Design of Behavioral Biometric based Authentication with an Adaptive Mechanism on Mobile Phones

nauseatingcynicalSecurity

Feb 22, 2014 (3 years and 4 months ago)

56 views

PAGE


1


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Presenter: Yuxin Meng

City University of Hong Kong


Asia
-
Pacific & MEA Round 2013

21
-
23 March 2013

Design of Behavioral Biometric based Authentication

with an Adaptive Mechanism on Mobile Phones

PAGE


2


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Introduction and Problem

Touch
-
screen mobile phones become very common in our daily life:
smartphone based on
Android OS

or iPhone using
iOS

(e.g., 80% share
in the current market).

More and more people store sensitive information on their phones and
use them for sensitive applications


-
Credit card number


-
Personal password


-
Personal photos


-
Mobile banking


-
etc.

It is very crucial to develop intelligent user authentication schemes for
mobile phones.

PAGE


3


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Available Solutions

To develop a user authentication system, there are three major techniques
that can be used:


Passwords based (e.g., PIN, password pattern)


Physiological biometrics (e.g., fingerprints, iris scans)


Behavioral biometrics (e.g., keystroke dynamics, mouse dynamics)

Note: passwords can often easily be
stolen through “shoulder surfing”.

Note:
perform a one
-
time

authentication
and require additional hardware.

Android
Unlock
Pattern

Finger
Prints

PAGE


4


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Suggested Solution

Behavioral biometrics based authentication system usually uses
measurements from human actions such as:


Keystroke Dynamics


Mouse Dynamics


Touch Dynamics


Merits
: perform continuous authentication without additional hardware.


With the wide use of touchscreen mobile phones, touch dynamics has
become more popular in the research literature.





PAGE


5


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Touch dynamics based Authentication

Behavioural Biometric (Touch dynamics) based Authentication.

Figure 1. The architecture of the touch
-
dynamics
based authentication system [1].



Data collection
: collects raw data
from the touchscreen (i.e., recording
and storing all touch gesture data into
a database) and converting the raw
data into meaningful information (i.e.,
identifying sessions).



Behavior modeling
: analyzes
collected data, extracts features to
generate authentication signature for
a legitimate user, models a user’s
touch behavior.



Behavior comparison
: compares
the current user’s behavior with the
relevant generated authentication
signatures, and makes an output.

PAGE


6


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Touch Gestures

The touch gestures of single
-
touch, multi
-
touch and touch movement are
defined as follows:


-
Single
-
touch: the input starts with a touch press down, followed by a touch press up without
any movement in
-
between.


-
Touch movement: the input starts with a touch press down, movement (also called
drag
),
followed by a touch press up.


-
Multi
-
touch: an input with two or more simultaneous, distinct touch press down events at
different coordinates of the touch screen (i.e., two fingers press down on the touch screen
simultaneously), either with or without any movement before a touch press up event.

PAGE


7


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Our Touch Scheme

We have
developed a user authentication scheme, which is comprised of
21 features in [1].

In real
-
world implementation, we find that more features can cause much
more time consumption in the training phase including collecting log
information and training selected algorithms.

In this work, we propose a compact authentication scheme which consists
of only 6 touch features
.


-
The number of touch movements per session (denoted
NTM
)


-
The number of single
-
touch events per session (denoted
NST
)


-
The number of multi
-
touch events per session (denoted
NMT
)


-
The average duration time of touch movements per session (denoted
ATTM
)


-
The average duration time of single
-
touch per session (denoted
ATST
)


-
The average duration time of multi
-
touch per session (denoted
ATMT
)

PAGE


8


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Adaptive Mechanism

Sometimes, it is a difficult task to choose an appropriate machine learning
classifier in authenticating users.

Figure 2. The architecture of implementing the
adaptive mechanism.



In the phase of
Classifier
Selection
, the major
component of
Cost
Computation

calculates the
value of
relative expected cost

based on the relevant data of
each classifier, and
determines the best classifier
which achieves the lowest
value of cost.

PAGE


9


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Cost
-
based Metric

Based on our previous work [2], the cost
-
based metric of
relative expected
cost

can be defined as below:




Where
C

is the cost ratio,
P

represents the prior probability of detecting an
imposter represents the false positive rate while represents the false
negative rate.

Generally, a desirable classifier should have a lower
relative expected
cost
, which means relatively less information loss during the
establishment of normal
-
behaviour model.




