Skip to main content
Springer Nature Link
Log in

Techniques for Continuous Touch-Based Authentication

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13620))

  • 1048 Accesses

Abstract

The field of continuous touch-based authentication has been rapidly developing over the last decade, creating a fragmented and difficult-to-navigate area for researchers and application developers alike. In this study, we perform a systematic literature analysis of 30 studies on the techniques used for feature extraction, classification, and aggregation in continuous touch-based authentication systems as well as the performance metrics reported by each study. Based on our findings, we design a set of experiments to compare the performance of the most frequently used techniques in the field under clearly defined conditions. In addition, we introduce two new techniques for continuous touch-based authentication: an expanded feature set (consisting of 149 unique features) and a multi-algorithm ensemble-based classifier. The comparison includes 13 feature sets, 11 classifiers, and 5 aggregation methods. In total, 204 model configurations are examined and we show that our novel techniques outperform the current state-of-the-art in each category. The results are also validated across three different publicly available datasets. Our best performing model achieves 4.8% EER using 16 consecutive strokes. Finally, we discuss the findings of our investigation with the aim of making the field more understandable and accessible for researchers and practitioners.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ericsson mobility report 2021. https://www.ericsson.com/en/reports-and-papers/mobility-report/reports/november-2021. Accessed 20 Jan 2022

  2. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). https://www.tensorflow.org/, software available from tensorflow.org

  3. Abuhamad, M., Abuhmed, T., Mohaisen, D., Nyang, D.: Autosen: deep-learning-based implicit continuous authentication using smartphone sensors. IEEE Internet Things J. 7(6), 5008–5020 (2020). https://doi.org/10.1109/JIOT.2020.2975779

    Article  Google Scholar 

  4. Acien, A., Morales, A., Fiérrez, J., Vera-Rodríguez, R., Bartolome, I.: Be-captcha: detecting human behavior in smartphone interaction using multiple inbuilt sensors. CoRR abs/2002.00918 (2020). https://arxiv.org/abs/2002.00918

  5. Acien, A., Morales, A., Fiérrez, J., Vera-Rodríguez, R., Delgado-Mohatar, O.: Becaptcha: bot detection in smartphone interaction using touchscreen biometrics and mobile sensors. CoRR abs/2005.13655 (2020). https://arxiv.org/abs/2005.13655

  6. Ahmad, J., Sajjad, M., Jan, Z., Mehmood, I., Rho, S., Baik, S.W.: Analysis of interaction trace maps for active authentication on smart devices. Multimedia Tools Appl. 76(3), 4069–4087 (2016). https://doi.org/10.1007/s11042-016-3450-y

    Article  Google Scholar 

  7. Antal, M., Bokor, Z., Szabó, L.Z.: Information revealed from scrolling interactions on mobile devices. Pattern Recogn. Lett. 56, 7–13 (2015). https://doi.org/10.1016/j.patrec.2015.01.011, https://www.sciencedirect.com/science/article/pii/S0167865515000355

  8. Antal, M., Szabó, L.Z.: Biometric authentication based on touchscreen swipe patterns. Procedia Technol. 22, 862–869 (2016). 9th International Conference Interdisciplinarity in Engineering, INTER-ENG 2015, 8-9 October 2015, Tirgu Mures, Romania.https://doi.org/10.1016/j.protcy.2016.01.061, http://www.sciencedirect.com/science/article/pii/S2212017316000621

  9. Bo, C., Zhang, L., Li, X.Y., Huang, Q., Wang, Y.: Silentsense: silent user identification via touch and movement behavioral biometrics. In: Proceedings of the 19th Annual International Conference on Mobile Computing & Networking, MobiCom 2013, pp 187–190. Association for Computing Machinery, New York (2013). https://doi.org/10.1145/2500423.2504572

  10. Buitinck, L., et al.: API design for machine learning software: experiences from the scikit-learn project. In: ECML PKDD Workshop: Languages for Data Mining and Machine Learning, pp. 108–122 (2013)

    Google Scholar 

  11. Cheon, E., Shin, Y., Huh, J., Kim, H., Oakley, I.: Gesture authentication for smartphones: evaluation of gesture password selection policies. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 249–267. IEEE Computer Society, Los Alamitos, CA, USA, May 2020. https://doi.org/10.1109/SP40000.2020.00034, https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00034

  12. Chollet, F., et al.: Keras (2015). https://keras.io

  13. Eberz, S., Rasmussen, K.B., Lenders, V., Martinovic, I.: Evaluating behavioral biometrics for continuous authentication: challenges and metrics. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 386–399. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3052973.3053032

  14. Egelman, S., Jain, S., Portnoff, R.S., Liao, K., Consolvo, S., Wagner, D.: Are you ready to lock? In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 750–761. ACM, New York (2014). https://doi.org/10.1145/2660267.2660273, http://doi.acm.org/10.1145/2660267.2660273

