nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce

verfasst von : Dongsong Zhang, Yin Kang, Lina Zhou, Jianwei Lai

Erschienen in: Internetworked World

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recent advances in sensing and wireless communication technologies have led to an explosion in the use of touch-screen mobile devices such as smartphones and tablets in mobile commerce and other daily work and life activities. These activities have resulted in more and more private and sensitive information stored on those devices. Therefore, improving the security of mobile devices by effective user authentication to prevent unauthorized information access becomes an imminent task. Mobile user authentication refers to the process of checking a user’s identity and verifying whether he/she is authorized to access a device. Due to the increasing incidence of mobile phones getting lost, stolen, or snatched while being used by the owner, continuous user authentication (CUA) after logging in a mobile device has attracted increasing attention. Prior research has shown that traditional password authentication is insufficient or ineffective for CUA. Despite the recent research progress in CUA, many existing methods are explicit by nature in that they require users to perform specific operations, which can cause interruptions to users’ ongoing activities or may be easily learned from observation by others. In this research, we propose a new touch dynamics based approach to CUA on touch screen mobile devices that authenticates users while they are interacting with mobile devices. Touch dynamics, which is rich in cognitive quality and unique to individuals, has yet to be explored for implicit CUA. We conducted a longitudinal study to evaluate the proposed mobile CUA approach. The results demonstrate that our method can improve the security of CUA for touch screen mobile devices. The findings have significant implications for the security and adoption of m-commerce.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Privacy-Preserving Access Control Scheme for Outsourced Data in Cloud

Nächstes Kapitel Erratum to: Electronic Word of Behavior: Conceptual Framework and Research Design for Analyzing the Effect of Increased Digital Observability of Consumer Behaviors in a Movie Streaming Context

Bhatti, T.: Exploring factors influencing the adoption of mobile commerce. J. Int. Bank. Commer. 12, 1–13 (2007)

Abdulhakim, A., Abdul, M.: Touch gesture authentication framework for touch screen mobile devices. J. Theor. Appl. Inf. Technol. 62, 493–498 (2014)

Patel, V.M., Chellappa, R., Chandra, D., Barbello, B.: Continuous user authentication on mobile devices: recent progress and remaining challenges. IEEE Sig. Process. Mag. 33, 49–61 (2016)CrossRef

Preuveneers, D., Joosen, W.: SmartAuth: dynamic context fingerprinting for continuous user authentication. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 2185–2191. ACM, Salamanca, Spain (2015)

Karnan, M., Akila, M.: Identity authentication based on keystroke dynamics using genetic algorithm and particle swarm optimization. In: 2nd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2009, pp. 203–207 (2009)

Crawford, H., Renaud, K.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manag. 1, 1–28 (2014)CrossRef

Al-Rubaie, M., Chang, J.M.: Reconstruction attacks against mobile-based continuous authentication systems in the cloud. IEEE Trans. Inf. Forensics Secur. 11, 2648–2663 (2016)CrossRef

Hadid, A., Heikkila, J.Y., Silven, O., Pietikainen, M.: Face and eye detection for person authentication in mobile phones. In: 2007 First ACM/IEEE International Conference on Distributed Smart Cameras, pp. 101–108 (2007)

Kim, D.J., Chung, K.W., Hong, K.S.: Person authentication using face, teeth and voice modalities for mobile device security. IEEE Trans. Consum. Electron. 56, 2678–2685 (2010)CrossRef

10.

Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Secur. Priv. 1, 33–42 (2003)CrossRef

11.

Qinghan, X.: Security issues in biometric authentication. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 8–13 (2005)

12.

Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 15. USENIX Association, Bellevue, WA (2012)

13.

Shi, E., Niu, Y., Jakobsson, M., Chow, R.: Implicit authentication through learning user behavior. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 99–113. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_9 CrossRef

14.

Li, F., Clarke, N., Papadaki, M., Dowland, P.: Misuse detection for mobile devices using behaviour profiling. Int. J. Cyber Warf. Terror. (IJCWT) 1, 41–53 (2011)CrossRef

15.

Feng, T., Liu, Z., Kwon, K.A., Shi, W., Carbunar, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456 (2012)

16.

Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8, 136–148 (2013)CrossRef

17.

Feng, T., Zhao, X., Carbunar, B., Shi, W.: Continuous mobile authentication using virtual key typing biometrics. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE Computer Society, Los Alamitos, CA, USA; Melbourne, VIC, Australia. Country of Publication: USA. (2013)

18.

