Dai Shi,Dan Tao,Jiangtao Wang,Muyan Yao,Zhibo Wang,Houjin Chen,Sumi Helal

DOI: https://doi.org/10.1145/3448080

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Pattern lock has been widely used in smartphones as a simple and effective authentication mechanism, which however is shown to be vulnerable to various attacks. In this paper, we design a novel authentication system for more secure pattern unlocking on smartphones. The basic idea is to utilize various behavior information of the user during pattern unlocking as additional authentication fingerprints, so that even if the pattern password is leaked to an attacker, the system remains safe and protected. To accommodate a variety of user contexts by our system, a context-aware module is proposed to distinguish any of such contexts (e.g., body postures when drawing the pattern) and use it to guide the authentication. Moreover, we design a polyline weighted strategy with overlapping based on the consistency of pattern lock, which analyzes the behavior information of the user during the unlock process in a fine-grained manner and takes an overall consideration the results of different polylines. Based on 14,850 samples collected from 77 participants, we have extensively evaluated the proposed system. The results demonstrate that it outperforms state-of-the-art implicit authentication based pattern lock approaches, and that each key module in our system is effective.

Imane Lamiche,Bin Guo,Yafang Yang,Zhiwen Yu

DOI: https://doi.org/10.1007/978-3-030-64243-3_23

2020-01-01

Abstract:Nowadays, humans have become too dependent on their smartphone devices for a broad range of tasks: shopping, bank interactions, socialization …etc. Wide-speared dependence on smartphone devices raises numerous security and privacy risks. To deal with these evolving threats, various authentication methods based on user behavioral biometrics have been proposed in recent research. Behavioral biometrics are used to identify the smartphone user continuously without seeking his/her cooperation which makes the task more convenient. In this paper, we review the current behavioral biometrics authentication methods on smartphones. We present an analytical study of several proposed mechanisms and discuss the strengths and limitations of available approaches. A comparative evaluation of the various state of the art obtained results is discussed. Finally, a list of open problems, challenges, and future directions are carried out for future studies on this research area.

Yanyan Li,Mengjun Xie,Jiang Bian

DOI: https://doi.org/10.1109/cns.2016.7860464

2017-01-01

Abstract:Many studies have been conducted to apply behavioral biometric authentication on/with mobile devices and they have shown promising results. However, the concern about the verification accuracy of behavioral biometrics is still common given the dynamic nature of behavioral biometrics. In this paper, we address the accuracy concern from a new perspective-behavior segments, that is, segments of a gesture instead of the whole gesture as the basic building block for behavioral biometric authentication. With this unique perspective, we propose a new behavioral biometric authentication method called SEGAUTH, which can be applied to various gesture or motion based authentication scenarios. SEGAUTH can achieve high accuracy by focusing on each user's distinctive gesture segments that frequently appear across his or her gestures. In SEGAUTH, a time series derived from a gesture/motion is first partitioned into segments and then transformed into a set of string tokens in which the tokens representing distinctive, repetitive segments are associated with higher genuine probabilities than those tokens that are common across users. An overall genuine score calculated from all the tokens derived from a gesture is used to determine the user's authenticity. We have assessed the effectiveness of SEGAUTH using 4 different datasets. Our experimental results demonstrate that SEGAUTH can achieve higher accuracy consistently than existing popular methods on the evaluation datasets.

Weizhi Meng,Duncan S. Wong,Steven Furnell,Jianying Zhou

DOI: https://doi.org/10.1109/comst.2014.2386915

2015-01-01

Abstract:Designing reliable user authentication on mobile phones is becoming an increasingly important task to protect users' private information and data. Since biometric approaches can provide many advantages over the traditional authentication methods, they have become a significant topic for both academia and industry. The major goal of biometric user authentication is to authenticate legitimate users and identify impostors based on physiological and behavioral characteristics. In this paper, we survey the development of existing biometric authentication techniques on mobile phones, particularly on touch-enabled devices, with reference to 11 biometric approaches (five physiological and six behavioral). We present a taxonomy of existing efforts regarding biometric authentication on mobile phones and analyze their feasibility of deployment on touch-enabled mobile phones. In addition, we systematically characterize a generic biometric authentication system with eight potential attack points and survey practical attacks and potential countermeasures on mobile phones. Moreover, we propose a framework for establishing a reliable authentication mechanism through implementing a multimodal biometric user authentication in an appropriate way. Experimental results are presented to validate this framework using touch dynamics, and the results show that multimodal biometrics can be deployed on touch-enabled phones to significantly reduce the false rates of a single biometric system. Finally, we identify challenges and open problems in this area and suggest that touch dynamics will become a mainstream aspect in designing future user authentication on mobile phones.