  15. Fathy, M.E., Patel, V.M., Chellappa, R.: Face-based active authentication on mobile devices. In: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1687–1691. IEEE (2015)

    Google Scholar 

  16. Feng, T., et al.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456 (2012). https://doi.org/10.1109/THS.2012.6459891

  17. Feng, T., Yang, J., Yan, Z., Tapia, E.M., Shi, W.: Tips: context-aware implicit user identification using touch screen in uncontrolled environments. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications. HotMobile 2014, Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2565585.2565592

  18. Fierrez, J., Pozo, A., Martinez-Diaz, M., Galbally, J., Morales, A.: Benchmarking touchscreen biometrics for mobile authentication. IEEE Trans. Inf. Forensics Secur. 13(11), 2720–2733 (2018). https://doi.org/10.1109/TIFS.2018.2833042

    Article  Google Scholar 

  19. Filippov, A.I., Iuzbashev, A.V., Kurnev, A.S.: User authentication via touch pattern recognition based on isolation forest. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 1485–1489 (2018). https://doi.org/10.1109/EIConRus.2018.8317378

  20. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)

    Article  Google Scholar 

  21. Galbally, J., Fierrez, J., Alonso-Fernandez, F., Martinez-Diaz, M.: Evaluation of direct attacks to fingerprint verification systems. Telecommun. Syst. 47(3), 243–254 (2011). https://doi.org/10.1007/s11235-010-9316-0

  22. Gascon, H., Uellenbeck, S., Wolf, C., Rieck, K.: Continuous authentication on mobile devices by analysis of typing motion behavior. Sicherheit 2014-Sicherheit, Schutz und Zuverlässigkeit (2014)

    Google Scholar 

  23. Georgiev, M., Eberz, S., Turner, H., Lovisotto, G., Martinovic, I.: Common evaluation pitfalls in touch-based authentication systems. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2022, pp. 1049–1063. Association for Computing Machinery, New York (2022). https://doi.org/10.1145/3488932.3517388

  24. Incel, O.D., et al.: Dakota: sensor and touch screen-based continuous authentication on a mobile banking application. IEEE Access 9, 38943–38960 (2021). https://doi.org/10.1109/ACCESS.2021.3063424

    Article  Google Scholar 

  25. Jorgensen, Z., Yu, T.: On mouse dynamics as a behavioral biometric for authentication. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 476–482. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/1966913.1966983

  26. Kim, J., Kang, P.: Freely typed keystroke dynamics-based user authentication for mobile devices based on heterogeneous features. Pattern Recogn. 108, 107556 (2020). https://doi.org/10.1016/j.patcog.2020.107556, https://www.sciencedirect.com/science/article/pii/S0031320320303599

  27. Kumar, R., Kundu, P.P., Phoha, V.V.: Continuous authentication using one-class classifiers and their fusion. In: 2018 IEEE 4th International Conference on Identity, Security, and Behavior Analysis (ISBA), pp. 1–8 (2018). https://doi.org/10.1109/ISBA.2018.8311467

  28. Kumar, R., Phoha, V.V., Serwadda, A.: Continuous authentication of smartphone users by fusing typing, swiping, and phone movement patterns. In: 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–8 (2016). https://doi.org/10.1109/BTAS.2016.7791164

  29. Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, 24–27 February 2013. The Internet Society (2013). https://www.ndss-symposium.org/ndss2013/unobservable-re-authentication-smartphones

  30. Mahbub, U., Sarkar, S., Patel, V.M., Chellappa, R.: Active user authentication for smartphones: a challenge data set and benchmark results. In: 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–8 (2016). https://doi.org/10.1109/BTAS.2016.7791155

  31. Meng, W., Wang, Y., Wong, D.S., Wen, S., Xiang, Y.: Touchwb: touch behavioral user authentication based on web browsing on smartphones. J. Netw. Comput. Appl. 117, 1–9 (2018). https://doi.org/10.1016/j.jnca.2018.05.010, https://www.sciencedirect.com/science/article/pii/S1084804518301723

  32. Meng, Y., Wong, D.S., Kwok, L.F.: Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014, pp. 1680–1687. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2554850.2554931

  33. Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G., Group, P.: Preferred reporting items for systematic reviews and meta-analyses: the prisma statement. PLoS Med. 6(7), e1000097 (2009)

    Google Scholar 

  34. Mondal, S., Bours, P.: A computational approach to the continuous authentication biometric system. Inf. Sci. 304, 28–53 (2015). https://doi.org/10.1016/j.ins.2014.12.045, https://www.sciencedirect.com/science/article/pii/S0020025514011979

  35. Mondal, S., Bours, P.: Swipe gesture based continuous authentication for mobile devices. In: 2015 International Conference on Biometrics (ICB), pp. 458–465 (2015). https://doi.org/10.1109/ICB.2015.7139110

