Abstract
AbstractMobile devices, particularly the touch screen mobile devices, are increasingly used to store and access private and sensitive data or services, and this has led to an increased demand for more secure and usable security services, one of which is user authentication. Currently, mobile device authentication services mainly use a knowledge-based method, e.g. a PIN-based authentication method, and, in some cases, a fingerprint-based authentication method is also supported. The knowledge-based method is vulnerable to impersonation attacks, while the fingerprint-based method can be unreliable sometimes. To overcome these limitations and to make the authentication service more secure and reliable for touch screen mobile device users, we have investigated the use of touch dynamics biometrics as a mobile device authentication solution by designing, implementing and evaluating a touch dynamics authentication method. This paper describes the design, implementation, and evaluation of this method, the acquisition of raw touch dynamics data, the use of the raw data to obtain touch dynamics features, and the training of the features to build an authentication model for user identity verification. The evaluation results show that by integrating the touch dynamics authentication method into the PIN-based authentication method, the protection levels against impersonation attacks is greatly enhanced. For example, if a PIN is compromised, the success rate of an impersonation attempt is drastically reduced from 100% (if only a 4-digit PIN is used) to 9.9% (if both the PIN and the touch dynamics are used).
Publisher
Springer Science and Business Media LLC
Reference63 articles.
1. Amin R, Gaber T, ElTaweel G (2015) Implicit authentication system for smartphones users based on touch data. In: Abraham A, Jiang XH, Snášel V, Pan J-S (eds) Intelligent data analysis and applications. Springer International Publishing, Berlin, pp 251–262. https://doi.org/10.1007/978-3-319-21206-7_22
2. Android developers (2017a) nanoTime—system. https://developer.android.com/reference/java/lang/System.html#nanoTime. Accessed 10 Dec 2017
3. Android developers (2017b) getSize—motionevent. https://developer.android.com/reference/android/view/MotionEvent.html#getSize(int). Accessed 10 Dec 2017
4. Antal M, Nemes L (2016) The MOBIKEY Keystroke Dynamics Password Database: Benchmark Results. In: Silhavy R, Senkerik R, Oplatkova ZK, Silhavy P, Prokopova Z (eds) software engineering perspectives and application in intelligent systems. Springer, Berlin, pp 35–46. https://doi.org/10.1007/978-3-319-33622-0_4
5. Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM. (2010). Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX conference on offensive technologies (pp 1–7). Berkeley, CA, USA: USENIX association. http://dl.acm.org/citation.cfm?id=1925004.1925009. Accessed 16 July 2015
Cited by
30 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献