skip to main content
10.1145/2207676.2208544acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article

Touch me once and i know it's you!: implicit authentication based on touch screen patterns

Published: 05 May 2012 Publication History

Abstract

Password patterns, as used on current Android phones, and other shape-based authentication schemes are highly usable and memorable. In terms of security, they are rather weak since the shapes are easy to steal and reproduce. In this work, we introduce an implicit authentication approach that enhances password patterns with an additional security layer, transparent to the user. In short, users are not only authenticated by the shape they input but also by the way they perform the input. We conducted two consecutive studies, a lab and a long-term study, using Android applications to collect and log data from user input on a touch screen of standard commercial smartphones. Analyses using dynamic time warping (DTW) provided first proof that it is actually possible to distinguish different users and use this information to increase security of the input while keeping the convenience for the user high.

References

[1]
Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., Smith, J. M. Smudge attacks on smartphone touch screens. In USENIX 4th Workshop WOOT 2010.
[2]
Bigun, J., Fierrez-Aguilar, J., Ortega-Garcia, J., Gonzales-Rodriguez, J. Combining biometric evidence for person authentication. Advanced Studies in Biometrics. Springer (2005), 1--18.
[3]
Brunelli, R., Falavigna, D. Person identification using multiple cues. IEEE Transactions on Pattern Analysis and Machine Intelligence, 17(10). (1995), 955--966.
[4]
Buchoux, A., Clarke, N.L. Deployment of keystroke analysis on a smartphone. In Proceedings AIMS 2008.
[5]
Card, S., Moran, T., Newell, A. Computer text-editing: An information-processing analysis of a routine cognitive skill. Cognitive Psychology, 12(1). (1980), 32--74.
[6]
Chow, R., Jakobsson, M., Masuoka, R., Molina, J., Niu, Y., Shi, E., Song, Z. Authentication in the clouds: a framework and its application to mobile users. In Proceedings Workshop CCSW 2010. ACM Press (2010), 1--6.
[7]
Clarke, N.L., Furnell, S.M. Authenticating mobile phone users using keystroke analysis. International Journal of Information Security, 6(1). Springer (2007), 1--14.
[8]
Clarke, N.L., Furnell, S.M., Rodwell, P.M., Reynolds P.L. Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security, 21 (3). (2002), 220--228.
[9]
Coventry, L., De Angeli, A., Johnson, G. Usability and biometric verification at the ATM interface. In Proceedings CHI 2003. ACM Press (2003), 153--160.
[10]
Cutting, J., Kozlowski, L. Recognizing friends by their walk: Gait perception without familiarity cues. Bulletin of the Psychonomic Society, 9(5). (1977), 353--356.
[11]
De Luca, A., Denzel, M. and Hussmann, H. Look into my eyes! Can you guess my password? In Proceedings SOUPS 2009. ACM Press (2009), 7:1--7:12.
[12]
Dunphy, P., Yan, J. Do background images improve "draw a secret" graphical passwords? In Proceedings CCS 2007. ACM Press (2007), 36--47.
[13]
Fleishman, E., Parker, J. Factors in the retention and relearning of perceptual-motor skill. Journal of Experimental Psychology, 64. (1962), 215--226.
[14]
Francis, L., Mayes, K., Hancke, G., Markantonakis, K. A location based security framework for authenticating mobile phones. In Proceedings Workshop M-MPAC 2010. ACM Press (2010), 5:1--5:8.
[15]
Giorgino, T. Computing and visualizing dynamic time warping alignments in R: the DTW package. Journal of Statistical Software, 31(7). (2009), 1--24.
[16]
Gafurov, D., Helkala, K., Søndrol, T. Biometric gait authentication using accelerometer sensor. Journal of Computers, 1 (7). Academy Publisher (2006), 51--59.
