A User Authentication Scheme Using Physiological and Behavioral Biometrics for Multitouch Devices

With the rapid growth of mobile network, tablets and smart phones have become sorts of keys to access personal secured services in our daily life. People use these devices to manage personal finances, shop on the Internet, and even pay at vending machines. Besides, it also helps us get connected with friends and business partners through social network applications, which were widely used as personal identifications in both real and virtual societies. However, these devices use inherently weak authentication mechanism, based upon passwords and PINs that is not changed all the time. Although forcing users to change password periodically can enhance the security level, it may also be considered annoyances for users. Biometric technologies are straightforward because of the simple authentication process. However, most of the traditional biometrics methodologies require diverse equipment to acquire biometric information, which may be expensive and not portable. This paper proposes a multibiometric user authentication scheme with both physiological and behavioral biometrics. Only simple rotations with fingers on multitouch devices are required to enhance the security level without annoyances for users. In addition, the user credential is replaceable to prevent from the privacy leakage.

[1]  Hassan M. Elkamchouchi,et al.  Mobile one-time passwords: two-factor authentication using mobile phones , 2012, Secur. Commun. Networks.

[2]  David Zhang,et al.  Combining 2D and 3D hand geometry features for biometric verification , 2009, 2009 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[3]  Thuc Dinh Nguyen,et al.  Adaptive Cross-Device Gait Recognition Using a Mobile Accelerometer , 2013, J. Inf. Process. Syst..

[4]  Shucheng Yu,et al.  Efficient privacy-preserving biometric identification in cloud computing , 2013, 2013 Proceedings IEEE INFOCOM.

[5]  M. Bennamoun,et al.  Robust pose invariant shape-based hand recognition , 2011, 2011 6th IEEE Conference on Industrial Electronics and Applications.

[6]  Nicolae Duta,et al.  A survey of biometric technology based on hand shape , 2009, Pattern Recognit..

[7]  Peter Buhler,et al.  Bringing strong authentication and transaction security to the realm of mobile devices , 2014, IBM J. Res. Dev..

[8]  Zulfikar Ramzan Phishing Attacks and Countermeasures , 2010, Handbook of Information and Communication Security.

[9]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[10]  Gajanan K. Kharate,et al.  Face Recognition Based on PCA on Wavelet Subband of Average-Half-Face , 2012, J. Inf. Process. Syst..

[11]  Jong-Hoon Youn,et al.  Biometric gait recognition based on wireless acceleration sensor using k-nearest neighbor classification , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[12]  G. Padmavathi,et al.  A Survey of Biometric keystroke Dynamics: Approaches, Security and Challenges , 2009, ArXiv.

[13]  Damon L. Woodard,et al.  Biometric Authentication and Identification using Keystroke Dynamics: A Survey , 2012 .

[14]  Nasir D. Memon,et al.  Protecting Biometric Templates With Sketch: Theory and Practice , 2007, IEEE Transactions on Information Forensics and Security.

[15]  Kotagiri Ramamohanarao,et al.  Biometric Security Application for Person Authentication Using Retinal Vessel Feature , 2013, 2013 International Conference on Digital Image Computing: Techniques and Applications (DICTA).

[16]  Janusz Konrad,et al.  Dynamic time warping for gesture-based user identification and authentication with Kinect , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[17]  Shari Trewin,et al.  Biometric authentication on a mobile device: a study of user effort, error and task disruption , 2012, ACSAC '12.

[18]  Maria Papadaki,et al.  Active authentication for mobile devices utilising behaviour profiling , 2014, International Journal of Information Security.

[19]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[20]  S. Elliott,et al.  Implementation of hand geometry: an analysis of user perspectives and system performance , 2006, IEEE Aerospace and Electronic Systems Magazine.

[21]  Remzi Seker,et al.  Phishing in the system of systems settings: mobile technology , 2005, 2005 IEEE International Conference on Systems, Man and Cybernetics.

[22]  Steven Furnell,et al.  Authenticating mobile phone users using keystroke analysis , 2006, International Journal of Information Security.

[23]  Feng Li,et al.  Design and Analysis of a Highly User-Friendly, Secure, Privacy-Preserving, and Revocable Authentication Method , 2014, IEEE Transactions on Computers.

[24]  Mohammad S. Obaidat,et al.  Biometric Authentication Using Mouse Gesture Dynamics , 2013, IEEE Systems Journal.

[25]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[26]  Marcos Faúndez-Zanuy,et al.  Biometric recognition using online uppercase handwritten text , 2012, Pattern Recognit..

[27]  R. A. Hicklin,et al.  Accuracy and reliability of forensic latent fingerprint decisions , 2011, Proceedings of the National Academy of Sciences.

[28]  David Zhang,et al.  A survey of palmprint recognition , 2009, Pattern Recognit..

[29]  Zhaoquan Cai,et al.  Occluded and Low Resolution Face Detection with Hierarchical Deformable Model , 2012 .

[30]  Xiaoli Zhou,et al.  Feature fusion of side face and gait for video-based human identification , 2008, Pattern Recognit..

[31]  Dominik Schmidt,et al.  HandsDown: hand-contour-based user identification for interactive surfaces , 2010, NordiCHI.

[32]  Tetsuya Shimamura,et al.  Accuracy improvement of speaker authentication in noisy environments using bone-conducted speech , 2010, 2010 53rd IEEE International Midwest Symposium on Circuits and Systems.

[33]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[34]  Manesh Kokare,et al.  Iris Recognition Using Ridgelets , 2012, J. Inf. Process. Syst..

[35]  Neal Leavitt Instant messaging: a new target for hackers , 2005, Computer.

[36]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[37]  Vir V. Phoha,et al.  Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings , 2013, TSEC.