computer science, information systems,telecommunications

Chao Shen,Tianwen Yu,Sheng Yuan,Yunpeng Li,Xiaohong Guan

DOI: https://doi.org/10.3390/s16030345

IF: 3.9

2016-01-01

Sensors

Abstract:The growing trend of using smartphones as personal computing platforms to access and store private information has stressed the demand for secure and usable authentication mechanisms. This paper investigates the feasibility and applicability of using motion-sensor behavior data for user authentication on smartphones. For each sample of the passcode, sensory data from motion sensors are analyzed to extract descriptive and intensive features for accurate and fine-grained characterization of users’ passcode-input actions. One-class learning methods are applied to the feature space for performing user authentication. Analyses are conducted using data from 48 participants with 129,621 passcode samples across various operational scenarios and different types of smartphones. Extensive experiments are included to examine the efficacy of the proposed approach, which achieves a false-rejection rate of 6.85% and a false-acceptance rate of 5.01%. Additional experiments on usability with respect to passcode length, sensitivity with respect to training sample size, scalability with respect to number of users, and flexibility with respect to screen size were provided to further explore the effectiveness and practicability. The results suggest that sensory data could provide useful authentication information, and this level of performance approaches sufficiency for two-factor authentication on smartphones. Our dataset is publicly available to facilitate future research.

Abdulaziz Alzubaidi,Jugal Kalita

DOI: https://doi.org/10.48550/arXiv.1911.04104

2019-11-11

Cryptography and Security

Abstract:Smartphones and tablets have become ubiquitous in our daily lives. Smartphones, in particular, have become more than personal assistants. These devices have provided new avenues for consumers to play, work, and socialize whenever and wherever they want. Smartphones are small in size, so they are easy to handle and to stow and carry in users' pockets or purses. However, mobile devices are also susceptible to various problems. One of the greatest concerns is the possibility of breach in security and privacy if the device is seized by an outside party. It is possible that threats can come from friends as well as strangers. Due to the size of smart devices, they can be easily lost and may expose details of users' private lives. In addition, this might enable pervasive observation or imitation of one's movements and activities, such as sending messages to contacts, accessing private communication, shopping with a credit card, and relaying information about where one has been. This paper highlights the potential risks that occur when smartphones are stolen or seized, discusses the concept of continuous authentication, and analyzes current approaches and mechanisms of behavioral biometrics with respect to methodology, associated datasets and evaluation approaches.

Chen Wang,Yan Wang,Yingying Chen,Hongbo Liu,Jian Liu

DOI: https://doi.org/10.1016/j.comnet.2020.107118

IF: 5.493

2020-04-01

Computer Networks

Abstract:<p>Mobile devices have brought a great convenience to us these years, which allow the users to enjoy the anytime and anywhere various applications such as the online shopping, Internet banking, navigation and mobile media. While the users enjoy the convenience and flexibility of the "Go Mobile" trend, their sensitive private information (e.g., name and credit card number) on the mobile devices could be disclosed. An adversary could access the sensitive private information stored on the mobile device by unlocking the mobile devices. Moreover, the user's mobile services and applications are all exposed to security threats. For example, the adversary could utilize the user's mobile device to conduct non-permitted actions (e.g., making online transactions and installing malwares). The authentication on mobile devices plays a significant role to protect the user's sensitive information on mobile devices and prevent any non-permitted access to the mobile devices. This paper surveys the existing authentication methods on mobile devices. In particular, based on the basic authentication metrics (i.e., knowledge, ownership and biometrics) used in existing mobile authentication methods, we categorize them into four categories, including the knowledge-based authentication (e.g., passwords and lock patterns), physiological biometric-based authentication (e.g., fingerprint and iris), behavioral biometrics-based authentication (e.g., gait and hand gesture), and two/multi-factor authentication. We compare the usability and security level of the existing authentication approaches among these categories. Moreover, we review the existing attacks to these authentication approaches to reveal their vulnerabilities. The paper points out that the trend of the authentication on mobile devices would be the multi-factor authentication, which determines the user's identity using the integration (not the simple combination) of more than one authentication metrics. For example, the user's behavior biometrics (e.g., keystroke dynamics) could be extracted simultaneously when he/she inputs the knowledge-based secrets (e.g., PIN), which can provide the enhanced authentication as well as sparing the user's trouble to conduct multiple inputs for different authentication metrics.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yuchen Su,Guoqing Jiang,Yicong Du,Yuefeng Chen,Hongbo Liu,Yanzhi Ren,Huan Dai,Yan Wang,Shuai Li,Yingying Chen

