skip to main content
research-article

Listen to Your Fingers: User Authentication Based on Geometry Biometrics of Touch Gesture

Published: 04 September 2020 Publication History

Abstract

Inputting a pattern or PIN code on the touch screen is a popular method to prevent unauthorized access to mobile devices. However, these sensitive tokens are highly susceptible to being inferred by various types of side-channel attacks, which can compromise the security of the private data stored in the device. This paper presents a second-factor authentication method, TouchPrint, which relies on the user's hand posture shape traits (dependent on the individual different posture type and unique hand geometry biometrics) when the user inputs PIN or pattern. It is robust against the behavioral variability of inputting a passcode and places no restrictions on input manner (e.g., number of the finger touching the screen, moving speed, or pressure). To capture the spatial characteristic of the user's hand posture shape when input the PIN or pattern, TouchPrint performs active acoustic sensing to scan the user's hand posture when his/her finger remains static at some reference positions on the screen (e.g., turning points for the pattern and the number buttons for the PIN code), and extracts the multipath effect feature from the echo signals reflected by the hand. Then, TouchPrint fuses with the spatial multipath feature-based identification results generated from the multiple reference positions to facilitate a reliable and secure MFA system. We build a prototype on smartphone and then evaluate the performance of TouchPrint comprehensively in a variety of scenarios. The experiment results demonstrate that TouchPrint can effectively defend against the replay attacks and imitate attacks. Moreover, TouchPrint can achieve an authentication accuracy of about 92% with only ten training samples.

Supplementary Material

chen (chen.zip)
Supplemental movie, appendix, image and software files for, Listen to Your Fingers: User Authentication Based on Geometry Biometrics of Touch Gesture