[17]
Jakobsson, M., Shi, E., Golle, P., Chow, R. Implicit authentication for mobile devices. In Proceedings HotSec 2009. USENIX Association, 9--9.
[18]
Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., Rubin, A. D. The design and analysis of graphical passwords. In Proceedings SSYM 1999. USENIX Association.
[19]
Kar, B., Dutta, P. K., Basu, T. K., Vielhauer, C., Dittmann, J. DTW based verification scheme of biometric signatures. In Proceedings ICIT 2006.
[20]
Karlson, A., Brush, A.J., Schechter, S. Can i borrow your phone? Understanding concerns when sharing mobile phones. In Proceedings CHI 2009. ACM Press (2009), 1647--1650.
[21]
Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J., Nicholson, J., Olivier, P. Multi-touch authentication on tabletops. In Proceedings CHI 2010. ACM Press (2010), 1093--1102.
[22]
Legget, J., Williams, G., Usnick, M. Dynamic identity verification via keystroke characteristics. International Journal of Man-Machine Studies, 35 (6). Academic Press Ltd (1991), 859--870.
[23]
Mantyjarvi, J., Lindholm, M., Vildjiounaite, E., Makela, S. M., Ailisto, H.A. Identifying users of portable devices from gait pattern with accelerometers. In Proceedings ICASSP 2005.
[24]
Marcel, S., Cool, C., Atanasoaei, C., Tarsetti, F., Pesán, J., Matejka, P., Cernocky, J., Helistekangas, M., Turtinen, M. MOBIO: mobile biometric face and speaker authentication, In Proceedings CVPR 2010.
[25]
Nelson, D. L., Reed, V. S., Walling, J. R. Pictorial superiority effect. Journal of Experimental Psychology: Human Learning and Memory 2 (5). (1976), 523--528.
[26]
Pons, A.P., Polak, P. Understanding user perspectives on biometric technology. Commun. ACM, 51 (9). ACM Press (2008), 115--118.
[27]
Rogers, J. Please enter your four-digit pin. Financial Services Technology, U.S. Edition Issue 4 (Mar. 2007).
[28]
Rokita, J. Krzyzak, A., Suen, C.Y. Cell phones personal authentication systems using multimodal biometrics. In Proceedings ICIAR 2008. Springer (2008), 1013--1022.
[29]
Sakoe, H., Chiba, S. Dynamic programming algorithm optimization for spoken word recognition. IEEE Transactions on Acoustics, Speech and Signal Processing, 26(1). (1978), 43--49.
[30]
Shadmer, R., Brashers-Krug, T. Functional stages in the formation of human long-term motor memory. The Journal of Neuroscience, 17(1). (1997), 409--419.
[31]
Shi, E., Niu, Y., Jakobsson, M., Chow, R. Implicit authentication through learning user behavior. In Proceedings ISC 2010. Springer (2011), 99--113.
[32]
Sonkamble, S., Thool, R., Sonkamble, B. Survey of biometric recognition systems and their applications. Journal of Theoretical and Applied Information Technology, 11(1). (2010), 45--51.
[33]
Standing, L. Learning 10,000 pictures. The Quarterly Journal of Experimental Psychology, 25(2). (1973), 20722.
[34]
Tamviruzzaman, M., Ahamed, S. I., Hasan, C. S., O'brien, C. ePet: When cellular phone learns to recognize its owner. In Proceedings Workshop SafeConfig 2009. ACM Press (2009), 13--18.
[35]
Wood, H.M. The use of passwords for controlled access to remote computer systems and services. In Proceedings AFIPS 1977. ACM Press(1977), 27--33.
[36]
Weiss, R., De Luca, A. PassShapes: utilizing stroke based authentication to increase password memorability. In Proceedings NordiCHI 2008. ACM Press (2008), 383392.
[37]
Yazji, S., Chen, X. Dick, R.P., Scheuermann P. Implicit user re-authentication for mobile devices. In Proceedings UIC 2009. Springer (2009), 325--339.
[38]
Zhu, W., Zeng, N., Wang, N. Sensitivity, specificity, accuracy, associated confidence interval and ROC analysis with practical SAS implementations. In Proceedings Nesug 2010.

