Behavioral biometrics & continuous user authentication on mobile devices: A survey

Abstract This paper offers an up-to-date, comprehensive, extensive and targeted survey on Behavioral Biometrics and Continuous Authentication technologies for mobile devices. Our aim is to help interested researchers to effectively grasp the background in this field and to avoid pitfalls in their work. In our survey, we first present a classification of behavioral biometrics technologies and continuous authentication for mobile devices and an analysis for behavioral biometrics collection methodologies and feature extraction techniques. Then, we provide a state-of-the-art literature review focusing on the machine learning models performance in seven types of behavioral biometrics for continuous authentication. Further, we conduct another review that showed the vulnerability of machine learning models against well-designed adversarial attack vectors and we highlight relevant countermeasures. Finally, our discussions extend to lessons learned, current challenges and future trends.

[1]  Zhide Chen,et al.  An Implicit Identity Authentication System Considering Changes of Gesture Based on Keystroke Behaviors , 2015, Int. J. Distributed Sens. Networks.

[2]  Mengjun Xie,et al.  SEGAUTH: A segment-based approach to behavioral biometric authentication , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[3]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[4]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[5]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[6]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[7]  Rajesh Kumar,et al.  Toward Robotic Robbery on the Touch Screen , 2016, ACM Trans. Inf. Syst. Secur..

[8]  Devu Manikantan Shila,et al.  Adversarial Gait Detection on Mobile Devices Using Recurrent Neural Networks , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[9]  David G. Stork,et al.  Pattern Classification , 1973 .

[10]  Jiwon Kim,et al.  Continual Learning with Deep Generative Replay , 2017, NIPS.

[11]  Lei Yang,et al.  Unlocking Smart Phone through Handwaving Biometrics , 2015, IEEE Transactions on Mobile Computing.

[12]  Qusay H. Mahmoud,et al.  A Machine Learning-Based User Authentication Model Using Mobile App Data , 2019 .

[13]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[14]  Paul J. M. Havinga,et al.  Fusion of Smartphone Motion Sensors for Physical Activity Recognition , 2014, Sensors.

[15]  René Mayrhofer,et al.  Orientation Independent Cell Phone Based Gait Authentication , 2014, MoMM.

[16]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[17]  Steven Furnell,et al.  Continuous user authentication using multi-modal biometrics , 2015, Comput. Secur..

[18]  Ching Y. Suen,et al.  Application of majority voting to pattern recognition: an analysis of its behavior and performance , 1997, IEEE Trans. Syst. Man Cybern. Part A.

[19]  Attaullah Buriro Behavioral Biometrics for Smartphone User Authentication , 2017 .

[20]  Peter Corcoran,et al.  Biometric Technology and Smartphones: A consideration of the practicalities of a broad adoption of biometrics and the likely impacts , 2015, IEEE Consumer Electronics Magazine.

[21]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[22]  Steven Furnell,et al.  Beyond the PIN: Enhancing user authentication for mobile devices , 2008 .

[23]  Ming Liu,et al.  A Study of Mobile Sensing Using Smartphones , 2013, Int. J. Distributed Sens. Networks.

[24]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[25]  L. Rabiner,et al.  An introduction to hidden Markov models , 1986, IEEE ASSP Magazine.

[26]  Angelos Stavrou,et al.  Continuous Authentication on Mobile Devices Using Power Consumption, Touch Gestures and Physical Movement of Users , 2015, RAID.

[27]  Erol Egrioglu,et al.  Comparisons of Logistic Regression and Artificial Neural Networks in Lung Cancer Data , 2013 .

[28]  Christian Wolf,et al.  Learning to Recognize Touch Gestures: Recurrent vs. Convolutional Features and Dynamic Sampling , 2018, 2018 13th IEEE International Conference on Automatic Face & Gesture Recognition (FG 2018).

[29]  Neha A review of advancement in Multimodal Biometrics System , 2017 .

[30]  Kwang-Seok Hong,et al.  Multimodal biometric authentication using teeth image and voice in mobile environment , 2008, IEEE Transactions on Consumer Electronics.

[31]  Dan S. Wallach,et al.  Strengthening user authentication through opportunistic cryptographic identity assertions , 2012, CCS.

[32]  Alessio Vecchio,et al.  Gait-based authentication using a wrist-worn device , 2016, MobiQuitous.

[33]  Vir V. Phoha,et al.  When kids' toys breach mobile phone security , 2013, CCS.

[34]  Simon S. Woo,et al.  You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait in Wearable IoT Systems , 2019, IEEE Access.

