HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users

We introduce hand movement, orientation, and grasp (HMOG), a set of behavioral features to continuously authenticate smartphone users. HMOG features unobtrusively capture subtle micro-movement and orientation dynamics resulting from how a user grasps, holds, and taps on the smartphone. We evaluated authentication and biometric key generation (BKG) performance of HMOG features on data collected from 100 subjects typing on a virtual keyboard. Data were collected under two conditions: 1) sitting and 2) walking. We achieved authentication equal error rates (EERs) as low as 7.16% (walking) and 10.05% (sitting) when we combined HMOG, tap, and keystroke features. We performed experiments to investigate why HMOG features perform well during walking. Our results suggest that this is due to the ability of HMOG features to capture distinctive body movements caused by walking, in addition to the hand-movement dynamics from taps. With BKG, we achieved the EERs of 15.1% using HMOG combined with taps. In comparison, BKG using tap, key hold, and swipe features had EERs between 25.7% and 34.2%. We also analyzed the energy consumption of HMOG feature extraction and computation. Our analysis shows that HMOG features extracted at a 16-Hz sensor sampling rate incurred a minor overhead of 7.9% without sacrificing authentication accuracy. Two points distinguish our work from current literature: 1) we present the results of a comprehensive evaluation of three types of features (HMOG, keystroke, and tap) and their combinations under the same experimental conditions and 2) we analyze the features from three perspectives (authentication, BKG, and energy consumption on smartphones).

[1]  Anil K. Jain,et al.  Soft Biometric Traits for Continuous User Authentication , 2010, IEEE Transactions on Information Forensics and Security.

[2]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[3]  Shumin Zhai,et al.  Touch behavior with different postures on soft smartphone keyboards , 2012, Mobile HCI.

[4]  Sung-Hyuk Cha,et al.  Behavioral biometric verification of student identity in online course assessment and authentication of authors in literary works , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[5]  Michael K. Reiter,et al.  The Practical Subtleties of Biometric Key Generation , 2008, USENIX Security Symposium.

[6]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[7]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[8]  R. Fisher THE USE OF MULTIPLE MEASUREMENTS IN TAXONOMIC PROBLEMS , 1936 .

[9]  Ge Peng,et al.  A multimodal data set for evaluating continuous authentication performance in smartphones , 2014, SenSys.

[10]  Tao Feng,et al.  Continuous Mobile Authentication Using Virtual Key Typing Biometrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[11]  Kathryn E. Roach,et al.  Relationship between hand size, grip strength and dynamometer position in women , 1998 .

[12]  Marina Blanton,et al.  Secure and Efficient Protocols for Iris and Fingerprint Identification , 2011, ESORICS.

[13]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[14]  Jose L. Contreras-Vidal,et al.  Studies in One-Handed Mobile Design: Habit, Desire and Agility , 2006 .

[15]  P. Juola,et al.  Active Linguistic Authentication Revisited : Real-Time Stylometric Evaluation towards Multi-Modal Decision Fusion , 2014 .

[16]  Anil K. Jain,et al.  Validating a Biometric Authentication System: Sample Size Requirements , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[17]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[18]  Yuan Zhou Introduction to Coding Theory , 2010 .

[19]  Matthias Trojahn BIOMETRIC AUTHENTICATION THROUGH A VIRTUAL KEYBOARD FOR SMARTPHONES , 2012 .

[20]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[21]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[22]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[23]  Brad A. Myers,et al.  The performance of hand postures in front- and back-of-device interaction for mobile computing , 2008, Int. J. Hum. Comput. Stud..

[24]  Xiang-Yang Li,et al.  SilentSense: silent user identification via touch and movement behavioral biometrics , 2013, MobiCom.

[25]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[26]  Rajesh Kumar,et al.  Beware, Your Hands Reveal Your Secrets! , 2014, CCS.