DOI: https://doi.org/10.1109/icdcs57875.2023.00074

2023-01-01

Abstract:Personal Identification Number (PIN), as one of the primary means of protecting digital properties and privacy on mobile devices, has been suffering from shoulder surfing attacks and weak password guessing for the long term. Recent years witness the growing interest in two-factor authentication that takes advantage of two different ways for mutual verification, thereby strengthening user authentication's accuracy and reliability. Especially with the popularity of smartwatches, more physiological signals are readily available to facilitate two-factor authentication. This paper presents a lightweight and unobtrusive two-factor authentication scheme, P 2 Auth, integrating the PIN and unique keystroke-related Photoplethysmography (PPG) measurement on wearables. Specifically, we propose the transformation of the multivariate PPG signal induced by the keystrokes to extract reliable biometric features. We develop short-time energy-based methods to identify the input cases, thus enabling support the authentication for both one-handed and two-handed input cases. Furthermore, we also consider the situation where there is no fixed PIN and design a new enhanced privacy scheme by combining the PPG measurements of different keystrokes to improve authentication security. The experiments involving 15 volunteers demonstrate that our prototype system can achieve an average authentication accuracy of over 95% for one-handed cases and over 90% for two-handed cases.

Maro Choi,Shincheol Lee,Minjae Jo,Ji Sun Shin

DOI: https://doi.org/10.3390/s21062242

2021-03-23

Abstract:Authentication methods using personal identification number (PIN) and unlock patterns are widely used in smartphone user authentication. However, these authentication methods are vulnerable to shoulder-surfing attacks, and PIN authentication, in particular, is poor in terms of security because PINs are short in length with just four to six digits. A wide range of research is currently underway to examine various biometric authentication methods, for example, using the user's face, fingerprint, or iris information. However, such authentication methods provide PIN-based authentication as a type of backup authentication to prepare for when the maximum set number of authentication failures is exceeded during the authentication process such that the security of biometric authentication equates to the security of PIN-based authentication. In order to overcome this limitation, research has been conducted on keystroke dynamics-based authentication, where users are classified by analyzing their typing patterns while they are entering their PIN. As a result, a wide range of methods for improving the ability to distinguish the normal user from abnormal ones have been proposed, using the typing patterns captured during the user's PIN input. In this paper, we propose unique keypads that are assigned to and used by only normal users of smartphones to improve the user classification performance capabilities of existing keypads. The proposed keypads are formed by randomly generated numbers based on the Mersenne Twister algorithm. In an attempt to demonstrate the superior classification performance of the proposed unique keypad compared to existing keypads, all tests except for the keypad type were conducted under the same conditions in earlier work, including collection-related features and feature selection methods. Our experimental results show that when the filtering rates are 10%, 20%, 30%, 40%, and 50%, the corresponding equal error rates (EERs) for the proposed keypads are improved by 4.15%, 3.11%, 2.77%, 3.37% and 3.53% on average compared to the classification performance outcomes in earlier work.

Chao Shen,Yuanxun Li,Yufei Chen,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tifs.2017.2737969

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The increasing use of smartphones as personal computing platforms to access personal information has stressed the demand for secure and usable authentication techniques, and for constantly protecting privacy. Smartphone sensors can measure users' unique behavioral characteristics when they interact with smartphones, based on different habits, gestures, and angle preferences of touch actions. This paper investigates the reliability and applicability of using motion-sensor behavior for active and continuous smartphone authentication across various operational scenarios, and presents a systematic evaluation of the distinctiveness and permanence properties of the behavior. For each sample of sensor behavior, kinematic information sequences are extracted and analyzed, which are characterized by statistic-, frequency-, and wavelet-domain features, to provide accurate and fine-grained characterization of users' touch actions. A Markov-based decision procedure, using one-class learning techniques, is developed and applied to the feature space for performing authentication. Analyses are conducted using the sensor data of 520 200 touch actions from 102 subjects across various operational scenarios. Extensive experiments show that motion-sensor behavior exhibits sufficient discriminability and stability for active and continuous authentication, and can achieve a false-rejection rate of 5.03% and a false-acceptance rate of 3.98%. Additional experiments on usability to operation length, sensitivity to application scenario, scalability to user size, contribution to different sensors, and response to behavior change are provided to further explore the effectiveness and applicability. We also implement an authentication system into the Android system that can react to the presence of the legitimate user.

