Xi Zhao,Tao Feng,Weidong Shi

DOI: https://doi.org/10.1109/btas.2013.6712747

2013-01-01

Abstract:Behavioral biometric on mobile devices has begun to gain attention in recent years and the feasibility of touch gestures as a novel biometric modality has been investigated lately. In this paper, we propose a novel Graphic Touch Gesture Feature (GTGF) to extract the identity traits from the touch traces. The traces' movement and pressure dynamics are represented by intensity values and shapes of the GTGF. To evaluate its usability on the authentication problem, touch gesture datasets have been collected which includes six commonly used touch gestures. A Equal Error Rate of 2.62% has been achieved combining six gestures together, which demonstrated the effectiveness of the proposed methods.

Zhongmin Cai,Chao Shen,Miao Wang,Yunpeng Song,Jialin Wang

DOI: https://doi.org/10.1007/978-3-319-02961-0_48

2013-01-01

Abstract:The increasing use of touchscreen mobile phones to access sensitive and personal data has given rise to the need of secure and usable authentication technique. This paper presents a novel approach to authentication on touch-screen mobile devices. The basic idea was to exploit user interaction data of touchscreen mobile phone to authenticate users based on the way they perform touch operations. A filed study was conducted to design typical touch-operation scenarios and gather users' data. Behavioral features were extracted to accurately characterize users' behavior. Diverse classification methods were employed to perform the authentication task. Experiments are included to demonstrate the effectiveness of the proposed approach, which achieves a false-acceptance rate of 4.05%, and a false-rejection rate of 3.27%. This level of accuracy shows that these are indeed identity information in touch behavior that can be used as a mobile authentication mechanism. © Springer International Publishing 2013.

Yunpeng Song,Zhongmin Cai,Zhi-Li Zhang

DOI: https://doi.org/10.1109/sp.2017.54

2017-01-01

Abstract:In this paper we present a simple and reliable authentication method for mobile devices equipped with multitouch screens such as smart phones, tablets and laptops. Users are authenticated by performing specially designed multi-touch gestures with one swipe on the touchscreen. During this process, both hand geometry and behavioral characteristics are recorded in the multi-touch traces and used for authentication. By combining both geometry information and behavioral characteristics, we overcome the problem of behavioral variability plaguing many behavior based authentication techniques - which often leads to less accurate authentication or poor user experience - while also ensuring the discernibility of different users with possibly similar handshapes. We evaluate the design of the proposed authentication method thoroughly using a large multi-touch dataset collected from 161 subjects with an elaborately designed procedure to capture behavior variability. The results demonstrate that the fusion of behavioral information with hand geometry features produces effective resistance to behavioral variability over time while at the same time retains discernibility. Our approach achieves EER of 5.84% with only 5 training samples and the performance is further improved to EER of 1.88% with enough training. Security analyses are also conducted to demonstrate that the proposed method is resilient against common smartphone authentication threats such as smudge attack, shoulder surfing attack and statistical attack. Finally, user acceptance of the method is illustrated via a usability study.

Cong Wu,Hangcheng Cao,Guowen Xu,Chengjie Zhou,Jianfei Sun,Ran Yan,Yang Liu,Hongbo Jiang

DOI: https://doi.org/10.1109/tmc.2024.3371014

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:As smartphones proliferate, secure and user-friendly authentication methods are increasingly critical. Existing behavioral biometrics, however, are often compromised by behavior variability, leading to poor authentication accuracy and an unsatisfactory user experience. To fill this gap, we propose BioHold , a new robust and reliable user authentication method, fusing finger behavior and hand geometry, captured via a smartphone's multitouch screen during natural holding gestures. It synergistically fuses behavioral and physiological biometrics. In contrast to traditional methods that require restrictive, unnatural user patterns, our approach utilizes a stable, natural gesture for authentication, effectively mitigating behavior variability. It enables one-handed authentication through familiar smartphone-holding and unlocking gestures. During this interaction, hand geometry and behavioral characteristics are recorded for subsequent authentication. We evaluate our method using a dataset collected from 20 subjects, demonstrating its resilience against behavioral variability over time while maintaining a high level of distinctiveness. With only 10 training samples, our method achieves an equal error rate of 3.59%, which improves to 1.25% with 40 training samples. Importantly, our method is resistant to common security threats such as zero-effort attacks, smudge attacks, and shoulder surfing attacks. A usability study confirms the method's high user acceptance, as measured by the system usability score.

