User Identity Verification Based on Touchscreen Interaction Analysis in Web Contexts

  • Michael VeltenEmail author
  • Peter Schneider
  • Sascha Wessel
  • Claudia Eckert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


The ever-increasing popularity of smartphones amplifies the risk of loss or theft, thus increasing the threat of attackers hijacking critical user accounts. In this paper, we present a framework to secure accounts by continuously verifying user identities based on user interaction behavior with smartphone touchscreens. This enables us to protect user accounts by disabling critical functionality and enforcing a reauthentication in case of suspicious behavior. We take advantage of standard mobile web browser capabilities to remotely capture and analyze touchscreen interactions. This approach is completely transparent for the user and works on everyday smartphones without requiring any special software or privileges on the user’s device. We show how to successfully classify users even on the basis of limited and imprecise touch interaction data as is prevalent in web contexts. We evaluate the performance of our framework and show that the user identification accuracy is higher than 99% after collecting about a dozen touch interactions.


User Identity Legitimate User False Acceptance Rate False Rejection Rate Keystroke Dynamic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Angulo, J., Wästlund, E.: Exploring touch-screen biometrics for user identification on smart phones. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 375, pp. 130–143. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Bo, C., Zhang, L., Li, X.-Y., Huang, Q., Wang, Y.: Silentsense: Silent user identification via touch and movement behavioral biometrics. In: International Conference on Mobile Computing & Networking, vol. 19, pp. 187–190 (2013)Google Scholar
  3. 3.
    Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identification via sensor fingerprinting. arXiv preprint arXiv:1408.1416 (2014)Google Scholar
  4. 4.
    Breiman, L.: Random forests. Machine Learning 45(1), 5–32 (2001)CrossRefzbMATHGoogle Scholar
  5. 5.
    Damopoulos, D., Kambourakis, G., Gritzalis, S.: From keyloggers to touchloggers: Take the rough with the smooth. Computers & Security 32, 102–114 (2013)CrossRefGoogle Scholar
  6. 6.
    Luca, A.D., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you!: implicit authentication based on touch screen patterns. In: SIGCHI Conference on Human Factors in Computing Systems, pp. 987–996 (2012)Google Scholar
  7. 7.
    Feher, C., Elovici, Y., Moskovitch, R., Rokach, L., Schclar, A.: User identity verification via mouse dynamics. Information Sciences 201, 19–36 (2012)CrossRefGoogle Scholar
  8. 8.
    Feng, T., Liu, Z., Kwon, K.-A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE (2012)Google Scholar
  9. 9.
    Feng, T., Prakash, V., Shi, W.: Touch panel with integrated fingerprint sensors based user identity management. In: 2013 IEEE International Conference on Technologies for Homeland Security (HST), pp. 154–160. IEEE (2013)Google Scholar
  10. 10.
    Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Information Forensics and Security 8, 136–148 (2013)CrossRefGoogle Scholar
  11. 11.
    Jaeger, T.: Easystroke (2013),
  12. 12.
    Kolly, S.M., Wattenhofer, R., Welten, S.: A personal touch: Recognizing users based on touch screen behavior. In: Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones, p. 1. ACM (2012)Google Scholar
  13. 13.
    Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 323–336. ACM (2012)Google Scholar
  14. 14.
    Monrose, F., Reiter, M.K., Wetzel, S.: Password hardening based on keystroke dynamics. International Journal of Information Security 1(2), 69–83 (2002)CrossRefzbMATHGoogle Scholar
  15. 15.
    Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012)Google Scholar
  16. 16.
    Pedregosa, F., et al.: Scikit-learn: Machine learning in python. Journal of Machine Learning Research 12, 2825–2830 (2011)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Saevanee, H., Bhatarakosol, P.: User authentication using combination of behavioral biometrics over the touchpad acting like touch screen of mobile device. In: Computer and Electrical Engineering, pp. 82–86. IEEE (2008)Google Scholar
  18. 18.
    Schepers, D., Brubeck, M., Barstow, A., Moon, S.: Touch events. W3c recommendation, W3C (2013),
  19. 19.
    Shotton, J., Sharp, T., Kipman, A., Fitzgibbon, A., Finocchio, M., Blake, A., Cook, M., Moore, R.: Real-time human pose recognition in parts from single depth images. Communications of the ACM 56(1), 116–124 (2013)CrossRefGoogle Scholar
  20. 20.
    Steve Block, A.P.: Device orientation event specification. W3c working draft, W3C (2011),
  21. 21.
    Tangelder, J.: hammer.js (2014),
  22. 22.
    Xu, H., Zhou, Y., Lyu, M.R.: Towards continuous and passive authentication via touch biometrics: An experimental study on smartphones. In: Symposium On Usable Privacy and Security (SOUPS 2014). USENIX Association (2014)Google Scholar
  23. 23.
    Zheng, N., Bai, K., Huang, H., Wang, H.: You are how you touch: User verification on smartphones via tapping behaviors. Technical report, WM-CS-2012-06 (2012)Google Scholar
  24. 24.
    Zheng, N., Paloski, A., Wang, H.: An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM conference on Computer and communications security, pp. 139–150 (2011)Google Scholar
  25. 25.
    Zhu, J., Wu, P., Wang, X., Zhang, J.: Sensec: Mobile security through passive sensing. In: 2013 International Conference on Computing, Networking and Communications (ICNC), pp. 1128–1133. IEEE (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Michael Velten
    • 1
    Email author
  • Peter Schneider
    • 1
  • Sascha Wessel
    • 1
  • Claudia Eckert
    • 2
  1. 1.Fraunhofer Research Institute for Applied and Integrated SecurityMunichGermany
  2. 2.Computer Science DepartmentTechnische Universität MünchenMunichGermany

Personalised recommendations