adfa, p. 1, 2011.
© Springer-Verlag Berlin Heidelberg 2011
U-Stroke Pattern Modeling for End User Identity
Verification through Ubiquitous Input Device
Tapalina Bhattasali
1
, Nabendu Chaki
1
, Khalid Saeed
2
, Rituparna Chaki
3
1
Department of Computer Science & Engineering, University of Calcutta, Kolkata, India
tapolinab@gmail.com,nabendu@ieee.org
2
Faculty of Computer Science, Bialystok university of Technology, Bialystok, Poland
khalids@wp.pl
3
A.K.Choudhury School of Information Technology, University of Calcutta, Kolkata, India
rchaki@ieee.org
Abstract. Identity verification on ubiquitous input devices is a major concern to
validate end-users, because of mobility of the devices. User device interaction
(UDI) is capable to capture end-users’ behavioral nature from their device us-
age pattern. The primary goal of this paper is to collect heterogeneous parame-
ters of usage patterns from any device and build personal profile with good-
recognition capability. This work mainly focuses on finding multiple features
captured from the usage of smart devices; so that parameters could be used to
compose hybrid profile to verify end- users accurately. In this paper, U-Stroke
modeling is proposed to capture behavioral data mainly from smart input devic-
es in ubiquitous environment. In addition to this, concept of CCDA (capture,
checking, decision, and action) model is proposed to process U-Stroke data ef-
ficiently to verify end-user’s identity. This proposal can draw attention of many
researchers working on this domain to extend their research towards this direc-
tion.
Keywords: U-Stroke · Smart Device · Touch Screen · Ubiquitous Input Device
· Identity Verification
1 Introduction
Nowadays, mobile devices become smarter by offering multiple types of computing
services at any place and at any time. Ubiquitous input devices [1] (smart phone, tab-
let, phablet, PDA, laptop, netbook etc.) become rich source of personal data, due to its
support towards “any” paradigm. Sensitive personal data (such as password, financial
information, health records [2]), stored in mobile devices are growing day by day. As
a result, they are becoming attractive target to be attacked. Accurate identity verifica-
tion of end-user is becoming a major requirement to preserve confidentiality and in-
tegrity in uncontrolled environment.
Traditional authentication mechanism (PIN/Password based) can be easily com-
promised. Anyone can access all services and can misuse personal information stored
in the device, if device is misplaced. Implicit authentication mechanism needs to be
considered without affecting normal usage pattern to overcome existing weak authen-
tication methods. Typing on computer keyboard is completely different from typing
on smart devices having small keypads [3] and sensors enabled touch screen. Today,
user-friendly touch screens are widely used on many devices such as mobile phones,
tablets, and computers. As smart devices can perform multiple tasks at the same time,
data acquisition only during typing is not efficient to build user profile. Beside this,
typing on touch-screen based smart devices becomes more error-prone compared to
computer keyboard based typing. Only temporal data based keystroke analysis is not
sufficient to build unique user profile for any ubiquitous device. Therefore, keystroke
analysis needs to be merged with touch screen based gesture analysis to enhance suc-
cess rate of identity verification. Keystroke dynamics is mainly considered for desk-
top computers [2]. Since touch devices comprise sensors to capture environmental
changes, they offer more capabilities to authenticate users accurately. Ubiquitous
devices consider a different type of Human to Machine (H2M) communication by
changing traditional way of human-computer interaction (HCI).
The major contribution of this paper is to propose a novel H2UID (human to ubiq-
uitous input device) interaction mechanism U-Stroke (ubiquitous stroke) that can be
applied to any computing device. This type of H2M communication is considered
here to verify identity of end-user either by using distinct model or authentication
model. Here human to human verification (H2HV) is defined by proposed CCDA
(capture, checking, decision, and action) processing model. Different types of U-
Strokes and their multiple features are discussed here along with collected data
through Android device, which may attract researchers to work on this domain in
future.
