Continuous User Authentication on Touch-Screen Mobile Phones: Toward More Secure and Usable M-Commerce

Abstract

Recent advances in sensing and wireless communication technologies have led to an explosion in the use of touch-screen mobile devices such as smartphones and tablets in mobile commerce and other daily work and life activities. These activities have resulted in more and more private and sensitive information stored on those devices. Therefore, improving the security of mobile devices by effective user authentication to prevent unauthorized information access becomes an imminent task. Mobile user authentication refers to the process of checking a user’s identity and verifying whether he/she is authorized to access a device. Due to the increasing incidence of mobile phones getting lost, stolen, or snatched while being used by the owner, continuous user authentication (CUA) after logging in a mobile device has attracted increasing attention. Prior research has shown that traditional password authentication is insufficient or ineffective for CUA. Despite the recent research progress in CUA, many existing methods are explicit by nature in that they require users to perform specific operations, which can cause interruptions to users’ ongoing activities or may be easily learned from observation by others. In this research, we propose a new touch dynamics based approach to CUA on touch screen mobile devices that authenticates users while they are interacting with mobile devices. Touch dynamics, which is rich in cognitive quality and unique to individuals, has yet to be explored for implicit CUA. We conducted a longitudinal study to evaluate the proposed mobile CUA approach. The results demonstrate that our method can improve the security of CUA for touch screen mobile devices. The findings have significant implications for the security and adoption of m-commerce.