Comparison of PIN- and pattern-based behavioral biometric authentication on mobile devices

Personal identification numbers (PIN) and unlock patterns are highly popular authentication mechanisms on smart mobile devices but they are not sufficiently secure. PIN or pattern mechanisms enhanced by additional, implicit behavioral biometric authentication can offer stronger authentication assurance while preserving usability, therefore becoming very attractive. Individual studies on PIN- and pattern-based behavioral biometric authentication on smartphones were conducted but their results cannot be directly compared. In this work, we present a comparison study on the authentication accuracy between PIN-based and pattern-based behavioral biometric authentication using both smartphone and tablet. We developed a uniform framework for both PIN-based and pattern-based schemes and used two representative methods-Histogram and DTW-for user verification. We recruited 15 users and collected behavioral biometric data for both simple and complex PINs and patterns. Our experimental results show that PIN-based and pattern-based behavioral biometric authentication schemes can achieve about the same level of accuracy but not all verification methods are equal. The Histogram method can achieve more consistent results and handle template aging better than the DTW method based on our results. Our findings are expected to shed light on the exploration and analysis of effective behavioral biometric verification methods and facilitate more comprehensive investigation on behavioral biometric authentication for mobile devices.

[1]  Douglas A. Reynolds,et al.  A Tutorial on Text-Independent Speaker Verification , 2004, EURASIP J. Adv. Signal Process..

[2]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[3]  Joachim von zur Gathen,et al.  A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes , 2010 .

[4]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[5]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[6]  Alex X. Liu,et al.  Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it , 2013, MobiCom.

[7]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[9]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[10]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[11]  Shridatt Sugrim,et al.  User-generated free-form gestures for authentication: security and memorability , 2014, MobiSys.

[12]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[13]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[14]  Endra,et al.  Online Signature Verification on Mobile Devices , 2015 .

[15]  Ryan J. Halter,et al.  A wearable system that knows who wears it , 2014, MobiSys.

[16]  Haining Wang,et al.  An efficient user verification system via mouse movements , 2011, CCS '11.

[17]  Nasir D. Memon,et al.  Biometric-rich gestures: a novel approach to authentication on multi-touch devices , 2012, CHI.

[18]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[19]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[20]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[21]  Alexander De Luca,et al.  Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[22]  Dimitriadis Evangelos,et al.  The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes , 2016 .