The rest of the paper is organized as follows. Section 2 presents a brief survey of
existing works on this domain. Section 3 describes proposed U-Stroke analysis to
verify end-user identity through ubiquitous devices. Section 4 presents brief analysis
part followed by conclusion in section 5.
2 Literature Survey
Researchers are very much interested to work on human computer interaction to be
considered as a means of verification of end-user identity [3, 4, 5, 6, 7, 8, 9]. Nowa-
days, HCI interaction with ubiquitous computing device becomes popular. Instead of
considering end user authentication by means of only PINs or passwords, researchers
are working on this area in recent years. Related works can be considered from differ-
ent aspects such as user’s identity verification by keystroke dynamics, by finger
movements and tapped information on sensor based touch screens. “Touch Sensor” is
the predecessor [10] of modern touch screens. In a few recent studies, touch-based
biometrics is proposed for mobile devices instead of keystroke dynamics. There exists
several finger gestures based authentication on touch screen of mobile devices. Ac-
cording to literature survey, very few works are based on continuous authentication
on smart devices. Software like Touch logger can detect usage pattern of device own-
er and block unauthorized access to the device. Biometric touch information can be
considered to enhance the security by using screen unlock. Interaction data are cap-
tured by sensors without affecting normal activities. If it is detected that the current
end-user is different from the device owner, explicit access policy needs to be trig-
gered.
PIN authentication method is strengthened with sensor data and timings. Different
parameters can be collected like acceleration values, touching pressure, touched area
on the screen, different temporal values like key-hold time or inter-key time. Flexible
authentication can be implemented without considering predefined text. After a learn-
ing phase, end - users are authenticated while entering normal text. Touch dynamics
may extract features like priority of usage of left and right hand, one-hand or both
hand, use of thumb or index finger, stroke size, stroke timing, stroke speed, and tim-
ing regularity. Another way of implicit authentication is through learning behavior of
a user- based on sent and received text messages, phone calls, browser history, and
location of the smart phone. Instead of entering text into a soft keyboard, gestures like
sliding towards a special direction or taps are most efficiently used. Generally, target
acquisition tasks are carried out with a stylus that is much smaller than the targets.
Among various information processing model, Fitt’s model is dependent on finger
size and type of stroke [11]. Complexity of Welford’s model [12] is high compared to
Whiting’s model, but Welford model is more efficient to define information pro-
cessing task. A major challenge is to apply Fitts’ law to finger input, which may not
be efficient for small-sized targets. This is mainly due to “Fat Finger” problem. Fitts’
law fails if targets are small. As finger touch on smart phones and tablets becomes
popular, examining Fitts’ law [11] for finger touch attracts attention of many HCI
researchers. Other information processing models [12] are not utilized effectively to
model touch gesture till date.
After studying various existing works on this domain, it can be said there is no
suitable model exists till date, which can be applied to any device for end-user verifi-
cation. Most of the touch screen based authentication techniques consider few param-
eters or includes the features that are only available to costly devices. Considering
few strokes with few parameters may not give accurate result. However, processing
too many parameters may slow down the procedure. In order to improve the efficien-
cy and accuracy of end-user identity verification, proposed work mainly focuses on
finding physical or virtual UDI parameters of individual users and build hybrid per-
sonal profiles for accurate identification of end-users through ubiquitous input devic-
es.
3 Proposed Work
Any type of user to input device interaction is proposed as U-Stroke, which is ana-
lyzed to identify end-users to any device in ubiquitous environment. U-Stroke analy-
sis considers typing on numerical keypad or QWERTY keypad of mobile phone, ex-
ternal keyboard of tablet, and physical keyboard of desktop or laptop as physical key-
stroke; typing on on-screen QWERTY keypad of smart devices or any interaction
with touch screen as touch stroke. The concept of U-Stroke pattern is proposed to
model any human interaction with ubiquitous input device (H2UID).
