Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
01 Jan 2013-IEEE Transactions on Information Forensics and Security (IEEE)-Vol. 8, Iss: 1, pp 136-148
TL;DR: A classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen is proposed.
Abstract: We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intrasession authentication, 2%-3% for intersession authentication, and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multimodal biometric authentication system.
Citations
More filters
TL;DR: The results suggest that this is due to the ability of HMOG features to capture distinctive body movements caused by walking, in addition to the hand-movement dynamics from taps.
Abstract: We introduce hand movement, orientation, and grasp (HMOG), a set of behavioral features to continuously authenticate smartphone users. HMOG features unobtrusively capture subtle micro-movement and orientation dynamics resulting from how a user grasps, holds, and taps on the smartphone. We evaluated authentication and biometric key generation (BKG) performance of HMOG features on data collected from 100 subjects typing on a virtual keyboard. Data were collected under two conditions: 1) sitting and 2) walking. We achieved authentication equal error rates (EERs) as low as 7.16% (walking) and 10.05% (sitting) when we combined HMOG, tap, and keystroke features. We performed experiments to investigate why HMOG features perform well during walking. Our results suggest that this is due to the ability of HMOG features to capture distinctive body movements caused by walking, in addition to the hand-movement dynamics from taps. With BKG, we achieved the EERs of 15.1% using HMOG combined with taps. In comparison, BKG using tap, key hold, and swipe features had EERs between 25.7% and 34.2%. We also analyzed the energy consumption of HMOG feature extraction and computation. Our analysis shows that HMOG features extracted at a 16-Hz sensor sampling rate incurred a minor overhead of 7.9% without sacrificing authentication accuracy. Two points distinguish our work from current literature: 1) we present the results of a comprehensive evaluation of three types of features (HMOG, keystroke, and tap) and their combinations under the same experimental conditions and 2) we analyze the features from three perspectives (authentication, BKG, and energy consumption on smartphones).
319 citations
Cites background from "Touchalytics: On the Applicability ..."
..., [6], [21]), and (2) touchscreen interaction (see, e....
[...]
...Continuous or active authentication addresses these challenges by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interactions [6], hand movements and gait [7], [8], voice [9], and phone location [10]....
[...]
..., [6], [21]) defined these features for swipes, while we extracted them from taps due to...
[...]
21 Oct 2014
TL;DR: This work proposes a non-intrusive user verification mechanism to substantiate whether an authenticating user is the true owner of the smart phone or an impostor who happens to know the pass code.
Abstract: Smartphone users have their own unique behavioral patterns when tapping on the touch screens These personal patterns are reflected on the different rhythm, strength, and angle preferences of the applied force Since smart phones are equipped with various sensors like accelerometer, gyroscope, and touch screen sensors, capturing a user's tapping behaviors can be done seamlessly Exploiting the combination of four features (acceleration, pressure, size, and time) extracted from smart phone sensors, we propose a non-intrusive user verification mechanism to substantiate whether an authenticating user is the true owner of the smart phone or an impostor who happens to know the pass code Based on the tapping data collected from over 80 users, we conduct a series of experiments to validate the efficacy of our proposed system Our experimental results show that our verification system achieves high accuracy with averaged equal error rates of down to 365% As our verification system can be seamlessly integrated with the existing user authentication mechanisms on smart phones, its deployment and usage are transparent to users and do not require any extra hardware support
302 citations
Cites background from "Touchalytics: On the Applicability ..."
...conducted a study on touch input analysis for smartphone user authentication, which is referred to as touch biometrics [10]....
[...]
...There are two recent works close to ours in authenticating smartphone users by continuously monitoring their finger movements on the touchscreen [10, 17]....
[...]
TL;DR: An overview of different continuous authentication methods on mobile devices is provided and the merits and drawbacks of the available approaches are discussed and promising avenues of research in this rapidly evolving field are identified.
Abstract: Recent developments in sensing and communication technologies have led to an explosion in the use of mobile devices such as smartphones and tablets. With the increase in the use of mobile devices, users must constantly worry about security and privacy, as the loss of a mobile device could compromise personal information. To deal with this problem, continuous authentication systems (also known as active authentication systems) have been proposed, in which users are continuously monitored after initial access to the mobile device. In this article, we provide an overview of different continuous authentication methods on mobile devices. We discuss the merits and drawbacks of the available approaches and identify promising avenues of research in this rapidly evolving field.
