research-article

Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones

Authors:

Duncan S. Wong,

Lam-For KwokAuthors Info & Claims

SAC '14: Proceedings of the 29th Annual ACM Symposium on Applied Computing

Pages 1680 - 1687

https://doi.org/10.1145/2554850.2554931

Published: 24 March 2014 Publication History

Abstract

Behavioral-biometric based authentication schemes on mobile phones usually begin by establishing a normal-behavioral model using machine learning classifiers and then identify behavioral anomalies through comparing current behavioral events with the established model. If an anomaly is detected, this kind of schemes will require the user for validation (i.e., input correct PIN). In this paper, we first propose a lightweight touch-dynamics-based user authentication scheme on a touchscreen mobile phone, which consists of only 8 touch-gesture related features. In addition, we further design an adaptive mechanism that can periodically select a better classifier to maintain the authentication accuracy during user authentication. As a study, we implement a cost-based metric that enables this mechanism to choose a less costly classifier. In the evaluation, the experimental results of involving 50 participants indicate that our proposed user authentication scheme can achieve an average error rate of 2.46% and that the adaptive mechanism can maintain the authentication accuracy at a relatively stable level.

References

[1]

F. Bergadano, D. Gunetti and C. Picardi, "User Authentication through Keystroke Dynamics," ACM Transactions on Information and System Security 5(4), 367--397, 2002.

Digital Library

[2]

N. L. Clarke and S. M. Furnell, "Authenticating Mobile Phone Users Using Keystroke Analysis," International Journal of Information Security 6(1), 1--14, 2007.

Digital Library

[3]

T. Feng, Z. Liu, K.-A. Kwon, W. Shi, B. Carbunary, Y. Jiang, and N. Nguyen, "Continuous mobile authentication using touchscreen gestures," Proc. the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451--456, IEEE, USA, 2012.

[4]

D. Fiorella, A. Sanna, and F. Lamberti, "Multi-touch User Interface Evaluation for 3D Object Manipulation on Mobile Devices," Journal on Multimodal User Interfaces 4(1), 3--10, 2010.

[5]

M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song, "Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication," IEEE Transactions on Information Forensics and Security 8(1), 136--148, 2013.

Digital Library

[6]

J. E. Gaffney and J. W. Ulvila, "Evaluation of intrusion detectors: A decision theory approach," Proc. of the 2001 IEEE Symposium on Security and Privacy, pp. 50--61, May 2001.

Digital Library

[7]

M. Goel, J. O. Wobbrock, and S. N. Patel, "GripSense: Using Built-In Sensors to Detect Hand Posture and Pressure on Commodity Mobile Phones," Proc. the 25th Annual ACM symposium on User Interface Software and Technology (UIST), pp. 545--554, ACM New York, NY, USA, 2012.

Digital Library

[8]

G. Gu, P. Fogla, W. Lee, and B. Skoric, "Measuring intrusion detection capability: an information-theoretic approach," Proc. the 2006 ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 90--101, ACM New York, NY, USA, 2006.

Digital Library

[9]

A. K. Karlson, A. B. Brush, and S. Schechter, "Can I Borrow Your Phone?: Understanding Concerns When Sharing Mobile Phones," Proc. the 27th International Conference on Human Factors in Computing Systems (CHI), pp. 1647--1650, ACM, New York, USA, 2009.

Digital Library

[10]

D. Kim, P. Dunphy, P. Briggs, J. Hook, J. W. Nicholson, J. Nicholson, and P. Olivier, "Multi-Touch Authentication on Tabletops," Proc. the 28th International Conference on Human Factors in Computing Systems (CHI), pp. 1093--1102, ACM, New York, USA, 2010.

Digital Library

[11]

J. Koetsier, MobileBeat: Android captured almost 70% global smartphone market share in 2012, Apple just under 20%. (January 2013) Available at: http://venturebeat.com/2013/01/28/android-captured-almost-70-global-smartphone-market-share-in-2012-apple-just-under-20/

[12]

L. Kotthoff, I. P. Gent, and I. Miguel, "An Evaluation of Machine Learning in Algorithm Selection for Search Problems," AI Communications 25(3), 257--270, 2012.

Digital Library

[13]

D. Lee, The state of the touch-screen panel market in 2011. (January 2013) Available at: http://www.walkermobile.com/March_2011_ID_State_of_the_Touch_Screen_Market.pdf

[14]

McAfee And Carnegie Mellon University. Mobility and Security: Dazzling Opportunities, profound challenges. May 2011. Available at: http://www.mcafee.com/mobilesecurityreport

[15]

Y. Meng, "Measuring Intelligent False Alarm Reduction Using an ROC Curve-based Approach in Network Intrusion Detection," Proc. the 2012 IEEE International Conference on Computational Intelligence for Measurement Systems and Applications (CIMSA), pp. 108--113, 2012.

