USING USERS' TOUCH DYNAMICS BIOMETRICS TO ENHANCE AUTHENTICATION ON MOBILE DEVICES

UoM administered thesis: Phd

  • Authors:
  • Pin Shen Teh

Abstract

Mobile devices have become a popular platform for users to access information and digital services, and stay connected. The increased usage and reliance on these devices also imply that they increasingly handle, manage, and process private and sensitive data. As more and more sensitive data are stored in, or accessible from, mobile devices, the risk and cost of losing these data are becoming higher, particularly given the fact that mobile devices are much more vulnerable to theft or loss in comparison with conventional computing devices such as workstations and laptops. Therefore, more stringent security services should be embedded into mobile devices. One of these services is user authentication, i.e. how to verify a claimed identity. Our initial literature study in the topic area of user authentication on mobile devices shows that authentication on mobile devices should be strengthened and touch dynamics biometrics offers the most usable additional authentication factor than other biometrics alternatives. This has motivated us to investigate how to best exploit the use of users' touch dynamics biometrics to strengthen authentication on mobile devices. To this end, the thesis has made the following three novel contributions. Firstly, this thesis has presented a thorough investigative study on touch dynamics biometrics authentication on mobile devices. The investigative study has led to the discovery that existing studies mainly focus on improving accuracy performance of the authentication system. The characteristics of mobile devices and the way they are typically used are not given due consideration in these studies. As a result, those systems may have high accuracy performances in a research setting, but may not be realistically usable in practice, limiting the scale of their deployment. Secondly, the thesis has proposed and evaluated a novel touch dynamics based two-factor authentication (ToDiTA) system to support user authentication on mobile devices in a secure and usable manner. In proposing this system, we have carried out comprehensive studies of different parameter value settings, different ways of extracting features and different machine learning techniques used to classify the features. The purpose of the studies is to increase accuracy (thus making the system more secure), while, at the same time, reduce overhead costs introduced (thus making the system more usable) as much as possible. The studies have led us to take the following measures in the design: (i) integrating touch dynamics biometrics into a PIN-based authentication method that has a wide social acceptance (improving security and usability); (ii) using descriptive statistical methods to extract additional features from the already-acquired features instead of using features that have to be captured by using additional device sensors (improving usability); (iii) reducing the number of features by selecting and using the most important set of features (improving accuracy and efficiency); and (iv) reducing the touch dynamics data required to train the model by using one-class classification approach (improving usability). In addition, we have used a more comprehensive dataset to evaluate the ToDiTA system so that the conclusion drawn from the evaluation results are more conclusive. The evaluation of ToDiTA showed that by integrating the touch dynamics authentication method into the PIN-based authentication method, along with the above mentioned measures, the ability to counter impersonation attacks is greatly enhanced. For example, if a PIN is compromised, the success rate of an impersonation attempt is drastically reduced from 100% (if only a 4-digit PIN is used) to 9.9% (if both the PIN and the touch dynamics are used). Thirdly, the thesis has proposed and evaluated an enhanced ToDiTA (E-ToDiTA) system by adding a novel learning capability into the ToDiTA system. The E-ToDiTA system can adapt itself to any changes in a user's touch dynamics pattern. This is achieved by capturing the user's new touch dynamics data as soon as it becomes available and use the new data to update the authentication model. To minimise any additional overhead cost introduced by this addition, we have used a feature spooling process to reduce the number of times required to carry out the model adaptation processes and a progressive adaptation method which uses a fewer number of samples to update the model. The performance of the E-ToDiTA system has been evaluated and compared against that of the ToDiTA system. The results show that, on average, the E-ToDiTA system has improved the accuracy performance by 33.53% in comparison with the ToDiTA system, but with virtually zero increase in overhead cost. These results indicate that touch dynamics biometrics is a viable option for strengthening user authentication on mobile devices, particularly the capturing of such biometric data does not require additional efforts from a device user; the data can be captured while the user carries out their normal device-using activities.

Details

Original languageEnglish
Awarding Institution
Supervisors/Advisors
Award date1 Aug 2019