Yanyan Li,Mengjun Xie,Jiang Bian

DOI: https://doi.org/10.1109/cns.2016.7860464

2017-01-01

Abstract:Many studies have been conducted to apply behavioral biometric authentication on/with mobile devices and they have shown promising results. However, the concern about the verification accuracy of behavioral biometrics is still common given the dynamic nature of behavioral biometrics. In this paper, we address the accuracy concern from a new perspective-behavior segments, that is, segments of a gesture instead of the whole gesture as the basic building block for behavioral biometric authentication. With this unique perspective, we propose a new behavioral biometric authentication method called SEGAUTH, which can be applied to various gesture or motion based authentication scenarios. SEGAUTH can achieve high accuracy by focusing on each user's distinctive gesture segments that frequently appear across his or her gestures. In SEGAUTH, a time series derived from a gesture/motion is first partitioned into segments and then transformed into a set of string tokens in which the tokens representing distinctive, repetitive segments are associated with higher genuine probabilities than those tokens that are common across users. An overall genuine score calculated from all the tokens derived from a gesture is used to determine the user's authenticity. We have assessed the effectiveness of SEGAUTH using 4 different datasets. Our experimental results demonstrate that SEGAUTH can achieve higher accuracy consistently than existing popular methods on the evaluation datasets.

Tao Feng,Xi Zhao,Weidong Shi

DOI: https://doi.org/10.1109/btas.2013.6712701

2013-01-01

Abstract:Employing mobile sensor data to recognize user behavioral activities has been well studied in recent years. However, exploiting mobile motion data as a novel biometric modality remains a new area. In this paper, we propose two novel methods, a Statistic Method to intuitively apply classifier on the statistic features of the data; and a Trajectory Reconstruction Method to reconstruct the Mobile Device Picking-up(MDP) motion trajectories and extract specific identity features from the traces. We evaluated our methods on a multi-session motion dataset. A Equal Error Rate of 6.13% and 7.09% has been respectively achieved by the Statistic Method and the Trajectory Reconstruction Method, which demonstrated the feasibility of the proposed methods. Furthermore, experimental results showed several interesting evidences: 1) the accuracy of the methods declined in the inter-session tests; and 2) user movements(e.g., walking) have a high impact on the verification performance.

Mario Frank,Ralf Biedert,Eugene Ma,Ivan Martinovic,Dawn Song

DOI: https://doi.org/10.1109/TIFS.2012.2225048

2012-10-09

Abstract:We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intra-session authentication, 2%-3% for inter-session authentication and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multi-modal biometric authentication system.

Cryptography and Security,Machine Learning

Weizhi Meng,Duncan S. Wong,Steven Furnell,Jianying Zhou

DOI: https://doi.org/10.1109/comst.2014.2386915

2015-01-01

Abstract:Designing reliable user authentication on mobile phones is becoming an increasingly important task to protect users' private information and data. Since biometric approaches can provide many advantages over the traditional authentication methods, they have become a significant topic for both academia and industry. The major goal of biometric user authentication is to authenticate legitimate users and identify impostors based on physiological and behavioral characteristics. In this paper, we survey the development of existing biometric authentication techniques on mobile phones, particularly on touch-enabled devices, with reference to 11 biometric approaches (five physiological and six behavioral). We present a taxonomy of existing efforts regarding biometric authentication on mobile phones and analyze their feasibility of deployment on touch-enabled mobile phones. In addition, we systematically characterize a generic biometric authentication system with eight potential attack points and survey practical attacks and potential countermeasures on mobile phones. Moreover, we propose a framework for establishing a reliable authentication mechanism through implementing a multimodal biometric user authentication in an appropriate way. Experimental results are presented to validate this framework using touch dynamics, and the results show that multimodal biometrics can be deployed on touch-enabled phones to significantly reduce the false rates of a single biometric system. Finally, we identify challenges and open problems in this area and suggest that touch dynamics will become a mainstream aspect in designing future user authentication on mobile phones.

computer science, information systems,telecommunications

Chao Shen,Yong Zhang,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tifs.2015.2503258