[35]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[36]  Qusay H. Mahmoud,et al.  A Behavior Profiling Model for User Authentication in IoT Networks based on App Usage Patterns , 2018, IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society.

[37]  Václav Matyás,et al.  Toward Reliable User Authentication through Biometrics , 2003, IEEE Secur. Priv..

[38]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[39]  Bin Guo,et al.  A continuous smartphone authentication method based on gait patterns and keystroke dynamics , 2018, J. Ambient Intell. Humaniz. Comput..

[40]  A. I. Filippov,et al.  User authentication via touch pattern recognition based on isolation forest , 2018, 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).

[41]  Massimo Tistarelli,et al.  Exploiting the “doddington zoo” effect in biometric fusion , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[42]  Alexander P. Pons,et al.  Understanding user perspectives on biometric technology , 2008, CACM.

[43]  Burak Kantarci,et al.  Mobile behaviometric framework for sociability assessment and identification of smartphone users , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[44]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[45]  D. Gafurov Security Analysis of Impostor Attempts with Respect to Gender in Gait Biometrics , 2007, 2007 First IEEE International Conference on Biometrics: Theory, Applications, and Systems.

[46]  Jiang Zhu,et al.  KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction , 2013, MobiCASE.

[47]  Lei Chen,et al.  Preventing Cell Phone Intrusion and Theft using Biometrics , 2013, 2013 IEEE Security and Privacy Workshops.

[48]  Ting-Yi Chang,et al.  Two novel biometric features in keystroke dynamics authentication systems for touch screen devices , 2014, Secur. Commun. Networks.

[49]  Gokhan Memik,et al.  Into the wild: Studying real user activity patterns to guide power optimizations for mobile architectures , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[50]  Mehdi Ghayoumi,et al.  A review of multimodal biometric systems: Fusion methods and their applications , 2015, 2015 IEEE/ACIS 14th International Conference on Computer and Information Science (ICIS).

[51]  Tiago Oliveira,et al.  Determinants of end-user acceptance of biometrics: Integrating the "Big 3" of technology acceptance with privacy context , 2013, Decis. Support Syst..

[52]  Florian Alt,et al.  Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices , 2015, CHI.

[53]  Tao Feng,et al.  Continuous mobile authentication using a novel Graphic Touch Gesture Feature , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[54]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[55]  Subhash C. Bagui,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2005, Technometrics.

[56]  Jugal K. Kalita,et al.  Authentication of Smartphone Users Using Behavioral Biometrics , 2016, IEEE Communications Surveys & Tutorials.

[57]  Richard E. Turner,et al.  Variational Continual Learning , 2017, ICLR.

[58]  Danilo Gligoroski,et al.  Walk the Walk: Attacking Gait Biometrics by Imitation , 2010, ISC.

[59]  Gary M. Weiss,et al.  Smartwatch-based biometric gait recognition , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[60]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[61]  Rui Zhang,et al.  TouchIn: Sightless two-factor authentication on multi-touch mobile devices , 2014, 2014 IEEE Conference on Communications and Network Security.

[62]  Gelson da Cruz,et al.  Authentication system using behavioral biometrics through keystroke dynamics , 2014, 2014 IEEE Symposium on Computational Intelligence in Biometrics and Identity Management (CIBIM).

[63]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[64]  Arun Ross,et al.  Multimodal biometrics: An overview , 2004, 2004 12th European Signal Processing Conference.

[65]  Sotirios Chatzis,et al.  Mobile phones & behavioral modalities: Surveying users' practices , 2015, 2015 23rd Telecommunications Forum Telfor (TELFOR).

[66]  Baptiste Hemery,et al.  Performance Evaluation of Behavioral Biometric Systems , 2010 .

[67]  Vladimir Vapnik,et al.  Support-vector networks , 2004, Machine Learning.

[68]  Paul J. M. Havinga,et al.  Towards Physical Activity Recognition Using Smartphone Sensors , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[69]  Tao Feng,et al.  Investigating Mobile Device Picking-up motion as a novel biometric modality , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[70]  Rama Chellappa,et al.  Active user authentication for smartphones: A challenge data set and benchmark results , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[71]  Anil K. Jain Biometric Recognition: Overview and Recent Advances , 2007, CIARP.

[72]  Debin Gao,et al.  I can be You: Questioning the use of Keystroke Dynamics as Biometrics , 2013, NDSS.

[73]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[74]  Ching-Han Chen,et al.  Optimal fusion of multimodal biometric authentication using wavelet probabilistic neural network , 2013, 2013 IEEE International Symposium on Consumer Electronics (ISCE).

