Skip to main content

Advertisement

Springer Nature Link
Log in

Enhancing touch behavioral authentication via cost-based intelligent mechanism on smartphones

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Due to the popularity of smartphones, there is a great need to deploy appropriate authentication mechanisms to safeguard users’ sensitive data. Touch dynamics-based authentication has been developed to verify smartphone users and detect imposters. These schemes usually employ machine learning techniques to detect behavioral anomalies by comparing current behavioral actions with the stored normal model. However, we notice that machine learning classifiers often have an unstable performance, which would greatly reduce the system usability, i.e., causing a high false rejection. In this work, we are motivated by this challenge and design a cost-based intelligent mechanism that can choose a less costly algorithm for user authentication. In the evaluation, we conduct a user study with a total of 60 users to investigate the performance of our mechanism with a lightweight touch gesture-based scheme on smartphones. Experimental results demonstrate that our approach can help achieve a relatively higher and more stable authentication accuracy, as compared to the use of a sole classifier.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. http://www.cyanogenmod.com/

  2. A Beta version of our customized-Android OS can be downloaded from Sourceforge: https://sourceforge.net/projects/touchdynamicsauthentication/files/Android_OS/.

  3. https://play.google.com/store/apps/details?id=com.cpuid.cpu_z.

References

  1. Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM (2010) Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX conference on offensive technologies (WOOT). USENIX Association, Berkeley, pp 1–10

  2. Bergadano F, Gunetti D, Picardi C (2002) User authentication through keystroke dynamics. ACM Trans Inf Syst Secur 5(4):367–397

    Article  Google Scholar 

  3. Cahyani NDW, Martini B, Choo KKR, AKBP Muhammad Nuh Al-Azhar (2017) Forensic Data acquisition from cloud-of-things devices: windows Smartphones as a case study. Concurrency and Computation: Practice and Experience 29(14)

  4. Clarke NL, Furnell SM (2005) Telephones - a survey of attitudes and practices. Comput Secur 24(7):519–527

    Article  Google Scholar 

  5. Clarke NL, Furnell SM (2007) Authenticating mobile phone users using keystroke analysis. Int J Inf Secur 6(1):1–14

    Article  Google Scholar 

  6. Chang L (2015) Smartphone usage soars in US as other devices’ popularity declines. Available at: https://www.digitaltrends.com/mobile/us-smartphone-usage-soars/

  7. Dai J, Zhou J (2011) Multifeature-based high-Resolution Palmprint Recognition. IIEEE Trans Pattern Anal Mach Intell 33(5):945–957

    Article  Google Scholar 

  8. D’Orazio CJ, Choo KKR (2016) An adversary model to evaluate DRM protection of video contents on iOS devices. Comput Secur 56:94–110

    Article  Google Scholar 

  9. D’Orazio CJ, Choo KKR (2017) A technique to circumvent SSL/TLS validations on iOS devices. Futur Gener Comput Syst 74:366–374

    Article  Google Scholar 

  10. D’Orazio CJ, Choo KKR, Yang LT (2017) Data exfiltration from internet of things devices: iOS devices as case studies. IEEE Internet of Things Journal 4(2):524–535

    Article  Google Scholar 

  11. Dunphy P, Heiner AP, Asokan N (2010) A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the 6th symposium on usable privacy and security (SOUPS). ACM, New York, pp 1–12

  12. Feng T, Liu Z, Kwon K-A, Shi W, Carbunary B, Jiang Y, Nguyen N (2012) Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE conference on technologies for homeland security (HST). IEEE, USA, pp 451–456

  13. Fiorella D, Sanna A, Lamberti F (2010) Multi-touch user interface evaluation for 3D object manipulation on mobile devices. Journal on Multimodal User Interfaces 4(1):3–10

    Article  Google Scholar 

  14. Florencio D, Herley C (2007) A Large-Scale study of web password habits. In: Proceedings of the 16th international conference on world wide Web (WWW). ACM, New York, pp 657–s666

  15. Frank M, Biedert R, Ma E, Martinovic I, Song D (2013) Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forensics Secur 8(1):136–148