Imane Lamiche,Guo Bin,Yao Jing,Zhiwen Yu,Abdenour Hadid

DOI: https://doi.org/10.1007/s12652-018-1123-6

IF: 3.662

2018-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Behavioral biometrics, such as gait patterns and keystroke dynamics, have been becoming increasingly used in human identity recognition research for enhancing the smartphone security. A new multimodal authentication method able to strengthen the smartphone authentication system is proposed in this paper. The proposed mechanism acquires gait patterns from the accelerometer, as well as keystroke dynamics, continuously without user intervention through simultaneous walk and text input. More specifically, features are extracted from both modalities. Afterward, a feature level fusion method is applied to build a multimodal biometrics profile for the user. Fused feature vectors are subjected to the sequential floating forward selection algorithm to reduce their dimensions as well as the computational complexity. The effectiveness of the proposed method is examined through a real multimodal dataset collected from 20 subjects under various scenarios, using different machine learning classifiers. The experimental results achieved a promising accuracy of 99.11% when using multilayer perceptron classifier with the average false acceptance rate, false rejection rate and equal error rate values of 0.684%, 7%, and 1%, respectively. Furthermore, the security strength of the proposed method was evaluated against two types of attacks, the zero-effort attack and minimal-effort mimicking attack. Results demonstrate that our approach represents a robust and secure authentication solution.

Chao Shen,Yong Zhang,Xiaohong Guan,Roy A. Maxion

DOI: https://doi.org/10.1109/tifs.2015.2503258

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The increasing use of touchscreen smartphones to access sensitive and privacy data has given rise to the need of secure and usable authentication technique. Smartphone users have their own unique behavioral characteristics when performing touch operations. These personal characteristics are reflected on different rhythm, strength, and angle preferences of touch-interaction behavior. This paper investigates the reliability and applicability on the usage of users’ touch-interaction behavior for active authentication on smartphones. For each common type of touch operations, both static and dynamic features are extracted and analyzed for fine-grained characterization of users’ touch behavior. Classification techniques (nearest neighbor, neural network, support vector machine, and random forest) are applied to the feature space for performing the task of active authentication. Analyses are conducted using data from around 134 900 touch operations of 71 participants in real-world scenarios, and the authentication performance is evaluated across various types of touch operations, varying operation lengths, different application tasks, and different application scenarios. The extensive experimental results are included to show that touch-interaction behavior exhibits sufficient discriminability and stability among smartphone users for active authentication, and achieves equal-error rates between 1.72% and 9.01% for different types of touch operations with the operation length of 11; the authentication accuracies improve when having long observation or small timespan between the training and testing phases, and express more reliably and stably in a specific task than in the free task. We also discuss a number of avenues for additional research that we believe are necessary to advance the state-of-the-art in this area.

Xiaozi Liu,Chao Shen,Yufei Chen

DOI: https://doi.org/10.1007/978-3-319-97909-0_71

2018-01-01

Abstract:Analyzing smartphone users' behavioral characteristics for recognizing the identities has received growing interest from security and biometric researchers. Extant smartphone authentication methods usually provide one-time identity verification in some specific applications, but the authenticated user is still subject to masquerader attacks or session hijacking. This paper presents a novel smartphone authentication approach by analyzing multi-source user-machine usage behavior (i.e., power consumption, physical sensors, and touchscreen interactions), which can continuously verify the presence of a smartphone user. Extensive experiments are conducted to show that our authentication approach can be up to a relatively high accuracy with an equal-error rate of 5.5%. This approach can also be seamlessly integrated with existing authentication methods, which does not need additional hardware and is transparent to users.

