research-article

Touch me once and i know it's you!: implicit authentication based on touch screen patterns

Authors:
Alexander De Luca

University of Munich, Munich, Bavaria, Germany

University of Munich, Munich, Bavaria, Germany
View Profile

,
Alina Hang

University of Munich, Munich, Bavaria, Germany

University of Munich, Munich, Bavaria, Germany
View Profile

,
Frederik Brudy

University of Munich, Munich, Bavaria, Germany

University of Munich, Munich, Bavaria, Germany
View Profile

,
Christian Lindner

University of Munich, Munich, Bavaria, Germany

University of Munich, Munich, Bavaria, Germany
View Profile

,
Heinrich Hussmann

University of Munich, Munich, Bavaria, Germany

University of Munich, Munich, Bavaria, Germany
View Profile

CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsMay 2012Pages 987–996https://doi.org/10.1145/2207676.2208544

Published:05 May 2012Publication History

CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 987–996

ABSTRACT

Password patterns, as used on current Android phones, and other shape-based authentication schemes are highly usable and memorable. In terms of security, they are rather weak since the shapes are easy to steal and reproduce. In this work, we introduce an implicit authentication approach that enhances password patterns with an additional security layer, transparent to the user. In short, users are not only authenticated by the shape they input but also by the way they perform the input. We conducted two consecutive studies, a lab and a long-term study, using Android applications to collect and log data from user input on a touch screen of standard commercial smartphones. Analyses using dynamic time warping (DTW) provided first proof that it is actually possible to distinguish different users and use this information to increase security of the input while keeping the convenience for the user high.