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The increasing use of touchscreen smartphones to access sensitive and privacy data has given rise to the need of secure and usable authentication technique. Smartphone users have their own unique behavioral characteristics when performing touch operations. These personal characteristics are reflected on different rhythm, strength, and angle preferences of touch-interaction behavior. This paper investigates the reliability and applicability on the usage of users’ touch-interaction behavior for active authentication on smartphones. For each common type of touch operations, both static and dynamic features are extracted and analyzed for fine-grained characterization of users’ touch behavior. Classification techniques (nearest neighbor, neural network, support vector machine, and random forest) are applied to the feature space for performing the task of active authentication. Analyses are conducted using data from around 134 900 touch operations of 71 participants in real-world scenarios, and the authentication performance is evaluated across various types of touch operations, varying operation lengths, different application tasks, and different application scenarios. The extensive experimental results are included to show that touch-interaction behavior exhibits sufficient discriminability and stability among smartphone users for active authentication, and achieves equal-error rates between 1.72% and 9.01% for different types of touch operations with the operation length of 11; the authentication accuracies improve when having long observation or small timespan between the training and testing phases, and express more reliably and stably in a specific task than in the free task. We also discuss a number of avenues for additional research that we believe are necessary to advance the state-of-the-art in this area.

Jianzong Zhang,Dan Tao

DOI: https://doi.org/10.1109/icce-tw46550.2019.8992015

2019-01-01

Abstract:Information security has now become an important area of concern. Considering the shortcomings in traditional unlocking ways of smartphones, this paper proposes an implicit identity authentication mechanism by extracting users' touch dynamic characteristics. 86-dimensional features from two types of sensor data (e.g., acceleration and gyroscope) generated when a user unlocks a smartphone are extracted to characterize the user's behavior. Particularly, we adopt three popular classifiers: support vector machine (SVM), K-nearest neighbor (KNN) and random forest (RF) to perform training. Finally, we verify the accuracy of the classifier. Experimental results show that the RF classifier achieves an ideal accuracy rate for passwords with different levels of repetition, and the average accuracy rate is over 98%.

Yanyan Li,Junshuang Yang,Mengjun Xie,Dylan Carlson,Han Gil Jang,Jiang Bian

DOI: https://doi.org/10.1109/milcom.2015.7357627

2015-01-01

Abstract:Personal identification numbers (PIN) and unlock patterns are highly popular authentication mechanisms on smart mobile devices but they are not sufficiently secure. PIN or pattern mechanisms enhanced by additional, implicit behavioral biometric authentication can offer stronger authentication assurance while preserving usability, therefore becoming very attractive. Individual studies on PIN- and pattern-based behavioral biometric authentication on smartphones were conducted but their results cannot be directly compared. In this work, we present a comparison study on the authentication accuracy between PIN-based and pattern-based behavioral biometric authentication using both smartphone and tablet. We developed a uniform framework for both PIN-based and pattern-based schemes and used two representative methods-Histogram and DTW-for user verification. We recruited 15 users and collected behavioral biometric data for both simple and complex PINs and patterns. Our experimental results show that PIN-based and pattern-based behavioral biometric authentication schemes can achieve about the same level of accuracy but not all verification methods are equal. The Histogram method can achieve more consistent results and handle template aging better than the DTW method based on our results. Our findings are expected to shed light on the exploration and analysis of effective behavioral biometric verification methods and facilitate more comprehensive investigation on behavioral biometric authentication for mobile devices.

Chang Liu,Wenxiong Kang,Linpu Fang,Ningxin Liang

DOI: https://doi.org/10.1007/978-3-030-31456-9_11

2019-01-01

Abstract:Due to biometric immutability, an authentication system that depends on irrevocable biometric data (faces and fingerprints) is vulnerable to vicious attacks. Gestures, as short actions that contain static and dynamic behavioral information, are gradually replacing traditional biometrics. Compared to body gestures, hand gestures are more flexible and do not require the user's entire body to appear in front of the camera. However, most existing feature extraction algorithms rely on the key point of a hand in motion or the image analysis of a static hand gesture, thereby making the authentication less real-time and less effective in the real-word. To alleviate these problems, we propose a user authentication system based on dynamic hand gestures jointly models the silhouette and skeletal properties of moving hands for user authentication. Our system obtains an average 0.105% false acceptance rate (FAR) and an average 3.40% false rejection rate (FRR) on the public Dynamic Hand Gesture 14/28 dataset.