294 citations
Cites background or methods from "Touchalytics: On the Applicability ..."
...It was shown that these classifiers can achieve equal error rates (EERs) between 0% and 4%, depending on the application scenario [13]....
[...]
...Swipes of eight different users while reading text [13]....
[...]
...52 IEEE SIgnal ProcESSIng MagazInE | July 2016 | The methods presented in [13]–[16] are essentially based on the fact that only a single finger is in contact with the touch screen while users are performing basic operations....
[...]
...Based on these measurements, a 30-dimensional feature vector was proposed in [13] for each swipe: midstroke area covered; 20% pairwise velocity; midstroke pressure; direction of end-toend line; stop x; start x; average direction; start y; average velocity; stop y; stroke duration; direct end-to-end distance; length of trajectory; 80% pairwise velocity; median velocity at last three points; 50% pairwise velocity; 20% pairwise acceleration; ratio of end-to-end distance and length of trajectory; largest deviation from end-to-end line; 80% pairwise acceleration; mean resultant length; median acceleration at first five points; 50% deviation from end-toend line; interstroke time; 80% deviation from end-to-end line; 20% deviation from end-to-end line; 50% pairwise acceleration; phone orientation; midstroke finger orientation; and up/down/left/right flag....
[...]
...Figure 4 shows some swipes performed by eight different users while reading text on an Android device [13]....
[...]
TL;DR: This paper surveys the development of existing biometric authentication techniques on mobile phones, particularly on touch-enabled devices, with reference to 11 biometric approaches and proposes a framework for establishing a reliable authentication mechanism through implementing a multimodal biometric user authentication in an appropriate way.
Abstract: Designing reliable user authentication on mobile phones is becoming an increasingly important task to protect users' private information and data. Since biometric approaches can provide many advantages over the traditional authentication methods, they have become a significant topic for both academia and industry. The major goal of biometric user authentication is to authenticate legitimate users and identify impostors based on physiological and behavioral characteristics. In this paper, we survey the development of existing biometric authentication techniques on mobile phones, particularly on touch-enabled devices, with reference to 11 biometric approaches (five physiological and six behavioral). We present a taxonomy of existing efforts regarding biometric authentication on mobile phones and analyze their feasibility of deployment on touch-enabled mobile phones. In addition, we systematically characterize a generic biometric authentication system with eight potential attack points and survey practical attacks and potential countermeasures on mobile phones. Moreover, we propose a framework for establishing a reliable authentication mechanism through implementing a multimodal biometric user authentication in an appropriate way. Experimental results are presented to validate this framework using touch dynamics, and the results show that multimodal biometrics can be deployed on touch-enabled phones to significantly reduce the false rates of a single biometric system. Finally, we identify challenges and open problems in this area and suggest that touch dynamics will become a mainstream aspect in designing future user authentication on mobile phones.
239 citations
Cites background from "Touchalytics: On the Applicability ..."
...[79] investigated whether a classifier could continuously authenticate users based on the way they interact with the touchscreen of smartphones....
[...]
30 Sep 2013
TL;DR: SilentSense, a framework to authenticate users silently and transparently by exploiting the user touch behavior biometrics and leveraging the integrated sensors to capture the micro-movement of the device caused by user's screen-touch actions, is presented.
Abstract: In this work, we present SilentSense, a framework to authenticate users silently and transparently by exploiting the user touch behavior biometrics and leveraging the integrated sensors to capture the micro-movement of the device caused by user's screen-touch actions. By tracking the fine-detailed touch actions of the user, we build a "touch-based biometrics" model of the owner by extracting some principle features, and then verify whether the current user is the owner or guest/attacker. When using the smartphone, the unique operating pattern of the user is detected and learnt by collecting the sensor data and touch events silently. When users are mobile, the micro-movement of mobile devices caused by touch is suppressed by that due to the large scale user-movement which will render the touch-based biometrics ineffective. To address this, we integrate a movement-based biometrics for each user with previous touch-based biometrics. We conduct extensive evaluations of our approaches on the Android smartphone, we show that the user identification accuracy is over 99%.