Alejandro Acien,Aythami Morales,Ruben Vera-Rodriguez,Julian Fierrez

DOI: https://doi.org/10.48550/arXiv.1901.10312

2019-01-29

Abstract:In this paper we evaluate mobile active authentication based on an ensemble of biometrics and behavior-based profiling signals. We consider seven different data channels and their combination. Touch dynamics (touch gestures and keystroking), accelerometer, gyroscope, WiFi, GPS location and app usage are all collected during human-mobile interaction to authenticate the users. We evaluate two approaches: one-time authentication and active authentication. In one-time authentication, we employ the information of all channels available during one session. For active authentication we take advantage of mobile user behavior across multiple sessions by updating a confidence value of the authentication score. Our experiments are conducted on the semi-uncontrolled UMDAA-02 database. This database comprises smartphone sensor signals acquired during natural human-mobile interaction. Our results show that different traits can be complementary and multimodal systems clearly increase the performance with accuracies ranging from 82.2% to 97.1% depending on the authentication scenario.

Cryptography and Security,Computer Vision and Pattern Recognition,Computers and Society,Human-Computer Interaction

Xiaoshi Liang,Futai Zou,Linsen Li,Ping Yi

DOI: https://doi.org/10.1177/1550147719899371

IF: 1.938

2020-01-01

International Journal of Distributed Sensor Networks

Abstract:We propose a new type of authentication system based on behavioral characteristics for smartphone users. With the sensor and touch screen data in the smartphone, the combination of the motion state detection mode and the authentication mode can effectively distinguish between legitimate smartphone users and other users. The system deploys software on the smartphone to collect data from sensors and touch screens, and upload the data to the cloud. We apply random forest algorithm on the data to extract features and achieve motion state detection. Multilayer perceptron algorithm is used for user authentication in corresponding motion state. The system effectively implements an implicit and continuous authentication mode, which can achieve user identity authentication without users' being aware of it. The system proposed in this article can achieve 95.96% accuracy with false rejection rate of 2.55% and false acceptance rate of 6.94%.

Cong Wang,Yanru Xiao,Xing Gao,Li Li,Jun Wang

DOI: https://doi.org/10.1109/tmc.2021.3072608

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile authentication using behavioral biometrics has been an active area of research. Existing research relies on building machine learning classifiers to recognize an individual's unique patterns. However, these classifiers are not powerful enough to learn the discriminative features. When implemented on the mobile devices, they face new challenges from the behavioral dynamics, data privacy and side-channel leaks. To address these challenges, we present a new framework to incorporate training on battery-powered mobile devices, so private data never leaves the device and training can be flexibly scheduled to adapt the behavioral patterns at runtime. We re-formulate the classification problem into deep metric learning to improve the discriminative power and design an effective countermeasure to thwart side-channel leaks by embedding a noise signature in the sensing signals without sacrificing too much usability. The experiments demonstrate authentication accuracy over 95 percent on three public datasets, a sheer 15 percent gain from multi-class classification with less data and robustness against brute-force and side-channel attacks with 99 and 90 percent success, respectively. We show the feasibility of training with mobile CPUs, where training 100 epochs takes less than 10 mins and can be boosted 3-5 times with feature transfer. Finally, we profile memory, energy and computational overhead. Our results indicate that training consumes lower energy than watching videos and slightly higher energy than playing games.

computer science, information systems,telecommunications

Cong Wu,Hangcheng Cao,Guowen Xu,Chengjie Zhou,Jianfei Sun,Ran Yan,Yang Liu,Hongbo Jiang

DOI: https://doi.org/10.1109/tmc.2024.3371014

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:As smartphones proliferate, secure and user-friendly authentication methods are increasingly critical. Existing behavioral biometrics, however, are often compromised by behavior variability, leading to poor authentication accuracy and an unsatisfactory user experience. To fill this gap, we propose BioHold , a new robust and reliable user authentication method, fusing finger behavior and hand geometry, captured via a smartphone's multitouch screen during natural holding gestures. It synergistically fuses behavioral and physiological biometrics. In contrast to traditional methods that require restrictive, unnatural user patterns, our approach utilizes a stable, natural gesture for authentication, effectively mitigating behavior variability. It enables one-handed authentication through familiar smartphone-holding and unlocking gestures. During this interaction, hand geometry and behavioral characteristics are recorded for subsequent authentication. We evaluate our method using a dataset collected from 20 subjects, demonstrating its resilience against behavioral variability over time while maintaining a high level of distinctiveness. With only 10 training samples, our method achieves an equal error rate of 3.59%, which improves to 1.25% with 40 training samples. Importantly, our method is resistant to common security threats such as zero-effort attacks, smudge attacks, and shoulder surfing attacks. A usability study confirms the method's high user acceptance, as measured by the system usability score.

