TDAS: a touch dynamics based multi-factor authentication solution for mobile devices

Purpose The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices. Design/methodology/approach The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects. Findings The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length. Originality/value The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

[1]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.

[2]  Roger Wattenhofer,et al.  A personal touch: recognizing users based on touch screen behavior , 2012, PhoneSense '12.

[3]  Javier Guerra-Casanova,et al.  Supervised classification methods applied to keystroke dynamics through mobile devices , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[4]  Florian Alt,et al.  Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices , 2015, CHI.

[5]  Cheng-Jung Tsai,et al.  A changeable personal identification number-based keystroke dynamics authentication system on smart phones , 2016, Secur. Commun. Networks.

[6]  Mohamad El-Abed,et al.  RHU Keystroke: A mobile-based benchmark for keystroke dynamics systems , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[7]  Christine L. MacKenzie,et al.  Computer user verification using login string keystroke dynamics , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[8]  Hao Chen,et al.  Gesture Authentication with Touch Input for Mobile Devices , 2011, MobiSec.

[9]  Tarek Gaber,et al.  Implicit Authentication System for Smartphones Users Based on Touch Data , 2015, ECC.

[10]  Georgios Kambourakis,et al.  Introducing touchstroke: keystroke-based authentication system for smartphones , 2016, Secur. Commun. Networks.

[11]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[12]  Jiang Zhu,et al.  KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction , 2013, MobiCASE.

[13]  Marilyn Tremaine,et al.  Typing Biometrics: Impact of Human Learning on Performance Quality , 2011, JDIQ.

[14]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[15]  R. Stockton Gaines,et al.  Authentication by Keystroke Timing , 1980 .

[16]  Xiang-Yang Li,et al.  Continuous user identification via touch and movement behavioral biometrics , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[17]  Marilyn Tremaine,et al.  Biometric keypads: Improving accuracy through optimal PIN selection , 2011, Decis. Support Syst..

[18]  Alessandro Neri,et al.  Keystroke dynamics authentication for mobile phones , 2011, SAC.

[19]  Andrew Beng Jin Teoh,et al.  A Survey of Keystroke Dynamics Biometrics , 2013, TheScientificWorldJournal.

[20]  Margit Antal,et al.  Keystroke Dynamics on Android Platform , 2015 .

[21]  Christophe Rosenberger,et al.  GREYC keystroke: A benchmark for keystroke dynamics biometric systems , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[22]  Zhide Chen,et al.  An Implicit Identity Authentication System Considering Changes of Gesture Based on Keystroke Behaviors , 2015, Int. J. Distributed Sens. Networks.

[23]  Hongyuan Zha,et al.  LatentGesture: active user authentication through background touch analysis , 2014, Chinese CHI '14.

[24]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[25]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[26]  Bruno Crispo,et al.  Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics , 2015, ICIAP Workshops.

[27]  Alessandro Neri,et al.  User authentication using keystroke dynamics for cellular phones , 2009 .

[28]  Hans-Werner Gellersen,et al.  GesturePIN: using discrete gestures for associating mobile devices , 2010, Mobile HCI.

[29]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[30]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[31]  Xuan Huang,et al.  Development of a Typing Behaviour Recognition Mechanism on Android , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[32]  Kartik Muralidharan,et al.  Putting ‘pressure’ on mobile authentication , 2014, 2014 Seventh International Conference on Mobile Computing and Ubiquitous Networking (ICMU).

[33]  Mohammad S. Obaidat,et al.  A verification methodology for computer systems users , 1995, SAC '95.

[34]  Sudhir Dhage,et al.  Mobile authentication using keystroke dynamics , 2015, 2015 International Conference on Communication, Information & Computing Technology (ICCICT).

[35]  B. Hussien,et al.  Computer-Access Security Systems Using Keystroke Dynamics , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[36]  Mengjun Xie,et al.  Comparison of PIN- and pattern-based behavioral biometric authentication on mobile devices , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[37]  Ting-Yi Chang,et al.  Two novel biometric features in keystroke dynamics authentication systems for touch screen devices , 2014, Secur. Commun. Networks.

[38]  Kennis Chan,et al.  Network Security and Communication Engineering : Proceedings of the 2014 International Conference on Network Security and Communication Engineering (NSCE 2014), Hong Kong, December 25-26, 2014 , 2015 .

[39]  Sungzoon Cho,et al.  Web-Based Keystroke Dynamics Identity Verification Using Neural Network , 2000, J. Organ. Comput. Electron. Commer..

[40]  Patrick Olivier,et al.  Multi-touch authentication on tabletops , 2010, CHI.

[41]  Chee Peng Lim,et al.  Keystroke Patterns Classification Using the ARTMAP-FD Neural Network , 2007, Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007).

[42]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[43]  Sung-Hyuk Cha,et al.  An investigation of keystroke and stylometry traits for authenticating online test takers , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[44]  Konrad Rieck,et al.  Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior , 2014, Sicherheit.