Multitouch Gesture-Based Authentication

This paper investigates multitouch gestures for user authentication on touch sensitive devices. A canonical set of 22 multitouch gestures was defined using characteristics of hand and finger movement. Then, a multitouch gesture matching algorithm robust to orientation and translation was developed. Two different studies were performed to evaluate the concept. First, a single session experiment was performed in order to explore feasibility of multitouch gestures for user authentication. Testing on the canonical set showed that the system could achieve good performance in terms of distinguishing between gestures performed by different users. In addition, the tests demonstrated a desirable alignment of usability and security as gestures that were more secure from a biometric point of view were rated as more desirable in terms of ease, pleasure, and excitement. Second, a study involving a three-session experiment was performed. Results indicate that biometric information gleaned from a short user-device interaction remains consistent across gaps of several days, though there is noticeable degradation of performance when the authentication is performed over multiple sessions. In addition, the study showed that user-defined gestures yield the highest recognition rate among all other gestures, whereas the use of multiple gestures in a sequence aids in boosting verification accuracy. In terms of memorability, the study showed that it is feasible for a user to recall user-defined gestural passwords and it is observed that the recall rate increases over time. It is also noticed that performing a user-defined gesture over a customized background image does result in higher verification performance. In terms of usability, the study shows that users did not have difficulty in performing multitouch gestures as they all rated each gesture as easy to perform.

[1]  Kirsi Helkala,et al.  Biometric Gait Authentication Using Accelerometer Sensor , 2006, J. Comput..

[2]  Enrique Argones-Rúa,et al.  Biometric Template Protection Using Universal Background Models: An Application to Online Signature , 2012, IEEE Transactions on Information Forensics and Security.

[3]  Dan Boneh,et al.  Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks , 2012, USENIX Security Symposium.

[4]  Bojan Cukic,et al.  Effects of User Habituation in Keystroke Dynamics on Password Security Policy , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[5]  A. Paivio,et al.  Why are pictures easier to recall than words? , 1968 .

[6]  Xiaoping Chen,et al.  YAGP: Yet Another Graphical Password Strategy , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[7]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[8]  Marcos Faúndez-Zanuy,et al.  On-line signature recognition based on VQ-DTW , 2007, Pattern Recognit..

[9]  Yang Li,et al.  Gesture avatar: a technique for operating mobile user interfaces using gestures , 2011, CHI.

[10]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[11]  Arun Ross,et al.  Periocular Biometrics in the Visible Spectrum , 2011, IEEE Transactions on Information Forensics and Security.

[12]  Joseph A. O'Sullivan,et al.  ECG Biometric Recognition: A Comparative Analysis , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Nasir D. Memon,et al.  Investigating multi-touch gestures as a novel biometric modality , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[14]  Jefferson Y. Han Multi-touch interaction wall , 2006, SIGGRAPH '06.

[15]  J. Russell A circumplex model of affect. , 1980 .

[16]  Sridha Sridharan,et al.  Explicit modelling of session variability for speaker verification , 2008, Comput. Speech Lang..

[17]  Philip J. Morrow,et al.  Iris recognition failure over time: The effects of texture , 2012, Pattern Recognit..

[18]  Nasir D. Memon,et al.  A simple and effective method for online signature verification , 2013, 2013 International Conference of the BIOSIG Special Interest Group (BIOSIG).

[19]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[20]  Roy A. Maxion,et al.  Keystroke biometrics with number-pad input , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[21]  Sharath Pankanti,et al.  Biometrics: a tool for information security , 2006, IEEE Transactions on Information Forensics and Security.

[22]  Daniel J. Wigdor,et al.  Typing on flat glass: examining ten-finger expert typing patterns on touch surfaces , 2011, CHI.

[23]  F. Alonso-Fernandez,et al.  On the Effects of Time Variability in Iris Recognition , 2008, 2008 IEEE Second International Conference on Biometrics: Theory, Applications and Systems.

[24]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[25]  Pieter Desmet,et al.  Designing Products with Added Emotional Value: Development and Appllcation of an Approach for Research through Design , 2001 .

[26]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[27]  Douglas A. Reynolds,et al.  Speaker Verification Using Adapted Gaussian Mixture Models , 2000, Digit. Signal Process..

[28]  Jean-Claude Gilhodes,et al.  Learning through Hand- or Typewriting Influences Visual Recognition of New Graphic Shapes: Behavioral and Functional Imaging Evidence , 2008, Journal of Cognitive Neuroscience.

[29]  L. Standing Learning 10000 pictures , 1973 .

[30]  Carmen Sánchez Ávila,et al.  Iris Recognition with Low Template Size , 2001, AVBPA.

[31]  Markus Jakobsson,et al.  Implicit Authentication through Learning User Behavior , 2010, ISC.

[32]  Berrin A. Yanikoglu,et al.  SUSIG: an on-line signature database, associated protocols and benchmark results , 2008, Pattern Analysis and Applications.

[33]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[34]  V. Kshirsagar,et al.  Face recognition using Eigenfaces , 2011, 2011 3rd International Conference on Computer Research and Development.

[35]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[36]  Sharath Pankanti,et al.  A Prototype Hand Geometry-based Verication System , 1999 .

[37]  Patrick Olivier,et al.  Multi-touch authentication on tabletops , 2010, CHI.

[38]  Konstantin Beznosov,et al.  Know your enemy: the risk of unauthorized access in smartphones by insiders , 2013, MobileHCI '13.

[39]  Shari Trewin,et al.  Biometric authentication on a mobile device: a study of user effort, error and task disruption , 2012, ACSAC '12.

[40]  Zhongmin Cai,et al.  Feature Analysis of Mouse Dynamics in Identity Authentication and Monitoring , 2009, 2009 IEEE International Conference on Communications.

[41]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[42]  Alain Forget,et al.  Supporting Learning of an Unfamiliar Authentication Scheme , 2012 .

[43]  David Griffiths,et al.  Shoulder surfing defence for recall-based graphical passwords , 2011, SOUPS.

[44]  Robert Biddle,et al.  Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[45]  Chih-Lung Lin,et al.  Biometric verification using thermal images of palm-dorsa vein patterns , 2004, IEEE Transactions on Circuits and Systems for Video Technology.