    Article  Google Scholar 

  16. Gaffney JE, Ulvila JW (2001) Evaluation of intrusion detectors: a decision theory approach. In: Proceedings of the 2001 IEEE symposium on security and privacy, pp 50–61

  17. Goel M, Wobbrock JO, Patel SN (2012) Gripsense: using built-in sensors to detect hand posture and pressure on commodity mobile phones. In: Proceedings of the 25th Annual ACM symposium on user interface software and technology (UIST). ACM, New York, pp 545–554

  18. Gong NZ, Moazzezi R, Payer M, Frank M (2016) Forgery-resistant touch-based authentication on mobile devices. In: Proceedings of the 11th ACM Asia conference on computer and communications security pp 499–510

  19. Gu G, Fogla P, Lee W, Skoric B (2006) Measuring intrusion detection capability: an information-theoretic approach. In: Proceedings of the 2006 ACM symposium on information, computer and communications security (ASIACCS). ACM, New York, pp 90–101

  20. IDC (2017) Smartphone OS Market Share. Q1. https://www.idc.com/promo/smartphone-market-share/os.

  21. Gunson N, Marshall D, McInnes F, Jack M (2011) Usability evaluation of voiceprint authentication in automated telephone banking: sentences versus digits. Interact Comput 23(1):57–69

    Article  Google Scholar 

  22. Karlson AK, Brush AB, Schechter S (2009) Can i borrow your phone?: understanding concerns when sharing mobile phones. In: Proceedings of the 27th international conference on human factors in computing systems (CHI). ACM, New York, pp 1647–1650

  23. Keith M, Shao B, Steinbart P (2007) The usability of passphrases for authentication: an empirical field study. Int J Hum Comput Stud 65(1):17–28

    Article  Google Scholar 

  24. Kim D, Dunphy P, Briggs P, Hook J, Nicholson JW, Nicholson J, Olivier P (2010) Multi-touch authentication on tabletops. In: Proceedings of the 28th international conference on human factors in computing systems (CHI). ACM, New York, pp 1093–1102

  25. Kotthoff L, Gent IP, Miguel I (2012) An evaluation of machine learning in algorithm selection for search problems. AI Commun 25(3):257–270

    Article  MathSciNet  Google Scholar 

  26. Lemos R (2002) Passwords: the weakest link? hackers can crack most in less than a minute. http://news.com/2009-1001-916719.html

  27. Li J, Liu Z, Chen X, Xhafa F, Tan X, Wong DS (2015) L-encDB: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl-Based Syst 79:18–26

    Article  Google Scholar 

  28. Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-Based Encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437

    Article  MathSciNet  Google Scholar 

  29. Li J, Yan H, Liu Z, Chen X, Huang X, Wong DS (2017) Location-Sharing Systems with enhanced privacy in mobile online social networks. IEEE Syst J 11 (2):439–448

    Article  Google Scholar 

  30. Li J, Zhang Y, Chen X, Xiang Y (2018) Secure attribute-based data sharing for resource-limited users in cloud computing. Comput Secur 72:1–12

    Article  Google Scholar 

  31. Maio D, Maltoni D, Wayman JL, Jain AK (2002) Fvc2000: Fingerprint verification competition. IEEE Trans Pattern Anal Mach Intell 24(3):402–412

    Article  Google Scholar 

  32. Meng Y, Kwok LF (2011) Adaptive false alarm filter using machine learning in intrusion detection. In: Proceedings of the 6th international conference on intelligent systems and knowledge engineering (ISKE), advances in intelligent and soft computing, Springer, pp 573–584

  33. Meng Y (2012) Measuring intelligent false alarm reduction using an ROC curve-based approach in network intrusion detection. In: Proceedings of the 2012 IEEE international conference on computational intelligence for measurement systems and applications (CIMSA), pp 108–113

  34. Meng Y, Wong DS, Schlegel R, Kwok LF (2012) Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Proceedings of the 8th China international conference on information security and cryptology (INSCRYPT). LNCS, Springer, Heidelberg, pp 331–350

