Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.2.361

A Study of Behavior Based Authentication Using Touch Dynamics and Application Usage on Android  

Kim, Minwoo (SK Holdings)
Kim, Seungyeon (Yonsei University)
Kwon, Taekyoung (Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.2, 2017 , pp. 361-371 More about this Journal
Abstract
The increase in user data stored in the device implies the increase in threats of users' sensitive data. Currently, smartphone authentication mechanisms such as Pattern Lock, fingerprint recognition are widely used. Although, there exist disadvantages of inconvenience use and dependence that users need to depend on their own memory. User behavior based authentication mechanism have advantages of high convenience by offering continuous authentication when using the mobile device. However, these mechanisms show limitations on low accuracy of authentication and there are researches to improve the accuracy. This paper proposes improved authentication mechanism that uses user's smartphone application usage pattern which has not considered on earlier studies. Also, we analyze performance of proposed mechanism with collected datasets from actual use of smartphone applications.
Keywords
Android; Behavior Based Authentication; Application Usage; Touch Dynamic; Machine Learning;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Andriotis, T. Tryfonas, G. Oikonomou, and C. Yildiz, "A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks," In Proc. of the sixth ACM conference on Security and privacy in wireless and mobile networks (WiSec'13), pp. 1-6, 2013.
2 A.H. Lashkari, S. Farmand, O.B. Zakaria, and R. Saleh "Shoulder surfing attack in graphical password authentication." arXiv preprint arXiv:0912.0951 (2009).
3 S.M. Kolly, R. Wattenhofer, and S. Welten, "A personal touch: Recognizing users based on touch screen behavior," Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones, ACM, 2012.
4 Y. Meng, D.S. Wong, and R. Schlegel, "Touch gestures based biometric authentication scheme for touchscreen mobile phones." International Conference on Information Security and Cryptology. Springer Berlin Heidelberg, 2012.
5 T. Feng, X. Zhao, B. Carbunar, and W. Shi, "Continuous mobile authentication using virtual key typing biometrics." 12th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, pp.1547-1552, 2013.
6 Y. Meng, and D.S. Wong, "Design of touch dynamics based user authentication with an adaptive mechanism on mobile phones," Proceedings of the 29th Annual ACM Symposium on Applied Computing. ACM, pp.1680-1687, 2014.
7 C. Shen, Y. Zhang, Z. Cai, T. Yu, and X. Guan, "Touch-interaction behavior for continuous user authentication on smartphones," 2015 International Conference on Biometrics (ICB), IEEE, pp.157-162 2015.
8 L. Lu, and Y. Liu, "Safeguard: User Reauthentication on Smartphones via Behavioral Biometrics," IEEE Transactions on Computational Social Systems, Vol. 2, No. 3, pp. 53-64, 2015.   DOI
9 Z. Sitova, J. Sedenka, Q. Yang, G. Peng, and G. Zhou, "HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users." IEEE Transactions on Information Forensics and Security, Vol. 11, No. 5, pp. 877-892, 2016.   DOI
10 L. Fridman, S. Weber, R. Greenstadt, and M. Kam, "Active authentication on mobile devices via stylometry, application usage, web browsing, and GPS location." IEEE Systems Journal , vol.PP, no.99, pp.1-9, 2015.
11 Android Developers, "Building Accessibility Services," available at https://developer.android.com/guide/topics/ui/accessibility/index.html
12 Microsoft Azure Machine Learning Studio, available at https://studio.azureml.net/
13 J.H. Friedman, "Greedy function approximation: a gradient boosting machine," Annals of statistics, pp. 1189-1232, 2001.
14 C. Jose, P. Goyal, and P. Aggrwal, "Local deep kernel learning for efficient non-linear svm prediction." Proceedings of the 30th international conference on machine learning (ICML-13), 2013.
15 A. Criminisi and J. Shotton, "Decision forests for computer vision and medical image analysis," Springer Science & Business Media, 2013.
16 J. Shotton, T. Sharp, P. Kohli, S. Nowozin, J. Winn, and A. Criminisi, "Decision jungles: Compact and rich models for classification," Advances in Neural Information Processing Systems. pp.234-242, 2013.
17 C. Cortes and V. Vapnik. "Support-vector networks," Machine learning, Vol.20, No.3, pp.273-297, 1995.   DOI
18 S. Haykin, "Neuronal Networks-A comprehension Foundation," 1999.
19 R. Kohavi, "A study of cross-validation and bootstrap for accuracy estimation and model selection," in Proc. Int. Joint Conf. Artificial, Vol. 14, No. 2, pp.1137-1145, 1995.
20 "European Standard EN 50133-1: Alarm systems. Access control systems for use in security applications," Technical Body CLC/TC 79, European Committee for Electrotechnical Standardization, 2002.
21 H. Gao, X. Guo, X. Chen, L.Wang, and X. Liu, "Yagp: Yet another graphical password strategy," Annual Computer Security Applications Conference (ACSAC'08), pp. 121-129, 2008.
22 P.S. Teh, N. Zhang, A.B.J Teoh, and K. Chen, "A survey on touch dynamics authentication in mobile devices," Computers & Security, Vol. 59, pp. 210-235, 2016.   DOI
23 A. Alzubaidi and J. Kalita, "Authentication of Smartphone Users Using Behavioral Biometrics," IEEE Communications Surveys & Tutorials, Vol. 18, No. 3, pp. 1998-2026, 2016.   DOI
24 D. Davis, F. Monrose, and M. K. Reiter, "On user choice in graphical password schemes," In USENIX Security Symposium, 2004.
25 K. Renaud and A. D. Angeli, "Visual passwords: Cure-all or snake-oil?," Communications of the ACM, pp. 135-140, 2009.
26 A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, "Smudge Attacks on Smartphone Touch Screens," In Proc. of the 4th USENIX Conference on Offensive Technologies (WOOT'10), pp. 1-7, 2010.