References

[1]
Mohammed H AlSharif, Mohamed Saad, Mohamed Siala, Tarig Ballal, Hatem Boujemaa, and Tareq Y Al-Naffouri. 2017. Zadoff-chu coded ultrasonic signal for accurate range estimation. In 2017 25th European Signal Processing Conference (EUSIPCO). IEEE, 1250--1254.
[2]
S Abhishek Anand, Prakash Shrestha, and Nitesh Saxena. 2015. Bad sounds good sounds: Attacking and defending tap-based rhythmic passwords using acoustic signals. In International Conference on Cryptology and Network Security. Springer, 95--110.
[3]
Cheng Bo, Lan Zhang, Xiang-Yang Li, Qiuyuan Huang, and Yu Wang. 2013. Silentsense: silent user identification via touch and movement behavioral biometrics. In Proceedings of the 19th annual international conference on Mobile computing and networking (MOBICOM). ACM, 187--190.
[4]
Yetong Cao, Qian Zhang, Fan Li, Song Yang, and Yu Wang. 2020. PPGPass: Nonintrusive and Secure Mobile Two-Factor Authentication via Wearables. In Proceedings of IEEE 39th Conference on Computer Communications (INFOCOM).
[5]
Géry Casiez, Thomas Pietrzak, Damien Marchal, Sébastien Poulmane, Matthieu Falce, and Nicolas Roussel. 2017. Characterizing latency in touch and button-equipped interactive systems. In Proceedings of the 30th Annual ACM Symposium on User Interface Software and Technology (UIST). ACM, 29--39.
[6]
Huijie Chen, Fan Li, and Yu Wang. 2017. EchoTrack: Acoustic Device-free Hand Tracking on Smart Phones. In 2017 IEEE Conference on Computer Communications (INFOCOM). IEEE, 1422--1430.
[7]
Huijie Chen, Fan Li, and Yu Wang. 2018. SoundMark: Accurate indoor localization via peer-assisted dead reckoning. IEEE Internet of Things Journal 5, 6 (2018), 4803--4815.
[8]
Haritabh Gupta, Shamik Sural, Vijayalakshmi Atluri, and Jaideep Vaidya. 2018. A side-channel attack on smartphones: Deciphering key taps using built-in microphones. Journal of Computer Security 26, 2 (2018), 255--281.
[9]
Fan Li, Huijie Chen, Xiaoyu Song, Qian Zhang, Youqi Li, and Yu Wang. 2017. CondioSense: high-quality context-aware service for audio sensing system via active sonar. Personal and Ubiquitous Computing 21, 1 (2017), 17--29.
[10]
Fan Li, Xiuxiu Wang, Huijie Chen, Kashif Sharif, and Yu Wang. 2017. ClickLeak: Keystroke Leaks Through Multimodal Sensors in Cyber-Physical Social Networks. IEEE Access 5 (2017), 27311?27321.
[11]
Xiaopeng Li, Fengyao Yan, Fei Zuo, Qiang Zeng, and Lannan Luo. 2019. Touch Well Before Use: Intuitive and Secure Authentication for IoT Devices. In The 25th Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 1--17.
[12]
Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015. Snooping keystrokes with mm-level audio ranging on a single phone. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 142--154.
[13]
Yang Liu and Zhenjiang Li. 2018. Aleak: Privacy leakage through context-free wearable side-channel. In IEEE Conference on Computer Communications (INFOCOM). IEEE, 1232--1240.
[14]
Li Lu and Yongshuai Liu. 2015. Safeguard: User reauthentication on smartphones via behavioral biometrics. IEEE Transactions on Computational Social Systems 2, 3 (2015), 53--64.
[15]
Li Lu, Jiadi Yu, Yingying Chen, Hongbo Liu, Yanmin Zhu, Yunfei Liu, and Minglu Li. 2018. Lippass: Lip reading-based user authentication on smartphones leveraging acoustic signals. In IEEE Conference on Computer Communications (INFOCOM). IEEE, 1466--1474.
[16]
Li Lu, Jiadi Yu, Yingying Chen, Yanmin Zhu, Xiangyu Xu, Guangtao Xue, and Minglu Li. 2019. KeyLiSterber: Inferring Keystrokes on QWERTY Keyboard of Touch Screen through Acoustic Signals. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications (INFOCOM). IEEE, 775--783.
[17]
Yan Meng, Jinlei Li, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2019. Revealing Your Mobile Password via WiFi Signals: Attacks and Countermeasures. IEEE Transactions on Mobile Computing 19, 2 (2019), 432--449.
[18]
Abena Primo, Vir V Phoha, Rajesh Kumar, and Abdul Serwadda. 2014. Context-aware active authentication using smartphone accelerometer measurements. In Proceedings of the IEEE conference on computer vision and pattern recognition workshops. IEEE, 98--105.
[19]
Raul Sanchez-Reillo, Carmen Sanchez-Avila, and Ana Gonzalez-Marcos. 2000. Biometric identification through hand geometry measurements. IEEE Transactions on pattern analysis and machine intelligence 22, 10 (2000), 1168--1171.
[20]
Yunpeng Song, Zhongmin Cai, and Zhi-Li Zhang. 2017. Multi-touch authentication using hand geometry and behavioral information. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 357--372.
[21]
Ke Sun, Ting Zhao, Wei Wang, and Lei Xie. 2018. Vskin: Sensing touch gestures on surfaces of mobile devices using acoustic signals. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 591--605.
[22]
TSYS. 2018. U.S. Consumer Payment Study. (2018). https://www.tsys.com/Assets/TSYS/downloads/rs_2018-us-consumer-payment-study.pdf/, Accessed November 10, 2019.
[23]
Yu-Chih Tung and Kang G Shin. 2015. EchoTag: accurate infrastructure-free indoor location tagging with smartphones. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 525--536.
[24]
Chen Wang, Xiaonan Guo, Yan Wang, Yingying Chen, and Bo Liu. 2016. Friend or foe?: Your wearable devices reveal your personal pin. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, 189--200.
[25]
Chen Wang, Jian Liu, Xiaonan Guo, Yan Wang, and Yingying Chen. 2019. WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications. IEEE, 2071--2079.
[26]
He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. 2015. Mole: Motion leaks through smartwatch sensors. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 155--166.
[27]
Junjue Wang, Kaichen Zhao, Xinyu Zhang, and Chunyi Peng. 2014. Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (MOBISYS). ACM, 14--27.
[28]
Yanwen Wang, Jiaxing Shen, and Yuanqing Zheng. 2020. Push the Limit of Acoustic Gesture Recognition. In IEEE Conference on Computer Communications (INFOCOM). IEEE, 1--10.
[29]
Xiangyu Xu, Jiadi Yu, Yingying Chen, Qin Hua, Yanmin Zhu, Yi-Chao Chen, and Minglu Li. 2020. TouchPass: towards behavior-irrelevant on-touch user authentication on smartphones leveraging vibrations. In Proceedings of the 26th Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 1--13.
[30]
Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, and Zheng Wang. 2017. Cracking Android pattern lock in five attempts. In Proceedings 2017 Network and Distributed System Security Symposium (NDSS).
[31]
Huanle Zhang, Wan Du, Pengfei Zhou, Mo Li, and Prasant Mohapatra. 2016. DopEnc: acoustic-based encounter profiling using smartphones. In Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking (MobiCom). ACM, 294--307.
[32]
Huanle Zhang, Wan Du, Pengfei Zhou, Mo Li, and Prasant Mohapatra. 2017. An acoustic-based encounter profiling system. IEEE Transactions on Mobile Computing 17, 8 (2017), 1750--1763.
[33]
Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. 2014. You are how you touch: User verification on smartphones via tapping behaviors. In 2014 IEEE 22nd International Conference on Network Protocols (ICNP). IEEE, 221--232.
[34]
Bing Zhou, Jay Lohokare, Ruipeng Gao, and Fan Ye. 2018. EchoPrint: Two-factor Authentication using Acoustics and Vision on Smartphones. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (MOBICOM). ACM, 321--336.
[35]
Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofen Chen. 2018. Patternlistener: Cracking android pattern lock using acoustic signals. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 1775--1787.
[36]
Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 453--464.

