Introducing touchstroke: keystroke-based authentication system for smartphones
Georgios Kambourakis
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, GR-83200 Samos, Greece
Search for more papers by this authorCorresponding Author
Dimitrios Damopoulos
Department of Computer Science, Stevens Institute of Technology, Hoboken, NJ-07030, U.S.A.
Correspondence: Dimitrios Damopoulos, Department of Computer Science, Stevens Institute of Technology Hoboken, NJ–07030, U.S.A.
E-mail: [email protected]
Search for more papers by this authorDimitrios Papamartzivanos
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, GR-83200 Samos, Greece
Search for more papers by this authorEmmanouil Pavlidakis
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, GR-83200 Samos, Greece
Search for more papers by this authorGeorgios Kambourakis
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, GR-83200 Samos, Greece
Search for more papers by this authorCorresponding Author
Dimitrios Damopoulos
Department of Computer Science, Stevens Institute of Technology, Hoboken, NJ-07030, U.S.A.
Correspondence: Dimitrios Damopoulos, Department of Computer Science, Stevens Institute of Technology Hoboken, NJ–07030, U.S.A.
E-mail: [email protected]
Search for more papers by this authorDimitrios Papamartzivanos
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, GR-83200 Samos, Greece
Search for more papers by this authorEmmanouil Pavlidakis
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, GR-83200 Samos, Greece
Search for more papers by this authorAbstract
Keystroke dynamics is a well-investigated behavioural biometric based on the way and rhythm in which someone interacts with a keyboard or keypad when typing characters. This paper explores the potential of this modality but for touchscreen-equipped smartphones. The main research question posed is whether ‘touchstroking’ can be effective in building the biometric profile of a user, in terms of typing pattern, for future authentication. To reach this goal, we implemented a touchstroke system in the Android platform and executed different scenarios under disparate methodologies to estimate its effectiveness in authenticating the end-user. Apart from typical classification features used in legacy keystroke systems, we introduce two novel ones, namely, speed and distance. From the experiments, it can be argued that touchstroke dynamics can be quite competitive, at least when compared to similar results obtained from keystroke evaluation studies. As far as we are aware of, this is the first time this newly arisen behavioural trait is put into focus. Copyright © 2014 John Wiley & Sons, Ltd.
References
- 1 Lookout. State of mobile security 2012, 2012. https://www.lookout.com/resources/reports/state-of-mobile-security-2012/ [Accessed 5 June 2014].
- 2 Lookout Mobile Security. DroidDream, 2012. http://blog.mylookout.com/droiddream [Accessed 5 June 2014].
- 3Damopoulos D, Kambourakis G, Gritzalis S. iSAM: an iphone stealth airborne malware. In Future Challenges in Security and Privacy for Academia and Industry, vol. 354, J Camenisch, S Fischer-Hubner, Y Murayama, A Portmann, C Rieder (eds). IFIP Advances in Information and Communication Technology. Springer: Berlin Heidelberg, 2011; 17 –28.
10.1007/978-3-642-21424-0_2 Google Scholar
- 4Damopoulos D, Kambourakis G, Anagnostopoulos M, Gritzalis S, Park JH. User privacy and modern mobile services: are they on the same path? Personal and Ubiquitous Computing October 2013; 17(7): 1437–1448.
- 5Chavez A. A jailbroken iphone can be a very powerful weapon in the hands of an attacker. Technical Report, Purdue University, Calumets CIT Department, Hammond, IN 46323, USA, 2008.
- 6 An Garda Siochana. Launch of leaflet - theft of smart phones in dublin, 2013. http://garda.ie/Controller.aspx?Page=10995 [Accessed 5 June 2014].
- 7 Plateau. Smartphone safety tips, 2011. http://www.plateautel.com/wireless_stolen_phones.asp [Accessed 5 June 2014].
- 8 Mobile Insurance. The underground world of mobile phone theft, 2013. http://www.mobilenewscwp.co.uk/wp-content/uploads/2013/03/mobile_phones_theft_tube-web.jpg [Accessed 5 June 2014].
- 9Han J, Kywe S, Yan Q, Bao F, Deng R, Gao D, Li Y, Zhou J. Launching generic attacks on ios with approved third-party applications. In Applied Cryptography and Network Security, vol. 7954, M Jacobson, M Locasto, P Mohassel, R Safavi-Naini (eds). Lecture Notes in Computer Science. Springer: Berlin Heidelberg, 2013; 272– 289.
