Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms

Despite the tremendous need for the evaluation of touch-based authentication as an extra security layer for mobile devices, the huge disparity in the experimental methodology used by different researchers makes it hard to determine how much research in this area has progressed. Critical variables such as the types of features and how they are pre-processed, the training and testing methodology and the performance evaluation metrics, to mention but a few, vary from one study to the next. Additionally, most datasets used for these evaluations are not openly accessible, making it impossible for researchers to carry out comparative analysis on the same data. This paper takes the first steps towards bridging this gap. We evaluate the performance of ten state-of-the-art touch-based authentication classification algorithms under a common experimental protocol, and present the associated benchmark dataset for the community to use. Using a series of statistical tests, we rigorously compare the performance of the algorithms, and also evaluate how the “failure to enroll” phenomena would impact overall system performance if users exceeding certain EERs were barred from using the system. Our results and benchmark dataset open the door to future research that will enable the community to better understand the potential of touch gestures as a biometric authentication modality.

[1]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[2]  David G. Stork,et al.  Pattern Classification , 1973 .

[3]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[4]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[5]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[6]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[7]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[8]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[9]  F. Massey The Kolmogorov-Smirnov Test for Goodness of Fit , 1951 .

[10]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[11]  Nasir D. Memon,et al.  Investigating multi-touch gestures as a novel biometric modality , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[12]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[13]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[14]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[15]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[16]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[17]  Zhongmin Cai,et al.  Comparing classification algorithm for mouse dynamics based user identification , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[18]  Roy A. Maxion,et al.  Comparing anomaly-detection algorithms for keystroke dynamics , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.