Abstract
Recent advances in sensing and wireless communication technologies have led to an explosion in the use of touch-screen mobile devices such as smartphones and tablets in mobile commerce and other daily work and life activities. These activities have resulted in more and more private and sensitive information stored on those devices. Therefore, improving the security of mobile devices by effective user authentication to prevent unauthorized information access becomes an imminent task. Mobile user authentication refers to the process of checking a user’s identity and verifying whether he/she is authorized to access a device. Due to the increasing incidence of mobile phones getting lost, stolen, or snatched while being used by the owner, continuous user authentication (CUA) after logging in a mobile device has attracted increasing attention. Prior research has shown that traditional password authentication is insufficient or ineffective for CUA. Despite the recent research progress in CUA, many existing methods are explicit by nature in that they require users to perform specific operations, which can cause interruptions to users’ ongoing activities or may be easily learned from observation by others. In this research, we propose a new touch dynamics based approach to CUA on touch screen mobile devices that authenticates users while they are interacting with mobile devices. Touch dynamics, which is rich in cognitive quality and unique to individuals, has yet to be explored for implicit CUA. We conducted a longitudinal study to evaluate the proposed mobile CUA approach. The results demonstrate that our method can improve the security of CUA for touch screen mobile devices. The findings have significant implications for the security and adoption of m-commerce.
References
Bhatti, T.: Exploring factors influencing the adoption of mobile commerce. J. Int. Bank. Commer. 12, 1–13 (2007)
Abdulhakim, A., Abdul, M.: Touch gesture authentication framework for touch screen mobile devices. J. Theor. Appl. Inf. Technol. 62, 493–498 (2014)
Patel, V.M., Chellappa, R., Chandra, D., Barbello, B.: Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Sig. Process. Mag. 33, 49–61 (2016)
Preuveneers, D., Joosen, W.: SmartAuth: dynamic context fingerprinting for continuous user authentication. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 2185–2191. ACM, Salamanca, Spain (2015)
Karnan, M., Akila, M.: Identity authentication based on keystroke dynamics using genetic algorithm and particle swarm optimization. In: 2nd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2009, pp. 203–207 (2009)
Crawford, H., Renaud, K.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manag. 1, 1–28 (2014)
Al-Rubaie, M., Chang, J.M.: Reconstruction attacks against mobile-based continuous authentication systems in the cloud. IEEE Trans. Inf. Forensics Secur. 11, 2648–2663 (2016)
Hadid, A., Heikkila, J.Y., Silven, O., Pietikainen, M.: Face and eye detection for person authentication in mobile phones. In: 2007 First ACM/IEEE International Conference on Distributed Smart Cameras, pp. 101–108 (2007)
Kim, D.J., Chung, K.W., Hong, K.S.: Person authentication using face, teeth and voice modalities for mobile device security. IEEE Trans. Consum. Electron. 56, 2678–2685 (2010)
Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Secur. Priv. 1, 33–42 (2003)
Qinghan, X.: Security issues in biometric authentication. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 8–13 (2005)
Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 15. USENIX Association, Bellevue, WA (2012)
Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_9
Li, F., Clarke, N., Papadaki, M., Dowland, P.: Misuse detection for mobile devices using behaviour profiling. Int. J. Cyber Warf. Terror. (IJCWT) 1, 41–53 (2011)
Feng, T., Liu, Z., Kwon, K.A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456 (2012)
Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8, 136–148 (2013)
Feng, T., Zhao, X., Carbunar, B., Shi, W.: Continuous mobile authentication using virtual key typing biometrics. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE Computer Society, Los Alamitos, CA, USA; Melbourne, VIC, Australia. Country of Publication: USA. (2013)