Definition (U-Stroke). It is designed for any type of end-user to input device interac-
tion (UDI) on user-friendly interface of smart devices {smart phone, tablet, phablet
(phone + tablet)} in ubiquitous environment to validate H2M communication. U-
Stroke is implicitly used to create hybrid profile of end-user (HPEU) for identification
as well as verification.
Classification of proposed U-Stroke pattern is presented in figure 1.
Fig. 1. U-Stroke Pattern
H2UID identity verification triggers multiple times during usage. Detailed classifi-
cation of proposed U-Stroke pattern is described below.
P- KeyStroke (Physical KeyStroke)–It behaves as keystroke dynamics on physi-
cal (hard) keyboards of desktops or laptops or keypads of mobile phones. This type of
keystroke mainly considers temporal (key press event, latency, typing speed etc.)
data. As keypad of mobile devices may differ with physical keyboards, P-Keystroke
patterns may differ.
Touch Stroke– It is based on the usage pattern on touch screen. To recognize valid
user, multiple sensor data are integrated to model user variation.
V- KeyStroke (Virtual KeyStroke)–It considers typing on soft keyboard (virtual)
on touch screen. Distance between neighbor keys of soft keyboard is much lesser than
distance between neighbor keys of hard keyboard. V-Keystroke mainly includes
touch_down, and touch_up events.
S-Stroke (Slide Stroke)– If finger movement on touch screen is either in horizon-
tal direction (left or right) or in vertical direction (top or bottom), it is a type of S-
Stroke. It is unidirectional and probability of touch_move event is high.
W-Stroke (Write Stroke) –If finger (mainly index) acts just like stylus, used nor-
mally for writing or drawing on the screen, it is a type of W-Stroke. This stroke is
similar to handwriting. W-Stroke includes touch_down, touch_move and touch_up
events.
Z-Stroke (Zoom Stroke)– If two fingers (mainly thumb and index of right hand)
start from the same point and move towards opposite directions, it is a type of Z-
Stroke. It is considered as open stroke as it moves outwards. Z-Stroke is bi-directional
and probability of occurrence for touch_move event is high.
P-Stroke (Pinch Stroke) – If two fingers (mainly thumb and index of right hand)
start from two opposite directions and move towards same point, it is a type of P-
Stroke. It is considered as close stroke as it moves inwards on touch-screen. P-Stroke
is bi-directional and probability of occurrence for touch_move event is high.
T-Stroke (Tap stroke) –If touch_down, and touch_up events occur due to the
stroke similar to single click, double lick, long tap or short tap on touch screen and
screen unlock, it is a type of T-Stroke. Probability of occurrence for touch_down
event is high.
3.1 U-Stroke Pattern Modeling through Ubiquitous Input Device (UID)
This section presents detailed idea about how U-Stroke pattern processing model can
be defined in terms of information processing model like Welford’s model [12]. Here
proposed U-Stroke Pattern Processing Model is defined by CCDA (capture, checking,
decision, and action) concept with self-loop to identify end-user. This CCDA concept
is mapped to the identity verification of end-user. Capture process is mainly used to
collect U-Stroke data. Checking process is mainly used to classify U-Stroke pattern.
Decision process is used mainly to take decision. Action process is used to take nec-
essary steps according to final decision. Short term memory is considered as local
memory store and long term memory is considered as remote memory store. Self-loop
(feedback) is used to update template profile. Figure 2 represents CCDA processing
model for UID.
Fig. 2. CCDA Processing Model for UID
CCDA processing model of UID enables effective modeling of end-user’s usage pat-
tern from U-Stroke and creation of hybrid profile of end-user after extracting multiple
features. Considering more than one feature can enhance accuracy level of classifica-
tion. End-User’s usage pattern is monitored multiple times to avoid malicious use.
Less complex computation such as checking only device owner’s validity can be per-
formed through short term memory store (local). Short term memory can store device