224 citations
Cites background from "Touchalytics: On the Applicability ..."
...Touchalytics [3] only exploits scrolling as biometric for continuous authentication while [8] only considers tap behaviors on certain digit patterns....
[...]
References
More filters
TL;DR: High generalization ability of support-vector networks utilizing polynomial input transformations is demonstrated and the performance of the support- vector network is compared to various classical learning algorithms that all took part in a benchmark study of Optical Character Recognition.
Abstract: The support-vector network is a new learning machine for two-group classification problems. The machine conceptually implements the following idea: input vectors are non-linearly mapped to a very high-dimension feature space. In this feature space a linear decision surface is constructed. Special properties of the decision surface ensures high generalization ability of the learning machine. The idea behind the support-vector network was previously implemented for the restricted case where the training data can be separated without errors. We here extend this result to non-separable training data.
High generalization ability of support-vector networks utilizing polynomial input transformations is demonstrated. We also compare the performance of the support-vector network to various classical learning algorithms that all took part in a benchmark study of Optical Character Recognition.
37,861 citations
"Touchalytics: On the Applicability ..." refers background in this paper
...Combining touch analytics with other modalities such as, for instance, location, accelerometer data, images from the front-facing camera, and application usage patterns promises an improved accuracy....
[...]
TL;DR: The contributions of this special issue cover a wide range of aspects of variable selection: providing a better definition of the objective function, feature construction, feature ranking, multivariate feature selection, efficient search methods, and feature validity assessment methods.
Abstract: Variable and feature selection have become the focus of much research in areas of application for which datasets with tens or hundreds of thousands of variables are available. These areas include text processing of internet documents, gene expression array analysis, and combinatorial chemistry. The objective of variable selection is three-fold: improving the prediction performance of the predictors, providing faster and more cost-effective predictors, and providing a better understanding of the underlying process that generated the data. The contributions of this special issue cover a wide range of aspects of such problems: providing a better definition of the objective function, feature construction, feature ranking, multivariate feature selection, efficient search methods, and feature validity assessment methods.
14,509 citations
"Touchalytics: On the Applicability ..." refers background in this paper
...However, one could imagine to use this as a complementing mechanism to extend secure authentication from seconds after typing the password to minutes....
[...]
01 Jul 1992
TL;DR: A training algorithm that maximizes the margin between the training patterns and the decision boundary is presented, applicable to a wide variety of the classification functions, including Perceptrons, polynomials, and Radial Basis Functions.
Abstract: A training algorithm that maximizes the margin between the training patterns and the decision boundary is presented. The technique is applicable to a wide variety of the classification functions, including Perceptrons, polynomials, and Radial Basis Functions. The effective number of parameters is adjusted automatically to match the complexity of the problem. The solution is expressed as a linear combination of supporting patterns. These are the subset of training patterns that are closest to the decision boundary. Bounds on the generalization performance based on the leave-one-out method and the VC-dimension are given. Experimental results on optical character recognition problems demonstrate the good generalization obtained when compared with other learning algorithms.
11,211 citations
"Touchalytics: On the Applicability ..." refers background in this paper
...Combining touch analytics with other modalities such as, for instance, location, accelerometer data, images from the front-facing camera, and application usage patterns promises an improved accuracy....
[...]
TL;DR: An algorithm and data structure are presented for searching a file containing N records, each described by k real valued keys, for the m closest matches or nearest neighbors to a given query record.
Abstract: An algorithm and data structure are presented for searching a file containing N records, each described by k real valued keys, for the m closest matches or nearest neighbors to a given query record. The computation required to organize the file is proportional to kNlogN. The expected number of records examined in each search is independent of the file size. The expected computation to perform each search is proportional to logN. Empirical evidence suggests that except for very small files, this algorithm is considerably faster than other methods.
2,910 citations
"Touchalytics: On the Applicability ..." refers background in this paper
...As detailed in our extended discussion section, we will analyze how the dimensions of tablet computers affect touch analytics....
[...]