[75]  Julian Fiérrez,et al.  Combining Biometric Evidence for Person Authentication , 2003, Advanced Studies in Biometrics.

[76]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[77]  Mauro Conti,et al.  AnswerAuth: A bimodal behavioral biometric-based user authentication scheme for smartphones , 2019, J. Inf. Secur. Appl..

[78]  Mrityunjaya V. Latte,et al.  Multimodal Biometric Person Authentication using Speech, Signature and Handwriting Features , 2011 .

[79]  Venu Govindaraju,et al.  Behavioural biometrics: a survey and classification , 2008, Int. J. Biom..

[80]  Vivek Jain,et al.  K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All , 2018, NDSS.

[81]  Brian D. Noble,et al.  Zero-interaction authentication , 2002, MobiCom '02.

[82]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[83]  Yufei Chen,et al.  Performance Analysis of Multi-Motion Sensor Behavior for Active Smartphone Authentication , 2018, IEEE Transactions on Information Forensics and Security.

[84]  Daniel P. Lopresti,et al.  Forgery Quality and Its Implications for Behavioral Biometric Security , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[85]  Ivan Martinovic,et al.  Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics , 2017, AsiaCCS.

[86]  Einar Snekkenes,et al.  Spoof Attacks on Gait Authentication System , 2007, IEEE Transactions on Information Forensics and Security.

[87]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[88]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[89]  Anil K. Jain,et al.  Continuous authentication of mobile user: Fusion of face image and inertial Measurement Unit data , 2015, 2015 International Conference on Biometrics (ICB).

[90]  Cheng-Jung Tsai,et al.  A changeable personal identification number-based keystroke dynamics authentication system on smart phones , 2016, Secur. Commun. Networks.

[91]  M. Faundez-Zanuy,et al.  Data fusion in biometrics , 2005, IEEE Aerospace and Electronic Systems Magazine.

[92]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[93]  Vir V. Phoha,et al.  Transforming animals in a cyber-behavioral biometric menagerie with Frog-Boiling attacks , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[94]  Li Yang,et al.  MineAuth: Mining Behavioural Habits for Continuous Authentication on a Smartphone , 2019, ACISP.

[95]  René Mayrhofer,et al.  Smartphone-Based Gait Recognition: From Authentication to Imitation , 2017, IEEE Transactions on Mobile Computing.

[96]  N. Kiyavash,et al.  Secure Smartcard-Based Fingerprint Authentication ∗ , 2003 .

[97]  D. Kibler,et al.  Instance-based learning algorithms , 2004, Machine Learning.

[98]  Bruno Crispo,et al.  Please hold on: Unobtrusive user authentication using smartphone's built-in sensors , 2017, 2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA).

[99]  M. Grgic,et al.  A survey of biometric recognition methods , 2004, Proceedings. Elmar-2004. 46th International Symposium on Electronics in Marine.

[100]  Steven Furnell,et al.  Acceptance of Subscriber Authentication Methods For Mobile Telephony Devices , 2002, Comput. Secur..

[101]  Haytham Elmiligi,et al.  Identification of User Behavioral Biometrics for Authentication Using Keystroke Dynamics and Machine Learning , 2018, ICBEA '18.

[102]  David Mohaisen,et al.  AUToSen: Deep-Learning-Based Implicit Continuous Authentication Using Smartphone Sensors , 2020, IEEE Internet of Things Journal.

[103]  Steven Furnell,et al.  Authentication of users on mobile telephones - A survey of attitudes and practices , 2005, Comput. Secur..

[104]  Steven Furnell,et al.  A Novel Behaviour Profiling Approach to Continuous Authentication for Mobile Applications , 2019, ICISSP.

[105]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[106]  Steven Furnell,et al.  Surveying the Development of Biometric User Authentication on Mobile Phones , 2015, IEEE Communications Surveys & Tutorials.

[107]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[108]  Xiang-Yang Li,et al.  Continuous user identification via touch and movement behavioral biometrics , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[109]  H. Saevanee,et al.  User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device , 2008, 2008 International Conference on Computer and Electrical Engineering.

[110]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[111]  Tao Feng,et al.  Continuous Mobile Authentication Using Virtual Key Typing Biometrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[112]  Xavier Savatier,et al.  Biometric database for human gait recognition using wearable sensors and a smartphone , 2017, 2017 2nd International Conference on Bio-engineering for Smart Technologies (BioSMART).

