Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics
Smartphones are becoming pervasive and widely used for a large variety of activities from social networking to online shopping, from message exchanging to mobile gaming, to mention just a few. Many of these activities generate private information or require storing on the phone user credentials and payment details. In spite of being so security and privacy critical, smartphones are still widely protected by traditional authentication mechanisms such as PINs and passwords, whose limitations and drawbacks are well known and documented in the security community. New accurate, user-friendly and effective authentication mechanisms are required. To this end, behavior-based authentication has recently attracted a significant amount of interest in both commercial and academic contexts.
This paper proposes a new bi-modal biometric authentication solution, Touchstroke, which makes use of the user’s hand movements while holding the device, and the timing of touch-typing(Touch-typing is the act of typing input on the touchscreen of a smartphone.) when the user enters a text-independent 4-digit PIN/password. We implemented and tested the new biometrics in real smartphones. Preliminary results are encouraging, showing high accuracy. Thus, our solution is a plausible alternative to traditional authentication mechanisms.
KeywordsSmartphone Behavioral biometrics Keystroke Transparent
- 1.Raza, M., Iqbal, M., Sharif, M., Haider, W.: A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal 19, 439–444 (2012)Google Scholar
- 2.Teh, P.S, Teoh, A.B.J., Yue, S.: A survey of keystroke dynamics biometrics. The Scientific World Journal, Hindawi Publishing Corporation (2013)Google Scholar
- 3.Giuffrida, C., Majdanik, K., Conti, M., Bos, H.: I sensed it was you: authenticating mobile users with sensor-enhanced keystroke dynamics. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 92–111. Springer, Heidelberg (2014) Google Scholar
- 4.Huang, X., Lund, G., Sapeluk, A.: Development of a typing behavior recognition mechanism on android. In: Proceeding of the IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1342–1347. IEEE, Bradford (2012)Google Scholar
- 5.Saevanee, H., Bhatarakosol, P.: User authentication using combination of behavioral biometrics over the touchpad acting like touch screen of mobile device. In: Proceeding of the International Conference on Computer and Electrical Engineering (ICCEE 2008), pp. 82–86. IEEE, Phuket (2008)Google Scholar
- 6.Saevanee, H., Bhatarakosol, P.: Authenticating user using keystroke dynamics and finger pressure, In: Proceedings of the 6th IEEE Consumer Communications and Networking Conference (CCNC 2009), pp. 1–2. IEEE, Las Vegas (2009)Google Scholar
- 8.Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints, In: Proceedings of the 10th international conference on Mobile systems, applications, and services, pp. 323–336. ACM (2012)Google Scholar
- 9.Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones, In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)Google Scholar