10.1007/978-3-642-38980-1_17 Google Scholar
- 10Berkman O, Ostrovsky O. The unbearable lightness of pin cracking. In Financial Cryptography and Data Security, vol. 4886, S Dietrich, R Dhamija (eds). Lecture Notes in Computer Science. Springer: Berlin Heidelberg, 2007.
- 11Schulz T. Using the keystroke-level model to evaluate mobile phones, Proceedings of the 31st Information Systems Research Seminaria - IRIS 31, 2008.
- 12Park YS, Han SH, Park J, Cho Y. Touch key design for target selection on a mobile phone. In Proceedings of the 10th International Conference on Human Computer Interaction with Mobile Devices and Services - MobileHCI, ACM: New York, 2008.
- 13Feher C, Elovici Y, Moskovitch R, Rokach L, Schclar A. User identity verification via mouse dynamics. Information Sciences 2012; 201(0): 19–36. Elsevier.
- 14Stefan D, Shu X, Yao D. Robustness of keystroke-dynamics based biometrics against synthetic forgeries. Computers & Security 2012; 31(1): 109–121. Elsevier.
- 15Vuagnoux M, Pasini S. 2009. Compromising electro- magnetic emanations of wired and wireless keyboards. In Proceedings of the 18th Conference on USENIX Security Symposium - SSYM’09, USENIX Association: Berkeley, CA, USA.
- 16Adhikary N, Shrivastava R, Kumarl A, Verma SK, Bag M, Singh V. Battering keyloggers and screen recording software by fabricating passwords. International Journal of Computer Network and Information Security - (IJCNIS) 2012; 4(5): 13–21.
10.5815/ijcnis.2012.05.02 Google Scholar
- 17Clarke NL, Furnell SM, Lines B, Reynolds P. Subscriber authentication for mobile phones using keystroke dynamics, Proceedings of the 3rd International Network Conference - INC, 2002; 347–355.
- 18Clarke NL, Furnell SM. Authenticating mobile phone users using keystroke analysis. International Journal of Information Security 2007; 6(1): 1–14. Springer.
- 19Clarke NL, Furnell SM. Advanced user authentication for mobile devices. Computers & Security 2007; 26(2): 109–119.
- 20Karatzouni S, Clarke NL. 2007. Keystroke analysis for thumb-based keyboards on mobile devices. In New Approaches for Security, Privacy and Trust in Complex Environments - IFIP International Federation for Information Processing, Springer: Boston.
- 21Buchoux A, Clarke NL. Deployment of keystroke analysis on a smartphone, Proceedings of the 6th Australian Information Security Management Conference - SECAU, 2008; 40–47.
- 22Saevanee H, Bhattarakosol P. 2009. Authenticating user using keystroke dynamics and finger pressure. In Proceedings of the 6th IEEE Consumer Communications and Networking Conference, IEEE: Ireland.
- 23Zahid S, Shahzad M, Khayam S, Farooq M. 2009. Keystroke-based user identification on smart phones. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection - RAID ’09, Springer-Verlag: Berlin, Heidelberg.
- 24Hwang S, Cho S, Park S. Keystroke dynamics-based authentication for mobile devices. Computers & Security 2009; 28(1-2): 85–93. Elsevier.
- 25Campisi P, Maiorana E, Bosco ML, Neri A. User authentication using keystroke dynamics for cellular phones. IET Signal Processing - Special Issue on Biometric Recognition 2009; 3(4): 333–341.
- 26Maxion R, Killourhy K. Keystroke biometrics with number-pad input, 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Chicago, IL,2010; 201–210.
- 27Maiorana E, Campisi P, Gonzlez-Carballo N, Neri A. 2011. Keystroke dynamics authentication for mobile phones. In Proceedings of the 2011 ACM Symposium on Applied Computing - SAC, ACM: USA.
- 28Saevanee H, Clarke NL, Furnell SM. 2012. Multi-modal behavioural biometric authentication for mobile devices. In Proceedings of the Information Security and Privacy Research, IFIP Advances in Information and Communication Technology - IFIP AICT, Springer: Boston.
- 29Cai L, Chen H. Touchlogger: inferring keystrokes on touch screen from smartphone motion, Proceedings of the 6th USENIX Workshop on Hot Topics in Security - HOTSEC, San Francisco, CA,2011; 1–6.
- 30Aviv AJ, Sapp B, Blaze M, Smith JM. 2012. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC ’12. ACM: New York, NY, USA.
- 31De Luca A, Hang A, Brudy F, Lindner C, Hussmann H. Touch me once and i know it's you!: implicit authentication based on touch screen patterns. In Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems, CHI ’12. ACM, 2012; 987– 996.
10.1145/2207676.2208544 Google Scholar
- 32Cai L, Chen H. 2012. On the practicality of motion based keystroke inference attack. In Proceedings of the 5th International Conference on Trust and Trustworthy Computing, TRUST’12. Springer-Verlag: Berlin, Heidelberg.
- 33Kolly SM, Wattenhofer R, Welten S. 2012. A personal touch: recognizing users based on touch screen behavior. In Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones, PhoneSense ’12. ACM: New York, NY, USA.
- 34Miluzzo E, Varshavsky A, Balakrishnan S, Choudhury RR. 2012. Tapprints: your finger taps have fingerprints. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services -MobiSys ’12, ACM: New York, NY, USA.
- 35Xu Z, Bai K, Zhu S. Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks - WISEC ’12, ACM: New York, NY, USA.
- 36Owusu E, Han J, Das S, Perrig A, Zhang J. 2012. Accessory: password inference using accelerometers on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications - HotMobile ’12, ACM: New York, NY, USA.
- 37Zheng N, Bai K, Huang H, Wang H. 2012. You are how you touch: user veriïňĄcation on smartphones via tapping behaviors. Technical Report, College of William & Mary Department of Computer Science, Williamsburg, VA, USA.
- 38Rao K, Anne V, Sai Chand U, Alakananda V, Navya Rachana K. 2014. Inclination and pressure based authentication for touch devices. In ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India- Vol I, vol. 248, S Satapathy, P Avadhani, S Udgata, S Lakshminarayana (eds). Advances in Intelligent Systems and Computing. Springer International Publishing: Switzerland.
- 39Aviv A, Gibson K, Mossop E, Blaze M, Smith J. Smudge attacks on smartphone touch screens, Proceedings of the 4th USENIX Workshop on Offensive Technologies - WOOT, Washington, DC,2010; 1–7.
- 40Angulo J, Wastlund E. 2012. Exploring touch-screen biometrics for user identification on smart phones. In Privacy and Identity Management for Life, vol. 375, J Camenisch, B Crispo, S Fischer-Hubner, R Leenes, G Russello (eds). IFIP Advances in Information and Communication Technology. Springer: Berlin Heidelberg.
- 41Feng T, Liu Z, Kwon KA, Shi W, Carbunar B, Jiang Y, Nguyen N. Continuous mobile authentication using touchscreen gestures, 2012 IEEE Conference on Technologies for Homeland Security (HST), Waltham, MA,2012; 451–456.
- 42Sae-Bae N, Ahmed K, Isbister K, Memon N. 2012. Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems, CHI ’12. ACM: New York, NY, USA.
- 43Damopoulos D, Kambourakis G, Gritzalis S. From keyloggers to touchloggers: take the rough with the smooth. Computers & Security 2013; 32(0): 102–114.
- 44Li L, Zhao X, Xue G. Unobservable re-authentication for smartphones. In Proceedings of the NDSS Symposium 2013 - NDSS2013, IEEE: Computer Society, USA.
- 45Kambourakis G, Damopoulos D. 2013. A competent post-authentication and non-repudiation biometric-based scheme for m-learning. In Proceedings of the 10th IASTED International Conference on Web-based Education (WBE 2013), ACTA Press: Innsbruck, Austria.
- 46Yi H, Piao Y, Yi J. 2014. Touch logger resistant mobile authentication scheme using multimodal sensors. In Advanced in Computer Science and its Applications, vol. 279, H Jeong, N Yen, J Park (eds). Lecture Notes in Electrical Engineering. Springer: Berlin Heidelberg.
- 47SaurikIT, L L C. Cydia Substrate, 2013. http://www.cydiasubstrate.com/ [Accessed 5 June 2014].
- 48Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S. Evaluation of anomaly-based ids for mobile devices using machine learning classifiers. Security and Communication Networks 2012; 5(1): 3–14.
