Weixi Gu,Zheng Yang,Longfei Shangguan,Xiaoyu Ji,Yiyang Zhao

DOI: https://doi.org/10.1109/trustcom.2014.34

2014-01-01

Abstract:Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Xin Yang,Song Yang,Jian Liu,Chen Wang,Yingying Chen,Nitesh Saxena

DOI: https://doi.org/10.1109/tmc.2021.3057083

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:This work enables mobile user authentication via finger inputs on ubiquitous surfaces leveraging low-cost physical vibration. The system we proposed extends finger-input authentication beyond touch screens to any solid surface for IoT devices (e.g., smart access systems and IoT appliances). Unlike passcode or biometrics-based solutions, it integrates passcode, behavioral and physiological characteristics, and surface dependency together to provide a low-cost, tangible and enhanced security solution. The proposed system builds upon a touch sensing technique with vibration signals that can operate on surfaces constructed from a broad range of materials. New algorithms are developed to discriminate fine-grained finger inputs and supports three independent passcode secrets including PIN number, lock pattern, and simple gestures by extracting unique features in the frequency domain to capture both behavioral and physiological characteristics including contacting area, touching force, and etc. The system is implemented using a single pair of low-cost portable vibration motor and receiver that can be easily attached to any surface (e.g., a door panel, a stovetop or an appliance). Extensive experiments demonstrate that our system can authenticate users with high accuracy (e.g., more than 97 percent within two trials), low false positive rate (e.g., less 2 percent) and is robust to various types of attacks.

computer science, information systems,telecommunications

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Jing Li,Yabo Dong,Shengkai Fang,Haowen Zhang,Duanqing Xu

DOI: https://doi.org/10.3390/s20164446

IF: 3.9

2020-01-01

Sensors

Abstract:In modern cars, the Passive Keyless Entry and Start system (PKES) has been extensively installed. The PKES enables drivers to unlock and start their cars without user interaction. However, it is vulnerable to relay attacks. In this paper, we propose a secure smartphone-type PKES system model based on user context detection. The proposed system uses the barometer and accelerometer embedded in smartphones to detect user context, including human activity and door closing event. These two types of events detection can be used by the PKES to determine the car owner's position when the car receives an unlocking or a start command. We evaluated the performance of the proposed method using a dataset collected from user activity and 1526 door closing events. The results reveal that the proposed method can accurately and effectively detect user activities and door closing events. Therefore, smartphone-type PKES can prevent relay attacks. Furthermore, we tested the detection of door closing event under multiple environmental settings to demonstrate the robustness of the proposed method.

Zhendong Wu,Longwei Tian,Ping Li,Ting Wu,Ming Jiang,Chunming Wu

DOI: https://doi.org/10.1016/j.ins.2016.12.048

IF: 8.1

2018-01-01

Information Sciences

Abstract:Cloud computing is profoundly changing the way of data storage, transfer and process. User authentication is the first security barrier for cloud computing. However, the security of traditional biometric-template-based authentication technology has been challenged because of the information leakage of biometric templates and insufficient user-key strength, which is limited by the ability of the user to memorize keys. In this paper, we propose a new bio-key generation algorithm named FVHS, which combines the advantages of both biometrics authentication and user-key authentication. It directly generates stable and sufficiently strong bio-key sequences from finger vein biometrics. Based on FVHS, a new framework for cloud computing authentication is presented that provides a more flexible, convenient, and secure user authentication. The key idea of FVHS is that through combining machine learning, biometrics, and cryptography technologies, we can mine a special feature vector from the biometrics space that can be separated and stabilized into a fixed number sequence in a higher-dimensional space. Both a theoretical analysis and experimental verification show that FVHS can extract stable bio-keys from high quality finger vein images. FVHS can extract a finger vein bio-key with a Genuine Accept Rate of more than 99.9%, while the False Accept Rate is less than 0.8% and Equal Error Rate is less than 0.5%. Meanwhile, the security strength can reach 256 bits.