  35. Meng Y, Wong DS, Kwok L. -F. (2014) Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones. In: Proceedings of the ACM symposium on applied computing, pp 1680–1687

  36. Meng W, Wong DS, Furnell S, Zhou J (2015) Surveying the development of biometric user authentication on mobile phones. IEEE Commun Surv Tutorials 17 (3):1268–1293

    Article  Google Scholar 

  37. Meng W (2016) Evaluating the effect of multi-touch behaviours on Android unlock patterns. Inf Comput Secur 24(3):277–287

    Article  Google Scholar 

  38. Meng W, Li W, Wong DS, Zhou J (2016) TMGUard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Proceedings of the 14th international conference on applied cryptography and network security (ACNS), pp 629–647

  39. Meng W, Li W, Jiang L, Meng L (2016) On multiple password interference of touch screen patterns and text passwords. In: Proceedings of ACM conference on human factors in computing systems, pp 4818–4822

  40. Meng W, Li W, Kwok L-F, Choo K-KR (2017) Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput Secur 65:213–229

    Article  Google Scholar 

  41. Millennial Media (2012) Mobile mix: the mobile device index. Available at: http://www.millennialmedia.com/research

  42. Mobile and NCSA (2012) Report on consumer behaviors and perceptions of mobile security. Available at: http://docs.nq.com/NQ_Mobile_Security_Survey_Jan2012.pdf

  43. Numabe Y, Nonaka H, Yoshikawa T (2009) Finger identification for touch panel operation using tapping fluctuation. In: Proceedings of the IEEE 13th international symposium on consumer electronics, pp 899–902

  44. Nguyen TV, Sae-Bae N, Memon N (2017) DRAW-A-PIN: authentication using finger-drawn PIN on touch devices. Comput Secur 66:115–128

    Article  Google Scholar 

  45. Pokharel S, Choo KKR, Liu J (2017) Mobile cloud security: an adversary model for lightweight browser security. Computer Standards & Interfaces 49:71–78

    Article  Google Scholar 

  46. Potharaju R, Newell A, Nita-Rotaru C, Zhang X (2012) Plagiarizing smartphone applications: attack strategies and defense techniques. In: Proceedings of the 2012 international symposium on engineering secure software and systems (ESSoS). LNCS, Springer, Heidelberg, pp 106–120

  47. Pusara M, Brodley CE (2004) User Re-Authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security (VizSEC/DMSEC). ACM, New York, pp 1–8

  48. Quick D, Choo KKR (2017) Pervasive social networking forensics: intelligence and evidence from mobile device extracts. J Netw Comput Appl 86:24–33

    Article  Google Scholar 

  49. Ranjan J, Whitehouse K (2016) Automatic authentication of smartphone touch interactions using smartwatch. In: Proceedings of the 2016 ACM international joint conference on pervasive and ubiquitous computing, pp 361–364

  50. Saevanee H, Bhattarakosol P (2009) Authenticating user using keystroke dynamics and finger pressure. In: Proceedings of the 6th IEEE conference on consumer communications and networking conference (CCNC). IEEE Press, USA, pp 1078–1079

  51. Sae-Bae N, Memon N, Isbister K, Ahmed K (2014) Multitouch gesture-based authentication. IEEE Trans Inf Forensics Secur 9(4):568–582

    Article  Google Scholar 

  52. Smith-Creasey M, Rajarajan M (2016) A continuous user authentication scheme for mobile devices. In: Proceedings of the 14th annual conference on privacy, security and trust (PST), pp 104–113

  53. Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the 2010 IEEE Symp on security and privacy, pp 305–316

  54. Song Y, Cai Z, Zhang Z. -L. (2017) Multi-touch authentication using hand geometry and behavioral information. In: Proceedings of IEEE symposium on security and privacy, pp 357–372

  55. Schaub F, Deyhle R, Weber M (2012) Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In: Proceedings of the 11th international conference on mobile and ubiquitous multimedia (MUM). ACM, New York, pp 1–10