Cited By

View all
  • (2024)FingerPattern: Securing Pattern Lock via Fingerprint-Dependent Friction SoundIEEE Transactions on Mobile Computing10.1109/TMC.2023.333814823:6(7210-7224)Online publication date: Jun-2024
  • (2024)FingerSlid: Towards Finger-sliding Continuous Authentication on Smart Devices via VibrationIEEE Transactions on Mobile Computing10.1109/TMC.2023.3315291(1-15)Online publication date: 2024
  • (2024)Memory-Augmented Autoencoder based Continuous Authentication on Smartphones with Conditional Transformer GANsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3290834(1-16)Online publication date: 2024
  • Show More Cited By

Index Terms

  1. Listen to Your Fingers: User Authentication Based on Geometry Biometrics of Touch Gesture

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
    Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies  Volume 4, Issue 3
    September 2020
    1061 pages
    EISSN:2474-9567
    DOI:10.1145/3422862
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 September 2020
    Published in IMWUT Volume 4, Issue 3

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Acoustic Sensing
    2. Finger Touch Interaction
    3. User Authentication

    Qualifiers

    • Research-article
    • Research
    • Refereed

    Funding Sources

    • Beijing Natural Science Foundation
    • National Natural Science Foundation of China

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)97
    • Downloads (Last 6 weeks)4
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)FingerPattern: Securing Pattern Lock via Fingerprint-Dependent Friction SoundIEEE Transactions on Mobile Computing10.1109/TMC.2023.333814823:6(7210-7224)Online publication date: Jun-2024
    • (2024)FingerSlid: Towards Finger-sliding Continuous Authentication on Smart Devices via VibrationIEEE Transactions on Mobile Computing10.1109/TMC.2023.3315291(1-15)Online publication date: 2024
    • (2024)Memory-Augmented Autoencoder based Continuous Authentication on Smartphones with Conditional Transformer GANsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3290834(1-16)Online publication date: 2024
    • (2024)ADEAS: Authentication Using Doppler Effect of Acoustic Signals Caused by Hands MovingIEEE Internet of Things Journal10.1109/JIOT.2024.345069211:24(40009-40025)Online publication date: 15-Dec-2024
    • (2024)Touch Authentication for Sharing Context Using Within-Group Similarity StructureIEEE Internet of Things Journal10.1109/JIOT.2024.340232311:17(28281-28296)Online publication date: 1-Sep-2024
    • (2024)LipAuth: Securing Smartphone User Authentication With Lip Motion PatternsIEEE Internet of Things Journal10.1109/JIOT.2023.328957311:1(1096-1109)Online publication date: 1-Jan-2024
    • (2024)A Systematic Review of Human Activity Recognition Based on Mobile Devices: Overview, Progress and TrendsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335759126:2(890-929)Online publication date: Oct-2025
    • (2024)Online Banking User Authentication Methods: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2023.334604512(741-757)Online publication date: 2024
    • (2023)VibPathProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36108947:3(1-26)Online publication date: 27-Sep-2023
    • (2023)TwinkleTwinkleProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962387:2(1-30)Online publication date: 12-Jun-2023
    • Show More Cited By

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media