Zhanglei Shu,Zhangsen Wang,Guozheng Yang,Cheng Zang,Zhe Ma,Feng Lin,Kui Ren

DOI: https://doi.org/10.1109/ICPADS56603.2022.00013

2023-01-01

Abstract:Fingerprint recognition technology is the most widely used technology in the field of biometrics and is also the preferred solution for mobile devices and the financial industry. However, traditional fingerprint recognition technology requires expensive sensors on the one hand and risks leaking fingerprint images on the other hand. In this paper, we propose Fingersound, a low-cost and deployable authentication system that utilizes the sound generated by finger sliding as an identity feature. We use a microphone array to record continuous sliding sound and extract multiple features in the frequency and time domains. Then we use various algorithms including a deep neural network to perform user authentication. We also design a mobile phone application that can interact with the embedded system to manage users and record authentication history. In our experiments, 100 participants used this system and achieved an equal error rate of 5.2%. Additionally, we investigate the system’s robustness within different sliding materials, texturesand under noise disturbances. We further demonstrate the resistance of Fingersound to replay attack.

Yanzhi Ren,Chen Chen,Hongbo Liu,Jiadi Yu,Zhourong Zheng,Yingying Chen,Pengcheng Huang,Hongwei Li

DOI: https://doi.org/10.1109/tmc.2022.3232172

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:The two-factor authentication ($2$FA) has drawn increasingly attention as the mobile devices become more prevalent. For example, the user's possession of the enrolled phone could be used by the $2$FA system as the second proof to protect his/her online accounts. Existing $2$FA solutions mainly require some form of user-device interaction, which may severely affect user experience and creates extra burdens to users. In this work, we propose a secure $2$FA system utilizing the proximity of a user's enrolled phone and the login device as the second proof without requiring the user's interactions. The basic idea of our $2$FA system is to derive location signatures based on acoustic beep signals emitted alternately by both devices and sensing the echoes with microphones, and compare the extracted signatures for proximity detection. Moreover, to further enhance the security of our system, we also design a device authentication scheme which derives the acoustic fingerprint between the login device and enrolled phone to verify the identity of two devices. Given the received beep signal, our system designs a period selection scheme to identify two sound segments accurately: the chirp period is the sound segment propagating directly from the speaker to the microphone whereas the echo period is the sound segment reflected back by surrounding objects. To achieve an accurate proximity detection, we develop a new energy loss compensation extraction scheme by utilizing the extracted chirp periods to estimate the intrinsic differences of energy loss between microphones of the enrolled phone and the login device. Our proximity detection component then conducts the similarity comparison between the identified two echo periods after the energy loss compensation to effectively determine whether the enrolled phone and the login device are in proximity for $2$FA. Moreover, to provide higher security, our device fingerprint-assisted proximity detection further utilizes the overall energy loss between the login device and enrolled phone as their hardware fingerprint to authenticate the identity of two devices. Our experimental results show that our system is accurate in providing $2$FA and robust to both man-in-the-middle (MiM) and co-located attacks across different scenarios and device models.

computer science, information systems,telecommunications

Chenyu Tang,Ziang Cui,Meng Chu,Yujiao Lu,Fuqiang Zhou,Shuo Gao

DOI: https://doi.org/10.1109/jsen.2022.3141872

IF: 4.3

2022-01-01

IEEE Sensors Journal

Abstract:Cyber security is of significance in today’s e-commerce applications. In this article, we present a piezoelectric touch sensing supported keystroke dynamics based identity authentication technique, for providing a secure access manner to smartphones. Here, the polyvinylidene fluoride (PVDF) based piezoelectric touch panel can learn detailed force touch habits of users. With a support vector machine (SVM) algorithm, our proposed frequency domain features experimentally demonstrate a better authentication accuracy of 98.3%, compared to the traditional time domain features. The work showcases a feasible method of combining functional materials and artificial intelligence (AI) for satisfying highly secure requirements.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Yuanwei Hou,Yu Gu,Weiping Li,Zhi Liu

DOI: https://doi.org/10.1587/transfun.2021eap1119

2022-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:The fast evolving credential attacks have been a great security challenge to current password-based information systems. Recently, biometrics factors like facial, iris, or fingerprint that are difficult to forge rise as key elements for designing passwordless authentication. However, capturing and analyzing such factors usually require special devices, hindering their feasibility and practicality. To this end, we present WiASK, a device-free WiFi sensing enabled Authentication System exploring Keystroke dynamics. More specifically, WiASK captures keystrokes of a user typing a pre-defined easy-to-remember string leveraging the existing WiFi infrastructure. But instead of focusing on the string itself which are vulnerable to password attacks, WiASK interprets the way it is typed, i.e., keystroke dynamics, into user identity, based on the biologically validated correlation between them. We prototype WiASK on the low-cost off-the-shelf WiFi devices and verify its performance in three real environments. Empirical results show thatWiASK achieves on average 93.7% authentication accuracy, 2.5% false accept rate, and 5.1% false reject rate.

J Liu,X Zou,F Lin,J Han,X Xu,K Ren

DOI: https://doi.org/10.1109/ICDCS51616.2021.00103

2021-01-01

Abstract:Biometrics have been widely used in user authentications. However, existing outer-body biometrics (e.g., fingerprint), collecting from body surface, are vulnerable to spoofing attacks. Although inner-body biometrics, such as the electrocardiogram, are hard to be forged, their complex acquisition methods and instability lead to unsatisfactory user experience. Therefore, achieving good user-friendliness and high security simultaneously in biometric-based authentication is challenging. In this paper, we propose Hand-Key, an attack-resilient and user-friendly user authentication system to address the above challenge. Hand-Key utilizes a low-cost radio frequency identification (RFID) tag array to simultaneously collect the inner-body composition and outer-body geometric features of human hand to identify users. Users are merely required to hold their hands in a 'handshaking' pose between a reader's antenna and a tag array during authentication. To further enhance the security, we tactfully leverage the inherent randomness of the anti-collision scheme in RFID systems to make Hand-Key immune against replay attacks. We built a prototype of Hand-Key and conducted extensive experiments with 30 volunteers. The results show that Hand-Key achieves an authentication success rate of 99%+.

Xiaohan Zhang,Peng Liu,Bohao Lu,Yang Wang,Xiaohan Chen,Yanxin Zhang,Zhi Wang

DOI: https://doi.org/10.1109/tmc.2023.3243772

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:The Passive Keyless Entry and Start system (PKES) has become an essential element of vehicle systems since it allows owners to lock or unlock their properties without having to take out the keys. However, the system suffers from a potential and serious security problem because of a relay attack. This paper introduces dynamic biometrics to resolve such potential problems. Precisely, it opts for hand-gesture and proposes a Multi-Task Siamese Feature-pyramid network with Bidirectional Gated Recurrent Units (MTSFBet) against relay attack. MTSFBet is made up of a Dynamic Biometrics Extraction Module (DBEM) and Multi-Task Operation Module (MTOM). DBEM extracts trajectory and kinematic features from the gesture data of owners, whereas MTOM performs gesture classification and identity authentication using these features. Moreover, we designed a loss function for the identity authentication part. Eventually, based on the dataset collected by mobile devices, we constructed comparative experiments and ablation studies to demonstrate the effectiveness of the method. Our comprehensive model achieves an accuracy of 0.86 in gesture classification and an accuracy of 0.73 in identity authentication. The results showed that our MTSFBet significantly outperforms other comparison methods. The MTSFBet can also be used in any scenario associated with identity authentication based on hand gestures.

computer science, information systems,telecommunications

Yuchen Miao,Chaojie Gu,Zhenyu Yan,Sze Yiu Chau,Rui Tan,Qi Lin,Wen Hu,Shibo He,Jiming Chen

DOI: https://doi.org/10.1145/3596264

2023-01-01

Abstract:Secure device pairing is important to wearables. Existing solutions either degrade usability due to the need of specific actions like shaking, or they lack universality due to the need of dedicated hardware like electrocardiogram sensors. This paper proposes TouchKey, a symmetric key generation scheme that exploits the skin electric potential (SEP) induced by powerline electromagnetic radiation. The SEP is ubiquitously accessible indoors with analog-to-digital converters widely available on Internet of Things devices. Our measurements show that the SEP has high randomness and the SEPs measured at two close locations on the same human body are similar. Extensive experiments show that TouchKey achieves a high key generation rate of 345 bit/s and an average success rate of 99.29%. Under a range of adversary models including active and passive attacks, TouchKey shows a low false acceptance rate of 0.86%, which outperforms existing solutions. Besides, the overall execution time and energy usage are 0.44 s and 2.716 mJ, which make it suitable for resource-constrained devices.

