Continuous authentication of smartphone users by fusing typing, swiping, and phone movement patterns

We studied the fusion of three biometric authentication modalities, namely, swiping gestures, typing patterns and the phone movement patterns observed during typing or swiping. A web browser was customized to collect the data generated from the aforementioned modalities over four to seven days in an unconstrained environment. Several features were extracted by using sliding window mechanism for each modality and analyzed by using information gain, correlation, and symmetric uncertainty. Finally, five features from windows of continuous swipes, thirty features from windows of continuously typed letters, and nine features from corresponding phone movement patterns while swiping/typing were used to build the authentication system. We evaluated the performance of each modality and their fusion over a dataset of 28 users. The feature-level fusion of swiping and the corresponding phone movement patterns achieved an authentication accuracy of 93.33%, whereas, the score-level fusion of typing behaviors and the corresponding phone movement patterns achieved an authentication accuracy of 89.31 %.

[1]  Qing Yang,et al.  HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users , 2015, IEEE Transactions on Information Forensics and Security.

[2]  Rajesh Kumar,et al.  Authenticating users through their arm movement patterns , 2016, ArXiv.

[3]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[4]  Nathan Clarke,et al.  Deployment of Keystroke Analysis on a Smartphone , 2008 .

[5]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[6]  Prasant Mohapatra,et al.  Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones , 2014, MobiSys.

[7]  Muddassar Farooq,et al.  Keystroke-Based User Identification on Smart Phones , 2009, RAID.

[8]  Roy A. Maxion,et al.  The Effect of Clock Resolution on Keystroke Dynamics , 2008, RAID.

[9]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[10]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[11]  Debin Gao,et al.  I can be You: Questioning the use of Keystroke Dynamics as Biometrics , 2013, NDSS.

[12]  Jie Liu,et al.  SpeakerSense: Energy Efficient Unobtrusive Speaker Identification on Mobile Phones , 2011, Pervasive.

[13]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[14]  Vir V. Phoha,et al.  Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings , 2013, TSEC.

[15]  Vir V. Phoha,et al.  Snoop-Forge-Replay Attacks on Continuous Verification With Keystrokes , 2013, IEEE Transactions on Information Forensics and Security.

[16]  Guoliang Xue,et al.  Unobservable Re-authentication for Smartphones , 2013, NDSS.

[17]  Rajesh Kumar,et al.  Treadmill attack on gait-based authentication systems , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[18]  Rajesh Kumar,et al.  Toward Robotic Robbery on the Touch Screen , 2016, ACM Trans. Inf. Syst. Secur..

[19]  D. Kibler,et al.  Instance-based learning algorithms , 2004, Machine Learning.

[20]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.