[113]  Athanasios V. Vasilakos,et al.  Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues , 2018, Telecommun. Syst..

[114]  Steven Furnell,et al.  Multi-modal Behavioural Biometric Authentication for Mobile Devices , 2012, SEC.

[115]  Zhu Wang,et al.  BehaveSense: Continuous authentication for security-sensitive mobile apps using behavioral biometrics , 2019, Ad Hoc Networks.

[116]  Issa Traore,et al.  Continuous Authentication Using Biometrics: Data, Models, and Metrics , 2011 .

[117]  Vir V. Phoha,et al.  Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings , 2013, TSEC.

[118]  Rajesh Kumar,et al.  Continuous authentication of smartphone users by fusing typing, swiping, and phone movement patterns , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[119]  Khalid Saeed,et al.  User Authentication for Mobile Devices , 2013, CISIM.

[120]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[121]  O. Klein,et al.  Generalization of Einstein's principle of equivalence so as to embrace the field equations of gravitation. , 1974 .

[122]  Sabah Jassim,et al.  Multimodal person authentication on a smartphone under realistic conditions , 2006, SPIE Defense + Commercial Sensing.

[123]  Sajjad Hussain Chauhdary,et al.  Identifying smartphone users based on how they interact with their phones , 2020, Human-centric Computing and Information Sciences.

[124]  Yarin Gal,et al.  A Unifying Bayesian View of Continual Learning , 2019, ArXiv.

[125]  Sotirios Chatzis,et al.  Users' Attitudes on Mobile Devices: Can Users' Practices Protect their Sensitive Data? , 2016, MCIS.

[126]  Qing Yang,et al.  HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users , 2015, IEEE Transactions on Information Forensics and Security.

[127]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[128]  Julian Ashbourn Biometrics in the New World: The Cloud, Mobile Technology and Pervasive Identity , 2014 .

[129]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[130]  Nathan L. Clarke,et al.  Unobtrusive Gait Recognition Using Smartwatches , 2017, 2017 International Conference of the Biometrics Special Interest Group (BIOSIG).

[131]  Jonathan Loo,et al.  Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing , 2017, Sensors.

[132]  Frankie Inguanez,et al.  Multi-Model authentication using keystroke dynamics for Smartphones , 2018, 2018 IEEE 8th International Conference on Consumer Electronics - Berlin (ICCE-Berlin).

[133]  Ozlem Durmaz Incel,et al.  Towards Continuous Authentication on Mobile Phones using Deep Learning Models , 2019, Procedia Computer Science.

[134]  Vir V. Phoha,et al.  Snoop-Forge-Replay Attacks on Continuous Verification With Keystrokes , 2013, IEEE Transactions on Information Forensics and Security.

[135]  Zhang Rui,et al.  A Survey on Biometric Authentication: Toward Secure and Privacy-Preserving Identification , 2019, IEEE Access.

[136]  Anil K. Jain,et al.  Pores and Ridges: Fingerprint Matching Using Level 3 Features , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[137]  Ahmed Sharaf Eldin,et al.  A Survey on Behavioral Biometric Authentication on Smartphones , 2017, J. Inf. Secur. Appl..

[138]  Julian Fiérrez,et al.  MultiLock: Mobile Active Authentication based on Multiple Biometric and Behavioral Patterns , 2019, Advanced Sciences and Technologies for Security Applications.

[139]  Rajesh Kumar,et al.  Treadmill attack on gait-based authentication systems , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[140]  Davide Anguita,et al.  Transition-Aware Human Activity Recognition Using Smartphones , 2016, Neurocomputing.

[141]  Patrick Bours,et al.  A Mobile App Authentication Approach by Fusing the Scores from Multi-Modal Data , 2018, 2018 21st International Conference on Information Fusion (FUSION).

[142]  Neil Yager,et al.  The Biometric Menagerie , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[143]  Lucas Ballard,et al.  Evaluating the Security of Handwriting Biometrics , 2006 .

[144]  Tempestt J. Neal,et al.  Mobile device application, Bluetooth, and Wi-Fi usage data as behavioral biometric traits , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[145]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[146]  Hongbo Zhang,et al.  Model construction and authentication algorithm of virtual keystroke dynamics for smart phone users , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[147]  Heather Crawford Keystroke dynamics: Characteristics and opportunities , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[148]  Jeffrey M. Voas,et al.  Mobile Application and Device Power Usage Measurements , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[149]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[150]  Elena N. Zaitseva,et al.  A Review of Continuous Authentication Using Behavioral Biometrics , 2016, SEEDA-CECNSM '16.