PAGE


10


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Implementation

Platform:

Google/HTC Nexus One
(resolution 480800 px)

Selection Reason:

The major advantage of using this particular phone is
that the stock Android operating system can be replaced with a modified
customized
-
Android
-
OS version.

We updated the phone with a modified Android OS version 2.2 based on
CyanogenMod
.

The modification consists of changes to the layer of
application framework

to record raw input data from the touchscreen such as the types of inputs
(e.g., single
-
touch, multi
-
touch and movement) and the timing of touch
inputs, and installation of a log application.

PAGE


11


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Evaluation Methodology

We select three classifiers such as
decision tree

(J48),
Naive Bayes

(NBayes) and
k
-
nearest neighbour

(IBK).

In the user study, a total of 10 participants were involved in our evaluation
those who are all regular mobile phone users and ranged in age from 20
to 42 years including 2 senior people.

In the out
-
lab experiment, participants were asked to complete a total of
21 sessions (i.e., first 6 sessions were used for training classifiers) during
three days.

They can use the phone freely as their own phones (i.e., using it to
browse the web, install new software, etc.)

PAGE


12


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Evaluation Results (1)

Table 1. The results of classifier selection with relative expected cost (3 users).

Discuss:

the algorithm selection is adaptive vary with the values of relative
expected cost.

PAGE


13


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Evaluation Results (2)

Figure 3. Results of average FAR and average FRR.

Discuss:

The average
values are simply computed
by means of all 10
participants’ data. The figure
shows that the average FAR
and average FRR are in the
range from 7.8% to 8.2%
and from 8.0% to 8.5%
respectively. The results
indicate that the possibility
of incorrectly identifying a
user is no more than 8.5%
for our scheme.

PAGE


14


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Conclusion

We propose a promising and compact behavioural
-
biometric based user
authentication scheme, which consists of 6 touch
-
gesture based features,
attempting to continuously authenticate users.

We design an adaptive mechanism to select machine learning classifier in
an adaptive way, which evaluates different classifiers with a cost
-
based
metric called
relative expected cost
. The basic idea of this mechanism is
to keep the authentication accuracy on a mobile phone at a high and
stable level.

We further conducted a proof
-
of
-
concept evaluation on an Android phone
with 10 users. The evaluation results show that our proposed approach is
encouraging to authenticate users and maintain the authentication
accuracy at a high level by adaptively selecting the least costly classifier.

PAGE


15


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

Future Work and References

Future Work:


Integrating other touch
-
based features


Larger study with much more participants


Investigating other metrics


Reference:


[1] Meng, Y., Wong, D.S., Schlegel, R., and Kwok, L.
-
F. (2012), “Touch Gestures Based
Biometric Authentication Scheme for Touchscreen Mobile Phones”, Proceedings of the 8th
China International Conference on Information Security and Cryptology (INSCRYPT), LNCS,
Springer, Heidelberg.


[2] Meng, Y. (2012), “Measuring Intelligent False Alarm Reduction using an ROC Curve
-
based Approach in Network Intrusion Detection”, Proceedings of the 5th International
Conference on Computational Intelligence for Measurement Systems and Applications
(CIMSA), pp. 108
-
113, IEEE.

PAGE


16


|

Gradient colors

14

149

115

0

121

91

13

137

105

R

G

B

Diagrams

142

230

0

127

205

0

137

222
0

R

G

B

242
174
107

255
131

0

240
161
82

R

G

B

166

166

166

140

140

140

159

159

159

R

G

B

207

19

149

177

1
8

128

202

20

146

R

G

B

1

152

255

0

137

230

0

122

201

R

G

B

0

63

137

0

59

13
0

0

44

95

R

G

B

1
03

66

148

87

55

125

75

4
8

108

R

G

B

241
93

104

237

41

57

23
8

68

80

R

G

B

164

208
197

45

136
113

0

109
85

0

93

69

R

G

B

Tables

0

130
102

0

109

85

R

G

B

230
234
232

201
213
207

182
197
190

171
188
179

R

G

B

220
22

64

195
19

57

183
18

52

R

G

B

Competitors

254
208
106

253
182
17

228
158
2

R

G

B

THANK YOU

Presenter: Yuxin Meng

Department of Computer Science

City University of Hong Kong


Asia
-
Pacific & MEA Round 2013

21
-
23 March 2013