Man Zhou,Yuting Zhou,Shuao Su,Qian Wang,Qi Li,Shengshan Hu,Chunwu Yu,Zhengxiong Li

DOI: https://doi.org/10.1109/tmc.2023.3338148

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Pattern lock is widely used for user authentication in mobile devices due to its simplicity and ease of remembering. However, it is vulnerable to various attacks, e.g. , shoulder surfing attacks. In this paper, we propose FingerPattern, a novel enhanced pattern lock authentication system by using friction sound as a second authentication factor. When the user inputs the pattern by swiping his/her fingertip on the screen, the friction sound is generated based on the user's fingerprint and is unique. Thus, FingerPattern can identify and rule out the illegality by utilizing fingerprint-dependent friction sound even if the adversary has inferred the pattern. By this method, FingerPattern secures pattern lock without the need for a change in user unlocking habits. Extensive experiments demonstrate that FingerPattern can identify legitimate users with 97.5% TAR in one attempt and defend against various attacks ( e.g. , only 16.8% FAR in five attempts even if the adversary can clearly spy on the user's unlocking process). FingerPattern can be incorporated into the existing pattern lock of mobile devices, which is cost-free. Furthermore, a user experience study shows that FingerPattern is well-received by users.

Kyungho Joo,Wonsuk Choi,Dong Hoon Lee

DOI: https://doi.org/10.48550/arXiv.2003.13251

2020-03-30

Cryptography and Security

Abstract:Recently, the traditional way to unlock car doors has been replaced with a keyless entry system which proves more convenient for automobile owners. When a driver with a key fob is in the vicinity of the vehicle, doors automatically unlock on user command. However, unfortunately, it has been shown that these keyless entry systems are vulnerable to signal relaying attacks. While it is evident that automobile manufacturers incorporate preventative methods to secure these keyless entry systems, they continue to be vulnerable to a range of attacks. Relayed signals result in valid packets that are verified as legitimate, and this makes it is difficult to distinguish a legitimate door unlock request from a malicious signal. In response to this vulnerability, this paper presents an RF fingerprinting method (coined HOld the DOoR, HODOR) to detect attacks on keyless entry systems the first attempt to exploit the RF fingerprint technique in the automotive domain. HODOR is designed as a sub authentication method that supports existing authentication systems for keyless entry systems and does not require any modification of the main system to perform. Through a series of experiments, the results demonstrate that HODOR competently and reliably detects attacks on keyless entry systems. HODOR achieves both an average false positive rate (FPR) of 0.27 percent with a false negative rate (FNR) of 0 percent for the detection of simulated attacks, corresponding to current research on keyless entry car theft.

Jianwei Liu,Wenfan Song,Leming Shen,Jinsong Han,Kui Ren

DOI: https://doi.org/10.1109/tmc.2022.3193847

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:Biometric plays an important role in user authentication. However, the most widely used biometrics, such as facial feature and fingerprint, are easy to capture or record, and thus vulnerable to spoofing attacks. On the contrary, intracorporal biometrics, such as electrocardiography and electroencephalography, are hard to collect, and hence more secure for authentication. Unfortunately, adopting them is not user-friendly due to their complicated collection methods or inconvenient constraints on users. In this paper, we propose a novel biometric-based authentication system, namely MandiPass . MandiPass leverages inertial measurement units, which have been widely deployed in portable devices, to collect intracorporal biometric from the vibration of user's mandible. It provides not only one-time verification function but also continuous authentication function. Both the two functions are secure and user-friendly. We theoretically validate the feasibility of MandiPass and develop a series of deep learning techniques for effective biometric extraction. We also utilize a Gaussian matrix to defend against replay attacks. Extensive experiment results with 34 volunteers show that MandiPass can achieve low equal error rate, even under various harsh environments.

Yu Gu,Yantong Wang,Meng Wang,Zulie Pan,Zhihao Hu,Zhi Liu,Fan Shi,Mianxiong Dong

DOI: https://doi.org/10.1109/tii.2021.3108850

IF: 12.3

2022-04-01

IEEE Transactions on Industrial Informatics

Abstract:User authentication plays a critical role in access control of a man-machine system, where the knowledge factor, such as a personal identification number, constitutes the most widely used authentication element. However, knowledge factors are usually vulnerable to the spoofing attack. Recently, the inheritance factor, such as fingerprints, emerges as an efficient alternative resilient to malicious users, but it normally requires special equipment. To this end, in this article, we propose WiPass, a device-free authentication system only leveraging the pervasive Wi-Fi infrastructure to explore keystroke dynamics (manner and rhythm of keystrokes) captured by the channel state information to recognize legitimate users while rejecting spoofers. However, it remains an open challenge to characterize the behavioral features hidden in the human subtle motions, such as keystrokes. Therefore, we build a signal enhancement model using Ricean distribution to amplify user keystroke dynamics and a hybrid learning model for user authentication, which consists of two parts, i.e., convolutional neural network based feature extraction and support vector machine based classification. The former relies on visualizing the channel responses into time-series images to learn the behavioral features of keystrokes in energy and spectrum domains, whereas the latter exploits such behavioral features for user authentication. We prototype WiPass on the low-cost off-the-shelf Wi-Fi devices and verify its performance. Empirical results show that WiPass achieves on average 92.1% authentication accuracy, 5.9% false accept rate, and 6.3% false reject rate in three real environments.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Tao Feng,Xi Zhao,Bogdan Carbunar,Weidong Shi