Li Lu,Yongshuai Liu

DOI: https://doi.org/10.1109/tcss.2016.2517648

2015-01-01

IEEE Transactions on Computational Social Systems

Abstract:With the emergence of smartphones as an essential part of daily life, the demand for user reauthentication has increased manifolds. The effective and widely practiced biometric schemes are based upon the principle of “who you are” which utilizes inherent and unique characteristics of the user. In this context, the behavioral biometrics such as sliding dynamics and pressure intensity make use of on-screen sliding movements to infer the user's patterns. In this paper, we present Safeguard, an accurate and efficient smartphone user reauthentication (verification) system based upon on-screen finger movements. The computation and processing is performed at back-end which is transparent to the users. The key feature of the proposed system lies in fine-grained on-screen biometric metrics, i.e., sliding dynamics and pressure intensity, which are unique to each user under diverse scenarios. We first implement our scheme through five machine learning approaches and finally select the support vector machine (SVM)-based approach due to its high accuracy. We further analyze Safeguard to be robust against adversary imitation. We validate the efficacy of our approach through implementation on off-the-shelf smartphone followed by practical evaluation under different scenarios. We process a set of more than 50 000 effective samples derived from a raw dataset of over 10 000 slides collected from each of the 60 volunteers over a period of one month. The experimental results show that Safeguard can verify a user with 0.03% false acceptance rate (FAR) and 0.05% false rejection rate (FRR) within 0.3 s with 15 to 20 slides by the user. The FRR of our system adequately meets the European Standard for Access Control Systems, whereas FAR differs by 0.029%. Our future works aim to integrate multitouch sliding movements in existing scheme.

Kelly Grindrod,Hassan Khan,Urs Hengartner,Stephanie Ong,Alexander G Logan,Daniel Vogel,Robert Gebotys,Jilan Yang

DOI: https://doi.org/10.1371/journal.pone.0189048

IF: 3.7

2018-01-04

PLoS ONE

Abstract:Objective: Apps promoting patient self-management may improve health outcomes. However, methods to secure stored information on mobile devices may adversely affect usability. We tested the reliability and usability of common user authentication techniques in younger and older adults. Methodology: Usability testing was conducted in two age groups, 18 to 30 years and 50 years and older. After completing a demographic questionnaire, each participant tested four authentication options in random order: four-digit personal identification number (PIN), graphical password (GRAPHICAL), Android pattern-lock (PATTERN), and a swipe-style Android fingerprint scanner (FINGERPRINT). Participants rated each option using the Systems Usability Scale (SUS). Results: A total of 59 older and 43 younger participants completed the study. Overall, PATTERN was the fastest option (3.44s), and PIN had the fewest errors per attempt (0.02). Participants were able to login using PIN, PATTERN, and GRAPHICAL at least 98% of the time. FINGERPRINT was the slowest (26.97s), had an average of 1.46 errors per attempt, and had a successful login rate of 85%. Overall, PIN and PATTERN had higher SUS scores than FINGERPRINT and GRAPHICAL. Compared to younger participants, older participants were also less likely to find PATTERN to be tiring, annoying or time consuming and less likely to consider PIN to be time consuming. Younger participants were more likely to rate GRAPHICAL as annoying, time consuming and tiring than older participants. Conclusions: On mobile devices, PIN and pattern-lock outperformed graphical passwords and swipe-style fingerprints. All participants took longer to authenticate using the swipe-style fingerprint compared to other options. Older participants also took two to three seconds longer to authenticate using the PIN, pattern and graphical passwords though this did not appear to affect perceived usability.

Sara Kokal,Laura Pryor,Rushit Dave

DOI: https://doi.org/10.48550/arXiv.2204.09088

2022-04-20

Abstract:Mobile devices have been manufactured and enhanced at growing rates in the past decades. While this growth has significantly evolved the capability of these devices, their security has been falling behind. This contrast in development between capability and security of mobile devices is a significant problem with the sensitive information of the public at risk. Continuing the previous work in this field, this study identifies key Machine Learning algorithms currently being used for behavioral biometric mobile authentication schemes and aims to provide a comprehensive review of these algorithms when used with touch dynamics and phone movement. Throughout this paper the benefits, limitations, and recommendations for future work will be discussed.

Cryptography and Security,Artificial Intelligence