Sae-Bae, N., Ahmed, K., Isbister, K., Memon, N.: Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 977–986. ACM (2012)

19.

Scheibel, J.-B., Pierson, C., Martin, B., Godard, N., Fuccella, V., Isokoski, P.: Virtual stick in caret positioning on touch screens. In: Proceedings of the 25th IEME Conference Francophone on l’Interaction Homme-Machine, pp. 107–114. ACM, Talence, France (2013)

20.

Lai, J., Zhang, D.: A study of direction’s impact on single-handed thumb interaction with touch-screen mobile phones. In: CHI 2014 Extended Abstracts on Human Factors in Computing Systems, pp. 2311–2316. ACM, Toronto, Ontario, Canada (2014)

21.

Trojahn, M., Ortmeier, F.: Toward mobile authentication with keystroke dynamics on mobile phones and tablets. In: 2013 Workshops of 27th International Conference on Advanced Information Networking and Applications (WAINA). IEEE Computer Society, Los Alamitos, CA, USA; Barcelona, Spain, USA (2013)

22.

Mingers, J.: An empirical comparison of pruning methods for decision tree induction. Mach. Learn. 4, 227–243 (1989)CrossRef

23.

Zhang, H.: The optimality of naive bayes, In: Barr, V., Markov, Z., (eds.) FLAIRS Conference, AAAI Press (2004)

24.

Smola, A., Schölkopf, B.: A tutorial on support vector regression. Stat. Comput. 14, 199–222 (2004)MathSciNetCrossRef

25.

Zhou, L., Burgoon, J.K., Twitchell, D.P., Qin, T., Nunamaker Jr., J.F.: A Comparison of classification methods for predicting deception in computer-mediated communication. J. Manage. Inf. Syst. 20, 139–166 (2004)CrossRef

26.

Meng, Y., Wong, Duncan S., Schlegel, R., Kwok, L.-f.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38519-3_21 CrossRef

27.

Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)CrossRefMATH

28.

Geurts, P., Ernst, D., Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63, 3–42 (2006)CrossRefMATH

29.

Freund, Y., Schapire, Robert E.: A desicion-theoretic generalization of on-line learning and an application to boosting. In: Vitányi, P. (ed.) EuroCOLT 1995. LNCS, vol. 904, pp. 23–37. Springer, Heidelberg (1995). doi:10.1007/3-540-59119-2_166 CrossRef

30.

Zhu, J., Zou, H., Rosset, S., Hastie, T.: Multi-class adaboost. Stat. Interface 2, 349–360 (2009)MathSciNetCrossRefMATH

31.

Sen, S., Muralidharan, K.: Putting ‘pressure’on mobile authentication. In: 2014 Seventh International Conference on Mobile Computing and Ubiquitous Networking (ICMU), pp. 56–61. IEEE (2014)

32.

Hwang, S.-S., Cho, S., Park, S.: Keystroke dynamics-based authentication for mobile devices. Comput. Secur. 28, 85–93 (2009)CrossRef

33.

Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13, 319–340 (1989)CrossRef

34.

MacKenzie, I.S., Soukoreff, R.W., Helga, J.: 1 thumb, 4 buttons, 20 words per minute: design and evaluation of H4-writer. In: Proceedings of the 24th Annual ACM Symposium on User Interface Software and Technology, pp. 471–480. ACM, Santa Barbara, California, USA (2011)

35.

Isokoski, P., Raisamo, R.: Device independent text input: a rationale and an example. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 76–83. ACM, Palermo, Italy (2000)

36.

Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: Prasad, R., Farkas, K., Schmidt, Andreas U., Lioy, A., Russello, G., Luccio, Flaminia L. (eds.) MobiSec 2011. LNICSSITE, vol. 94, pp. 13–24. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30244-2_2 CrossRef

37.

Banovic, N., Yatani, K., Truong, K.: Escape-keyboard: a sight-free one-handed text entry method for mobile touch-screen devices. Int. J. Mob. Hum. Comput. Interact. 5(3), 42–61 (2013)CrossRef

Titel: Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce
verfasst von: Dongsong Zhang
Yin Kang
Lina Zhou
Jianwei Lai
Verlag: Springer International Publishing
Buch: Internetworked World
Print ISBN: 978-3-319-69643-0

Electronic ISBN: 978-3-319-69644-7

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-69644-7_23

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"