DOI: https://doi.org/10.1109/trustcom.2013.272

2013-01-01

Abstract:Due to the increasing popularity of mobile technologies, sensitive user information is often stored on mobile devices. However, the essential task of mobile user authentication is rendered more challenging by the conflicting requirements of security and usability: usable solutions are often insecure, while secure solutions hinder device accessibility. In this paper we propose TAP (Typing Authentication and Protection), a virtual key typing based authentication system for mobile devices that takes steps toward addressing this tradeoff. TAP transparently enhance the security of the mobile device in two stage, the login stage and the post-login stage. In the login stage, TAP leverages the biometric information embedded in the typing habit and hand morphology to accomplish secure user identity management with a simple password. While in the post-login stage, TAP transparently monitors the user's virtual key dynamics behavior to continuously authenticate the user. We evaluated three user studies which compare authentication performance under different virtual key typing settings, without pressure and haptics feedback, with pressure information, and with both pressure and haptics feedback. The experiments demonstrated our TAP can maintain both security and usability for the mobile system.

Yan Zhang,Dianqi Han,Ang Li,Lili Zhang,Tao Li,Yanchao Zhang

DOI: https://doi.org/10.1109/tmc.2021.3072598

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Secure and usable user authentication is the first line of defense against cyber attacks on smart end-user devices. Advanced hacking techniques pose severe threats to the traditional authentication systems based on the password/PIN/fingerprint. We propose MagAuth, a secure and usable two-factor authentication scheme with commercial off-the-shelf (COTS) wrist wearables with magnetic strap bands to enhance the security and usability of password-based authentication for mobile touchscreen devices. In MagAuth, a user enrolls a self-chosen unlock pattern or touch gesture into his touchscreen device by performing it with the same hand the magnetic wrist wearable is on. The chosen unlock pattern or touch gesture serves as the first authentication factor, and the user's behavioral features manifested in the magnetic field changes during his finger movement correspond to the second factor. The user can unlock his touchscreen device only when both authentication factors can be validated. Comprehensive user experiments confirm the high security and usability of MagAuth. In particular, MagAuth achieves an average true-positive rate up to 96.3 percent and a false-positive rate no larger than 8.4 percent. Moreover, we show that MagAuth is highly resilient to various attacks.

computer science, information systems,telecommunications

Maro Choi,Shincheol Lee,Minjae Jo,Ji Sun Shin

DOI: https://doi.org/10.3390/s21062242

2021-03-23

Abstract:Authentication methods using personal identification number (PIN) and unlock patterns are widely used in smartphone user authentication. However, these authentication methods are vulnerable to shoulder-surfing attacks, and PIN authentication, in particular, is poor in terms of security because PINs are short in length with just four to six digits. A wide range of research is currently underway to examine various biometric authentication methods, for example, using the user's face, fingerprint, or iris information. However, such authentication methods provide PIN-based authentication as a type of backup authentication to prepare for when the maximum set number of authentication failures is exceeded during the authentication process such that the security of biometric authentication equates to the security of PIN-based authentication. In order to overcome this limitation, research has been conducted on keystroke dynamics-based authentication, where users are classified by analyzing their typing patterns while they are entering their PIN. As a result, a wide range of methods for improving the ability to distinguish the normal user from abnormal ones have been proposed, using the typing patterns captured during the user's PIN input. In this paper, we propose unique keypads that are assigned to and used by only normal users of smartphones to improve the user classification performance capabilities of existing keypads. The proposed keypads are formed by randomly generated numbers based on the Mersenne Twister algorithm. In an attempt to demonstrate the superior classification performance of the proposed unique keypad compared to existing keypads, all tests except for the keypad type were conducted under the same conditions in earlier work, including collection-related features and feature selection methods. Our experimental results show that when the filtering rates are 10%, 20%, 30%, 40%, and 50%, the corresponding equal error rates (EERs) for the proposed keypads are improved by 4.15%, 3.11%, 2.77%, 3.37% and 3.53% on average compared to the classification performance outcomes in earlier work.