Abstract
The use of mobile smart devices for storing sensitive information and accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classifier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users’ biometric information is handled outside their control.
Chapter PDF
Similar content being viewed by others
Keywords
References
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT 2010, pp. 1–7. USENIX Association, Berkeley (2010)
Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: Learning from the first twelve years. Technical report TR-11-01, School of Computer Science, Carleton University (January 2011)
Breiman, L.: Random forests. Machine Learning 45(1), 5–32 (2001)
Brubeck, M., Schepers, D., Moon, S.: Touch events version 1 - w3c working draft (September 13, 2011), http://www.w3.org/TR/2011/WD-touch-events-20110913/ (accessed October 27, 2011)
Chairunnanda, P., Pham, N., Hengartner, U.: Privacy: Gone with the Typing! Identifying Web Users by Their Typing Pattern. In: 4th Hot Topics in Privacy Enhancing Technologies (HotPETs). The 11th Privacy Enhancing Technologies Symposium. Springer, Waterloo (2011)
Clarke, N.L., Furnell, S.: Authentication of users on mobile telephones - a survey of attitudes and practices. Computers & Security 24(7), 519–527 (2005)
Clarke, N.L., Furnell, S.: Authenticating mobile phone users using keystroke analysis. Int. J. Inf. Sec. 6(1), 1–14 (2007)
Clarke, N., Karatzouni, S., Furnell, S.: Flexible and Transparent User Authentication for Mobile Devices. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 1–12. Springer, Heidelberg (2009)
Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 249–259. ACM, New York (2011)
Derawi, M.O., Nickel, C., Bours, P., Busch, C.: Unobtrusive user-authentication on mobile phones using biometric gait recognition. In: Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2010, pp. 306–311. IEEE Computer Society, USA (2010)
Ekberg, J.E.: Mobile trusted computing based on MTM. IJDTIS 1(4), 25–42 (2010)
Ekberg, J.E., Bugiel, S.: Trust in a small package: minimized MRTM software implementation for mobile secure environments. In: STC, pp. 9–18 (2009)
Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning, 1st edn. Addison-Wesley Longman Publishing Co., Boston (1989)
Google: Android: Android - open source project (June 2011), http://source.android.com/
Hwang, Y.S., Bang, S.Y.: An efficient method to construct a radial basis function neural network classifier. Neural Netw. 10, 1495–1503 (1997)
Karatzouni, S., Clarke, N.L.: Keystroke Analysis for Thumb-based Keyboards on Mobile Devices. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) SEC 2007. IFIP, vol. 232, pp. 253–263. Springer, Boston (2007)
Karlson, A.K., Bederson, B.B., Contreras-Vidal, J.L.: Understanding Single-Handed Mobile Device Interaction (2006)
Kekre, H., Bharadi, V.: Ageing adaptation for multimodal biometrics using adaptive feature set update algorithm. In: IEEE International Advance Computing Conference, pp. 535–540 (2009)
Kennedy, J., Eberhart, R.C.: Particle swarm optimization. In: Proceedings of the IEEE International Conference on Neural Networks. pp. 1942–1948 (1995)
Killourhy, K., Maxion, R.: Why Did My Detector Do That?!: Predicting Keystroke-Dynamics Error Rates. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 256–276. Springer, Heidelberg (2010)
Killourhy, K.S., Maxion, R.A.: Comparing anomaly-detection algorithms for keystroke dynamics. In: Casimiro, A., de Lemos, R., Gacek, C. (eds.) Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, Lisbon, Portugal, pp. 125–134. IEEE Computer Society Press, Los Alamitos (2009)
Maxion, R.A., Killourhy, K.S.: Keystroke biometrics with number-pad input. In: International Conference on Dependable Systems and Networks, pp. 201–210 (2010)
Moncur, W., Leplâtre, G.: Pictures at the ATM: exploring the usability of multiple graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2007, pp. 887–894. ACM, New York (2007)
Nauman, M., Ali, T.: TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones. In: Bandyopadhyay, S.K., Adi, W., Kim, T.h., Xiao, Y. (eds.) ISA 2010. CCIS, vol. 76, pp. 286–297. Springer, Heidelberg (2010)
Nauman, M., Ali, T., Rauf, A.: Using trusted computing for privacy preserving keystroke-based authentication in smartphones. Telecommunication Systems, 1–13 (2011)
Nickel, C., Derawi, M.O., Bours, P., Busch, C.: Scenario test of accelerometer-based biometric gait recognition. In: 3rd International Workshop Security and Communication Networks (IWSCN), Gjøvik, Norway (2011)
van Oorschot, P.C., Salehi-Abari, A., Thorpe, J.: Purely automated attacks on passpoints-style graphical passwords. IEEE Transactions on Information Forensics and Security 5, 393–405 (2010)
Perito, D., Castelluccia, C., Kâafar, M.A., Manils, P.: How unique and traceable are usernames? CoRR abs/1101.5578 (2011)
Safary Developer Library: Handling events (2011), http://developer.apple.com/library/safari/#documentation/appleapplications/reference/SafariWebContent/HandlingEvents/HandlingEvents.html#//apple_ref/doc/uid/TP40006511-SW1 (accessed October 27, 2011)
Salehi-Abari, A., Thorpe, J., van Oorschot, P.: On purely automated attacks and click-based graphical passwords. In: Computer Security Applications Conference, Annual, pp. 111–120 (2008)
Trusted Computing Group: Mobile trusted module 2.0 - Use cases (March 2011), http://www.trustedcomputinggroup.org/resources/mobile_trusted_module_20_use_cases
Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI 2006, pp. 177–184. ACM, New York (2006)
Zahid, S., Shahzad, M., Khayam, S.A., Farooq, M.: Keystroke-Based User Identificationon Smart Phones. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 224–243. Springer, Heidelberg (2009)
Zhang, G.: Analyzing Key-Click Patterns of PIN Input for Recognizing VoIP Users. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 247–258. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Angulo, J., Wästlund, E. (2012). Exploring Touch-Screen Biometrics for User Identification on Smart Phones. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2011. IFIP Advances in Information and Communication Technology, vol 375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31668-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-31668-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31667-8
Online ISBN: 978-3-642-31668-5
eBook Packages: Computer ScienceComputer Science (R0)