Abstract
Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this challenge by applying a set of machine learning and deep learning classifiers on the user’s wrist motion data that are collected from a smartwatch worn by the user when inputting his/her password or PIN. Our solution is user-friendly since it does not require users to perform any additional actions when typing passwords or PINs other than wearing smartwatches. We conduct a user study involving 51 participants so as to evaluate the feasibility and performance of our solution. User study results show that the best classifier is the Bagged Decision Trees, which yields 4.58% FRR and 0.12% FAR on a QWERTY keyboard, and 6.13% FRR and 0.16% FAR on a numeric keypad.
Highlights
A smartwatch is a computerized wristwatch with functionalities beyond timekeeping
We discover that the Bagged Decision Trees performs the best in our user study, yielding 4.58% false reject rate (FRR) and 0.12% false acceptance rate (FAR) on the QWERTY keyboard for password-based user authentication, and 6.13% FRR and 0.16% FAR on the numeric keypad for PIN-based user authentication.We show that the keystroke imitation attack has insignificant impact on the accuracy of our scheme
We focus on two types of keyboards in this paper, including QWERTY keyboards and numeric keyboards, which can be used on PCs, mobile devices, Point of Sale (POS) terminals and Automatic Teller Machines (ATMs)
Summary
A smartwatch is a computerized wristwatch with functionalities beyond timekeeping. The use of smartwatch has become a rising trend in today’s consumer electronics. Meng et al (2013) revealed that a training interface can be set up to help attackers imitate users’ keystroke dynamics, which makes it unsafe to employ keystroke dynamics for user authentication. Because keystroke dynamics contains only the timing information about users’ keystroke, it is possible for an attacker to imitate a user’s keystroke via a training interface. To address this problem, we model a user’s typing behavior using both acceleration data and angular velocity data from the user’s smartwatch. It is difficult for an attacker to imitate a user’s typing behavior in our model without accessing the victims’ smartwatch sensor data
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