[16]

Y. Meng, D. S. Wong, R. Schlegel, and L.-F. Kwok, "Touch Gestures Based Biometric Authentication Scheme for Touchscreen Mobile Phones," Proc. the 8th China International Conference on Information Security and Cryptology (INSCRYPT), pp. 331--350, LNCS, Springer, Heidelberg, 2012.

[17]

Millennial Media. Mobile mix: The mobile device index. (2012) Available at: http://www.millennialmedia.com/research

[18]

Mobile and NCSA. Report on Consumer Behaviors and Perceptions of Mobile Security. (January 2012) Available at: http://docs.nq.com/NQ_Mobile_Security_Survey_Jan2012.pdf

[19]

Y. Numabe, H. Nonaka, and T. Yoshikawa, "Finger Identification for Touch Panel Operation using Tapping Fluctuation," Proc. the 13th IEEE International Symposium on Consumer Electronics, pp. 899--902, 2009.

[20]

R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang, "Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques," Proc. the 2012 International Symposium on Engineering Secure Software and Systems (ESSoS), pp. 106--120, LNCS, Springer, Heidelberg, 2012.

Digital Library

[21]

M. Pusara and C. E. Brodley, "User Re-Authentication via Mouse Movements," Proc. the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), pp. 1--8, ACM, New York, USA, 2004.

Digital Library

[22]

H. Saevanee and P. Bhattarakosol, "Authenticating User Using Keystroke Dynamics and Finger Pressure," Proc. the 6th IEEE Conference on Consumer Communications and Networking Conference (CCNC), pp. 1078--1079, IEEE Press, USA, 2009.

Digital Library

[23]

A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer, "Google Android: A Comprehensive Security Assessment," IEEE Security Privacy 8(2), 35--44, March-April 2010.

Digital Library

[24]

Symantec Enterprise: Norton Survey Reveals One in Three Experience Cell Phone Loss, Theft. (February 2011) Available at: http://www.symantec.com/about/news/release/article.jsp?prid=20110208_01

[25]

D. Van Thanh, "Security Issues in Mobile eCommerce," Proc. the 11th International Workshop on Database and Expert Systems Applications (DEXA), pp. 412--425, IEEE, USA, 2000.

Digital Library

[26]

The University of Waikato. WEKA-Waikato Environment for Knowledge Analysis. Available at: http://www.cs.waikato.ac.nz/ml/weka/

[27]

S. Zahid, M. Shahzad, S. A. Khayam, and M. Farooq, "Keystroke-based User Identification on Smart Phones," Proc. the 12th International Symposium Recent Advances in Intrusion Detection (RAID), pp. 224--243, LNCS, Springer, Heidelberg, 2009.

Digital Library

Cited By

Sharp JWilliams AWomack BRoy ADasgupta DFarkas C(2024)WIPP - Smart Authentication: Contextual Strategies for Dynamic User Verification2024 Resilience Week (RWS)10.1109/RWS62797.2024.10799241(1-10)Online publication date: 3-Dec-2024
https://doi.org/10.1109/RWS62797.2024.10799241
DeRidder ZSiddiqui NReither TDave RPelto BVanamala MSeliya N(2022)Continuous User Authentication Using Machine Learning and Multi-finger Mobile Touch Dynamics with a Novel Dataset2022 9th International Conference on Soft Computing & Machine Intelligence (ISCMI)10.1109/ISCMI56532.2022.10068450(42-46)Online publication date: 26-Nov-2022
https://doi.org/10.1109/ISCMI56532.2022.10068450
Georgiev MEberz SMartinovic I(2022)Techniques for Continuous Touch-Based AuthenticationInformation Security Practice and Experience10.1007/978-3-031-21280-2_23(409-431)Online publication date: 23-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-21280-2_23
Show More Cited By

Index Terms

Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interaction devices
      1. Touch screens
2. Security and privacy
  1. Security services
    1. Access control
    2. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

A New Dynamic ID-Based User Authentication Scheme Using Mobile Device: Cryptanalysis, the Principles and Design

The remote user authentication scheme is an important security technology, which provides authentication service before a user accesses the service provided by the remote server. In this paper, we analyze the security and design flaws of a recently ...
An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures

As a smart phone becomes a daily necessity, mobile services are springing up. A mobile user should be authenticated and authorized before accessing these mobile services. Generally, mobile user authentication is a method which is used to validate the ...
Remarks on fingerprint-based remote user authentication scheme using smart cards

In 2002, Lee, Ryu, and Yoo proposed a fingerprint-based remote user authentication scheme using smart cards. The scheme makes it possible for authenticating the legitimacy of each login user without any password table. In addition, the authors claimed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '14: Proceedings of the 29th Annual ACM Symposium on Applied Computing

March 2014

1890 pages

ISBN:9781450324694

DOI:10.1145/2554850

Conference Chairs:
Yookun Cho
Seoul National University, Korea
,
Sung Y. Shin
South Dakota State University
,
Program Chairs:
Sangwook Kim
Kyungpook National University, Korea
,
Chih-Cheng Hung
Southern Polytechnic State University
,
Jiman Hong
Soongsil University, South Korea

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 March 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2014

Sponsor:

SIGAPP

SAC 2014: Symposium on Applied Computing

March 24 - 28, 2014

Gyeongju, Republic of Korea

Acceptance Rates

SAC '14 Paper Acceptance Rate 218 of 939 submissions, 23%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
627
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sharp JWilliams AWomack BRoy ADasgupta DFarkas C(2024)WIPP - Smart Authentication: Contextual Strategies for Dynamic User Verification2024 Resilience Week (RWS)10.1109/RWS62797.2024.10799241(1-10)Online publication date: 3-Dec-2024
https://doi.org/10.1109/RWS62797.2024.10799241
DeRidder ZSiddiqui NReither TDave RPelto BVanamala MSeliya N(2022)Continuous User Authentication Using Machine Learning and Multi-finger Mobile Touch Dynamics with a Novel Dataset2022 9th International Conference on Soft Computing & Machine Intelligence (ISCMI)10.1109/ISCMI56532.2022.10068450(42-46)Online publication date: 26-Nov-2022
https://doi.org/10.1109/ISCMI56532.2022.10068450
Georgiev MEberz SMartinovic I(2022)Techniques for Continuous Touch-Based AuthenticationInformation Security Practice and Experience10.1007/978-3-031-21280-2_23(409-431)Online publication date: 23-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-21280-2_23
Nam HSeol KLee JCho HJung S(2021)Review of Capacitive Touchscreen Technologies: Overview, Research Trends, and Machine Learning ApproachesSensors10.3390/s2114477621:14(4776)Online publication date: 13-Jul-2021
https://doi.org/10.3390/s21144776
Hussein O(2021)A Proposed Approach to Secure Automated Teller Machine-Based Financial Transactions2021 Tenth International Conference on Intelligent Computing and Information Systems (ICICIS)10.1109/ICICIS52592.2021.9694249(236-242)Online publication date: 5-Dec-2021
https://doi.org/10.1109/ICICIS52592.2021.9694249
Zaidi AChong CJin ZParthiban RSadiq A(2021)Touch-based continuous mobile device authenticationJournal of Network and Computer Applications10.1016/j.jnca.2021.103162191:COnline publication date: 1-Oct-2021
https://dl.acm.org/doi/10.1016/j.jnca.2021.103162
Siddiqui NPryor LDave R(2021)User Authentication Schemes Using Machine Learning Methods—A ReviewProceedings of International Conference on Communication and Computational Technologies10.1007/978-981-16-3246-4_54(703-723)Online publication date: 24-Aug-2021
https://doi.org/10.1007/978-981-16-3246-4_54
Bhatt GBhushan B(2020)A Comprehensive Survey on various Security Authentication Schemes for Mobile Touch Screen2020 IEEE 9th International Conference on Communication Systems and Network Technologies (CSNT)10.1109/CSNT48778.2020.9115731(248-253)Online publication date: Apr-2020
https://doi.org/10.1109/CSNT48778.2020.9115731
Bello AChiroma HGital AGabralla LAbdulhamid SShuib L(2020)Machine learning algorithms for improving security on touch screen devices: a survey, challenges and new perspectivesNeural Computing and Applications10.1007/s00521-020-04775-0Online publication date: 17-Feb-2020
https://doi.org/10.1007/s00521-020-04775-0
Hriez SObeid NAwajan AHoballah IZeineddine HAljawarneh SLara J(2019)User authentication on smartphones using keystroke dynamicsProceedings of the Second International Conference on Data Science, E-Learning and Information Systems10.1145/3368691.3368725(1-4)Online publication date: 2-Dec-2019
https://dl.acm.org/doi/10.1145/3368691.3368725
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten