In this paper we present a simple and reliable authentication method for mobile devices equipped with multi-touch screens such as smart phones, tablets and laptops. Users are authenticated by performing specially designed multi-touch gestures with one swipe on the touchscreen. During this process, both hand geometry and behavioral characteristics are recorded in the multi-touch traces and used for authentication. By combining both geometry information and behavioral characteristics, we overcome the problem of behavioral variability plaguing many behavior based authentication techniques - which often leads to less accurate authentication or poor user experience - while also ensuring the discernibility of different users with possibly similar handshapes. We evaluate the design of the proposed authentication method thoroughly using a large multi-touch dataset collected from 161 subjects with an elaborately designed procedure to capture behavior variability. The results demonstrate that the fusion of behavioral information with hand geometry features produces effective resistance to behavioral variability over time while at the same time retains discernibility. Our approach achieves EER of 5.84% with only 5 training samples and the performance is further improved to EER of 1.88% with enough training. Security analyses are also conducted to demonstrate that the proposed method is resilient against common smartphone authentication threats such as smudge attack, shoulder surfing attack and statistical attack. Finally, user acceptance of the method is illustrated via a usability study.
|Original language||English (US)|
|Title of host publication||2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|Number of pages||16|
|State||Published - Jun 23 2017|
|Event||2017 IEEE Symposium on Security and Privacy, SP 2017 - San Jose, United States|
Duration: May 22 2017 → May 24 2017
|Name||Proceedings - IEEE Symposium on Security and Privacy|
|Other||2017 IEEE Symposium on Security and Privacy, SP 2017|
|Period||5/22/17 → 5/24/17|
Bibliographical noteFunding Information:
We would like to thank Prof. Ellen Bass for her valuable comments and careful proofreading. We would also like to thank Prof. Xiaohong Guan, Prof. Qinghua Zheng and Prof. Roy Maxion for their kind support of this work, and the anonymous reviewers for their helpful comments. We also acknowledge the help from Mr. Tao Hua, Ms. Meilan Liu and Hexiang Wang in the data collection process. This work is supported in part by NSFC grants 61175039, 61375040 and 61221063. Zhi-Li Zhang was supported in part by NSF grants CNS-1411636, DTRA grant HDTRA1-14-1-0040 and ARO MURI Award W911NF-12-1-0385.
© 2017 IEEE.
- Behavioral Variability
- Hand Geometry
- Mobile Authentication
- Multi-touch Gesture
- Usable Security