Hold On and Swipe: A Touch-Movement Based Continuous Authentication Schema based on Machine Learning (original) (raw)
Related papers
arXiv (Cornell University), 2022
As technology grows and evolves rapidly, it is increasingly clear that mobile devices are more commonly used for sensitive matters than ever before. A need to authenticate users continuously is sought after as a single-factor or multifactor authentication may only initially validate a user, which doesn't help if an impostor can bypass this initial validation. The field of touch dynamics emerges as a clear way to non-intrusively collect data about a user and their behaviors in order to develop and make imperative security-related decisions in real time. In this paper we present a novel dataset consisting of tracking 25 users playing two mobile games-Snake.io and Minecraft-each for 10 minutes, along with their relevant gesture data. From this data, we ran machine learning binary classifiersnamely Random Forest and K-Nearest Neighbor-to attempt to authenticate whether a sample of a particular user's actions were genuine. Our strongest model returned an average accuracy of roughly 93% for both games, showing touch dynamics can differentiate users effectively and is a feasible consideration for authentication schemes.
Evaluation of a User Authentication Schema Using Behavioral Biometrics and Machine Learning
Computer and Information Science
The amount of secure data being stored on mobile devices has grown immensely in recent years. However, the security measures protecting this data have stayed static, with few improvements being done to the vulnerabilities of current authentication methods such as physiological biometrics or passwords. Instead of these methods, behavioral biometrics has recently been researched as a solution to these vulnerable authentication methods. In this study, we aim to contribute to the research being done on behavioral biometrics by creating and evaluating a user authentication scheme using behavioral biometrics. The behavioral biometrics used in this study include touch dynamics and phone movement, and we evaluate the performance of different single-modal and multi-modal combinations of the two biometrics. Using two publicly available datasets - BioIdent and Hand Movement Orientation and Grasp (H-MOG), this study uses seven common machine learning algorithms to evaluate performance. The algo...
This study examines behavioral biometrics, specifically smartphone motion, to determine potential areas of increasing authentication accuracy on these devices, specifically Android-based phones. The study used the application Sensor Kinetics Pro and the Weka machine learning library, to analyze accelerometer and gyroscope data. It analyzed the impacts on accuracy rate for authentication when the motions data from two sensors were used instead of one (e.g., using the data from both Accelerometer and Gyroscope), when one specific statistical model was used (e.g., Average versus Variance), when specific Machine Learning (ML) algorithm (e.g., Support Vector Machine vs. Multilayer Perceptron), or different random sample sizes (e.g., five versus ten, versus twenty) were used. With these focus, this study supports a) the use of behavioral motion biometrics for authentication, and b) gain higher authentication accuracies.
TouchMetric: a machine learning based continuous authentication feature testing mobile application
International journal of information technology, 2019
The rapid and ubiquitous adoption of mobile device use has propagated our dependence on their ability to keep individuals within our society connected. Mobile devices are nowadays used as the major way of communication and connecting to the internet for many people, almost all of them are not computer professionals. As with any technology with wide-adoption, many challenges have come to the fact for this area as well. Due to the nature of mobile communication, data transmission is the fundamental method of connecting users on the network. As with any form of data transmission, data security is a key concern which must be taken into account. Several methods of user authentication and authorization exist for the purpose of privacy preservation and security and are widely used in mobile systems. One such method is the Continuous Proof of Presence (CPoP) authentication, which has the potential to provide an extra layer of security to users in data sensitive industries, such as the security sector, government and corporate administration, and healthcare. In this work we present TouchMetric, a mobile application developed for Android and iOS, used for the purpose of testing a machine learning model for the development of a CPoP feature.
Multi-Modality Mobile Datasets for Behavioral Biometrics Research: Data/Toolset paper
Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy
The ubiquity of mobile devices nowadays necessitates securing the apps and user information stored therein. However, existing one-time entry-point authentication mechanisms and enhanced security mechanisms such as Multi-Factor Authentication (MFA) are prone to a wide vector of attacks. Furthermore, MFA also introduces friction to the user experience. Therefore, what is needed is continuous authentication that once passing the entry-point authentication, will protect the mobile devices on a continuous basis by confirming the legitimate owner of the device and locking out detected impostor activities. Hence, more research is needed on the dynamic methods of mobile security such as behavioral biometrics-based continuous authentication, which is cost-effective and passive as the data utilized to authenticate users are logged from the phone's sensors. However, currently, there are not many mobile authentication datasets to perform benchmarking research. In this work, we share two novel mobile datasets (Clarkson University (CU) Mobile datasets I and II) consisting of multi-modality behavioral biometrics data from 49 and 39 users respectively (88 users in total). Each of our datasets consists of modalities such as swipes, keystrokes, acceleration, gyroscope, and pattern-tracing strokes. These modalities are collected when users are filling out a registration form in sitting both as genuine and impostor users. To exhibit the usefulness of the datasets, we have performed initial experiments on selected individual modalities from the datasets as well as the fusion of simultaneously available modalities. CCS CONCEPTS • Security and privacy → Biometrics.