  36. Murmuria, R., Stavrou, A., Barbará, D., Fleck, D.: Continuous authentication on mobile devices using power consumption, touch gestures and physical movement of users. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 405–424. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_19

    Chapter  Google Scholar 

  37. Papamichail, M.D., Chatzidimitriou, K.C., Karanikiotis, T., Oikonomou, N.C.I., Symeonidis, A.L., Saripalle, S.K.: Brainrun: a behavioral biometrics dataset towards continuous implicit authentication. Data 4(2) (2019). https://doi.org/10.3390/data4020060, https://www.mdpi.com/2306-5729/4/2/60

  38. Patel, V.M., Chellappa, R., Chandra, D., Barbello, B.: Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Sig. Process. Mag. 33(4), 49–61 (2016). https://doi.org/10.1109/MSP.2016.2555335

    Article  Google Scholar 

  39. Ramachandra, R., Busch, C.: Presentation attack detection methods for face recognition systems: a comprehensive survey. ACM Comput. Surv. 50(1) (2017). https://doi.org/10.1145/3038924

  40. Rasnayaka, S., Sim, T.: Who wants continuous authentication on mobile devices? In: 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–9 (2018). https://doi.org/10.1109/BTAS.2018.8698599

  41. Rocha, R., Carneiro, D., Novais, P.: Continuous authentication with a focus on explainability. Neurocomputing 423, 697–702 (2021). https://doi.org/10.1016/j.neucom.2020.02.122, https://www.sciencedirect.com/science/article/pii/S0925231220307323

  42. Roy, A., Halevi, T., Memon, N.: An hmm-based behavior modeling approach for continuous mobile authentication. In: 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 3789–3793 (2014). https://doi.org/10.1109/ICASSP.2014.6854310

  43. Samet, S., Ishraque, M.T., Ghadamyari, M., Kakadiya, K., Mistry, Y., Nakkabi, Y.: TouchMetric: a machine learning based continuous authentication feature testing mobile application. Int. J. Inf. Technol. 11(4), 625–631 (2019). https://doi.org/10.1007/s41870-019-00306-w

    Article  Google Scholar 

  44. Saravanan, P., Clarke, S., Chau, D.H.P., Zha, H.: LatentGesture: active user authentication through background touch analysis. In: Proceedings of the Second International Symposium of Chinese CHI, Chinese CHI 2014, pp. 110–113. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2592235.2592252

  45. Serwadda, A., Phoha, V.V., Wang, Z.: Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms. In: 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS), pp. 1–8 (2013). https://doi.org/10.1109/BTAS.2013.6712758

  46. Shen, C., Zhang, Y., Guan, X., Maxion, R.A.: Performance analysis of touch-interaction behavior for active smartphone authentication. IEEE Trans. Inf. Forensics Secur. 11(3), 498–513 (2016). https://doi.org/10.1109/TIFS.2015.2503258

    Article  Google Scholar 

  47. Sitová, Z., et al.: HMOG: new behavioral biometric features for continuous authentication of smartphone users. IEEE Trans. Inf. Forensics Secur. 11(5), 877–892 (2016). https://doi.org/10.1109/TIFS.2015.2506542

    Article  Google Scholar 

  48. Song, Y., Cai, Z., Zhang, Z.L.: Multi-touch authentication using hand geometry and behavioral information. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 357–372 (2017). https://doi.org/10.1109/SP.2017.54

  49. Syed, Z., Helmick, J., Banerjee, S., Cukic, B.: Touch gesture-based authentication on mobile devices: the effects of user posture, device size, configuration, and inter-session variability. J. Syst. Softw. 149, 158–173 (2019). https://doi.org/10.1016/j.jss.2018.11.017,https://www.sciencedirect.com/science/article/pii/S0164121218302516

  50. Volaka, H.C., Alptekin, G., Basar, O.E., Isbilen, M., Incel, O.D.: Towards continuous authentication on mobile phones using deep learning models. Procedia Comput. Sci. 155, 177–184 (2019). https://doi.org/10.1016/j.procs.2019.08.027, https://www.sciencedirect.com/science/article/pii/S187705091930941X, the 16th International Conference on Mobile Systems and Pervasive Computing (MobiSPC 2019), The 14th International Conference on Future Networks and Communications (FNC-2019), The 9th International Conference on Sustainable Energy Information Technology

  51. Wang, X., Yu, T., Mengshoel, O., Tague, P.: Towards continuous and passive authentication across mobile devices: an empirical study. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, pp. 35–45. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3098243.3098244

  52. Witten, I.H., Frank, E., Hall, M.A., Pal, C.J., DATA, M.: Practical machine learning tools and techniques. In: DATA MINING, vol. 2, p. 4 (2005)

