistical decoder for the recognition of continuous speech , 1975, IEEE Trans. Inf. Theory.

[46]  Jin-Hyung Kim,et al.  An HMM-Based Threshold Model Approach for Gesture Recognition , 1999, IEEE Trans. Pattern Anal. Mach. Intell..

[47]  Luc Vandendorpe,et al.  Decision Fusion for Face Authentication , 2004, ICBA.

[48]  Per Ola Kristensson,et al.  Memorability of pre-designed and user-defined gesture sets , 2013, CHI.

[49]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[50]  Paul S. Heckbert,et al.  Survey of Polygonal Surface Simplification Algorithms , 1997 .

[51]  Klaus H. Hinrichs,et al.  An implicit author verification system for text messages based on gesture typing biometrics , 2014, CHI.

[52]  Matthew Smith,et al.  Now you see me, now you don't: protecting smartphone authentication from shoulder surfers , 2014, CHI.

[53]  Radu-Daniel Vatavu,et al.  Gestures as point clouds: a $P recognizer for user interface prototypes , 2012, ICMI '12.

[54]  Sharath Pankanti,et al.  Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.

[55]  G. Dimauro,et al.  A Multi-Expert Signature Verification System for Bankcheck Processing , 1997, Int. J. Pattern Recognit. Artif. Intell..

[56]  Juan J. Igarza,et al.  MCYT baseline corpus: a bimodal biometric database , 2003 .