With the privilege of using mobile devices it is crucial to protect Smartphones by authenticating legitimate users, while blocking attacker’s access. Biometric authentication consists of physiological and behavioural authentication. Behavioural authentication system on smartphones is based on creating a regular behavioural model using adaptive machine learning classifiers. This paper aims to establish a normal-behavioural model and comparing it with the existing established model. This paper also proposes a hybrid authentication scheme comprises of continuous authentication (CA) and implicit authentication (IA) based on touch gestures. Particularly, the 14 gestures were extracted from touch-based gesture data that was collected from users’ interaction with Android smartphones. The first evaluation results on a set of dataset prove that a neural network classifier is better fit to authenticate different users. Next, the Practical Swarm Optimisation (PSO) - Radial Basis Function Network (RBFN) classifier was used on the same datasets, which produced better results. Finally, users’ data collected (actual dataset) was used to train and test all 6 classifiers including PSO-RBFN. The result of PSO-RBFN is the average error rate of 1.9%, which is encouraging. Moreover, combining the proposed CA scheme with an IA scheme, which is a pattern based will dramatically reduce the error rate to nearly 0.
Sensors
As smart devices have become commonly used to access internet banking applications, these devices constitute appealing targets for fraudsters. Impersonation attacks are an essential concern for internet banking providers. Therefore, user authentication countermeasures based on biometrics, whether physiological or behavioral, have been developed, including those based on touch dynamics biometrics. These measures take into account the unique behavior of a person when interacting with touchscreen devices, thus hindering identitification fraud because it is hard to impersonate natural user behaviors. Behavioral biometric measures also balance security and usability because they are important for human interfaces, thus requiring a measurement process that may be transparent to the user. This paper proposes an improvement to Biotouch, a supervised Machine Learning-based framework for continuous user authentication. The contributions of the proposal comprise the utilization of multiple sco...
Behavioral Biometrics & Continuous User Authentication on Mobile Devices: A Survey
Information Fusion 66(February 2021):76-99, 2020
This paper offers an up-to-date, comprehensive, extensive and targeted survey on Behavioral Biometrics and Continuous Authentication technologies for mobile devices. Our aim is to help interested researchers to effectively grasp the background in this field and to avoid pitfalls in their work. In our survey, we first present a classification of behavioral biometrics and continuous authentication technologies for mobile devices and an analysis for behavioral biometrics collection methodologies and feature extraction techniques. Then, we provide a state-of-the-art literature review focusing on the machine learning models performance in seven types of behavioral biometrics for continuous authentication. Further, we conduct another review that showed the vulnerability of machine learning models against well-designed adversarial attack vectors and we highlight relevant countermeasures. Finally, our discussions extend to lessons learned, current challenges and future trends. Keywords Machine Learning, Behavioral Biometrics, Continuous Authentication, Mobile Devices, Attacks, Defense, Survey.
A Behavioral Biometrics User Authentication Study Using Motion Data from Android Smartphones
2016 European Intelligence and Security Informatics Conference (EISIC), 2016
This study examines behavioral biometrics, focusing on smartphone motion, in order to measure the accuracy of these devices for the purpose of authentication. Data collection was accomplished using the Sensor Kinetics Pro application. Analysis of the accelerometer and gyroscope data was performed using the Weka machine learning library. The latter application was provided with additional training data, and improved data preprocessing, compared to a previous study. With this improvement in testing data, this study cannot support the use of behavioral motion biometrics alone for authentication. The test results obtained an accuracy of over 90%, to almost 93% with numerous classification methods on all of the devices tested, being below what would be expected of an authentication service.
AnswerAuth: A bimodal behavioral biometric-based user authentication scheme for smartphones
Journal of Information Security and Applications, 2019
In this paper, we present a behavioral biometric-based smartphone user authentication mechanism, namely, AnswerAuth , which relies on the very common users' behavior. Behavior, here, refers to the way a user slides the lock button on the screen, to unlock the phone, and brings the phone towards her ear. The authentication mechanism works with the biometric behavior based on the extracted features from the data recorded using the built-in smartphone sensors, i.e., accelerometer, gyroscope, gravity, magnetometer and touchscreen, while the user performed sliding and phone-lifting actions. We tested An-swerAuth on a dataset of 10,200 behavioral patterns collected from 85 users while they performed the unlocking actions, in sitting, standing , and walking postures, using six state-of-the-art conceptually different machine learning classifiers in two settings, i.e., with and without simultaneous feature selection and classification. Among all the chosen classifiers, Random Forest (RF) classifier proved to be the most consistent and accurate classifier on both full and reduced features and provided a True Acceptance Rate (TAR) as high as 99.35%. We prototype proof-of-the-concept Android app, based on our findings, and evaluate it in terms of security and usability. Security analysis of AnswerAuth confirms its robustness against the possible mimicry attacks. Similarly, the usability study based on Software Usability Scale (SUS) 1 questionnaire verifies the user-friendliness of the proposed scheme (SUS Score of 75.11). Experimental results prove AnswerAuth as a secure and usable authentication mechanism.