    Google Scholar 

  53. Xu, H., Zhou, Y., Lyu, M.R.: Towards continuous and passive authentication via touch biometrics: an experimental study on smartphones. In: 10th Symposium On Usable Privacy and Security (SOUPS 2014), pp. 187–198. USENIX Association, Menlo Park, CA, July 2014. https://www.usenix.org/conference/soups2014/proceedings/presentation/xu

  54. Xu, X., et a;.: TouchPass: towards behavior-irrelevant on-touch user authentication on smartphones leveraging vibrations. In: Proceedings of the 26th Annual International Conference on Mobile Computing and Networking, MobiCom 2020, Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3372224.3380901

  55. Yang, Y., Guo, B., Wang, Z., Li, M., Yu, Z., Zhou, X.: Behavesense: continuous authentication for security-sensitive mobile apps using behavioral biometrics. Ad Hoc Netw. 84, 9–18 (2019). https://doi.org/10.1016/j.adhoc.2018.09.015, https://www.sciencedirect.com/science/article/pii/S1570870518306899

  56. Yang, Y., Clark, G.D., Lindqvist, J., Oulasvirta, A.: Free-form gesture authentication in the wild, pp. 3722–3735. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2858036.2858270

  57. Zhang, H., Patel, V.M., Fathy, M., Chellappa, R.: Touch gesture-based active user authentication using dictionaries. In: 2015 IEEE Winter Conference on Applications of Computer Vision, pp. 207–214 (2015). https://doi.org/10.1109/WACV.2015.35

  58. Zhao, X., Feng, T., Shi, W.: Continuous mobile authentication using a novel graphic touch gesture feature. In: 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS), pp. 1–6 (2013). https://doi.org/10.1109/BTAS.2013.6712747

  59. Zhao, X., Feng, T., Shi, W., Kakadiaris, I.A.: Mobile user authentication using statistical touch dynamics images. IEEE Trans. Inf. Forensics Secur. 9(11), 1780–1789 (2014). https://doi.org/10.1109/TIFS.2014.2350916

    Article  Google Scholar 

  60. Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: user verification on smartphones via tapping behaviors. In: 2014 IEEE 22nd International Conference on Network Protocols, pp. 221–232 (2014). https://doi.org/10.1109/ICNP.2014.43

Download references

Acknowledgments

This work was generously supported by a grant from the Engineering and Physical Sciences Research Council [grant number EP/P00881X/1].

Author information

Authors and Affiliations

  1. University of Oxford, Oxford, UK

    Martin Georgiev, Simon Eberz & Ivan Martinovic

Authors
  1. Martin Georgiev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Eberz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ivan Martinovic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Georgiev .

Editor information

Editors and Affiliations

  1. University of Aizu, Fukushima, Japan

    Chunhua Su

  2. Athens University of Economics and Business, Athens, Greece

    Dimitris Gritzalis

  3. Università degli Studi di Milano, Milan, Italy

    Vincenzo Piuri

Appendices

Abbreviations

  • AB - AdaBoost                    ACC - Accuracy

  • BN - Bayesian Network            ANGA - Average Number of Genuine Actions

  • CPANN - Counter Propagation Artificial Neural Network

  • DT - Decision Tree                 ANIA - Average Number of Impostor Actions

  • EE - Elliptic Envelop              AUC - Area Under Curve

  • ENS - Ensemble                   FAR - False Acceptance Rate

  • GB - Gradient Boosting           FRR - False Rejection Rate

  • HMM - Hidden Markov Models HTER - Half Total Error Rate

  • IF - Isolation Forest               ROC - Receiver Operating Characteristic

  • KDTGR - Kernel Dictionary-based Touch Gesture Recognition

  • KSRC - Kernel Sparse Representation-based Classification

  • LOF - Local Outlier Factor      NB - Naive Bayes

  • LR - Logistic Regression         NN - Neural Networks

  • OC-SVM - OneClass Support Vector Machine

  • PSO-RBFN - Particle Swarm Optimization Radial Basis Function Network

  • RC - Random Committee        RF - Random Forest

  • SM - Scaled Manhattan          SVM - Support Vector Machine

  • StrOUD - Strangeness based OUtlier Detection

  • kNN - k Nearest Neighbors

All Features

Table 7.

Table 7. Geometric features found in related work. “Perc.” stands for pecentile and “Std. Dev.” for standard deviation. Full details about each of the features can be found in the corresponding papers. Note that [42, 50, 57] use the same features as [20, 35] uses the same as [7] except they omit the mid-stroke pressure.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Georgiev, M., Eberz, S., Martinovic, I. (2022). Techniques for Continuous Touch-Based Authentication. In: Su, C., Gritzalis, D., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-21280-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-21279-6

  • Online ISBN: 978-3-031-21280-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics