A behavioral biometric challenge and response approach to user authentication on smartphones

Behavioral biometrics derived from the fingertip movement on the touchscreen of a mobile device is a promising new authentication technique. A user is verified by the inherent, unique characteristics of the fingertip movement. In this paper, we present a novel verification system that combines these biometrics with a challenge and response type of authentication. The key feature of our technique is that it does not rely on any secret graphical password or gesture. Instead, the user is asked to perform a different, simple challenge on the touchscreen at each login attempt. The novel technique is therefore robust against replay and “smudge” attacks. Additionally, it does not require the user to remember any kind of secret password. We utilize pattern recognition techniques to extract unique behavioral characteristics of an individual. In a user study, we achieved an accuracy of 90% using our system with a single finger gesture, that can be performed in less than three seconds.

[1]  Wayne A. Jansen,et al.  Authenticating Users on Handheld Devices , 2003 .

[2]  P. A. Gorry General least-squares smoothing and differentiation of nonuniformly spaced data by the convolution method , 1991 .

[3]  Lambert Schomaker,et al.  Advances in Writer Identification and Verification , 2007, Ninth International Conference on Document Analysis and Recognition (ICDAR 2007).

[4]  Jean-Marc Robert,et al.  Security and usability: the case of the user authentication methods , 2006, IHM '06.

[5]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[6]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[7]  Erik Wästlund,et al.  Exploring Touch-Screen Biometrics for User Identification on Smart Phones , 2011, PrimeLife.

[8]  Cheung-Chi Leung,et al.  A Pruning Approach for GMM-Based Speaker Verification in Mobile Embedded Systems , 2004, ICBA.

[9]  Issa Traoré,et al.  Homogeneous physio-behavioral visual and mouse-based biometric , 2011, TCHI.

[10]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[11]  H. Saevanee,et al.  User Authentication Using Combination of Behavioral Biometrics over the Touchpad Acting Like Touch Screen of Mobile Device , 2008, 2008 International Conference on Computer and Electrical Engineering.

[12]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[13]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[14]  Duncan S. Wong,et al.  Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones , 2012, Inscrypt.

[15]  Srivaths Ravi,et al.  Efficient fingerprint-based user authentication for embedded systems , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[16]  Arash Habibi Lashkari,et al.  Shoulder Surfing attack in graphical password authentication , 2009, ArXiv.

[17]  Sebastian Möller,et al.  On the need for different security methods on mobile phones , 2011, Mobile HCI.

[18]  Babak Naderi,et al.  Magnetic signatures in air for mobile devices , 2012, Mobile HCI.

[19]  Sharath Pankanti,et al.  A Prototype Hand Geometry-based Verication System , 1999 .

[20]  Alexander De Luca,et al.  PassShapes: utilizing stroke based authentication to increase password memorability , 2008, NordiCHI.

[21]  Anil K. Jain,et al.  On-line signature verification, , 2002, Pattern Recognit..

[22]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[23]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[24]  Yvan Saeys,et al.  Java-ML: A Machine Learning Library , 2009, J. Mach. Learn. Res..

[25]  Philip Chan,et al.  Toward accurate dynamic time warping in linear time and space , 2007, Intell. Data Anal..