Cited By

View all
  • (2025)Biometric Encoding for Replay-Resistant Smartphone User Authentication Using HandgripsIEEE Transactions on Mobile Computing10.1109/TMC.2024.347467324:2(1230-1248)Online publication date: Feb-2025
  • (2025)BANN-TMGuard: Toward Touch-Movement-Based Screen Unlock Patterns via Blockchain-Enabled Artificial Neural Networks on IoT DevicesIEEE Internet of Things Journal10.1109/JIOT.2024.346589112:2(1856-1866)Online publication date: 15-Jan-2025
  • (2025)A residual deep learning network for smartwatch-based user identification using activity patterns in daily livingComputers and Electrical Engineering10.1016/j.compeleceng.2024.109883121(109883)Online publication date: Jan-2025
  • Show More Cited By

Index Terms

  1. Touch me once and i know it's you!: implicit authentication based on touch screen patterns

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CHI '12: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
    May 2012
    3276 pages
    ISBN:9781450310154
    DOI:10.1145/2207676
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 05 May 2012

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. implicit authentication
    2. password pattern
    3. security

    Qualifiers

    • Research-article

    Conference

    CHI '12
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

    Upcoming Conference

    CHI 2025
    ACM CHI Conference on Human Factors in Computing Systems
    April 26 - May 1, 2025
    Yokohama , Japan

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)86
    • Downloads (Last 6 weeks)8
    Reflects downloads up to 30 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Biometric Encoding for Replay-Resistant Smartphone User Authentication Using HandgripsIEEE Transactions on Mobile Computing10.1109/TMC.2024.347467324:2(1230-1248)Online publication date: Feb-2025
    • (2025)BANN-TMGuard: Toward Touch-Movement-Based Screen Unlock Patterns via Blockchain-Enabled Artificial Neural Networks on IoT DevicesIEEE Internet of Things Journal10.1109/JIOT.2024.346589112:2(1856-1866)Online publication date: 15-Jan-2025
    • (2025)A residual deep learning network for smartwatch-based user identification using activity patterns in daily livingComputers and Electrical Engineering10.1016/j.compeleceng.2024.109883121(109883)Online publication date: Jan-2025
    • (2025)Frictionless User AuthenticationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1580(976-980)Online publication date: 8-Jan-2025
    • (2024)SonicID: User Identification on Smart Glasses with Acoustic SensingProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36997348:4(1-27)Online publication date: 21-Nov-2024
    • (2024)Act2Auth – A Novel Authentication Concept based on Embedded Tangible Interaction at DesksProceedings of the Eighteenth International Conference on Tangible, Embedded, and Embodied Interaction10.1145/3623509.3633360(1-15)Online publication date: 11-Feb-2024
    • (2024)A Hybrid Residual CNN with Channel Attention Mechanism for Continuous User Identification Using Wearable Motion Sensors2024 47th International Conference on Telecommunications and Signal Processing (TSP)10.1109/TSP63128.2024.10605924(143-146)Online publication date: 10-Jul-2024
    • (2024)It's All in the Touch: Authenticating Users With HOST Gestures on Multi-Touch Screen DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2024.337101423:10(10016-10030)Online publication date: Oct-2024
    • (2024)TrapCog: An Anti-Noise, Transferable, and Privacy-Preserving Real-Time Mobile User Authentication System With High AccuracyIEEE Transactions on Mobile Computing10.1109/TMC.2023.326507123:4(2832-2848)Online publication date: Apr-2024
    • (2024)VLOG: Vehicle Identity Verification Based on Local and Global Behavior AnalysisIEEE Transactions on Computational Social Systems10.1109/TCSS.2024.341458711:5(7032-7044)Online publication date: Oct-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media