References

Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., Smith, J. M. Smudge attacks on smartphone touch screens. In USENIX 4th Workshop WOOT 2010. Google ScholarDigital Library
Bigun, J., Fierrez-Aguilar, J., Ortega-Garcia, J., Gonzales-Rodriguez, J. Combining biometric evidence for person authentication. Advanced Studies in Biometrics. Springer (2005), 1--18. Google ScholarDigital Library
Brunelli, R., Falavigna, D. Person identification using multiple cues. IEEE Transactions on Pattern Analysis and Machine Intelligence, 17(10). (1995), 955--966. Google ScholarDigital Library
Buchoux, A., Clarke, N.L. Deployment of keystroke analysis on a smartphone. In Proceedings AIMS 2008.Google Scholar
Card, S., Moran, T., Newell, A. Computer text-editing: An information-processing analysis of a routine cognitive skill. Cognitive Psychology, 12(1). (1980), 32--74.Google ScholarCross Ref
Chow, R., Jakobsson, M., Masuoka, R., Molina, J., Niu, Y., Shi, E., Song, Z. Authentication in the clouds: a framework and its application to mobile users. In Proceedings Workshop CCSW 2010. ACM Press (2010), 1--6. Google ScholarDigital Library
Clarke, N.L., Furnell, S.M. Authenticating mobile phone users using keystroke analysis. International Journal of Information Security, 6(1). Springer (2007), 1--14. Google ScholarDigital Library
Clarke, N.L., Furnell, S.M., Rodwell, P.M., Reynolds P.L. Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security, 21 (3). (2002), 220--228.Google ScholarDigital Library
Coventry, L., De Angeli, A., Johnson, G. Usability and biometric verification at the ATM interface. In Proceedings CHI 2003. ACM Press (2003), 153--160. Google ScholarDigital Library
Cutting, J., Kozlowski, L. Recognizing friends by their walk: Gait perception without familiarity cues. Bulletin of the Psychonomic Society, 9(5). (1977), 353--356.Google ScholarCross Ref
De Luca, A., Denzel, M. and Hussmann, H. Look into my eyes! Can you guess my password? In Proceedings SOUPS 2009. ACM Press (2009), 7:1--7:12. Google ScholarDigital Library
Dunphy, P., Yan, J. Do background images improve "draw a secret" graphical passwords? In Proceedings CCS 2007. ACM Press (2007), 36--47. Google ScholarDigital Library
Fleishman, E., Parker, J. Factors in the retention and relearning of perceptual-motor skill. Journal of Experimental Psychology, 64. (1962), 215--226.Google ScholarCross Ref
Francis, L., Mayes, K., Hancke, G., Markantonakis, K. A location based security framework for authenticating mobile phones. In Proceedings Workshop M-MPAC 2010. ACM Press (2010), 5:1--5:8. Google ScholarDigital Library
Giorgino, T. Computing and visualizing dynamic time warping alignments in R: the DTW package. Journal of Statistical Software, 31(7). (2009), 1--24.Google ScholarCross Ref
Gafurov, D., Helkala, K., Søndrol, T. Biometric gait authentication using accelerometer sensor. Journal of Computers, 1 (7). Academy Publisher (2006), 51--59.Google Scholar
Jakobsson, M., Shi, E., Golle, P., Chow, R. Implicit authentication for mobile devices. In Proceedings HotSec 2009. USENIX Association, 9--9. Google ScholarDigital Library
Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., Rubin, A. D. The design and analysis of graphical passwords. In Proceedings SSYM 1999. USENIX Association. Google ScholarDigital Library
Kar, B., Dutta, P. K., Basu, T. K., Vielhauer, C., Dittmann, J. DTW based verification scheme of biometric signatures. In Proceedings ICIT 2006.Google ScholarCross Ref
Karlson, A., Brush, A.J., Schechter, S. Can i borrow your phone? Understanding concerns when sharing mobile phones. In Proceedings CHI 2009. ACM Press (2009), 1647--1650. Google ScholarDigital Library
Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J., Nicholson, J., Olivier, P. Multi-touch authentication on tabletops. In Proceedings CHI 2010. ACM Press (2010), 1093--1102. Google ScholarDigital Library
Legget, J., Williams, G., Usnick, M. Dynamic identity verification via keystroke characteristics. International Journal of Man-Machine Studies, 35 (6). Academic Press Ltd (1991), 859--870. Google ScholarDigital Library
Mantyjarvi, J., Lindholm, M., Vildjiounaite, E., Makela, S. M., Ailisto, H.A. Identifying users of portable devices from gait pattern with accelerometers. In Proceedings ICASSP 2005.Google ScholarCross Ref
Marcel, S., Cool, C., Atanasoaei, C., Tarsetti, F., Pesán, J., Matejka, P., Cernocky, J., Helistekangas, M., Turtinen, M. MOBIO: mobile biometric face and speaker authentication, In Proceedings CVPR 2010.Google Scholar
Nelson, D. L., Reed, V. S., Walling, J. R. Pictorial superiority effect. Journal of Experimental Psychology: Human Learning and Memory 2 (5). (1976), 523--528.Google ScholarCross Ref
Pons, A.P., Polak, P. Understanding user perspectives on biometric technology. Commun. ACM, 51 (9). ACM Press (2008), 115--118. Google ScholarDigital Library
Rogers, J. Please enter your four-digit pin. Financial Services Technology, U.S. Edition Issue 4 (Mar. 2007).Google Scholar
Rokita, J. Krzyzak, A., Suen, C.Y. Cell phones personal authentication systems using multimodal biometrics. In Proceedings ICIAR 2008. Springer (2008), 1013--1022. Google ScholarDigital Library
Sakoe, H., Chiba, S. Dynamic programming algorithm optimization for spoken word recognition. IEEE Transactions on Acoustics, Speech and Signal Processing, 26(1). (1978), 43--49.Google ScholarCross Ref
Shadmer, R., Brashers-Krug, T. Functional stages in the formation of human long-term motor memory. The Journal of Neuroscience, 17(1). (1997), 409--419.Google ScholarCross Ref
Shi, E., Niu, Y., Jakobsson, M., Chow, R. Implicit authentication through learning user behavior. In Proceedings ISC 2010. Springer (2011), 99--113. Google ScholarDigital Library
Sonkamble, S., Thool, R., Sonkamble, B. Survey of biometric recognition systems and their applications. Journal of Theoretical and Applied Information Technology, 11(1). (2010), 45--51.Google Scholar
Standing, L. Learning 10,000 pictures. The Quarterly Journal of Experimental Psychology, 25(2). (1973), 20722.Google Scholar
Tamviruzzaman, M., Ahamed, S. I., Hasan, C. S., O'brien, C. ePet: When cellular phone learns to recognize its owner. In Proceedings Workshop SafeConfig 2009. ACM Press (2009), 13--18. Google ScholarDigital Library
Wood, H.M. The use of passwords for controlled access to remote computer systems and services. In Proceedings AFIPS 1977. ACM Press(1977), 27--33. Google ScholarDigital Library
Weiss, R., De Luca, A. PassShapes: utilizing stroke based authentication to increase password memorability. In Proceedings NordiCHI 2008. ACM Press (2008), 383392. Google ScholarDigital Library
Yazji, S., Chen, X. Dick, R.P., Scheuermann P. Implicit user re-authentication for mobile devices. In Proceedings UIC 2009. Springer (2009), 325--339. Google ScholarDigital Library
Zhu, W., Zeng, N., Wang, N. Sensitivity, specificity, accuracy, associated confidence interval and ROC analysis with practical SAS implementations. In Proceedings Nesug 2010.Google Scholar

Index Terms

Touch me once and i know it's you!: implicit authentication based on touch screen patterns
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

Itus: an implicit authentication framework for android
MobiCom '14: Proceedings of the 20th annual international conference on Mobile computing and networking

Security and usability issues with pass-locks on mobile devices have prompted researchers to develop implicit authentication (IA) schemes, which continuously and transparently authenticate users using behavioural biometrics. Contemporary IA schemes ...
Read More
POSTER: When and How to Implicitly Authenticate Smartphone Users
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Possession of modern smartphones is becoming increasingly ubiquitous, and with this rise in usage comes a rise in the amount of sensitive data being stored on them. Despite this, the high-frequency, low-duration nature of the average smartphone session ...
Read More
iPhone 100 Need to Know Time Savers
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
May 2012
3276 pages
ISBN:9781450310154
DOI:10.1145/2207676
General Chair:
Joseph A. Konstan
University of Minnesota
,
Program Chairs:
Ed H. Chi
Google
,
Kristina Höök
Mobile Life at KTH
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 May 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
implicit authentication
password pattern
security
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate6,199of26,314submissions,24%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 296
  Total Citations
  View Citations
- 3,479
  Total Downloads
- Downloads (Last 12 months)94
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Touch me once and i know it's you!: implicit authentication based on touch screen patterns

CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Itus: an implicit authentication framework for android

POSTER: When and How to Implicitly Authenticate Smartphone Users

iPhone 100 Need to Know Time Savers