[27]  Sung-Hyuk Cha,et al.  Developing a Keystroke Biometric System for Continual Authentication of Computer Users , 2012, 2012 European Intelligence and Security Informatics Conference.

[28]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[29]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[30]  Vir V. Phoha,et al.  Continuous authentication with cognition-centric text production and revision features , 2014, IEEE International Joint Conference on Biometrics.

[31]  Venu Govindaraju,et al.  Use of language as a cognitive biometric trait , 2014, IEEE International Joint Conference on Biometrics.

[32]  J. Fischer,et al.  The Prehensile Movements of the Human Hand , 2014 .

[33]  Mark H. Chignell,et al.  Mobile text entry: relationship between walking speed and text input task difficulty , 2005, Mobile HCI.

[34]  Jan-Michael Frahm,et al.  Seeing double: reconstructing obscured typed input from repeated compromising reflections , 2013, CCS.

[35]  S. Chatterjee,et al.  Comparison of grip strength and isomeric endurance between the right and left hands of men and their relationship with age and other physical parameters. , 1991, Journal of human ergology.

[36]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[37]  Heikki Ailisto,et al.  Unobtrusive Multimodal Biometrics for Ensuring Privacy and Information Security with Personal Devices , 2006, Pervasive.

[38]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[39]  Kiran S. Balagani,et al.  Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[40]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[41]  Nathan Clarke,et al.  Deployment of Keystroke Analysis on a Smartphone , 2008 .

[42]  Youtian Du,et al.  User Authentication Through Mouse Dynamics , 2013, IEEE Transactions on Information Forensics and Security.

[43]  C. Y. Lee,et al.  Some properties of nonbinary error-correcting codes , 1958, IRE Trans. Inf. Theory.

[44]  Ron M. Roth,et al.  Introduction to Coding Theory , 2019, Discrete Mathematics.

[45]  Jie Liu,et al.  SpeakerSense: Energy Efficient Unobtrusive Speaker Identification on Mobile Phones , 2011, Pervasive.

[46]  Tao Feng,et al.  TIPS: context-aware implicit user identification using touch screen in uncontrolled environments , 2014, HotMobile.

[47]  Kee-Eung Kim,et al.  Hand Grip Pattern Recognition for Mobile User Interfaces , 2006, AAAI.

[48]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[49]  Sung-Hyuk Cha,et al.  An investigation of keystroke and stylometry traits for authenticating online test takers , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[50]  Konrad Rieck,et al.  Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior , 2014, Sicherheit.

[51]  Jane Labadin,et al.  Feature selection based on mutual information , 2015, 2015 9th International Conference on IT in Asia (CITA).

[52]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[53]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[54]  Larry S. Davis,et al.  Screen-based active user authentication , 2014, Pattern Recognit. Lett..

[55]  Urs Hengartner,et al.  Itus: an implicit authentication framework for android , 2014, MobiCom.

[56]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[57]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[58]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[59]  Arun Ross,et al.  Investigating the Discriminative Power of Keystroke Sound , 2015, IEEE Transactions on Information Forensics and Security.

[60]  Vigneshwaran Subbaraju,et al.  Energy-Efficient Continuous Activity Recognition on Mobile Phones: An Activity-Adaptive Approach , 2012, 2012 16th International Symposium on Wearable Computers.

[61]  Xiaoming Liu,et al.  On Continuous User Authentication via Typing Behavior , 2014, IEEE Transactions on Image Processing.

[62]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[63]  Andreas Krause,et al.  Trading off prediction accuracy and power consumption for context-aware wearable computing , 2005, Ninth IEEE International Symposium on Wearable Computers (ISWC'05).

[64]  Vir V. Phoha,et al.  Privacy-preserving population-enhanced biometric key generation from free-text keystroke dynamics , 2014, IEEE International Joint Conference on Biometrics.

[65]  Maria Papadaki,et al.  Keystroke Analysis as a Method of Advanced User Authentication and Response , 2002, SEC.