Attaullah Buriro

Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics

Smartphones are becoming pervasive and widely used for a large variety of activities from social networking to online shopping, from message exchanging to mobile gaming, to mention just a few. Many of these activities generate private information or require storing on the phone user credentials and payment details. In spite of being so security and privacy critical, smartphones are still widely protected by traditional authentication mechanisms such as PINs and passwords, whose limitations and drawbacks are well known and documented in the security community. New accurate, user-friendly and effective authentication mechanisms are required. To this end, behavior-based authentication has recently attracted a significant amount of interest in both commercial and academic contexts.

Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication

The search for new authentication methods to replace passwords for modern mobile devices such as smartphones and tablets has attracted a substantial amount of research in recent years. As a result, several new behavioral biometric schemes have been proposed. Most of these schemes, however, are uni-modal. This paper presents a new, bi-modal behavioral biometric solution for user authentication. The proposed mechanism takes into account micro-movements of a phone and movements of the users finger during writing or signing on the touchscreen. More specifically, it profiles a user based on how he holds the phone and based on the characteristics of the points being pressed on the touchscreen, and not the produced signature image. We have implemented and evaluated our scheme on commercially available smartphones. Using Multilayer Perceptron (MLP) 1-class verifier, we achieved approx. 95% True Acceptance Rate (TAR) with 3.1% False Acceptance Rate (FAR) on a dataset of 30 volunteers. Preliminary results on usability show a positive opinion about our system.

Please hold on: Unobtrusive user authentication using smartphone's built-in sensors

Smartphones provide anytime-anywhere communications and are being increasingly used for a variety of purposes, e.g, sending email, performing online transactions, connecting with friends and acquaintances over social networks. As a result, a considerable amount of sensitive personal information is often generated and stored on smartphones. Thus, smartphone users may face financial as well as sentimental consequences if such information fall in the wrong hands. To address this problem all smartphones provide some form of user authentication, that is the process of verifying the users identity. Existing authentication mechanisms, such as using 4-digit passcodes or graphical patterns, suffer from multiple limitations - they are neither highly secure nor easy to input. As a results, recent studies found that most smartphones users do not use any authentication mechanism at all. In this paper, we present a fully unobtrusive user authentication scheme based on micro-movements of the users hand(s) after the user unlocks her smartphone. The proposed scheme collects data from multiple 3-dimensional smartphone sensors in the background for a specific period of time and profiles a user based on the collected hand(s) movement patterns. Subsequently, the system matches the query pattern with the pre-stored patterns to authenticate the smartphone owner. Our system achieved a True Acceptance Rate (TAR) of 96% at an Equal Error Rate (EER) of 4%, on a dataset of 31 qualified volunteers (53, in total), using Random Forest (RF) classifier. Our scheme can be used as a primary authentication mechanism or can be used as a secondary authentication scheme in conjunction with any of the existing authentication schemes, e.g., passcodes, to improve their security.

ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones

In this paper, we propose a new multi-modal behavioural biometric that uses features collected while the user slide-unlocks the smartphone to answer a call. In particular, we use the slide swipe, the arm movement in bringing the phone close to the ear and voice recognition to implement our behaviour biometric. We implemented the method on a real phone and we present a controlled user study among 26 participants in multiple scenario’s to evaluate our prototype. We show that for each tested modality the Bayesian network classifier outperforms other classifiers (Random Forest algorithm and Sequential Minimal Optimization). The multimodal system using slide and pickup features improved the unimodal result by a factor two, with a FAR of 11.01 % and a FRR of 4.12 %. The final HTER was 7.57 %.

Evaluation of Motion-Based Touch-Typing Biometrics for Online Banking

This paper presents a bimodal scheme - the mechanism which exploits the way the user enters her 8-digit PIN/password and the phone-movements while doing so, for user authentication in mobile banking/financial applications (apps). The scheme authenticates the user based on the timing differences of the entered strokes. Additionally, it provides an enhanced security by adding an unobservable layer based on the phone-movements. The scheme is assumed to be highly secure as mimicking the invisible touch-timings and the phone-movements could be extremely difficult. Our analysis is based on 2850 samples collected from 95 users through a 3-day unsupervised field experiment and using 3 multi-class classifiers. Random Forest (RF) classifier out-performed other two classifiers and provided a True Acceptance Rate (TAR) of 96%.

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Smartphones are the most popular and widespread personal devices. Apart from their conventional use, that is, calling and texting, they have also been used to perform multiple security sensitive activities, such as online banking and shopping, social networking, taking pictures, and e-mailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, for example, anytime-anywhere computing. However, on the other side, they also pose security and privacy threats to the users’ stored data. User authentication is the first line of defense to prevent unauthorized access to the smartphone. Several authentication schemes have been proposed over the years; however, their presentation might be perplexing to the new researchers to this domain, under the shade of several buzzwords, for example, active, continuous, implicit, static, and transparent, being introduced in academic papers without comprehensive description. Moreover, most of the reported authentication solutions were evaluated mainly in terms of accuracy, overlooking a very important aspect—the usability. This paper surveys various types and ways of authentication, designed and developed primarily to secure the access to smartphones and attempts to clarify correlated buzzwords, with the motivation to assist new researchers in understanding the gist behind those concepts. We also present the assessment of existing user authentication schemes exhibiting their security and usability issues.

Mobile biometrics: Towards a comprehensive evaluation methodology

Smartphones have become the pervasive personal computing platform. Recent years thus have witnessed exponential growth in research and development for secure and usable authentication schemes for smartphones. Several explicit (e.g., PIN-based) and/or implicit (e.g., biometrics-based) authentication methods have been designed and published in the literature. In fact, some of them have been embedded in commercial mobile products as well. However, the published studies report only the brighter side of the proposed scheme(s), e.g., higher accuracy attained by the proposed mechanism. While other associated operational issues, such as computational overhead, robustness to different environmental conditions/attacks, usability, are intentionally or unintentionally ignored. More specifically, most publicly available frameworks did not discuss or explore any other evaluation criterion, usability and environment-related measures except the accuracy under zero-effort. Thus, their baseline operations usually give a false sense of progress. This paper, therefore, presents some guidelines to researchers for designing, implementation, and evaluating smartphone user authentication methods for a positive impact on future technological developments.