Xi Zhao,Tao Feng,Lei Xu,Weidong Shi

DOI: https://doi.org/10.1117/12.2053162

2014-01-01

Abstract:Employing mobile sensor data to recognize user behavioral activities has been well studied in recent years. However, to adopt the data as a biometric modality has rarely been explored. Existing methods either used the data to recognize gait, which is considered as a distinguished identity feature; or segmented a specific kind of motion for user recognition, such as phone picking-up motion. Since the identity and the motion gesture jointly affect motion data, to fix the gesture (walking or phone picking-up) definitively simplifies the identity sensing problem. However, it meanwhile introduces the complexity from gesture detection or requirement on a higher sample rate from motion sensor readings, which may draw the battery fast and affect the usability of the phone. In general, it is still under investigation that motion based user authentication in a large scale satisfies the accuracy requirement as a stand-alone biometrics modality. In this paper, we propose a novel approach to use the motion sensor readings for user identity sensing. Instead of decoupling the user identity from a gesture, we reasonably assume users have their own distinguishing phone usage habits and extract the identity from fuzzy activity patterns, represented by a combination of body movements whose signals in chains span in relative low frequency spectrum and hand movements whose signals span in relative high frequency spectrum. Then Bayesian Rules are applied to analyze the dependency of different frequency components in the signals. During testing, a posterior probability of user identity given the observed chains can be computed for authentication. Tested on an accelerometer dataset with 347 users, our approach has demonstrated the promising results.

Chao Shen,Yuanxun Li,Yufei Chen,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tifs.2017.2737969

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The increasing use of smartphones as personal computing platforms to access personal information has stressed the demand for secure and usable authentication techniques, and for constantly protecting privacy. Smartphone sensors can measure users' unique behavioral characteristics when they interact with smartphones, based on different habits, gestures, and angle preferences of touch actions. This paper investigates the reliability and applicability of using motion-sensor behavior for active and continuous smartphone authentication across various operational scenarios, and presents a systematic evaluation of the distinctiveness and permanence properties of the behavior. For each sample of sensor behavior, kinematic information sequences are extracted and analyzed, which are characterized by statistic-, frequency-, and wavelet-domain features, to provide accurate and fine-grained characterization of users' touch actions. A Markov-based decision procedure, using one-class learning techniques, is developed and applied to the feature space for performing authentication. Analyses are conducted using the sensor data of 520 200 touch actions from 102 subjects across various operational scenarios. Extensive experiments show that motion-sensor behavior exhibits sufficient discriminability and stability for active and continuous authentication, and can achieve a false-rejection rate of 5.03% and a false-acceptance rate of 3.98%. Additional experiments on usability to operation length, sensitivity to application scenario, scalability to user size, contribution to different sensors, and response to behavior change are provided to further explore the effectiveness and applicability. We also implement an authentication system into the Android system that can react to the presence of the legitimate user.

Chao Shen,Yong Zhang,Zhongmin Cai,Tianwen Yu,Xiaohong Guan

DOI: https://doi.org/10.1109/icb.2015.7139046

2015-01-01

Abstract:The increasing use of smartphones to access sensitive and privacy data has given rise to the need of secure authentication technique. Existing authentication mechanisms on smartphones can only provide one-time verification, but the verified users are still vulnerable to the session hijacking. In this article, we propose a transparent and continuous authentication system based on users' touch interaction data. We consider four common types of touch operations, and extract behavioral features to characterize users' touch behavior. Distance-measurement technique is applied to mitigate the behavioral variability. Then a multiple decision procedure is developed to perform continuous authentication, in which one-class classification algorithms are applied for classification. The efficacy of our approach is validated through a series of experiments in four real-world application scenarios. Our experimental results show that the proposed approach could verify a user in an accurate and timely manner, and suffice to be an enhancement for traditional authentication mechanisms in smartphones.

Xiangyu Xu,Jiadi Yu,Yingying Chen,Qin Hua,Yanmin Zhu,Yi-Chao Chen,Minglu Li

DOI: https://doi.org/10.1145/3372224.3380901

2020-01-01

Abstract:With increasing private and sensitive data stored in mobile devices, secure and effective mobile-based user authentication schemes are desired. As the most natural way to contact with mobile devices, finger touches have shown potentials for user authentication. Most existing approaches utilize finger touches as behavioral biometrics for identifying individuals, which are vulnerable to spoofer attacks. To resist attacks for on-touch user authentication on mobile devices, this paper exploits physical characters of touching fingers by investigating active vibration signal transmission through fingers, and we find that physical characters of touching fingers present unique patterns on active vibration signals for different individuals. Based on the observation, we propose a behavior-irrelevant on-touch user authentication system, TouchPass, which leverages active vibration signals on smartphones to extract only physical characters of touching fingers for user identification. TouchPass first extracts features that mix physical characters of touching fingers and behavior biometrics of touching behaviors from vibration signals generated and received by smartphones. Then, we design a Siamese network-based architecture with a specific training sample selection strategy to reconstruct the extracted signal features to behavior-irrelevant features and further build a behavior-irrelevant on-touch user authentication scheme leveraging knowledge distillation. Our extensive experiments validate that TouchPass can accurately authenticate users and defend various attacks.

