Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce

Recent advances in sensing and wireless communication technologies have led to an explosion in the use of touch-screen mobile devices such as smartphones and tablets in mobile commerce and other daily work and life activities. These activities have resulted in more and more private and sensitive information stored on those devices. Therefore, improving the security of mobile devices by effective user authentication to prevent unauthorized information access becomes an imminent task. Mobile user authentication refers to the process of checking a user’s identity and verifying whether he/she is authorized to access a device. Due to the increasing incidence of mobile phones getting lost, stolen, or snatched while being used by the owner, continuous user authentication (CUA) after logging in a mobile device has attracted increasing attention. Prior research has shown that traditional password authentication is insufficient or ineffective for CUA. Despite the recent research progress in CUA, many existing methods are explicit by nature in that they require users to perform specific operations, which can cause interruptions to users’ ongoing activities or may be easily learned from observation by others. In this research, we propose a new touch dynamics based approach to CUA on touch screen mobile devices that authenticates users while they are interacting with mobile devices. Touch dynamics, which is rich in cognitive quality and unique to individuals, has yet to be explored for implicit CUA. We conducted a longitudinal study to evaluate the proposed mobile CUA approach. The results demonstrate that our method can improve the security of CUA for touch screen mobile devices. The findings have significant implications for the security and adoption of m-commerce.

[1]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[2]  Stephen Marsh,et al.  Editorial: Journal of Trust Management , 2014, Journal of Trust Management.

[3]  Azizah Abdul Manaf,et al.  Touch gesture authentication framework for touch screen mobile devices , 2014 .

[4]  Kartik Muralidharan,et al.  Putting ‘pressure’ on mobile authentication , 2014, 2014 Seventh International Conference on Mobile Computing and Ubiquitous Networking (ICMU).

[5]  Hao Chen,et al.  Gesture Authentication with Touch Input for Mobile Devices , 2011, MobiSec.

[6]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[7]  Maria Papadaki,et al.  Misuse Detection for Mobile Devices Using Behaviour Profiling , 2011, Int. J. Cyber Warf. Terror..

[8]  Wouter Joosen,et al.  SmartAuth: dynamic context fingerprinting for continuous user authentication , 2015, SAC.

[9]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[10]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[11]  Kwang-Seok Hong,et al.  Person authentication using face, teeth and voice modalities for mobile device security , 2010, IEEE Transactions on Consumer Electronics.

[12]  T. Bhatti,et al.  Journal of Internet Banking and Commerce , 2022 .

[13]  Roope Raisamo,et al.  Device independent text input: a rationale and an example , 2000, AVI '00.

[14]  I. Scott MacKenzie,et al.  1 thumb, 4 buttons, 20 words per minute: design and evaluation of H4-writer , 2011, UIST.

[15]  Matti Pietikäinen,et al.  Face and Eye Detection for Person Authentication in Mobile Phones , 2007, 2007 First ACM/IEEE International Conference on Distributed Smart Cameras.

[16]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[17]  Jay F. Nunamaker,et al.  A Comparison of Classification Methods for Predicting Deception in Computer-Mediated Communication , 2004, J. Manag. Inf. Syst..

[18]  J. Morris Chang,et al.  Reconstruction Attacks Against Mobile-Based Continuous Authentication Systems in the Cloud , 2016, IEEE Transactions on Information Forensics and Security.

[19]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[20]  Pierre Geurts,et al.  Extremely randomized trees , 2006, Machine Learning.

[21]  Karen Renaud,et al.  Understanding user perceptions of transparent authentication on a mobile device , 2014, Journal of Trust Management.

[22]  Duncan S. Wong,et al.  Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones , 2012, Inscrypt.

[23]  Sungzoon Cho,et al.  Keystroke dynamics-based authentication for mobile devices , 2009, Comput. Secur..

[24]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[25]  Bernhard Schölkopf,et al.  A tutorial on support vector regression , 2004, Stat. Comput..

[26]  Koji Yatani,et al.  Escape-Keyboard: A Sight-Free One-Handed Text Entry Method for Mobile Touch-screen Devices , 2013, Int. J. Mob. Hum. Comput. Interact..

[27]  Matthias Trojahn,et al.  Toward Mobile Authentication with Keystroke Dynamics on Mobile Phones and Tablets , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[28]  Trevor Hastie,et al.  Multi-class AdaBoost ∗ , 2009 .

[29]  Qinghan Xiao,et al.  Security issues in biometric authentication , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[30]  Harry Zhang,et al.  The Optimality of Naive Bayes , 2004, FLAIRS.

[31]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[32]  Tao Feng,et al.  Continuous Mobile Authentication Using Virtual Key Typing Biometrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[33]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[34]  Dongsong Zhang,et al.  A study of direction's impact on single-handed thumb interaction with touch-screen mobile phones , 2014, CHI Extended Abstracts.

[35]  M. Akila,et al.  Identity authentication based on keystroke dynamics using genetic algorithm and particle Swarm Optimization , 2009, 2009 2nd IEEE International Conference on Computer Science and Information Technology.

[36]  John Mingers,et al.  An Empirical Comparison of Pruning Methods for Decision Tree Induction , 1989, Machine Learning.

[37]  Vittorio Fuccella,et al.  Virtual Stick in Caret Positioning on Touch Screens , 2013, IHM.

[38]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.