Sae-Bae, N., Ahmed, K., Isbister, K., Memon, N.: Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 977–986. ACM (2012)
Scheibel, J.-B., Pierson, C., Martin, B., Godard, N., Fuccella, V., Isokoski, P.: Virtual stick in caret positioning on touch screens. In: Proceedings of the 25th IEME Conference Francophone on l’Interaction Homme-Machine, pp. 107–114. ACM, Talence, France (2013)
Lai, J., Zhang, D.: A study of direction’s impact on single-handed thumb interaction with touch-screen mobile phones. In: CHI 2014 Extended Abstracts on Human Factors in Computing Systems, pp. 2311–2316. ACM, Toronto, Ontario, Canada (2014)
Trojahn, M., Ortmeier, F.: Toward mobile authentication with keystroke dynamics on mobile phones and tablets. In: 2013 Workshops of 27th International Conference on Advanced Information Networking and Applications (WAINA). IEEE Computer Society, Los Alamitos, CA, USA; Barcelona, Spain, USA (2013)
Mingers, J.: An empirical comparison of pruning methods for decision tree induction. Mach. Learn. 4, 227–243 (1989)
Zhang, H.: The optimality of naive bayes, In: Barr, V., Markov, Z., (eds.) FLAIRS Conference, AAAI Press (2004)
Smola, A., Schölkopf, B.: A tutorial on support vector regression. Stat. Comput. 14, 199–222 (2004)
Zhou, L., Burgoon, J.K., Twitchell, D.P., Qin, T., Nunamaker Jr., J.F.: A Comparison of classification methods for predicting deception in computer-mediated communication. J. Manage. Inf. Syst. 20, 139–166 (2004)
Meng, Y., Wong, Duncan S., Schlegel, R., Kwok, L.-f.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38519-3_21
Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)
Geurts, P., Ernst, D., Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63, 3–42 (2006)
Freund, Y., Schapire, Robert E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: Vitányi, P. (ed.) EuroCOLT 1995. LNCS, vol. 904, pp. 23–37. Springer, Heidelberg (1995). doi:10.1007/3-540-59119-2_166
Zhu, J., Zou, H., Rosset, S., Hastie, T.: Multi-class adaboost. Stat. Interface 2, 349–360 (2009)
Sen, S., Muralidharan, K.: Putting ‘pressure’on mobile authentication. In: 2014 Seventh International Conference on Mobile Computing and Ubiquitous Networking (ICMU), pp. 56–61. IEEE (2014)
Hwang, S.-S., Cho, S., Park, S.: Keystroke dynamics-based authentication for mobile devices. Comput. Secur. 28, 85–93 (2009)
Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13, 319–340 (1989)
MacKenzie, I.S., Soukoreff, R.W., Helga, J.: 1 thumb, 4 buttons, 20 words per minute: design and evaluation of H4-writer. In: Proceedings of the 24th Annual ACM Symposium on User Interface Software and Technology, pp. 471–480. ACM, Santa Barbara, California, USA (2011)
Isokoski, P., Raisamo, R.: Device independent text input: a rationale and an example. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 76–83. ACM, Palermo, Italy (2000)
Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: Prasad, R., Farkas, K., Schmidt, Andreas U., Lioy, A., Russello, G., Luccio, Flaminia L. (eds.) MobiSec 2011. LNICSSITE, vol. 94, pp. 13–24. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30244-2_2
Banovic, N., Yatani, K., Truong, K.: Escape-keyboard: a sight-free one-handed text entry method for mobile touch-screen devices. Int. J. Mob. Hum. Comput. Interact. 5(3), 42–61 (2013)
Acknowledgements
This research was supported in part by the National Science Foundation (SES-152768, IIS-1250395, CNS 1704800). Any opinions, findings or recommendations expressed here are those of the authors and are not necessarily those of the sponsor of this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zhang, D., Kang, Y., Zhou, L., Lai, J. (2017). Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce. In: Fan, M., Heikkilä, J., Li, H., Shaw, M., Zhang, H. (eds) Internetworked World. WEB 2016. Lecture Notes in Business Information Processing, vol 296. Springer, Cham. https://doi.org/10.1007/978-3-319-69644-7_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-69644-7_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69643-0
Online ISBN: 978-3-319-69644-7
eBook Packages: Computer ScienceComputer Science (R0)