Huan-zhi GAO,Xiu-lian CAO,Lei WANG,Bei-ji ZOU

DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.09.030

2014-01-01

Abstract:Biometric authentication is a hot topic in the current information security field .Based on the analysis of the current biometric authentication methods and the problems of their applications on smart phones ,we propose an identity authentication method based on a dynamic gesture matching algorithm named EI-DTW ,which combines relaxation of the endpoints restriction and early termination of authentication based on dynamic time warping (DTW)algorithm .The experimental results show our algorithm EI-DTW enhances the authentication accuracy by canceling the endpoint alignment restriction on gesture matching ,and improves the authentication efficiency by the early termination strategy and limiting the warp slope .

Zhihao Shen,Shun Li,Xi Zhao,Jianhua Zou

DOI: https://doi.org/10.1109/jiot.2023.3289935

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Touch behavior biometric has been widely studied for continuous authentication on mobile devices, which provides a more secure authentication in an implicit process. However, the existing touch behavior biometric-based authentication systems suffer from two issues. First, the existing touch behavior representation methods are hard to characterize touch operations under complex usage context. Second, the authentication accuracy of existing authentication models is inclined to degrade over time in a long-term real-life usage scenario due to change in data distribution caused by varying touch behavior. Toward this end, in this article, we develop IncreAuth, an incremental learning-based continuous authentication framework, which allows to provide effective stable authentication performance in the long-term smartphone usage scenario. Specifically, we first propose a novel context-aware feature set to characterize touch behavior patterns in complex usage context. Then, we develop an authentication model GBDTNN, which integrates the advantages of a gradient boosting decision tree model for processing our high-dimensional feature set and neural network model for efficient online updating. A behavior drift-based online updating mechanism is also designed to learn both long-term and short-term touch behavior patterns. To evaluate our framework, we construct a large-scale smartphone usage data set over two months collected from the unconstrained environment. Extensive experiments demonstrate that IncreAuth achieves the state-of-the-art and stable authentication accuracy over time and low system overheads.

Xiaoshi Liang,Futai Zou,Linsen Li,Ping Yi

DOI: https://doi.org/10.1177/1550147719899371

IF: 1.938

2020-01-01

International Journal of Distributed Sensor Networks

Abstract:We propose a new type of authentication system based on behavioral characteristics for smartphone users. With the sensor and touch screen data in the smartphone, the combination of the motion state detection mode and the authentication mode can effectively distinguish between legitimate smartphone users and other users. The system deploys software on the smartphone to collect data from sensors and touch screens, and upload the data to the cloud. We apply random forest algorithm on the data to extract features and achieve motion state detection. Multilayer perceptron algorithm is used for user authentication in corresponding motion state. The system effectively implements an implicit and continuous authentication mode, which can achieve user identity authentication without users' being aware of it. The system proposed in this article can achieve 95.96% accuracy with false rejection rate of 2.55% and false acceptance rate of 6.94%.

Imane Lamiche,Guo Bin,Yao Jing,Zhiwen Yu,Abdenour Hadid

DOI: https://doi.org/10.1007/s12652-018-1123-6

IF: 3.662

2018-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Behavioral biometrics, such as gait patterns and keystroke dynamics, have been becoming increasingly used in human identity recognition research for enhancing the smartphone security. A new multimodal authentication method able to strengthen the smartphone authentication system is proposed in this paper. The proposed mechanism acquires gait patterns from the accelerometer, as well as keystroke dynamics, continuously without user intervention through simultaneous walk and text input. More specifically, features are extracted from both modalities. Afterward, a feature level fusion method is applied to build a multimodal biometrics profile for the user. Fused feature vectors are subjected to the sequential floating forward selection algorithm to reduce their dimensions as well as the computational complexity. The effectiveness of the proposed method is examined through a real multimodal dataset collected from 20 subjects under various scenarios, using different machine learning classifiers. The experimental results achieved a promising accuracy of 99.11% when using multilayer perceptron classifier with the average false acceptance rate, false rejection rate and equal error rate values of 0.684%, 7%, and 1%, respectively. Furthermore, the security strength of the proposed method was evaluated against two types of attacks, the zero-effort attack and minimal-effort mimicking attack. Results demonstrate that our approach represents a robust and secure authentication solution.