  56. Schmid NA, Ketkar MV, Singh H, Cukic B (2006) Performance analysis of iris-based identification system at the matching score level. IEEE Trans Inf Forensics Secur 1(2):154–168

    Article  Google Scholar 

  57. Shahzad M, Liu AX, Samuel A (2017) Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans Mob Comput 16 (10):2726–2741

    Article  Google Scholar 

  58. Sharma V, Enbody R (2017) User authentication and identification from user interface interactions on touch-enabled devices. In: Proceedings of the 10th ACM conference on security and privacy in wireless and mobile networks (WiSec), pp 1–11

  59. Shabtai A, Fledel Y, Kanonov U, Elovici Y, Dolev S, Glezer C (2010) Google Android: a Comprehensive Security Assessment. IEEE Secur Priv 8(2):35–44

    Article  Google Scholar 

  60. Tari F, Ozok AA, Holden SH (2006) A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the 2nd symposium on usable privacy and security (SOUPS). ACM, New York, pp 56–66

  61. Temper M, Tjoa S, Kaiser M (2015) Touch to authenticate - continuous biometric authentication on mobile devices. In: Proceedings of the 2015 international conference on software security and assurance (ICSSA), pp 30–35

  62. The PS, Zhang N, Teoh ABJ, Chen K (2015) Recognizing your touch: towards strengthening mobile device authentication via touch dynamics integration. In: Proceedings of the 13th international conference on advances in mobile computing and multimedia (MoMM), pp 108–116

  63. Trewin S, Swart C, Koved L, Martino J, Singh K, Ben-David S (2012) Biometric authentication on a mobile device: a study of user effort, error and task disruption. In: Proceedings of the 28th annual computer security applications conference (ACSAC), pp 159–168

  64. Van Thanh D (2000) Security issues in mobile eCommerce. In: Proceedings of the 11th international workshop on database and expert systems applications (DEXA). IEEE, USA, pp 412–425

  65. Wallace R, McLaren M, McCool C, Marcel S (2012) Cross-pollination of normalisation techniques from speaker to face authentication using gaussian mixture models. IEEE Trans Inf Forensics Secur 7(2):553–562

    Article  Google Scholar 

  66. The University of Waikato. WEKA-Waikato Environment for Knowledge Analysis. Available at: http://www.cs.waikato.ac.nz/ml/weka/

  67. Yan J, Blackwell A, Anderson R, Grant A (2004) Password memorability and security: empirical results. IEEE Secur Priv 2(5):25–31

    Article  Google Scholar 

  68. Zahid S, Shahzad M, Khayam SA, Farooq M (2009) Keystroke-based user identification on smart phones. In: Proceedings of RAID, lecture notes in computer science, Springer, pp 224–243

  69. Zhao X, Feng T, Shi W, Kakadiaris IA (2014) Mobile user authentication using statistical touch dynamics images. IEEE Trans Inf Forensics Secur 9(11):1780–1789

    Article  Google Scholar 

  70. Zheng N, Bai K, Huang H, Wang H (2014) You are how you touch: user verification on smartphones via tapping behaviors. In: Proceedings of the 2014 international conference on network protocols (ICNP), pp 221–232

Download references

Acknowledgements

The authors would like to thank all participants for their work in the user study.

Author information

Authors and Affiliations

  1. DTU Compute, Technical University of Denmark, Anker Engelunds Vej 1, Lyngby, Denmark

    Weizhi Meng

  2. Department of Computer Science, City University of Hong Kong, Tat Chee Avenue, Kowloon, Hong Kong

    Wenjuan Li

  3. Hong Kong Applied Science and Technology Research Institute, Shatin, Hong Kong

    Duncan S. Wong

Authors
  1. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Duncan S. Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Meng, W., Li, W. & Wong, D.S. Enhancing touch behavioral authentication via cost-based intelligent mechanism on smartphones. Multimed Tools Appl 77, 30167–30185 (2018). https://doi.org/10.1007/s11042-018-6094-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-018-6094-2

Keywords

Search

Navigation