Abstract
The growing trend of using smartphones as personal computing platforms to access and store private information has stressed the demand for secure and usable authentication mechanisms. This paper investigates the feasibility and applicability of using motion-sensor behavior data for user authentication on smartphones. For each sample of the passcode, sensory data from motion sensors are analyzed to extract descriptive and intensive features for accurate and fine-grained characterization of users’ passcode-input actions. One-class learning methods are applied to the feature space for performing user authentication. Analyses are conducted using data from 48 participants with 129,621 passcode samples across various operational scenarios and different types of smartphones. Extensive experiments are included to examine the efficacy of the proposed approach, which achieves a false-rejection rate of 6.85% and a false-acceptance rate of 5.01%. Additional experiments on usability with respect to passcode length, sensitivity with respect to training sample size, scalability with respect to number of users, and flexibility with respect to screen size were provided to further explore the effectiveness and practicability. The results suggest that sensory data could provide useful authentication information, and this level of performance approaches sufficiency for two-factor authentication on smartphones. Our dataset is publicly available to facilitate future research.
Highlights
Smartphone have become omnipresent personal computing platforms for users to access Internet services whenever and wherever
We present an empirical work analyzing motion-sensor data for smartphone authentication, and analyze the feasibility and applicability of authenticating a user based on the characteristics of motion-sensor data across various operational scenarios and different types of smartphones, which can be integrated with existing smartphone authentication mechanisms
The best authentication error rates in every operational scenario are less than 12%, which indicate that there do exists informative information in motion-sensor behavior for smartphone authentication
Summary
Smartphone have become omnipresent personal computing platforms for users to access Internet services whenever and wherever. The most widely used smartphone authentication mechanisms are PIN-based passcodes, pattern-based passcodes, and fingerprints, which have been integrated into Android or IOS smartphone systems. (e.g., shoulder surfing attack [13] and smudge attack [8]), and the risk of fingerprint loss from public events (e.g., attackers can get fingerprints from public events with the help of a standard camera [9]), a growing number of biometric features (i.e., signature or gesture based methods [14,15], touch dynamics [16,17], and keystroke dynamics [18,19]) has been applied to strengthen smartphone authentication [14,15,16,17,18,19]. Performing multi-finger signatures or gestures on mobile devices with a small display may not be user-friendly
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
